Cybersquatting (also known as domain squatting) is the practice of registering, trafficking in, or using an Internet domain name, with a bad faith intent to profit from the goodwill of a trademark belonging to someone else.
The term is derived from "squatting", which is the act of occupying an abandoned or unoccupied space or building that the squatter does not own, rent, or otherwise have permission to use.
In popular terms, "cybersquatting" is the term most frequently used to describe the deliberate, bad faith abusive registration of a domain name in violation of trademark rights. However, precisely because of its popular currency, the term has different meanings to different people. Some people, for example, include "warehousing", or the practice of registering a collection of domain names corresponding to trademarks with the intention of selling the registrations to the owners of the trademarks, within the notion of cybersquatting, while others distinguish between the two terms.[1] In the former definition, the cybersquatter may offer to sell the domain to the person or company who owns a trademark contained within the name at an inflated price.
Similarly, some consider "cyberpiracy" to be interchangeable with "cybersquatting", whereas others consider that the former term relates to violation of copyright in the content of websites, rather than to abusive domain name registrations.[1]
Because of the various interpretations of the term, World Intellectual Property Organization (WIPO), in a 1999 report, approved by its member states, considered it as the abusive registration of a domain name.[2] [3]
Since 1999, the World Intellectual Property Organization (WIPO) has provided an administrative process wherein a trademark holder can attempt to claim a squatted site.
Trademark owners in 2021 filed a record 5,128 cases under the Uniform Domain-Name Dispute-Resolution Policy (UDRP) with World Intellectual Property Organization (WIPO)'s Arbitration and Mediation Center, eclipsing the 2020 level by 22%. The surge pushed WIPO cybersquatting cases to almost 56,000 and the total number of domain names covered past the 100,000 mark.[4] As a matter of comparison, in 2006, there were 1823 complaints filed with WIPO, which was a 25% increase over the 2005 rate.[5]
The accelerating growth in cybersquatting cases filed with the WIPO Center has been largely attributed by the WIPO Center[6] to trademark owners reinforcing their online presence to offer authentic content and trusted sales outlets, with a greater number of people spending more time online, especially during the COVID-19 pandemic. Representing 70% of WIPO's Generic top-level domain (gTLD) cases, .com demonstrated its continuing primacy.
WIPO UDRP cases in 2021 involved parties from 132 countries. The top three business areas were Banking and Finance (13%), Internet and IT (13%), and Biotechnology and Pharmaceuticals (11%).[7] The U.S., with 1,760 cases filed, France (938), the U.K. (450), Switzerland (326), and Germany (251) were the top five filing countries.[8]
In 2007 it was stated that 84% of the claims made since 1999 were decided in the complaining party's favor.[5]
Some countries have specific laws against cybersquatting beyond the normal rules of trademark law. For example, according to the United States federal law known as the Anticybersquatting Consumer Protection Act (ACPA), cybersquatting is registering, trafficking in, or using an Internet domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else. The United States adopted the U.S. Anticybersquatting Consumer Protection Act in 1999. This expansion of the Lanham (Trademark) Act (15 U.S.C.) is intended to provide protection against cybersquatting for individuals as well as owners of distinctive trademarked names. However, some notable personalities, including actor Kevin Spacey, failed to obtain control of their names on the internet because the US ACPA considers ownership of a website name "fair use" for which no permission is needed, unless there is an attempt to profit from the domain name by putting it up for sale.[9]
Jurisdiction is an issue, as shown in the case involving Kevin Spacey, in which Judge Gary A. Feess, of the United States District Court of the Central District of California, ruled that the actor would have to file a complaint in a Canadian court, where the current owner of kevinspacey.com resided. Spacey later won the domain through FORUM (formerly known as the National Arbitration Forum).
In relation to cybersquatting, the Spanish Supreme Court issued the first sentence on this practice, relating it to the crime of misappropriation (STS 358/2022, of April 7). An unprecedented fact that established the legal fit of this computer crime in Spanish jurisprudence.
The case revolves around four members of the religious association Alpha Education for Comprehensive Health. They created a web page (the Internet domain of which was www.alfatelevision.org) and opened a bank and PayPal account for donations made to the association.
Sometime later, there were some disagreements between the members of the association and the four defendants who opened a new website, changed the internet domain and the passwords of the accounts, which redirected all the donations from the followers. Later, the association dismissed the four members.
The association's general secretary denounced the four members for a crime of misappropriation, and they were sentenced by the Provincial Court of Guadalajara, understanding that the internet domain was an asset of the association.
This resolution was appealed to the Supreme Court through an appeal, which was upheld by the court. Finally, the Supreme Court acquitted the four accused, understanding that the proven facts did not fit the crime of misappropriation. In this sense, it highlights that there are elements that did not concur in this case and that the actions carried out by these individuals (creation of another domain, change of passwords...) occurred prior to their termination and that, therefore, they were in willingness to do it.
In addition, the sentence reflects cases in which cybersquatting could have criminal relevance. In the first place, if the conduct sought to harm the rights of a brand, it could constitute a crime against industrial or intellectual property. Secondly, if the intention was to use the domain name in a deceitful way to cause an error in the transfer of assets, the accused could face a crime of fraud. Finally, if cybersquatting were used to attack a domain name, the accused would be facing a crime of computer sabotage.[10]
With the rise of social media websites such as Facebook and Twitter, a new form of cybersquatting involves registering trademark-protected brands or names of public figures on popular social media websites. Such cases may be referred to as "username squatting".
On June 5, 2009, Tony La Russa, the manager of the St. Louis Cardinals, filed a complaint against Twitter, accusing Twitter of cybersquatting.[21] The dispute centered on a Twitter profile that used La Russa's name, had a picture of La Russa, and had a headline that said "Hey there! Tony La Russa is now using Twitter." The profile encouraged users to "join today to start receiving Tony La Russa's updates." According to La Russa, the status updates were vulgar and derogatory. La Russa argued that the author of the profile intended, in bad faith, to divert Internet traffic away from La Russa's website and make a profit from the injury to La Russa's mark.[21] On June 26, 2009, La Russa filed a notice of voluntary dismissal after the parties settled the case.[22]
Social networking websites have attempted to curb cybersquatting, making cybersquatting a violation of their terms of service.
Twitter's name squatting policy forbids cybersquatting similar to that seen in many domain name disputes, such as "username for sale" accounts: "Attempts to sell or extort other forms of payment in exchange for usernames will result in account suspension."[23] Additionally, Twitter has an "Impersonation Policy" that forbids non-parody impersonation. An account may be guilty of impersonation if it confuses or misleads others; "accounts with the clear intent to confuse or mislead may be permanently suspended." Twitter's standard for defining parody is whether a reasonable person would be aware that the fake profile is a joke.[24]
Soon after the La Russa suit was filed, Twitter took another step to prevent "identity confusion" caused by squatting by unveiling Twitter verification.[25] Usernames stamped with the "verified account" insignia is intended to indicate that the accounts are real and authentic. However, after the acquisition of Twitter by Elon Musk the verification system was changed to make it easier for individuals to get verified through the Twitter Blue program,[26] giving accounts "Profile Labels" instead – identifying ownership information such as whether the account is an individual, business, or a government.[27]
Facebook reserves the right to reclaim usernames on the website if they infringe on a trademark.[28] Trademark owners are responsible for reporting any trademark infringement on a username infringement form Facebook provides. Furthermore, Facebook usernames require "mobile phone authentication".[28] In order to obtain a username, the individual needs to verify the account by phone.