By John Wilks
This year’s conference of Marques, the European brand owners’ association, took place in the European Union’s most troubled and ancient capital, Athens, under the lamentably resonant strapline “Sign of the Times”. Among the many interesting topics shoe-horned under this banner, one theme seemed to keep resurfacing: the challenge of locating internet infringers.
This is by no means a new problem: IP infringers have for obvious reasons always sought to cover their tracks. But the advent and continuing expansion of the internet and social media have dramatically increased the scope for anonymous infringements from cyberspace. The impending arrival of over 1,000 new gTLDs- including many for common generic terms, threatens to further expand the possibility for anonymous infringement.
Can’t be found, or can’t be bothered to find?
But of course, no-one is truly anonymous on the internet, because of the need to provide up-to-date billing information (which includes name, address, and bank account details) to transact online. For example:
- Internet Service Providers (ISPs) can identify those responsible for internet activity by their IP address;
- registrars hold up to date information about registrants of domain names;
- banks and payment service providers hold information about site or app operators who receive payments via the internet.
In many different contexts, brand and content owners understandably contend that third parties who hold the keys to identifying infringers should be required to do more to provide information which will help curb internet piracy and other IP infringement.
This is a delicate issue. There is a need to balance brand and content owners’ interests against both individuals’ privacy rights (which vary wildly around the globe), and the need to avoid placing a disproportionate burden on third parties who may not have any conscious involvement in the infringement at stake. But this need for balance should not prevent better mechanisms being developed for identifying internet infringers, in the context of both national court litigation, and the (international) domain name dispute mechanisms.
In the court context
Turning first to court litigation, rules on third-party disclosure of infringers’ identities vary significantly between jurisdictions. Here in the UK, we have a relatively well-established procedure for obtaining identities of those who are “mixed up” in tortious acts. This so-called “Norwich Pharmacal” procedure (named after the case where such an order was first made) has been used successfully to obtain details of peer-to-peer file sharers from ISPs, the identities of people posting defamatory content from website operators, and the identity of a copyright infringer from Google (the infringer was a customer of the Adwords service).
In other jurisdictions, obtaining such disclosure is more difficult. For example, I learnt at Marques that a German Court of Appeal has recently refused to force a bank to identify an account holder, despite clear evidence that the account holder was responsible for counterfeiting. This is an area where uniform EU-wide legislation would be very beneficial to brand owners.
It would also be helpful if courts were more universally flexible in their mechanisms for serving claims on online infringers in situations where address details are hard to find. Certain jurisdictions are quite rigid in their requirements (personally, I have found Cyprus and Guatemala particularly problematic); by contrast, I have found it relatively straightforward to persuade the UK courts to allow service via e-mail in appropriate cases, and service via Facebook has been allowed in Australia, New Zealand, and the UK.
In online dispute resolution procedures
To some extent, ICANN’s tried and tested Uniform Dispute Resolution Procedure (“UDRP”) for resolving domain name disputes is a godsend for those struggling to locate an internet infringer. The burden of locating and serving the infringer is on the registrar rather than the complainant, and the remedies of transfer or cancellation of the infringing domain are enforced automatically in the event of a complaint being upheld, without needing to involve the infringer.
There could be, however, an even simpler remedy in cases where the infringer has failed to provide accurate contact details. The terms of ICANN’s Registrar Accreditation Agreement (which domain name registrars must sign up to) require registrars to include the right to cancel domain name registrations where the registrant wilfully provided inaccurate contact details. So in theory one could ask a registrar to cancel any domain where it is possible to prove the registrant deliberately provided false contact details. Having canvassed opinions of fellow Marques members, it seems this has worked on rare occasions, but normally a registrar will put complainants to the trouble and expense of filing a UDRP complaint. In my view it would be preferable if ICANN were to put a clear obligation on registrars (and not merely afford them a right) to cancel domains where a registrant deliberately provides false contact information.
It should be remembered that the scope of the UDRP is very limited: it applies only to domain names which have been registered and used in bad faith. Thus, it is of no assistance to those faced with any of the myriad other forms of online IP infringement. It was put to a WIPO representative at Marques that the UDRP procedure could be extended to online content; quite rightly, the representative responded that there were a lot of practical and political reasons why that would be unlikely to happen any time soon (not least the fact that IP does not seem to be a top priority for ICANN, which administers the UDRP).
The brave new world of gTLDs
About 1,200 new top level domains (which may include such contentious domains as “.sucks”) will be rolled out from 2013- an increase of over 300% on the current number of TLDs- and the majority of these will be operated as open registries, meaning that people can register second level domains within them (e.g. acme.sucks).
The good news is that ICANN decided to have a “thick” rather than a “thin” WHOIS system, meaning that contact data for second level domain registrants should be more accessible and reliable than that available for .com domains. Also, there is a new cheaper and quicker dispute resolution mechanism for straightforward cases, in addition to the existing UDRP. This new mechanism, the Uniform Rapid Suspension System (“URS”), will only be available to owners of trade marks which have been registered or validated by a court. The only remedy available under the URS is suspension of the domain name (not transfer, as under the UDRP). ICANN is currently in the process of determining which organisation will run the URS, and currently estimates that the cost to complainants will be $300 (as opposed to $1,500 under the UDRP). The URS procedure should take 20 days to reach a decision (as opposed to about six weeks under the UDRP).
But brand owners are left with many concerns, including in relation to identifying infringing second level domain registrants. One particular proposal which Marques looks set to put to ICANN is a limitation on registrars’ ability to allow registrants to use name masking/ whois privacy services.
There are undoubtedly improvements that could be made to current mechanisms for identifying online infringers. In particular, it would be a significant improvement if ICANN could be persuaded to force registrars to include up-to-date registrant contact details (which could be obtained from the billing information which registrars hold) on their WHOIS registers. Even if such advances are made, the proliferation of internet infringement and costs of litigation mean it will always be impractical to pursue many infringers. This is one reason why the issue of internet intermediary liability is so important. But that’s a topic for a whole other conference.
John Wilks, IP Partner in the London office, and member of the Cyberspace Committee of Marques