D. Expansion of Inwood Standard to “Non-Product” Cases: The “Direct Control and Monitoring” Test: 2. Internet Activity: (a) Domain Name Registrars
Domain name registrars have not ordinarily been held contributorily liable for trademark infringement committed by their registrants. See Lockheed Martin Corp. v. Network Solutions Inc., 194 F.3d 980 (9th Cir. 1999) (“Lockheed II”), affirming 985 F.Supp. 949 (C.D. Cal. 1997) (“Lockheed I”); Size, Inc. v. Network Solutions, Inc., 255 F. Supp.2d 568 (E.D. Va. 2003); Academy of Motion Picture Arts and Sciences v. Network Solutions Inc., 989 F.Supp. 1276 (C.D. Cal. 1997). The courts have found that domain name registrars lack the requisite degree of monitoring and control over the activity of their registrants to trigger contributory liability. See Size Inc., supra at 572-573, citing Lockheed II, supra at 984-985; Petroliam Nasional Berhad v. Godaddy.com, Inc., 2010 WL 361970 *4 (C.D. Cal) (noting that “it is generally inappropriate to extend contributory liability to the registrar absent allegations that the registrar had unequivocal knowledge that the domain name was being used to infringe a trademark” and granting defendant’s motion for judgment on the pleadings with leave to amend where facts alleged did not show any direct involvement with potentially infringing uses of domain names). Note that in the initial stages of the development of the Internet, Network Solutions Inc. (“NSI”) was the exclusive registrar in charge of registering domain-name combinations for the top-level domains “ .gov,” “.edu,” “.com,” “.org,” and “.net.” and was the thus the defendant in most of the above cases. See Lockheed II, supra at 982.
The registration process at NSI was described in detail by the courts in Lockheed II, supra at 982 and Lockheed I, supra at 953. Registration was initiated by the applicant, who would select a domain name and submit it to NSI on a template over the Internet. Upon approval, NSI entered the domain-name combination in its database directory, which linked domain names with Internet Protocol (IP) addresses of domain name servers. See Lockheed I, supra. Thereafter, when a user entered a registered domain-name combination, NSI would “translate” the domain name into the registrant’s IP address and route the user to that address. See id. The courts noted that ninety per cent of the applications were processed and approved by NSI electronically, within minutes or hours. Id. Ten percent of the applications were reviewed by an employee for various reasons, such as errors in the applications. NSI conducted conflict checks on applications to prevent repeated registrations of the same name. Lockheed I, supra. It did not, however, investigate registrants’ rights to a particular domain name or monitor the use of a domain name once registered. Lockheed II, supra. Interested parties could avail themselves of NSI’s post-registration dispute-resolution procedure to resolve conflicts involving their domain names. Id.
In Lockheed I, NSI was sued for contributory infringement by the aircraft manufacturer Lockheed Martin (“Lockheed”), which owned and operated “The Skunk Works” aircraft design and construction laboratory. Lockheed II, supra at 982. Other registrants (who were not parties to the litigation) had registered various domain-name combinations with NSI that Lockheed alleged infringed upon its SKUNK WORKS service mark. The district court granted summary judgment to NSI and the Ninth Circuit affirmed.
Applying the plain language of the Inwood standard, the Ninth Circuit said that “[c]ontributory infringement occurs when the defendant either intentionally induces a third party to infringe the plaintiff’s mark or supplies a product to a third party with actual or constructive knowledge that the product is being used to infringe the service mark.” Lockheed II, at 983, citing Inwood Lab., Inc. v. Ives Lab., Inc., 456 U.S. 844, 853-54, 102 S.Ct. 2182, 72 L.Ed.2d 606 (1982). Because Lockheed had alleged only the latter basis for contributory liability, the court required it to prove that NSI supplied a product to third parties with actual or constructive knowledge that its product was being used to infringe “Skunk Works.” Lockheed II, supra.
The “product” paradigm in Inwood, however, was inapposite in Lockheed II, as no actual product was involved. The court therefore turned to the flea-market cases, Hard Rock Café and Fonovisa, in which the Seventh and Ninth Circuits had applied Inwood outside of the “product” context. See Hard Rock Café v. Concession Services, Inc., 955 F.2d 1143, 1148 (7th Cir. 1992); Fonovisa, Inc. v. Cherry Auction, Inc. 76 F.3d 259 (9th Cir. 1996) discussed in detail supra. Drawing from those cases, the Ninth Circuit in Lockheed II concluded that
when measuring and weighing a fact pattern in the contributory infringement context without the convenient “product” mold dealt with in Inwood Lab., we consider the extent of control exercised by the defendant over the third party’s means of infringement. … Direct control and monitoring of the instrumentality used by a third party to infringe the plaintiff’s mark permits the expansion of Inwood Lab[oratories]’ ‘supplies a product’ requirement for contributory infringement.
Lockheed II, supra at 984 (citations omitted). See also, Tiffany v. eBay, 576 F.Supp.2d 463, 505-507 (S.D.N.Y. 2008) (adopting the Lockheed Martin analysis), affirmed in part and remanded in part, 600 F.3d 93 (2d Cir. 2010), cert denied, 131 S.Ct. 647 (2010).
The Ninth Circuit found that the facts in Lockheed II, fell “squarely on the “service” side of the product /service distinction suggested by Inwood Lab. and its offspring.” In that regard,
NSI’s role differs little from that of the United States Postal Service: when an Internet user enters a domain-name combination, NSI translates the domain-name combination to the registrant’s IP Address and routes the information or command to the corresponding computer. Although NSI’s routing service is only available to a registrant who has paid NSI’s fee, NSI does not supply the domain-name combination any more than the Postal Service supplies a street address by performing the routine service of routing mail.
Lockheed II, supra at 984-985. Moreover, the court noted, quoting the district court, “[w]here domain names are used to infringe, the infringement does not result from NSI’s publication of the domain name list, but from the registrant’s use of the name on a web site or other Internet form of communication in connection with goods or services. …” Lockheed II, supra at 985, citing Lockheed I, 985 F.Supp. at 958. Affirming the district court, the Ninth Circuit thus concluded that NSI’s “rote translation service [did] not entail the kind of direct control and monitoring” of the allegedly infringing activity to justify extending the Inwood Lab.’s “supplies a product” requirement for contributory infringement. Id.
For similar reasons, the court refused to impose contributory liability on NSI in Size, Inc. v. Network Solutions, Inc., 255 F.Supp.2d 568 (E.D. Va. 2003). In that case, the plaintiff “Size,” a television production company, sued NSI for contributory trademark infringement after it allegedly transferred its domain name to another unauthorized party. Size, Inc., supra at 572. Reiterating the Inwood standard, supra, the court examined whether, under the second prong, NSI had “suppl[ied] a product to a third party with actual or constructive knowledge of the infringement.” Size, supra, citing Inwood Labs., Inc. v. Ives Labs., Inc., 456 U.S. 844 (1982). Size argued that NSI’s control over the registration and transfer of domain names was sufficient to hold it liable because NSI provided the forum through which the infringement took place. Size, supra. Relying on Lockheed II, supra, NSI maintained that it did not “supply a product” under Inwood. Id. It argued further, pursuant to Lockheed II, that it did not monitor and control the use of domain names in a manner that justified extending the application of the contributory liability doctrine to its activities. Size, supra at 572-573.
The court agreed, echoing the Ninth Circuit’s view that NSI provided a service, insofar as “all that NSI does is “translate’ the domain name into the registrant’s IP address and route users to that address.” Size, supra at 573. Thus, the court continued, “NSI’s function is more equivalent to the passive messenger service provided by the United States Postal Service than to the more interactive role of a flea-market operator who has a significant degree of control over the activities of its clients.” Size, supra at 573, citing Hard Rock Café Licensing Corp. v. Concession Serv., Inc., 955 F.2d 1143 (7th Cir. 1992). The Size court noted further that there was nothing in Size’s complaint to suggest that NSI had any direct involvement with the activities of the allegedly infringing third party. Size had thus failed to demonstrate that NSI had “exceeded its role as a neutral stakeholder” in the registration process. Id.
By contrast, where the plaintiff’s allegations against the defendant domain name registrar made out a complex scheme of cybersquatting, the court rejected the defendant’s motion to dismiss the contributory liability claim against it. Transamerica Corp. v. Moniker Online Services, 672 F.Supp.2d 1353 (S.D. Fla. 2009). Far from the “rote translation” involved in Lockheed, supra, the facts alleged in Transamerica depicted a domain name registrar that acted in concert with other defendants to profit from the infringing activities of its customers.
In Transamerica, the plaintiff, “Transamerica,” was a holding company for a group of subsidiary companies engaged in the sale of life insurance and other financial services. It sued the domain name registrar, “Moniker Online”; a related company, “Moniker Privacy”; and “Oversee,” the company that allegedly owned and controlled the Moniker defendants, as well as other unnamed defendants – the ostensible owners of the infringing domain names. Transamerica claimed, inter alia, that the defendants were contributorily liable for trademark counterfeiting and infringement by their customers who used infringing versions of the Transamerica name in their websites, from which use the defendants profited. See Id. at 1366 (in the context of the ACPA immunity discussion, noting that Moniker received a fee each time an internet user clicked on one of the links attached to the infringing domain sites).
Specifically, Transamerica alleged that Moniker Online registered numerous domain names that were substantially similar to “Transamerica,” and its registered marks, such as “Transamericalifeins.com.” When internet consumers arrived at the website, the plaintiff alleged, they encountered the Transamerica service mark, and upon clicking it, would be “duped into believing they [were] accessing the well-known Transamerica, but instead [were] directed to other entities selling comparable products.” Id. at 1358. The plaintiff further alleged that the “ostensible owners of the infringing domain names are anonymous individuals or fictitious entities who are impossible to locate.” Id.
The defendants argued that these allegations did not satisfy either the inducement or the knowledge and control prong for contributory liability. See Id. at 1363, citing the two-prong standard under Inwood and the control element pursuant to Lockheed, supra. In rejecting this argument, the court noted that Transamerica had alleged that Moniker Online’s activity involved much more than merely registering the infringing domain names:
Moniker[did] not simply register a domain name and then go about its business. Instead, Moniker Online allegedly work[ed] with the registrant – generally a fictitious entity – along with Oversee and Moniker Privacy, in order to profit from the infringing use of its trademarks.
Id. at 1362. More specifically, the allegations against the defendants included conduct
enabling a class of customers comprised of fictitious entities and anonymous individuals to “monetize” counterfeit domain names, acting as their authorized licensee and/or otherwise in concert with them, profiting with them jointly in the process, concealing their identity when challenged, and intentionally or recklessly continuing to supply registration services to them with knowledge that they are fictitious entities engaged in trademark and service mark counterfeiting, or with willful blindness to that fact.
Id. at 1363. Finally, Transamerica alleged that the domain name registrar continued to register counterfeit domains to an entity in China “long after it would have been apparent to any registrar in Moniker’s position that its customer was using [its] services to engage in trademark or service mark counterfeiting…” Id.
Given the allegations in the complaint, the court rejected the defendants’ claim that Transamerica had failed to allege “specific knowledge or infringement” or “direct control over the infringing instrumentality.” Id. Any further discussion, the court noted, would go to matters of proof, not to the sufficiency of the complaint, and it therefore denied the motion to dismiss the claim for contributory counterfeiting and infringement. Id. at 1363-1364.
Where the court considered allegations that the domain name registrar had allegedly been “tricked” by the alleged direct infringer into divulging security information about its customer, the Chinese search engine “Baidu,” it dismissed the contributory liability claim against the registrar, “Register.com.” Baidu, Inc. v. Register.com, 2010 WL 2900313 (S.D.N.Y). Although the opinion is not clear as to the exact nature of the direct trademark infringement, much less of the contributory claim, the Baidu court nevertheless addressed in some detail the arguments raised by Register in its motion to dismiss. See Id. at *7. It found that the immunity provisions of the Anticybersquatting Consumer Protection Act (“ACPA”) were inapplicable, because Register was not acting in its capacity as a registrar by registering or maintaining a domain name. As to the registrar’s secondary liability under Inwood et al., the court found further that Baidu failed to allege the requisite elements — inducement, monitoring and control, and knowledge — to sustain its claim. Id. at *8.
The dispute in this case arose out of a cyber-attack on Baidu by an unnamed individual referred to by the court as “the Intruder,” who pretended to be one of Baidu’s agents. The Intruder deceived one of Register.com’s service representatives into providing him with security information that enabled him ultimately to change the email address for Baidu on file with Register to a new one provided by the Intruder. Armed with this new, bogus email address, the Intruder accessed Baidu’s account with Register, and eventually re-routed Internet traffic from Baidu’s website to one called the “Iranian Cyber Army” site. Baidu contended that in the ensuing havoc, its operations were interrupted for five hours and took two days to fully recover, resulting in the loss of millions of dollars of revenue. Baidu, supra at *2-*3.
Baidu sued Register for its damages, asserting, inter alia, a claim for contributory trademark infringement. Baidu, supra at *1. Specifically, Baidu alleged that “the Intruder’s use of the trademark “Baidu” in the domain name “baidu.com” … constituted trademark infringement, and that Register facilitated that infringement by providing the Intruder with access to Baidu’s account at Register.” Id. at *7. As noted above, little in the opinion sheds light on the direct infringement claim against the Intruder. Register moved under Rule 12(b)(6) to dismiss the contributory liability claim on two grounds: (1) that it was immune from liability for trademark infringement under 15 U.S.C. Sec. 1114(2)(D)(iii) of the Lanham Act (the safe harbor provisions of the ACPA) and (2) that the complaint failed to state a claim for contributory liability pursuant to Inwood and caselaw following it.
As to Register’s argument that it should be protected by the ACPA immunity provisions, the court disagreed, citing the plain language of the statute:
A domain name registrar, a domain name registry, or other domain name registration authority shall not be liable for damages under this section for the registration or maintenance of a domain name for another absent a showing of bad faith intent to profit from such registration or maintenance of the domain name.
Baidu, supra at *7 citing 15 U.S.C. Sec. 1114(2) (D)(iii) (emphasis added). The court consequently reasoned that the immunity provisions apply when a registrar registers or maintains a domain name for another. It found that Register’s actions, however, “went well beyond those of a mere registrar,” when it allowed the Intruder to compromise Baidu’s account. Id.
Note that it is not entirely clear why Baidu’s actions, or failure to act, would not involve “maintenance” of Baidu’s domain name, considering that administration of access for a domain is a typical aspect of domain maintenance. The court acknowledged that “while Register’s actions arguably concerned the maintenance of Baidu’s account with Register, they did not concern the maintenance of Baidu’s domain name.” Baidu, supra at *7 (emphasis added). The court did not elaborate, however, on the substance of this distinction. It simply found that because its actions “occurred in the context of security protocols and access to an account[,]” they went beyond those contemplated in the statute, and therefore rejected the immunity defense. Notwithstanding the inference from the allegations that there was an absence of “bad faith intent to profit” on Register’s part, the court did not reach that issue. Id.
Applying the Inwood test, however, the court found that Baidu failed to state a claim for contributory trademark infringement. Baidu, supra at *7- *8. Secondary liability arises, the court recited, when “a manufacturer or distributor intentionally induces another to infringe a trademark, or … continues to supply its product to one whom it knows or has reason to know is engaging in trademark infringement. Id., citing Inwood. It further cited Hard Rock Café, Lockheed Martin, and Tiffany for the application of Inwood in the service provider context, noting the “direct control and monitoring” of the direct infringer required under Lockheed, and the specific knowledge of the infringement required under Tiffany. See Id. Given the allegations that Register had been “tricked” by the intruder, the court found no allegation of inducement on Register’s part. Moreover, Baidu had not alleged any facts to show that Register directly controlled and monitored the Intruder. Id. at *8. Finally, Register had no knowledge of the alleged infringement, other than general knowledge of the risk of cyber-attacks, which the court held fell short of the standard for contributory infringement under the cases. Id.
For a discussion of domain name registrar contributory liability prior to the Ninth Circuit’s decision in Lockheed II, see Academy of Motion Picture Arts and Sciences v. Network Solutions Inc., 989 F.Supp. 1276, 1279-1280 (C.D. Cal. 1997). In that case the plaintiff, “the Academy,” brought a preliminary injunction motion requiring NSI to cease its registration of domain names it contended infringed on its registered marks, “ACADEMY AWARDS” and “OSCAR.” Its claims for relief included contributory trademark infringement, to which the court applied the Inwood two-prong standard. Academy, 989 F.Supp. 1276, 1279-1280, citing Fonovisa v. Cherry Auction, 76 F.3d 259, 264 (9th Cir. 1996). (Note that the court supra at 1279-1280 also appears to have recited the standard for contributory copyright infringement; however, this does not seem to have misled its analysis.) In this case the court did not wrestle with the product/service dichotomy, but rather examined the knowledge requirement of the second prong of Inwood, namely, “that the defendant continued to supply a product knowing that the recipient was using the product to engage in trademark infringement.” Id. It concluded that the Academy had not adequately proved that NSI had the requisite level of knowledge or control to support a likelihood of success finding, and therefore denied it preliminary injunction motion. Id.
In reaching its conclusion, the court compared NSI’s role as a registrar to the swapmeet owners in Fonovisa, supra. It noted that while in Fonovisa the swapmeet owner was aware that infringing goods were being sold on its property, NSI “could not possibly have actual knowledge that the registered owners of the domain names at issue [were] involved in infringing activities.” Academy, supra at 1280. It observed further that while the swapmeet owner and its vendor shared the same physical space, NSI and its registrants “have no physical contact and no contact even in “cyberspace” following the initial registration.” Id. Note that, notwithstanding the court’s reliance on NSI’s lack of “actual knowledge,” the Ninth Circuit in Fonovisa clearly does not require such actual knowledge, but rather expressly endorses the Hard Rock Café court’s willful blindness standard. See Fonovisa, Inc. v. Cherry Auction, Inc., 76 F.3d 259, 265 (9th Cir. 1996).
For a discussion regarding the interface between the Anti-Cybersquatting Protection Act (ACPA) safe harbor for domain name registrars (Lanham Act Sec. 32 (2) (D), 15 U.S.C. 1114(2) (D)) and contributory liability doctrine, see Petroliam Nasional Berhad v. Godaddy.com, Inc., 2010 WL 361970 (C.D. Cal)(acknowledging the applicability of contributory infringement standards to claims of contributory cybersquatting, but granting defendant’s motion for judgment on the pleadings with leave to amend); Ford Motor Co. v. GreatDomains.com Inc., 177 F.Supp.2d 635, 646-647 (E.D. Mich. 2001)(rejecting plaintiff’s contributory liability claim against a domain name auction site, because plaintiff failed to meet “heightened” knowledge requirement in light of underlying policy of the ACPA). And see Solid Host, NL v. Namecheap, Inc, 2009 WL 2225726, *14- *19 (C.D. Cal.), a case of first impression in which the court, on motion to dismiss, sustained the contributory cybersquatting liability claim against the domain name registrar, where the registrar acted in its capacity as registrant of the “stolen” domain name. Relying on the court’s language in Ford Motor Co., supra., the court held that “’exceptional circumstances’ must be shown to prove the degree of knowledge required to impose contributory liability for cybersquatting. Solid Host, supra at *18, citing Ford Motor Co., 177 F.Supp.2d at 647. Contributory cybersquatting is discussed in further detail in Section II.D.2.(f).