Cyber squatting as per the United States Anticybersquatting Consumer Protection Act(ACPA) is the practice of registering, trafficking in, or using a domain name with a malafide intent to profit from the goodwill of a trademark belonging to someone else. The cyber squatter then offers to sell the domain to the person or company who owns a trademark at an overinflated price. As per the Internet Cooperation for Assigned names and numbers (ICANN),‘Cyber-squatting’ is generally bad faith registration of another’s trademark in a domain name.1The term is derived from “squatting” which is the act of occupying an abandoned or unoccupied space or building that the squatter does not own, rent or otherwise have permission to use. However, Cyber squatting is comparatively different as the domain names that are being “squatted” are sometimes being legally paid for through a valid registration process by the cyber squatters.

Cyber squatters demand for prices far greater than that at which they purchased it. Many cyber squatters indulge in putting up derogatory remarks about the individual or company the domain is meant to represent in an effort to force them to buy the domain from them whereas others post paid links via Google and other paid advertising networks to the legitimate site that the user likely wanted, thus monetizing their squatting. Some cyber-squatters also use these domain names to compete with legitimate companies. These cyber-squatters intentionally take undue advantage of the first-come-first-served characteristic of the domain name registration system and through that these squatters offer to sell the domain name to the actual owner of the trademark contained within the domain name at an unreasonably disproportionate price

The earliest case of cyber squatting in India was the case of Yahoo! Inc. vs. Akash Arora& Anr. (1999)2where it was laid down that a domain name serves the same function as a trademark and is not a mere address and, therefore, it is entitled to equal protection as trademark. It was further held that a domain name is more than a mere Internet address for it also identifies the Internet site to those who reach it, much like a person’s name identifies a particular person or more relevant to trade mark disputes, a company’s name identifies a specific company. In the above case, the plaintiff was the rightful owner of the trademark ‘Yahoo!’ and its domain name ‘yahoo.com’ was extremely well known. The plaintiff filed a case against the cyber squatter (Akash Arora& Anr.) for using the domain name www.yahooindia.com. The cyber squatter was pretending to be affiliated to Yahoo and was providing similar services specific to India. The Delhi High Court granted an injunction against the cyber-squatter and held that the trade mark law applies in a cyber squatting case and a domain address is at an equal footing with a trademark.

In this era of E-commerce, domain names have become analogous to trade marks but their registration process is comparatively less rigid and not stringent enough3. Another loophole in the domain registration process is that there are several Top level domains (TLDs) and resultant innumerable combinations of TLDs that make it extremely difficult for a business entity to procure all possible domain names with its trademark. These issues lead to abusive registrations. The main objective of these kinds of practices is to take unfair advantage of someone else’s trademark. Some squatters also indulge in registering similar alternatives of a popular and legitimate domain name.

Domain names are not identified under any law and the only legislation that deals with disputes related to them are the Trademarks Act, 1999. Like all other trademark cases, the disputes related to Domain names have two reliefs i.e. the relief for infringement and passing off. The IT act has no explicit provision that deals with cyber squatting. Despite the handicap of not having a proper law for disputes of domain names, Indian courts have played an eminent role in protecting the interests of genuine parties.

In the case of Rediff Communication Ltd. vs. Cyberbooth & Anr. (1999)4, the Bombay High court held that domain names are an extremely valuable corporate asset to a company as it facilitates communication with a wide consumer base. The court stated that similarity in domain names can cause a lot of confusion in public especially for new customers. In this case, the cyber-squatter (Cyberbooth & Anr.) had registered a domain name as www.radiff.com, which was similar to plaintiff’s domain name (www.rediff.com) and the court restrained the cyber squatter from using that particular domain name.

The Delhi High Court in the case of Mr. Arun Jaitley vs. Network Solutions Pvt. Ltd. (2011)5addressed the issue of abusive online registrations of domain names in India. The plaintiff Mr. Arun Jaitley was a prominent public figure and a Member of Parliament for over a decade. The cyber squatter in this case registered the domain name ‘www.arunjaitley.com’ and when the plaintiff tried to buy the domain name from the cyber-squatter he tried to sell it at an inflated price. The court held that the squatter was guilty of this abusive registration by using the name of a prominent public figure and directed the domain name to be transferred to the plaintiff. The court also held that the squatter is liable to pay legal costs to the plaintiff.

In order to deal with domain name disputes, Uniform Dispute Resolution Policy (UDRP) was developed by ICANN. Under the UDRP, most of the domain name disputes are resolved by arbitration, agreement or by court. The main objective of UDRP is to create a system that is faster and cheaper than the legal system.

ICANN implemented the Uniform Domain Name Dispute Resolution Policy (UDRP) in 1999, which has been used to settle more than 20,000 disputes over the rights to domain names. The UDRP is designed to be efficient and cost effective. In 2010 alone around 2696 cyber squatting cases were filed with the WIPO Arbitration and Mediation Centre under this Policy involving 4370 domain names across 57 countries, according to WIPO‟s official website.6The UDRP is designed to resolve disputes which usually arise when registrant has registered a domain name identical or confusingly similar to the trademark with no rights or legitimate interests in the name and has registered and used the domain name in bad faith Conflicts between two trademark holders or between a trademark holder and a registrant with rights or legitimate interests are not the concern for UDRP. Particularly, the UDRP does not apply if the registrant has been known by the name, has used it in connection with a bona fide

offering of goods or services, or has used it for a legitimate non-commercial purpose. In the case Philip Morris Incorporated v. r9.net, the complainant (Phillip Morris, USA) was the owner of a well-known trademark, ‘Marlboro’. The respondent (r9.net) registered his domain name <marlboro.com> through ICANN. Phillip Morris Incorporated alleged that the respondent has misappropriated the famous Marlboro marks by registering the domain name. The complainant further claimed that respondent has no legitimate interest in the Marlboro marks and have registered them in bad faith with malafide intent. When the respondent did not reply to the allegations, WIPO panel found the arguments of complainant valid and transferred the domain name <marlboro.com> to Phillips Morris, USA.

The UDRP has played a prominent role in resolving the case Koninklijke Philips Electronics N.V.v. In Seo Kim (2001)7. In this case of cyber smearing the complainant (Koninklijke Philips Electronics) registered its trademark “Philips” in numerous countries. The respondent (In Seo Kim) had registered 14 domain names ending in<sucks.com>. The complainant made an allegation that the domain name registered by the respondent <philipssucks.com> is confusingly similar to its registered trademark and that the respondent is indulging in cyber smearing to disrupt its business. The WIPO panel agreed with the contentions of the complainant and transferred the domain name to it.

In the recent years cyber squatting has become a lucrative internet practice that has adverse effects on the reputation of well established commercial brands. Reverse Cyber Squatting is a growing malpractice wherein an individual attempts to secure a domain name legitimately owned by another company or a person. It is also known as domain name hijacking. This often intimidates domain name owners into transferring ownership of their domain names to trademark owners to avoid legal action, particularly when the domain names belong to smaller organizations or individuals.8Reverse domain name hijacking is most commonly enacted by successful corporations and famous individuals, in defense of their rightful trademark or to prevent defamation through libel or slander.

If a situation arises wherein a trademark holder considers that a domain name registration infringes on his own Trademark, the holder can file a complaint and initiate proceedings under UDRP. The UDRP allows complainants to file a case with a dispute resolution service provider, specifying, and the domain name in question, the respondent or holder of the domain name, the registrar with whom the domain name was registered and the grounds for the complaint etc. According to paragraph 4(a) of UDRP, a trademark owner has the right to apply to the ICANN dispute resolution service providers if three elements are met. These elements are (ICANN, 1999)9:

1. Respondents domain name is identical or confusingly similar to a trademark or service

2. mark in which the complainant has rights;

3. Respondent has no right or legitimate interest in respect of the domain name; and

4. Respondent’s domain name has been registered and is being used in bad faith.

Paragraph 4(b) of the UDRP policy stipulates certain inclusive factors for determining bad faith registration and use, which are stated below (ICANN, 1999)10:

1. Registering the domain name with the prime purpose of subsequently selling it and gaining profit.

2. Registering the domain name with the key objective of disrupting the business of the competitor.

3. Registering the domain name in order to prevent the owner of the trademark from reflecting the mark in a corresponding domain name.

4. Using the domain name to attract Internet users to one’s Web site by creating a likelihood of confusion with the complainant’s trademark.

The courts in India have already made the progress by applying a wider interpretation to the provisions under Trademark Act, 1999. However, there is not enough protection provided against cyber squatters which is clear from the wide range of offences committed by them on a daily basis. The squatters keep on inventing new methods to extort money from successful corporations and the courts have no stringent provisions to deal with in these situations except on relying on the provisions of the Trademarks Act, 1999 and the Information Technology Act, 2000 (IT Act) to solve these domain name disputes, but both these legislations have their flaws that cannot provide adequate protection to the victims.

The IT Act has provisions for most of the cyber crimes, but the act is completely silent about cyber squatting. On various instances, the Indian courts have been guided by decisions made by American Judgements. It is thus essential that legislation much like ACPA of US be drafted in India which is in conformity with the guidelines laid down under UDRP. Under the Anti-Cybersquatting piracy Act (ACPA), a plaintiff can elect statutory damages ranging from $1000 to $100,000 per domain name. The bill also establishes in rem jurisdiction which allows the trademark owner to file an action against the domain name itself in some cases.

It is evident that UDRP mechanism is not a foolproof plan as it still has limitations to effectively protect domain names. The losing party can initiate proceedings in a court of competent jurisdiction and try to take undue advantage of differences in laws across countries. So, ICANN should formulate a model domain names dispute resolution law. The countries must amend their existing laws to bring it in consonance with the proposed ICANN model domain names dispute resolution law. The losing party should be able to appeal to courts of competent jurisdiction only in exceptional cases, not all cases.

There is also a subsequent need for a separate independent adjudication body that resolves only domain name disputes especially related to cyber squatting. The constitution of such a body will help in the speedy disposal of such cases.

Therefore, in order to deal with the loopholes faced by courts in handling domain name disputes, it is the need of the hour to draft a legislation to resolve these disputes effectively in India. This legislation can help establish concrete penalties and jail terms on the cyber squatters on a consistent basis which will help in the deterrence of cyber squatting and ensure the protection of interests of the genuine parties.

[1]https://www.icann.org/resources/pages/cybersquatting-2013-05-03-en

[2]1999 IIAD Delhi 229, 78 (1999) DLT 285

[3]ISSN: 2456-6616 (Online)

[4]1999 (4) BomCR 278

[5] 181(2011) DLT 716

[6] International Journal of Information Security and Cybercrime Vol. 4 Issue 1/2015

[7]Case No. D2001-1195

[8] Warren B. Chik, Lord of Your Domain, But Master of None: The Need to Harmonize and Recalibrate the Domain Name Regime of Ownership and Control, 16 INT’L J.L. & INFO. TECH. 8, 60 (2008)

[9] https://www.icann.org/resources/pages/policy-2012-02-25-en [10] Singh, H. P. (2018). Domain Name Disputes and Their Resolution under UDRP Route: A Review. Archives of Business Research, 6(12), 147-156.

The post CYBERSQUATTING: PREVENTION IS BETTER THAN CURE? appeared first on Centre For Practicing Law.

The process of digitization in all aspects of human life, like healthcare, education, business, etc., has gradually led to the storage of all sorts of information, including sensitive data. Without a well-established cybersecurity program, any organization cannot defend and shield itself against data breach campaigns, making it an irresistible target for cybercriminals.

Cyber security is about people, processes, and technologies working together to encompass the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency recovery policies and activities, including computer network operations, information assurance, law enforcement, etc.

The onset of COVID-19 pandemic has led to a massive increase in remote workers worldwide and it is here to stay. In the age of remote work, cybercriminals are taking advantage of misconfigured cloud security measures and insecure home devices and networks. Remote workers are also often the target of phishing attempts by email, voice, text, and third-party applications.

With the growth in internet technology, the word is moving towards cloud computing. The cloud computing brings new challenges to the law makers. The distinct challenges may include data security, data privacy, jurisdiction and other legal issues. There pressure on the cyber legislators and stakeholders would be to provide appropriate legal framework that could benefit the industry and enable effective remedies in the event of cloud computing incidents. In 2017, a 9 Judge Bench of the Supreme Court delivered a unanimous verdict in Justice K.S. Puttaswamy vs. Union of India , affirming that the Constitution of India guarantees to each individual a fundamental right to privacy. Thereby an individual has the right to make his choices which is intrusive of allowing him to use any medium to express his views like print medium, digital platforms, social media etc. but while an individual is availing his right of making choices an equally opposite duty lies on the state to take care that such right to choose should not get affected.

The social media is beginning to have social and legal impact in the recent times raising significant legal issues and challenges. Since the law enforcement agencies, intelligence agencies target the social media sites; they are the preferred repository of all data. The inappropriate use of social media is giving rise to crimes like cyber harassments, cyber stalking, identity theft etc. The privacy in social media is going to be undermined to a great extent despite the efforts by relevant stake holders. The challenge to the cyber legislators would be to effectively regulate the misuse of social media and provide remedies to the victims of social media crimes. Social Media Litigations are also likely to increase concerning the association or nexus with the output of social media.

There is considerable growth of spam in emails and mobiles. Many countries have already become hot spots for generating spam. As the number of internet and mobile users increase the spammers make use of innovative methods to target the digital users. It is therefore necessary to have effective legislative provisions to deal with the menace of spam.

Monetization is another key factor contributing to the rise in cyber-attacks. Cybercriminals have increasingly turned to ransomware attacks, or those in which attackers gain access to and encrypt a victim’s data and demand a ransom. Cryptocurrencies and the emergence of ransomware have made it easier for someone to commit a crime and get away with it because they can get paid in untraceable ways. This trend has motivated attackers to commit cybercrimes in pursuit of monetary gain while simultaneously making it more difficult to track and identify these criminals. As a result, the need for skilled cybersecurity professionals who can implement strategies to prevent these attacks continues to rise.

About 4 out of 5 individuals who use internet believe that their personal data is used without their knowledge and/or shared with third parties without their consent. Protection of personal data is inextricably linked with privacy i.e. right of every person to enjoy his life and liberty without arbitrary interference with his private life, his family, his home or his correspondence etc. Today’s businesses derive a substantial value by analysing the ‘big data’ and often determine their business strategies based on such analysis. While there is no denying the business efficiency involved, the burning question is ‘do individuals have a control over the manner in which information pertaining to them is accessed and processed by others?’

There have been increasing concerns about data privacy in the world of cybersecurity, both in the context of consumer and company information. There are various federal, state-level, and international data privacy laws that today’s organizations need to comply with, and consumers are also becoming more concerned with how their data is being used.

Data breaches and cyberattacks expose sensitive personal information and put consumers and companies at risk. Today’s organizations need to consider things like data encryption, password protection, and network security to strengthen their data privacy. It’s also important that businesses have a team of highly skilled cybersecurity professionals working to secure their data and protect against potentially devastating data breaches.

The post EMERGING TRENDS IN CYBER SECURITY LAWS appeared first on Centre For Practicing Law.