ICFE STUDY GUIDE for FRANCHISE EXECUTIVES
CHAPTER 16
E-Commerce and Franchising
By
Lee J. Plave
Summary:
E-Commerce has become a mainstream method of doing business for franchise companies, their
customers and suppliers. This chapter will deal with the opportunities and vulnerabilities such
technology presents to franchise companies, including explanations of specific web techniques, their
problems, and the business and legal methods of protection. Finally, privacy and data security issues
are discussed and distinguished.
Organization:
This chapter will be presented under the following headings.
Introduction – E-Business Today
Franchise and Distribution Arrangements
Domain Names and Cybersquatting
Critical Websites or Cybersmearing
Intellectual Property
Linking
Framing
Meta-Tags
Privacy
Review Questions
Author Information
Page 2
INTRODUCTION
In May 1897, Mark Twain wrote, “[t]he report of my death was an exaggeration.”1 Over a century later, it seems
that the same words can be said about reports of the demise of the internet in general, and e-business in particular.
Indeed, the growth and expansion of the internet as a means for conducting business has indelibly marked the dawn
of the 21st Century.
Today e-business2 has emerged as a mainstream way to facilitate business transactions around the world. Even with
the world’s economy in a downturn and digesting the impact of the September 11, 2001 attacks on the United
States, e-business has continued to grow. Forrester Research predicted that in 2004, North America would realize
$3.5 trillion in e-commerce transactions, while the Asia-Pacific would realize $1.6 trillion, and Europe would realize
$1.5 trillion.3 During 2004, online spending in the United States, excluding auto and travel-related transactions,
increased about 25%, and during 2005 increased 19% to nearly $80 billion, accounting for 1.5-2.0% of all sales.4
This record total was propelled by online spending during the holiday season.5 In the first quarter of 2005, retail
e-commerce sales in the U.S. rose 24% to $19.8 billion a year earlier, representing 2.2% of all retail sales.6 While
internet sales account for less than 5% of overall retail sales in the United States,7 e-business has already become a
mainstream activity, as nearly one-third of U.S. adults reportedly shop online.8 Sales of cars and car parts on eBay
alone surpassed US$1.0 billion.
The pervasive growth of broadband connections to the internet is fueling new generations of development in terms of
how content is displayed, delivered (e.g., streaming audio and video), how people use the web (e.g., remote
educational opportunities), and even how they converse (e.g., videoconferencing and phone calls delivered using
1 A copy of Twain’s hand-written, and yet often misquoted and famous remark, can be found at
http://www.twainquotes.com/Death.html.
2 The definition of e-business is broad, and encompasses e-commerce and all means by which people transact with one another
over the internet. Among the variations are: (1) business-to-business e-commerce (B2B), involving the sale of goods and
services by one business to another; (2) business-to-consumer e-commerce (B2C), involving the sale of goods and services by
one business to consumers; (3) business-to-government e-commerce (B2G), involving the sale of goods and services by
businesses to government agencies; (4) government-to-consumer (G2C), principally involving the provision of services to
citizens; (5) peer-to-peer e-commerce (P2P), such as the much-vilified Napster, involving one person’s provision of a good or
service (such as a file containing an electronic copy of a song) to another person; (6) consumer-to-consumer e-commerce
(C2C), such as consumer auctions on eBay’s website; (7) exchange-to-exchange e-commerce (E2E), in which one industrywide
exchange transacts with another industry-wide exchange; and (8) mobile commerce (mCommerce), which is a variation
on the other methods, and involves small wireless devices, such as the DoCoMo internet-enabled wireless telephones that are
widely used in Japan.
3 eCommerce Statistics, ePaynews.com, http://www.epaynews.com/statistics/.
4 L. Lee, Online Falloff, Bus. Week at 118 (Jan. 10, 2005) (“L. Lee Article”); Michael Lear-Olimpi, First Quarter ECommerce
Spending is Biggest Year-Start Ever, 21 e-Commerce Law & Strategy 2, June 2004, at 1, 4 (reporting that first
quarter 2004 online sales were $15.5 billion, accounting for 1.9% of all retail sales, a pace that was consistent with the level
of purchasing during the holiday season in 2003; see also A Perfect Market, The Economist May 15, 2004, at Survey of ECommerce
3 (reporting that online retail sales in 2003 rose to $55 billion, noting that figure amounted to 1.6% of total retail
sales for the year).
5 Id. Internet sales climbed 29% during the 2004 holiday season. M. Mangalindan, Web Sales Boom Could Leave Amazon
Behind, The Wall Street Journal at C1, Jan. 21, 2005 (“Mangalindan”).
6 E-Commerce Retail Sales Jump By 24%, The Wall Street Journal at B2, May 23, 2005.
7 Id.
8 Shoppers are Beating a Path to the web, Bus. Week (Dec. 14, 2001) (BWonline, at http://www.businessweek.com). See also
Bob Tedeschi, E-Commerce Report, The New York Times, Dec. 30, 2002 at C5 (sale of online gift certificates up by 64%
over 2001, to $250 million).
Page 3
voice-over-internet-protocol (VoIP)). In an editor’s note discussing a wide-ranging article on broadband, the editor
of PC Magazine observed “[o]ur surveys indicate that most of our readers have had broadband for some time now,
and it’s quickly becoming the mainstream method of connection to the Internet for large numbers of Americans.”9
Indeed, the article itself took note of a Nielsen survey reporting that 45% of U.S. households with Internet access (or
approximately a third of all U.S. households) and 75% of the readers of PC Magazine had a broadband connection.10
The result:
Just five years ago, downloading an image or small sound file could bring your browsing to a
sudden halt. But today, armed with a broadband connection, you can get immediate access to
new music, blockbuster movies, and popular games without leaving the house. You can call
friends in another state without paying for long distance, chat face-to-face with your family using
videoconferencing software, and enter fantasy worlds with strangers from around the globe. You
can even keep an eye on your house and use your home PC from hundreds of miles away. Plus,
broadband isn’t just for PCs anymore. We’re seeing a growing number of devices – phones,
cameras, and even a boom box – that tap right into your high-speed connection.”11
And, of course, the possibility of combining 21st Century household appliances – like a digital video recorder –
with the internet is more likely than ever before due to broadband connections.12
However, as good as it is, there are concerns that the growth of broadband in the U.S. is not as vigorous as it could
be. A Business Week article observed that when it comes to broadband:
The U.S. has steadily fallen behind other nations, both in terms of the share of the population
with broadband and the speed of those connections. Consider this: In 2000 the U.S. ranked third
in broadband penetration among the nations in the Organization for Economic Cooperation &
Development. [By 2003, the U.S.] dropped to 10th place. That’s behind recognized leaders such
as Japan and Korea (where about 70% of the households have a broadband connection),13 as well
as countries like Belgium and Canada. 14
The author-contrasted connections in Japan that were then already available at 100-megabit-per-second while in the
U.S., high-speed links to the internet were then (mid-2004) typically in the range of 1.5-megabits-per-second.
By all accounts e-business promises to continue its explosive growth, even though the accelerated pace appears to be
slowing.15 Internet usage is now doubling every year rather than every 100 days the way it was in 2000.16 But
9 M. Miller, Forward Thinking, PC Magazine, Sept. 21, 2004, at 5.
10 M. Graven, The Broadband Lifestyle, PC Magazine, Sept. 21, 2004, at 105.
11 Id.
12 For example, there have been reports of a possible collaboration between TiVo and Netflix, by which Netflix would deliver
movies over a broadband connection to a customer’s TiVo digital video recorder. See S. Olsen, Picture imperfect for Netflix,
TiVo, NYTimes.com, Sept. 8, 2004 (available at http://www.nytimes.com/cnet/CNET_2100-1038_3-5357336.html), and C.
Schreiber, Small-Stock Focus, The Wall St. J., Sept. 8, 2004, at C4. Indeed, concern over this possibility has led at least two
industry groups – the Motion Picture Association of America (MPAA) and its international counterpart, the Motion Picture
Association (MPA) – to seek legislation protecting the works created by the motion picture industry. See generally the Anti-
Piracy portion of the MPAA website, which is available at http://www.mpaa.org/anti-piracy/index.htm.
13 Martyn Taylor, Issues on Broadband: Transactional, Regulatory, and Intellectual Property, 6 Bus. L. Int’l 76, 80 (2005).
14 See Catherine Yang, Behind In Broadband, New policies are needed to help the U.S. catch up, Bus. Week, Sept. 6, 2004.
15 In the L. Lee article, the growth of online sales is predicted to decrease from a growth rate of 25% in 2004 to a growth rate of
19% in 2005. See also Hoffman, Keedy, and Roberts, The unexpected return of B2B, The McKinsey Quarterly, 2002 Number
(footnote continued to next page)
Page 4
while the internet is prevalent and growing in the U.S.,17 the expansion of the internet is most profound outside
North America. In 2001, there were 513 million internet users
worldwide, of whom 181 million were in North America (35%),
155 million in Europe (30%), 144 million in Asia and the Pacific
(28%), 11 million in Latin America (2%), 5 million in Africa
(1%), and 4 million in the Middle East (1%).18 As of July 2005,
there are more than 938 million internet users worldwide.19
Another report suggests that by 2004, 60% of the overall European
population would have been using the internet.20 In fact, in
Europe, online sales are expected to grow 33% annually over the
next five years, compared with an anticipated growth rate of 14% in the U.S.21 Today, China has 80 million
Internet users, second only to the U.S., but by 2006, China is expected to have 153 million Net users and bypass
the U.S.22 In the U.S. and Canada, women slightly outnumber men among web users.23 In eleven countries, the
Internet penetration rate has already exceeded one-half of the population: Austria, Canada, Denmark, Finland, Hong
Kong, Japan, the Netherlands, Singapore, Sweden, Taiwan, and the United States.24
Not surprisingly, the internationalization of the web also shows up in the languages being spoken online. The
majority of internet users are now non-English speakers. While English speakers remain, by far, the most prevalent
group on the web (45% of web users, down from 51.3% in 2000), Japanese (9.8%), Chinese (8.4%), German
(6.2%), Spanish (5.4%), and Korean (4.7%) speakers follow behind.25
(footnote continued from previous page)
3 (Oct. 2002); Tompkins, Streamline Purchasing: E-Procurement Reduces Costs, Speeds Transactions, and Increases Supply-
Chain Visibility, IQ Magazine, March/April 2002, at 33. At the end of 1998, e-commerce was responsible for $50 billion and
by 2003 was projected to reach $1.3 trillion. R. Comerford, Technology 2000 Analysis & Forecast: The Internet, IEEE
Spectrum, Jan. 2000, at 40, 44. In the Internet Use article the annual growth rate for Internet usage in the United States
slowed from 35% in 2000 to 15% in 2001. See also Bob Tedeschi, The Net’s Real Business Happens .Com to .Com, A Market
That Dwarfs Retail E-Sales, The New York Times, Apr. 19, 1999, at C3.
16 Andy Grove, We Can’t Even Glimpse The Potential, Bus. Week, Aug. 25, 2003, at 86 (“Andy Grove”).
17 The web is ubiquitous in the U.S. with nearly 75% of all U.S. homes having web access. Home Access To Web Rises To
Nearly 75% In The U.S., The Wall Street Journal, Mar. 18, 2004, at B5. Indeed, a survey reported that approximately 60% of
those surveyed in a Pew study reported using the Internet regularly, and 80% of them expect to find reliable information
online concerning news, health care, and government services. Survey Cites Use of Internet to Gather Data, The New York
Times, Dec. 30, 2002, at C5.
18 United States Internet Council and Int’l Tech. & Trade Associates, Inc., State of the Internet (2001 ed.) at 12 (Nov. 2001)
(cited herein as “State of Internet”).
19 Internet World Stats at http://www.internetworldstats.com/stats.htm (last visited Aug. 24, 2005).
20 Angela Hall, 60% of European population may use internet by 2004, EuropeMedia.net, May 2, 2001 (available at
http://www.europemedia.net/shownews.asp?ArticleID=3050).
21 B. Bright, How Do You Say Web?, The Wall Street Journal, at R11, May 23, 2005.
22 China’s Great March Online, Bus. Week, July 12, 2004, at 14.
23 In fact, during the 2001 holiday shopping season, 58% of online buyers were female. Dina ElBoghdady, Women Take Lead in
Web Shopping, The Washington Post, Jan. 2, 2002, at D11.
24 State of the Internet at 19-47. According to Mediamark Research, close to 80% of U.S. adults have Internet access. Industry
Notes, Washington Internet Daily (June 23, 2004) at 5.
25 State of the Internet at 13-14. See also “Leadership for the New Millennium: Delivering on Digital Progress and Prosperity;”
The U.S. Government Working Group on Electronic Commerce, 3rd Annual Report (2000).
What matters today is the ability
to integrate technology into the
lifeblood of business.
Lew Gerstner, IBM
Page 5
Web and internet electronic business technologies promise to transform every aspect of the way companies conduct
business and compete. The internet has created this business opportunity; in fact, it has fundamentally changed the
economics of business transactions26 and provided new and different ways of conducting business.27 The internet
has created new forms of empowerment for individuals, new types of communities and new tools for dealing with
social issues.28 Now the internet is reinventing entire markets. E-marketplaces promise to change the dynamics of
many industries. Bloggers are changing how people in advertising, marketing and public relations do their jobs.29
Louis Gerstner, in his final letter to IBM’s shareholders, commented on IBM’s renewed emphasis on providing
overall I/T services, and observed that:
As I/T moves out of the back office and into the executive suite, value and
growth in our industry are driven less than they used to be by technical
innovation or product excellence, as necessary as those remain. What matters
today is the ability to integrate technology into the lifeblood of business. The
people who help customers apply technology to transform their businesses have
increasing influence over everything from architecture and standards to hardware
and software choices and partners.30
Several years later, Samuel Palmisano, as IBM’s President, made similar remarks emphasizing integration:
Companies have come to realize that if they’re going to respond rapidly and
effectively to today’s volatile marketplace, they need to do more than web-enable
discrete systems, processes or business units. They need to pull together all of
the systems they’ve already got and integrate them securely with their core
business activities horizontally, across not just their whole company but their
entire value chain, from customers to suppliers.31
Bill Gates’ observation about integrating technology into the lifeblood of business can be illustrated in many ways.
For example, technology such as radio-frequency identification (RFID) tags is being applied not only in commerce
(e.g., Wal-Mart) but also in other endeavors, such as military logistics. The head of the U.S. Marine Corps’
Logistics Vision and Strategy Center, Col. Mark Nixon, has credited RFID tags with helping commanders and
others keep track of where troops and the materiel they were transporting were on the ground:
26 For example, it has been reported that it costs between $1.25 and $1.77 to process a check, compared to 10¢ to process a
purchase made on the Internet. C. Mollenkamp, Bank of America Taps New Chief of E-Payments and Card Services, The
Wall Street Journal, Apr. 20, 2001, at B2. See, e.g., Faith Keenan, The Price is Really Right: With a Web-savvy system,
companies can figure out just what the market will bear, Bus. Week, Mar. 31, 2003, at 63 (highlighting companies’ use of the
web to establish pricing models).
27 B. Schlender, The New Soul of a Wealth Machine, Fortune, Apr. 5, 2004, at 102, 104, where Peter Drucker is said to have
noted that the Internet has the power to fundamentally change the way companies do things and the markets in which they
compete. “The Internet makes it possible for persons worldwide to buy, sell and ship goods to or from anywhere in the world
from their own living room using a computer and an Internet hook-up.” See also Toys “R” Us, Inc. v. Step Two, S.A., 318 F.3d
446, 454 (3d Cir. 2003); Euromarket Designs, Inc. v. Crate & Barrel Limited, 96 F. Supp.2d 824, 827 (N.D. Ill. 2000); Zippo
Manufacturing Co. v. Zippo DotCom, Inc., 952 F. Supp.2d 1119, 1124 (W.D. Pa. 1997).
28 J. Webber, Culture of Risk, The Industry Standard, June 5, 2000, at 11.
29 D. Kirpatrick & D. Roth, Why There is No Escaping the Blog, Fortune at 44, Jan. 10, 2005.
30 Chairman’s Foreword, IBM Annual Report for 2001 (2002), at 3 (emphasis added). Indeed, Wal-Mart’s adoption of various
technologies has the power to drive new developments. See also Mark Roberti, RFID Aided Marines in Iraq, RFiD Journal,
Feb. 21, 2005 (available online at http://www.rfidjournal.com/article/articleprint/1414/-1/1); B. Feder, Wal-Mart’s tracking
Tags Are Getting First Field Test, The New York Times, May 1, 2004 at B14 (reporting on Wal-Mart’s adoption of radio tags
using “RFID” technology at the store level).
31 Chairman’s Letter, IBM Annual Report for 2003 (2004), at 4.
Page 6
Just a few years ago, we had no idea where cargo was [in our supply chain]….
RFID has revolutionized how these guys are doing it down on the ground [so
that they can see, in real time, where supplies are, and] that allows commanders
to reduce how many parts they order because they are no longer afraid that
they’re not going to get what they need …. In the past, we’ve found examples
where a crucial part or needed supplies were ordered a dozen times because the
commander in the field had no visibility. He now has confidence in the system
because he can see [his requested part or shipment] move.32
To the same effect, Bill Gates noted that the companies that do not use information technologies effectively will fall
behind.33 Managing information effectively is an essential e-business strategy.
These developments in technology and business are staggering, and the pace at which they arise can be breathtaking.
But because developments in “the law” typically react to these developments – instead of trying to anticipate and
regulate ahead of time - the “law” is often a body of rules that are trying to keep pace with technology. To
understand how the law will apply to these matters, one must consider and bear in mind an amalgam consisting of
statutes, administrative rules and rulings, and court decisions.
32 Mark Roberti, RFID Aided Marines in Iraq, RFiD Journal, Feb. 21, 2005 (available online at
http://www.rfidjournal.com/article/articleprint/1414/-1/1).
33 Robert Hof, “Why Tech Will Bloom Again,” Bus. Week 64, 67 (Aug. 25, 2003).
Page 7
FRANCHISE AND DISTRIBUTION ARRANGEMENTS
Agreements granting rights to distribute traditional goods, software and other information products owned or
controlled by a third party will typically identify the territory and channels of trade within which product
distribution is authorized. Companies must be very sensitive to any preexisting distribution agreements that may
affect e-commerce or electronic distribution to make sure that there is not a violation of any grant of “exclusive” or
other rights by advertising, promoting, or selling through a website. Similarly, companies need to be sure that, as
a distributor, they do not violate any territorial restrictions or other restrictions on the grant of distribution rights.
Since e-commerce is global, it is very easy to create a conflict with prior distribution and marketing channels.
Channel conflict and contention as the result of e-commerce sales is a real problem today, especially with
manufacturers entering markets that were previously handled by distributors and retailers,34 even if such channel
competition is merely perceived.35 Likewise there is more competition generally because e-tailers can serve a much
broader market. While the internet is fundamentally changing the way distribution models work, it has not altered
the fundamental effectiveness of bricks-and-mortar businesses.36
Agreements today should expressly contemplate and permit e-business, and it is even more important now to avoid
any exclusive arrangements that could preclude e-business. This is particularly so in the case of franchise
agreements, given the length of time that franchise agreements last, as these arrangements commonly have terms that
run from 10-20 years. Any territorial restrictions may be difficult to enforce. For example, if a distributor is
authorized to sell the products in a specified territory and that distributor establishes an e-commerce website in the
territory that is accessible to customers outside the territory, potential problems exist without regard to whether the
territory is an “exclusive” or “non-exclusive” territory. A few cases illustrate some of these points:
• The case of Playboy Enterprises, Inc. v. Chuckleberry Publishing Co.37 suggests how courts might try to
deal with territorial distribution problems that arise in global e-business. In Chuckleberry the defendant
was alleged to have infringed on PEI’s copyrighted images, and was ordered to: (1) either shut down its
internet site completely or stop accepting new customers residing in the U.S.; (2) invalidate user names
and passwords previously issued to U.S. purchasers; and (3) revise its internet site to indicate that any
purchase requests from U.S. customers will be denied.
34 “Sun Moves Into Online Auctions,” The Industry Standard at 30 (Aug. 16-23, 1999); K. Brooker, First: E-Rivals Seem To
Have Home Depot Awfully Nervous, Fortune at 28 (Aug. 16, 1999).
35 See, e.g., First Jewellery Co. of Canada Inc. v. Internet Shopping Network LLC, 2000 U.S. Dist. LEXIS 794 (S.D.N.Y. 2000)
(wholesaler concerned that customers would believe it was competing directly with its customers).
36 See, e.g., Ralph Kisiel, Internet’s impact at the dealership? Less than feared, Automotive News at 27 (Jan. 20, 2003). See
also Agrawal, Arjona, and Lemmens, E-performance: The path to rational exuberance – successful e-commerce companies
are following tried-and-true principles from the brick-and-mortar world, The McKinsey Quarterly, 2001 Number 1, at 31.
However, there are some industries that face the challenge of competing with technological innovation. See, e.g., Goodbye to
the video store, The Economist, Sep. 19, 2002 (available online) (the article’s subtitle is aptly descriptive: “Streaming video –
for too long, ‘video-on-demand’ has promised more than it could deliver. But new ways are emerging for shrink-wrapping
massive video files for delivery over the Internet.”)
37 939 F. Supp. 1032 (S.D.N.Y. 1996).
Page 8
• Another case, California Closet Co., Inc. v. Space Organizational Sys., Inc.,38 involved a franchisee who
registered and used the domain name californiacloset.com, who operated a website at that address which
appeared to be the franchisor’s site, and who took system-wide sales leads from the website. In California
Closet, the court ordered that franchisee to stop using the domain name, stop making unauthorized use of
the marks, and stop engaging in unauthorized advertising – on the basis of a franchise agreement that
provided for the franchisor’s prior written consent to any proposed use of the marks and any proposed
advertising.
• In Travel Impressions v. Kaufman,39 a franchisor
sought a preliminary injunction to prevent a NYC
franchisee from using the domain name
www.empress.com and the telephone number 1-800-
EMPRESS. The court denied the preliminary
injunction, noting (among other things) that it was
not clear whether the franchise agreement actually
granted the franchisee a broad right to use of marks – even in a limited geographic area. Travel Impressions
points out the need for a very carefully-prepared grant of rights to use the franchisor’s mark.
European Competition Law. EU competition law also affects the way franchise agreements should deal with
internet usage by franchisees and distributors. The Vertical Restraints Block Exemption,40 interpreting Article
81(1) of the Treaty of Rome, prohibits any agreement or concerted practice which has the object or effect of
“preventing, restricting, or distorting” competition. Breach of Article 81(1) may put a franchisor at risk of fines or
of having non-compliant franchise agreements deemed unenforceable. In relevant portion, the Vertical Restraints
Block Exemption addresses internet sales in an indirect manner. Article 4(c) of the Exemption bars limits on passive
sales methods. Passive sales are those in which the seller responds to the buyer’s request, and where the seller did
not solicit the requests. Article 4(c) of the Exemption notes that in order to qualify for the exemption, a vertical
agreement may not include:
“the restriction of active or passive sales to end users by members of a selective distribution
system operating at the retail level of trade, without prejudice to the possibility of prohibiting a
member of the system from operating out of an unauthorised place of establishment ….”
To provide guidance as to this standard, the Commission issued Guidelines on Vertical Restraints on November
13, 2000.41 In relevant part, the Guidelines addressed internet sales as follows:
Every distributor must be free to use the internet to advertise or to sell products. A restriction on
the use of the internet by distributors could only be compatible with the Block Exemption
Regulation to the extent that promotion on the internet or sales over the internet would lead to
active selling into other distributors' exclusive territories or customer groups. In general, the use of
the internet is not considered a form of active sales into such territories or customer groups, since
it is a reasonable way to reach every customer. The fact that it may have effects outside one's own
territory or customer group results from the technology, i.e. the easy access from everywhere. If a
customer visits the web site of a distributor and contacts the distributor and if such contact leads
to a sale, including delivery, then that is considered passive selling. The language used on the
38 Bus. Franchise Guide (CCH) ¶ 11,150 (E.D. Wis. 1997). California Closet was the first franchise case involving unauthorized
B2C e-commerce and cybersquatting.
39 1997 U.S. Dist. LEXIS 23217 (E.D.N.Y. 1997) (reprinted at Bus. Franchise Guide (CCH) ¶¶ 11,470 and 11,471).
40 Commission Regulation (EC) No 2790/1999 of 22 December 1999 on the application of Article 81(3) of the Treaty to
categories of vertical agreements and concerted practices, 1999 O.J. (L 336) 21-25.
41 Commission Notice (Guidelines on Vertical Restraints), 2000 O.J. (L 291) 1-44.
California Closet shows that an
online rogue – here a franchisee – is
just as much a threat to franchisees
as it is to the franchisor.
Page 9
website or in the communication plays normally no role in that respect. Insofar as a web site is
not specifically targeted at customers primarily inside the territory or customer group exclusively
allocated to another distributor, for instance with the use of banners or links in pages of providers
specifically available to these exclusively allocated customers, the website is not considered a form
of active selling. However, unsolicited e-mails sent to individual customers or specific customer
groups are considered active selling. The same considerations apply to selling by catalogue.
Notwithstanding what has been said before, the supplier may require quality standards for the use
of the internet site to resell his goods, just as the supplier may require quality standards for a shop
or for advertising and promotion in general. The latter may be relevant in particular for selective
distribution. An outright ban on internet or catalogue selling is only possible if there is an
objective justification. In any case, the supplier cannot reserve to itself sales and/or advertising
over the internet.42
In effect, Article 4(c) has been interpreted to mean that a franchisee must be able to use the web to engage in passive
off-site advertising and sales. A franchisor is free to impose quality control standards – for example, pertaining to
the content, look and feel, and appearance of a franchisee’s website – and, through the right to review and approve
advertising and trademark usage, the domain name at which the website can be accessed. The franchisor cannot use
these standards as a pretext for preventing franchisee use of the internet, and may only impose these conditions so
long as the franchisee is not prevented from engaging in passive sales.
Hyperlinks and Distribution Systems. Another issue involving distribution systems may be a claim raised by
some retailers that manufacturers use hyperlinks contained in products sold by retailers to pirate the retailer’s
customers. The National Association of Recording Merchandisers claimed that Sony used links on the Sony CDs
that the retailers sell in order to direct the customers to websites owned or controlled by Sony. The retailers claim
that the embedded link to Sony’s website is an unlawful tying arrangement in violation of the Federal antitrust
laws, since Sony will not sell CDs to the retailers without the links. The retailers claimed that their customers will
eventually stop patronizing their stores to make purchases (preferring, instead, to shop online) because of Sony’s
alleged unlawful bundling practices (i.e., that Sony would not sell CDs without the links that lead customers
directly to Sony’s website).
Interstate E-Commerce Sales. A closely-watched U.S. Supreme Court case in 2005 involved whether states can
prefer in-state competitors over out-of-state companies when it came to allowing the sale of products – here, wine.
In Granholm v. Heald,43 the Supreme Court struck down New York and Michigan statutes banning out-of-state
wineries from shipping wine directly to in-state consumers, but at the same time allowing in-state wineries to ship
to the same customers. The Court found the difference in how in-state and out-of-state wineries were treated
constituted discrimination against interstate commerce. The Court also rejected an argument that the Twenty-first
Amendment to the Constitution gave states the absolute authority – despite the Commerce Clause – to regulate
wine sales in their states.44 In reaching that conclusion, the Court emphatically concluded that the principles
underpinning the Commerce Clause trump the language of the Twenty-first Amendment:
State policies are protected under the Twenty-first Amendment when they treat liquor produced
out of state the same as its domestic equivalent. The instant cases, in contrast, involve
straightforward attempts to discriminate in favor of local producers. The discrimination is contrary
to the Commerce Clause and is not saved by the Twenty-first Amendment.”45
42 Id. at ¶ 51. There is not yet guidance on what conditions might rise to the level of “objective justification” for a franchisor
seeking to ban a franchisee’s web sales.
43 125 S. Ct. 1885 (2005).
44 125 S. Ct. 1885, at 1905.
45 Id. (emphasis added).
Page 10
In Granholm, the Supreme Court also noted that technological improvements, in particular wineries’ ability to sell
their wares over the Internet, have helped make direct shipments an attractive sales channel. The Court also noted
that the FTC had identified that state bans on interstate direct shipping were the single largest regulatory barrier to
expanded e-commerce in that line of commerce. In addition to balancing the Commerce Clause and the provisions
of the Twenty-first Amendment, the Court also examined the states’ arguments that they had a legitimate interest in
their regulatory approach – namely, protecting minors who might otherwise purchase wine over the Internet. The
Court discounted that argument and observed that “[e]ven were we to credit the States’ largely unsupported claim
that direct shipping of wine increases the risk of underage drinking, this would not justify regulations limiting only
out-of-state direct shipments.”46 Ultimately, while the Granholm ruling is a very strong message from the Court as
to the primacy of federal Commerce Clause power, the impact is to significantly bolster not only e-business in the
wine industry, but the broad range of interstate e-business in general.
DOMAIN NAMES AND CYBERSQUATTING
There are two kinds of domain names – generic top-level domains (gTLD’s)47 and country-code top-level domains
(ccTLD’s).48 Domain names have acquired added significance, as they become the main identifier used by ebusiness
vendors to steer traffic to their site.49 Not recognized as trademarks per se, domain names can be protected
through trademark and unfair competition laws if the proper steps are taken in implementing their use. Domain
names can also be protected in the U.S. under the Anticybersquatting Consumer Protection Act (the “ACPA”),
internationally under ICANN’s Uniform Dispute Resolution Procedures (the “UDRP”), and otherwise by similar
means as discussed below.
The challenges in the
domain name world –
ranging from
cybersquatters to the
problem of where to
register your domain name
– can multiply daily without
careful planning and keen
attention.
Domain names may be used as a trademark if used to sell goods or
service mark if used to sell services. The domain name itself may
also be registered as trademarks, provided, in the case of the United
States, that the domain name is used as the brand for the website or a
portion of it. However, mere registration of a domain name does not
by itself afford the domain name owner the right to obtain a
trademark for the same name.50
46 Id. at 1905-06.
47 Originally, there were seven gTLDs: .com, .edu, .gov, .int, .mil, .net, and .org. Others have since been added, including
.aero, .biz, .coop, .info, .jobs, .mobi, .museum, .name, .pro., and .travel. Within ICANN, there are discussions centering on the
possibility that additional gTLDs will be authorized.
48 ccTLDs are two-letter names, such as .uk (United Kingdom), .de (Germany) and .us (United States) and correspond to a
particular country.
49 An Internet domain name is a unique name that identifies one or more Internet Protocol address. See Internet Yellow Pages
Network, Inc. v. Zconnexx Corp., 2000 U.S. Dist. LEXIS 15712 (W.D.N.Y. 2000). See also Horseshoe Bay Resort Sales Co.
v. Lake Lyndon B. Johnson Improvement Corp., 2001 App. LEXIS 5355 (Tex. Ct. App. 2001) (“domain names are valuable
business assets because they function as the address for a site on the web”). For an excellent review of cases in which the
term “domain name” is defined, and an excellent internet glossary, see Michael D. Scott, Internet and Technology Law Desk
Reference (2003).
50 See, e.g., eCash Technologies, Inc. v. Guagliardo, 2000 U.S. Dist. LEXIS 18314 (C.D. Cal. 2000), citing Brookfield
Communications, Inc. v. West Coast Enter. Corp., 174 F.3d 1036 (9th Cir. 1999).
Page 11
One problem that has arisen in connection with domain names is with cybersquatters who register company domain
names then seek payment from the company to transfer and assign the domain names to the company51 or to simply
use the domain name for profit.52 Many companies are finding that a significant amount of time and attention needs
to be paid to monitoring domain name usage and attacking cybersquatting when it occurs, in order to protect the
company’s intellectual property rights and investment in its internet operations.53 A Cyveillance executive
observed that “ ‘[w]e’ve never had a client whose jaw didn’t drop when he or she saw some of the things that are
uncovered. They just had no idea the extent was that great. Our average Fortune 500 client has an average of about
650 abuse situations out there, and that’s growing.’ ” 54
Cybersquatters’ efforts include domain names with just one letter different (sometimes referred to as
“typosquatters”)55 and to “.net,” “.org” variations of the “.com” domain name, as well as ccTLD’s (such as .cc,
.tv, and other domain names that are marketed by U.S. registrars).56 The courts have ruled consistently against
cybersquatters usually under trademark infringement or trademark dilution grounds, or under the ACPA, as
discussed below. This is sometimes referred to as abusive domain name registration. The ACPA provides a
powerful remedy to combat cybersquatting. Corporate domain name strategies should contemplate registration of
related domain names to guard against similar domain names being registered and used by others.57
One strategy is to consider “cluster registrations.” By registering the domain name in all of the most likely-used
gTLDs and ccTLDs relevant to the trademark owner’s business operations, the company may avoid some confusion
51 For an extensive summary of the impact that cybersquatting has on commerce, see the U.S. Senate Report in connection with
the Anticybersquatting Consumer Protection Act (the “ACPA”), S. Rep. No. 106-140 (1999).
52 See, e.g., Target Advertising Inc. v. Miller, 2002 U.S. Dist. LEXIS 8702 (S.D.N.Y. May 14, 2002) (ACPA applies not only to
attempted profit from selling another party’s domain name, but also profiting from use of another party’s domain name as a
web address).
53 See, e.g., Ritchenya Shepherd, Counsels’ Domain-Name Pains, Porno, Infringement, and Cybersquatters: The Web’s New
Frontier, National L. J., Sept. 4, 2000, at B1.
54 Steven Andersen, Law Departments Wrestle With Internet Infringement Issues, 10 Corp. Legal Times 109 at 1, 24-27 (Dec.
2000).
55 However, the courts will strike down typosquatting under the same rules that apply to more straightforward domain name
hijacking. See, e.g., Shields v. Zuccarini, 254 F.3d 476 (3d Cir. 2001); Toronto-Dominion Bank v. Karpachev, 188 F. Supp.2d
110 (D. Mass. 2002). See also Declan McCullagh, Court cracks down on URL copycat, CNET news.com (Oct. 8, 2002) (at
http://news.com.com/2100-1023-961276.html) (reporting on a court ruling threatening to hold defendant in contempt where
defendant had registered the domain name WPNI.org, which is similar to the e-mail address (WPNI.com) used by many
Washington Post reporters, in a confessed effort to divert e-mails intended for reporters, due to registrant’s opposition to the
newspaper’s editorial policies).
56 For example, in December 2001VeriSign Inc. (the exclusive registry of the .com gTLD until 2007 and the world’s largest
registrar of domain names) purchased eNIC, the registry for .cc ccTLD’s (the Cocos Islands), and the exclusive worldwide
rights to serve as the registry for the .tv ccTLD. VeriSign will use its considerable marketing muscle to promote and sell .cc
and .tv domain names along with other domain name offerings, such as gTLD’s .com, .org, .net, .info, and .biz and other
ccTLD’s such as .bz (Belize), and .ws (Western Samoa). See David McGuire, VeriSign Buys .cc Internet Domain Name
Registry, NewsBytes.com (Dec. 18, 2001) (available at http://www.newsbytes.com/news/01/173085.html); Margaret Kane,
VeriSign buys .tv Web domain, c|net News.com (Jan. 7, 2002) (available at http://news.cnet.com/news/0-1005-200-
8393177.html?tag=nbs).
57 Registrars themselves are largely shielded from claims that they have infringed on the basis that the registrar permitted a third
party to register a domain name that contains a famous mark. See, e.g., Lockheed Martin Corp. v. Network Solutions, Inc., 194
F.3d 980 (9th Cir. 1999) (Lanham Act claim); Lockheed Martin Corp. v. Network Solutions, Inc., 141 F. Supp.2d 648 (N.D.
Tex. 2001) (Anticybersquatting Act claim). One court has also concluded that registrars are shielded from liability under the
ACPA when they offer to sell domain names for third parties. See also Ford Motor Co. v. Great Domains.com, Inc., 2001
U.S. Dist. LEXIS 21301 at *39-40 (E.D. Mich. 2001) (registrar offering to sell domain names on behalf of its own customers
did not “traffic in” the domain name; “traffics in” element of the ACPA requires “a direct transfer or ownership interest in a
domain name to or from the defendant”).
Page 12
and dilution, and may preclude other parties from registering and “squatting upon” important domain names. It
may also be prudent to register local misspellings of the company name,58 the company name and trade name in
non-Latin character sets,59 hyphenated versions of two-word marks, foreign language translations, as well as
common “nicknames” by which the company is known in the industry (e.g., FedEx, Mickey D). Companies
should also consider whether to acquire widely-used pejorative extensions of their house marks, especially in the
marquee gTLDs (such as .com), examples of which would include “companysucks.com,” “companyfraud.com,” and
“companybeware.com.”
There are many ICANN arbitration cases in which trademark owners have succeeded60 and some as well in which
trademark owners have failed61 to obtain the transfer or cancellation of domain names containing their trademarks
with the suffix “sucks.” In a decision handed down in May 2005, a WIPO panel ordered the domain name
airfrancesucks.com to be transferred to Air France, concluding that the pejorative connotation of the term “sucks”
may be unfamiliar to non-English speakers, and therefore, “a large proportion of internet users therefore are likely to
be confused by ‘-sucks’ domain names.” 62
Courts have not been hospitable to arguments that cybergripers (discussed generally in a separate section of these
materials) are engaged in violations of the ACPA. In a case decided in April 2004 by the U.S. Court of Appeals for
the Fifth Circuit, the court concluded that a defendant’s registration of domain names used to run a website where
the content was not commercial, but, rather was “to inform potential customers about a negative experience with the
company.” The court concluded that the defendant’s conduct “is not the kind of harm that ACPA was designed to
58 Some vulnerabilities along these lines raise significant issues that may transcend a particular company’s scope of operation.
For example, ICANN issued a statement on February 23, 2005 in which it expressed concern regarding homograph attacks, in
which scammers would use domain names with similar characters to spoof well-known websites, which may be particularly
exacerbated, in ICANN’s view, as Internationalized Domain Names (IDN’s), using non-Latin characters, become more
commonly used. ICANN’s statement noted that “[h]omograph domain name spoofing works by exploiting the visual
resemblance, or near resemblance of certain characters and symbols. These can be characters in the standard ASCII
character set (such as the resemblance between the numeral "1" and the lower-case letter "l" or the letter "O" and the
numeric zero ("0") in some fonts), or characters taken from different languages (such as the character " " [Greek capital
letter Beta], and the character "B" [Latin capital letter B], or the potential confusion amongst Chinese, Japanese, and Korean
character sets).” ICANN, Statement on IDN Homograph Attacks and Request for Public Comment, Feb. 23, 2004 (available
online at http://www.icann.org/announcements/announcement-23feb05.htm).
59 A domain name registration in the .com gTLD can be obtained using any of 39 different character sets, using the IDN
Language Registry Tables, ranging from Greek to Hebrew, Arabic to Kanji (Japanese), Cyrillic to Chinese, and Devanagari
to Korean. A complete list can be found at http://global.networksolutions.com/en_US/name-it/languagelist.jhtml. The previous
note observes that the expansion of IDNs may cause problems where combination names (e.g., those combining Latin
characters are combined with one or two non-Latin characters, for example, BankofAmerica.com spelled with a Greek letter
Beta instead of the Latin capital B) might appear to be authentic, but could lead a web user to a scam site).
60 See, e.g., Berlitz Investment Corp. v. Tinculescu, Case No D2003-0465 (WIPO Aug. 22, 2003) (berlitzsucks.com); Wal-Mart
Stores, Inc. v. Walsucks and Walmarket Puerto Rico, Case No D2000-0477 (WIPO Jul 25, 2000) (walmartcanadasucks.com,
wal-martcanadasucks.com, walmartuksucks.com, walmartpuertorico.com, and walmartpuertoricosucks.com).
61 See, e.g., Savin Corporation v. savinsucks.com, No FA0201000103982 (Nat’l Arb. Forum, Jan. 24, 2002), Wal-Mart Stores,
Inc. v. wallmartcanadasucks.com and Kenneth J. Harvey, Case No. D2000-1104 (Nov. 23, 2000) (contrasted with the
decision several months earlier, in Wal-Mart Stores, WIPO Case No D2000-0477, in which the panel awarded transfer of the
domain name walmartcanadasucks.com).
62 Societé Air France v. Virtual Dates, Inc., Case No. D2005-0168 (WIPO, May 24, 2005). But see Asda Group Limited v.
Kilgour, Case No. D2002-0857 (WIPO, Nov. 11, 2002), a case involving an English-language website concerning a British
party, and in which the panel determined that language confusion was unlikely. “by now the number of Internet users who do
not appreciate the significance of the ‘-sucks’ suffix must be so small as to be de minimis and not worthy of consideration.
The Panel notes that the Complainant puts forward no evidence to substantiate that contention. The Panel believes that Internet
users will be well aware that a domain name with a ‘-sucks’ suffix does not have the approval of the relevant trade mark
owner.” See generally NAF Panels Diverge on Proprietary of ‘Sucks’ Domains in Cases Involving Identical Parties, 10
Electronic Commerce & L. Rep. (BNA) 38, at 963-94 (Oct. 5, 2005).
Page 13
prevent.”63 A federal district court reviewing a similar claim, involving an attack on a domain name used to run a
cybergripe site, concluded that:
This Court finds that an analysis of the fourth factor under bad faith – whether Defendant had a
“bona fide noncommercial or fair use of the mark” – speaks to the ultimate disposition of this
case, and demonstrates why Defendant cannot be held liable under the ACPA. The purpose of this
element is to protect domain name registrations and users engaged in protected activities such as
critical commentary. This factor should be examined in tandem with the “safe harbor” in the
ACPA which provides that bad faith intent shall “not be found in any case in which the court
determines that the person believed and had reasonable grounds to believe that the use of the
domain name was a fair use or otherwise lawful.” 15 U.S.C. § 1125(d)(1)(B)(2). As discussed
herein, because Defendant had a “bona fide noncommercial” use of the mark, and had reasonable
grounds to believe his use was lawful, Plaintiff’s claim must fail.64
Companies should also consider proactively registering legitimate names before other parties who might have a
successful defense are able to do so. For example, Nissan Motor Co. for years fought the owner of several domain
names using the Nissan name (nissan.com and nissan.net), an individual named Uzi Nissan, who operates a
company under the name Nissan Computer Corp.; ultimately, Mr. Nissan was allowed to operate a website at those
names, but under tight restrictions.65
Country-code TLDs – such as .ca for Canada, .uk for the United Kingdom, .jp for Japan, .au for Australia – are
available through the registrars for each ccTLD. Not surprisingly, a study released on December 6, 2001 by the
Canadian Internet Registration Authority (CIRA) found that over 70% of Canadians would prefer to shop online at a
website that uses the .ca ccTLD, which indicates that the merchant is Canadian, rather than the generic .com
gTLD.66 A similar survey conducted in the U.S. also found that consumers would prefer visiting a website that
uses the new .us ccTLD than sites using generic .com TLDs.67 When given the opportunity to do so, Australians
seem to choose ccTLD names in the .com.au registry over names in the .com gTLD.68
63 TMI Inc. v. Maxwell, 368 F.3d 433, 439-440 (5th Cir. 2004) (citing Lucas Nursery & Landscaping, Inc. v. Grosse, 359 F.3d
806, 809 (6th Cir. 2004), in which the Sixth Circuit reached a similar conclusion as in TMI).
64 Mayflower Transit, LLC v. Prince, 314 F.Supp. 2d 362, 369 (D.N.J. 2004). See also People for the Ethical Treatment of
Animals v. Doughney, 263 F.3d 359, 266 (4th Cir. 2001) (by using plaintiff’s mark as a domain name, the defendant satisfied
the commercial use requirement by, in effect, preventing users from reaching the plaintiff’s legitimate site); but see Bosley
Medical Inst. v. Kremer, 2005 U.S. App. LEXIS 5329 (9th Cir., Apr. 4, 2005) (distinguishing Doughney and reaching opposite
conclusion).
65 Nissan Motor Co. Ltd. v. Nissan Computer Corp., 378 F.3d 1002 (9th Cir. 2004). See Ralph Kisiel, Automaker fought
businessman with cybersquatting, trademark laws, Automotive News at 5-IT (Dec. 16, 2002). Cf. Virtual Works, Inc. v.
Network Solutions, Inc., 106 F.Supp.2d 845, 847 (E.D. Va. 2000), aff’d sub nom., Virtual Works, Inc. v. Volkswagen of Am.,
Inc., 238 F.3d 265 (4th Cir. 2001) (In assessing the defendant’s registration of the name vw.net, the district court observed that
“[t]he holder of a domain name should give up that domain name when it is ‘an intuitive domain name’ that belongs to
another.”).
66 Canadian Internet Registration Authority Press Release, Dec. 6, 2001 (http://www.cira.ca/news-releases/55.html).
67 Neustar Press Release, April 24, 2002 (http://www.neustar.us).
68 ZDNet: Australians still opting for local domain name (Jan. 10, 2003)
(http://www.nua.com/surveys/?f=vs&art_id=905358702&rel=true). This trend was confirmed in June 2004, when the
Australian Department of Communications, Information Technology & the Arts (DCITA) announced that the total number of
.au domain name registrations grew to more than 433,000 of which there were more than 110,000 new “.com.au” names
registered. Because of this growth and to spur additional registrations, the .au registry authority reduced the charge paid by
registrars to register a new .au domain name to Aus$7.50. News Release, Minister for Communications, Information
Technology and the Arts, “Demand For Web Delivers Cost Savings To Consumers” (June 17, 2004) (available at
http://www.dcita.gov.au/Article/0,,0_1-2_1-4_119204,00.html).
Page 14
Some ccTLD names may hold particular interest due to the way in which those extensions are understood by
consumers. For example, Tuvalu’s .tv and Moldova’s .md are particularly attractive to website operators who seek
to have their site addresses resonate with television viewers and medical patients. The .tv domain name (for which,
as noted above, VeriSign Inc. purchased the exclusive worldwide registry rights in 2001) is considerably attractive
to television broadcasters. In 2004, the right to market the .md domain name was purchased by a New Jersey based
company;69 the .md ccTLD has since been marketed as “The Healthcare Domain.”
One popular strategy for companies with similar domain names or similar company names but different domain
names is to develop a separate website that serves as a traffic director to avoid confusion. Visitors will go to the
master site bearing the logical domain name visitors would likely go to if they were searching the web. This
directory site would have information about each company to help the visitor find the site they are seeking.
Companies are well-advised not to register or use another party’s trademark as a domain name. Using another
party’s trademark as a domain name may constitute trademark infringement under traditional likelihood of confusion
principles.70 Such use directs attention to another website using the goodwill of the trademark owner and may be
deemed to create initial interest confusion.
In May 1999, Time Magazine reported that approximately five million domains had been registered worldwide, of
which eighty-five percent were “.com” domains.71 It took four years to register the first one million domain names
but only three months to go from four million to five million domain names.72 As of August 31, 2005, there were
over 49.9 million domain names registered in the .com, .org, and .net gTLDs, and an additional 4.9 million
registered domain names in the .biz and .info registries.73 Also at the end of 2004, there were over 25.2 million
registered domain names in the ccTLD’s – including almost 8.2 million names for .de (Germany), 3.8 million
names for .uk (England), 1.3 million names for .nl (the Netherlands), 992,434 for .it (Italy), and 320,787 for .fr
(France).74 By July 2005, China’s fast-growing ccTLD (.cn) had moved up to the ninth spot overall in the world,
displacing the Danish ccTLD from the list of the top ten ccTLDs, ranked by the number of registrations.75
69 Tom Zeller, After Years of Battle, Some ‘.md’ Web Sites Are Going Online, The New York Times, Dec. 13, 2004, at C9.
70 See, e.g., PACCAR, Inc. v. TeleScan Technologies, L.L.C., 319 F.3d 243 (6th Cir. 2003) (court upheld a preliminary injunction
against the defendant’s operation of websites at domain names that incorporated the plaintiff’s marks, such as
peterbiltnewtrucks.com; however court rejected injunction against use of the plaintiff’s marks in the metatags of the
defendant’s websites, since the metatags properly identified the services referenced on the defendant’s websites). But see
J.K. Harris & Co LLC v. Kassel, 253 F. Supp. 2d 1120, 1126 (N.D. Cal. 2003) (defendants’ use of trade name “J.K. Harris” to
refer to the tax representation service was not actionable because all three elements of New Kids on the Block test were met
(see discussion of the New Kids on the Block test, established in 971 F.2d 302 (9th Cir. 1992), in this paper in connection with
the initial interest confusion standard, under the subheading “Meta-Tags.”)).
71 Paul Beban, Master of Your Domain, Time Magazine, May 17, 1999, available at 1999 WL 15941149.
72 The Industry Standard, Sept. 20, 1999, at 208. See Worldsport Networks Limited v. Artinternet S.A., 1999 WL 269719 (E.D.
Pa. 1999).
73 VeriSign, Digital Branding Bulletin, Sept. 2005.
74 Id.
75 As of July 2005, the top ten ccTLDs were: (1) .de (Germany); (2) .uk (United Kingdom); (3) .ar (Argentina); (4) .nl
(Netherlands); (5) .it (Italy); (6) .us (United States); (7) .br (Brazil); (8) .ch (Switzerland); (9) .cn (China); and (10) .jp
(Japan). VeriSign, 2 The Domain Name Industry Brief 3, at p.4 (Aug. 2005).
Page 15
The new .mobi domain name is
a new way to do a new thing –
that is, reach consumers when
they are making on-the-go
purchasing decisions.
The ACPA provides
trademark owners with a
very powerful tool to use
in attacking
cybersquatters.
Over time, ICANN has approved eleven additional generic top-level domain
names (gTLDs), including .aero, .biz, .coop, .info, .jobs, .mobi, .museum,
.name, .post, .pro, and .travel. Of these seven, three - .biz, .info, and .name
– were made available to the public at large; the others are for use by
individuals and organizations that qualify for a specialized gTLD: .aero is
intended for airlines as well as the aircraft
and aeronautics industries; .coop is to be used by cooperatives; .jobs is to be used by the hiring and H.R.
community, .mobi for content providers for mobile phones users (backed by technology and mobile phone
companies, including Microsoft, Nokia, and T-Mobile), .museum is to be used by museums and similar
organizations; .pro is reserved for persons and firms operating in certain professions; and .travel is to be used by
those in the travel industry. The .biz, .info, and .name gTLD’s were made available in late 2001, to afford
trademark owners a period within which to register their names before these gTLD’s were opened up to the public.
In 2006, the first of the newest TLDs – so-called “regional TLDs” – for the European Union (.eu) went live.76 The
registrar for the .eu domain – EURid – announced the start of the .eu registration procedure on October 5, 2005.77
Before the start of the open registrations on a first-come-first-served basis, there will be a sunrise period (phased
registration) to allow trademark holders to apply for the corresponding .eu domain name. In order to qualify for a .eu
domain name, a registrant must have a presence in the European Community – for example, the registrant must be
an individual who resides in the European Community, a company with a physical presence in the European
Community, or an entity organized in the European Community.
The .mobi domain name was created to resolve problems commonly experienced when trying to view websites from
portable handsets. This specialized gTLD promises increased public access to the Internet in a world where four
mobile phones are purchased for every one personal computer and where in 2006, the wireless handset market was
predicted to exceed US$136 billion. It is widely believed that the use of the .mobi suffix will encourage the usage
of advanced functionalities in mobile phones and PDAs, thereby increasing the market potential for such portable
devices. An article published in May 2006 in The Wall Street Journal observed that many companies have backed
the .mobi domain name because, in turn, the new domain name will encourage the sale of “smartphones” and other
Internet-ready mobile devices.78 The article also noted that the .mobi domain name will give companies like
Google, Yahoo, and MSN a chance to market more effectively on cell phones, which advertisers hope will be more
effective because the cell phone is perceived as a more personal device than a PC. As this happens, websites
specifically catering to mobile users are likely to spring up and
take advantage of the opportunity to reach consumers where they
can often be found – out of their homes, out of their offices, and
on the road – when they are most ready to buy goods and
services.
Monitoring domain name use and handling disputes over domain
names have proven to be a major issue for most companies. In
the U.S., actions can be brought under the Anticybersquatting Consumer Protection Act, which took effect
November 29, 1999.79 Under this standard, among other things, the trademark owner must prove that the domain
76 Another proposal pending before ICANN would lead to the establishment of a dot asia regional TLD. See generally
http://www.dotasia.org.
77 The rules for the .eu registration process were drafted in accordance with two regulations: Regulation (EC) No. 733/2002 of
the European Parliament and of the Council of April 22, 2002 on the implementation of the .eu Top Level Domain, OJ L 113,
April 30, 2002, pp. 1–5, and Regulation (EC) No. 874/2004 of April 28, 2004, OJ L 162, 30.04.2004, pp. 40–50.
78 Li Yuan, New Domain Name - .mobi – Could Spur Wireless Web, The Wall Street Journal (May 26, 2006) (available online at
http://webreprints.djreprints.com/1480430400196.html).
79 Pub. L. 106-113, § 1000(a)(9) (incorporating by reference S. 1948), codified at 15 U.S.C. § 1125(d).
Page 16
name was registered or used in “bad faith.” The statute provides nine examples of the factors that courts may
consider in assessing whether or not bad faith is present; these factors are not exclusive and courts may consider
other factors as well.80 The ACPA applies to foreign trademarks used in U.S. commerce81 as well as U.S.
trademarks, both registered82 and unregistered.83 However, the ACPA may not be used to enforce foreign trademark
rights.84 In a successful ACPA action for a domain name that was registered, used, or trafficked in after the Act took
effect, the plaintiff can be awarded a transfer of the domain name, statutory damages ranging from $1,000 to $100,000
per domain name infringed, and legal fees.85 For example, in Electronics Boutique Holdings Corp. v. Zuccarini,86
the court assessed the full range of penalties with respect to a repeat cybersquatter, including $500,000 in statutory
damages and over $30,000 in legal fees.
Past improper use of a mark and a domain name, even if later corrected, may still be sufficient to support a claim of
cybersquatting and trademark infringement.87
The ACPA also provides for the possibility of in rem jurisdiction,
where the plaintiff cannot locate the domain name registrant (e.g.,
where the registrant gave incorrect contact information to the registrar
Using the ACPA’s in rem
provisions, a trademark
holder can sue the domain
80 15 U.S.C. § 1125(d)(1)(B)(i).
81 See International Bancorp, LLC v. Societe Des Bains De Mer et Du Cercle des Etrangers a Monaco, 329 F.3d 359 (2003);
cert. denied, 157 L. Ed.2d 891 (2004) (upholding claim against European casino that advertised in U.S.); Federation
Internationale de Football Assoc. v. Cyclelogic, Inc., 2004 U.S. Dist. LEXIS 19245 (S.D. Fla. May 13, 2004)
(copamundial.com and copadomundo.com).
82 See Barcelona.com, Inc. v. Excelentisimo Ayuntamiento de Barcelona, 2003 U.S. App. LEXIS 10840 (4th Cir. June 2, 2003)
(ACPA and U.S. trademark law apply to dispute involving claim by Barcelona (Spain) city council against two residents of
Spain who formed a Delaware corporation, Barcelona.com, Inc.; reversing lower court and UDRP panel). See also March
Madness Athletic Assoc. LLC v. Netfire, Inc., 2005 U.S. App. LEXIS 1475 (5th Cir. Jan. 24, 2005) (upholding transfer of
marchmadness.com); Nike, Inc. v. Circle Group Internet, Inc., 318 F. Supp.2d 688 (N.D. Ill. 2004) (justdoit.net); TCPIP
Holding Co. v. Haar Communications, Inc., 2004 U.S. Dist. LEXIS 13543 (S.D.N.Y. July 19, 2004) (granting plaintiff
franchisor’s motion for summary judgment against defendant that had registered 67 domain names incorporating elements of
the plaintiff’s trademarks).
83 See Wal-Mart Stores, Inc. v. Samara Bros., 529 U.S. 205 (2000); DaimlerChrysler v. The Net, Inc., 388 F.3d 201 (6th Cir.
2004).
84 Id. The Fourth Circuit ruled that the ACPA explicitly requires application of the Lanham Act, not foreign law. The district
court’s reliance on Spanish trademark law was found erroneous.
85 In Ernest and Julio Gallo Winery v. Spider Webs Ltd., 129 F. Supp.2d 1033, 1047-48 (S.D. Tex. 2001), aff’d, 286 F.3d 270 (5th
Cir. 2002), the court awarded statutory damages of $25,000 for violations of the ACPA and the Texas Anti-Dilution Statute.
The court noted that even though the domain name had been registered before the ACPA took effect, the defendants (who
warehoused nearly 2000 domain names) used and trafficked in the domain name after the ACPA’s November 29, 1999
effective date. Id. On appeal, the U.S. Court of Appeals for the Fifth Circuit affirmed, and in doing so rejected the
defendants’ argument that it was not acting in bad faith because it was holding the domain name to sell it only if the ACPA
was declared unconstitutional. Ernest and Julio Gallo Winery v. Spider Webs Ltd., 286 F.3d 270 (5th Cir. 2002); see also
Virtual Works, Inc. v. Volkswagen of Am., Inc., 238 F.3d 265, 268 (4th Cir. 2001) (same). But if the domain name was
registered before the ACPA took effect, legal fees may not be awarded under the ACPA. See March Madness Athletic
Assoc. LLC v. Netfire, Inc., 2005 U.S. App. LEXIS 1475 (5th Cir. Jan. 24, 2005).
86 56 U.S.P.Q.2d (BNA) 1705 (E.D. Pa. 2000), motion to set aside denied, 2001 U.S. Dist. LEXIS 765 (E.D. Pa. 2001). See also
Victoria’s Cyber Secret v. V Secret Catalogue, Inc., 161 F. Supp.2d 1339 (S.D. Fla. 2001) ($120,000 plus legal fees and
transfer of four domain names). See also the discussion, infra, in this heading concerning the Federal Trade Commission’s
action under the FTC Act against a cybersquatter, John Zuccarini, where the court awarded $1,897,166 million. See FTC v.
Zuccarini, 2002 U.S. Dist. LEXIS 13324 (E.D. Pa. April 10, 2002).
87 See, e.g., Audi AG v. D'Amato, 381 F. Supp. 2d 644, 656-57 (D. Mich. 2005) (domain name infringement was ongoing and
nothing in the record clearly demonstrated that trademark infringement might not recur).
Page 17
or did not update the contact information on file), or where the
registrant can be located but is not subject to the in personam
(personal) jurisdiction of U.S. courts.88 Under the in rem clause, the
lawsuit is to be filed against the domain name itself. Jurisdiction is
typically in the district where the registrar or registry is located.89 In
rem jurisdiction continues to exist once it is determined to be
present.90 The ACPA’s in rem clause has withstood challenge to its
constitutionality.91
name itself. If all the
parties are outside the
U.S., a case involving a
.com domain name can
usually be brought in
northern Virginia, the home
of Network Solutions
In an in rem action, the plaintiff usually is required to establish the registrant’s bad faith,92 and if the action is
successful, the court will order that the domain name in question be transferred, but the court cannot assess monetary
damages. In rem actions also require the plaintiff to meet the publication requirements to perfect service of process
under the ACPA.93 Trademark infringement and dilution claims may also be brought in connection with an in rem
ACPA lawsuit.94
In addition to the ACPA, there is also the option of initiating action under the Uniform Domain Name Dispute
Resolution Policy (“UDRP”), effective January 3, 2000, which also covers domain name disputes.95 The Internet
Corporation for Assigned Names and Numbers (ICANN) established the UDRP to deal with domain name disputes.
The ICANN dispute resolution process is global in perspective and can be invoke to address domain name
registrants not located in the U.S., as well as domain names registered under certain country-code top-level domain
names (ccTLD’s) that have agreed to abide by the UDRP (registrars of ccTLD’s are not required to follow the
(footnote continued from previous page)
88 15 U.S.C. § 1125(d)(2). See, e.g., Alitalia-Linee Aree Italiane, S.p.A v. Casinolitalia.com, 128 F. Supp.2d 340 (E.D. Va. 2001)
(in rem case can only be brought if in personam jurisdiction cannot be obtained in U.S.)
89 See, e.g., Mattell, Inc. v. Barbie-Club.com, 2002 U.S. App. LEXIS 23149 (2d Cir. 2002); Fleetboston Financial Corp. v.
fleetbostonfinancial.com, 138 F. Supp.2d 121 (D. Mass. 2001).
90 See, e.g., Porsche Cars North America, Inc. v. Porsche.net, 302 F.3d 248 (4th Cir. 2002).
91 See, e.g., Cable News Network LP v. cnnnews.com, 162 F. Supp.2d 484 (E.D. Va. 2001). Cf. Parents Choice Foundation v.
parentschoice.com, No. 02-223-A (E.D. Va. filed Feb. 21, 2002) (domain name successfully transferred in court where
registry is located, through settlement with Hong Kong-based registrant that used Canadian registrar).
92 See, e.g., Cable News Network LP v. cnnnews.com, 2001 U.S. Dist. LEXIS 21388 (E.D. Va. 2001) (on remand); and Harrods
Ltd. v. Sixty Internet Domain Names, 302 F.3d 214 (4th Cir. 2002); but see Jack in the Box Inc. v. jackinthebox.org, 143 F.
Supp.2d 590 (E.D. Va. 2001) (demonstration of bad faith not necessary in an in rem action).
93 See, e.g., Cable News Network LP v. Cnnnews.com, 162 F. Supp.2d 484 (E.D. Va. 2001) (publication in Chinese and English in
Hong Kong newspapers); Shri Ram Chandra, Mission v. Sahajinorg.org, 139 F. Supp.2d 721 (E.D. Va. 2001) (publication in
India Abroad, India Abroad Online, and The Washington Post). In an in rem case involving a domain name that was
registered through a Korean registrar, the U.S. District Court for the Eastern District of Virginia ordered a transfer even
though the cybersquatter, who had defaulted in the U.S. in rem suit, obtained an order from a Korean court to prevent the
Korean registrar from transferring the name. GlobalSantaFe Corp. v. Globalsantafe.com, 250 F. Supp. 2d 610 (E.D. Va.
2003).
94 Harrods Ltd. v. Sixty Internet Domain Names, 302 F. 2d 214 (4th Cir. 2002). However, dilution claims may be tougher to
prove after the U.S. Supreme Court’s holding in Moseley v. V Secret Catalogue, Inc., 123 S. Ct. 1115 (2003), in which the
Court found that the Federal Trademark Dilution Act, 15 U.S.C. § 1125(c), requires that evidence of actual dilution must be
proven, instead of proving the likelihood that dilution had or would occur. See also Voice-Tel Enters., Inc. v. JOBA, Inc., 258
F. Supp.2d 1353, 1363 (N.D. Ga. 2003) (absent evidence of harm to franchisor’s mark, court dismissed claim that its marks
were diluted by a franchisee; moreover, the court declined to conclude that a hyperlink to an offending site was actionable
under the dilution standard).
95 For an example of the dispute policies outside the U.S., see the policy adopted by Nominet, the registrar of U.K. domain
names, at http://www.nic.uk.
Page 18
UDRP, but some do). The UDRP recognizes that in some cases a trademark owner has priority rights over a
domain name owner.
The decision of
whether to sue under
the ACPA or arbitrate
under the UDRP
typically should be
made on a case-bycase
basis, taking into
account many factors.
For a trademark owner to prevail,96 the trademark owner must establish three
elements that: (1) the contested domain name is identical or confusingly
similar to a trademark or service mark to which they have rights;97 (2) the
current holder has no rights or legitimate interests in the domain name; and
(3) the domain name was registered, and is being used in bad faith.98
Proceedings under the UDRP are quick and awards are limited to orders that
the domain name in question be transferred. About two out of every three
rulings issued thus far have been in favor of the
trademark owner.99 While these proceedings are in the nature of arbitration, federal courts in the U.S. have ruled
that they are not conducted in such a manner as to have the shield ordinarily accorded under the Federal Arbitration
Act.100 In fact, an arbitral decision rendered under the UDRP is subject to judicial review even under the terms of
the UDRP itself;101 a conclusion that has been confirmed by the federal courts.102 As such, the ACPA may be used
to overturn an UDRP decision on a disputed domain name and obtain the return of a wrongfully transferred domain
name. In 2004, Nike, Inc. brought an ACPA action to recover a domain name (www.justdoit.net) that Nike alleged
had infringed on its “Just Do It” mark, after an WIPO panel had earlier refused to transfer the domain name because
it found a lack of the “bad faith” needed to rule on Nike’s behalf.103
96 It goes without saying that ICANN proceedings should be brought by the actual trademark owner. In NBA Properties, Inc. v.
Adirondack Software Corp., WIPO No. D-2000-1211 (Dec. 8, 2000), the arbitration panel refused to transfer the domain
name knicks.com citing, among other reasons, that the trademark Knicks was not owned by NBA Properties (a licensee for
limited purposes), but, rather, by Madison Square Garden, L.P.
97 See, e.g., Lundy v. Idmaond, WIPO No. D2001-1327 (Feb. 14, 2002) (in which the Panel refused to order a transfer a domain
name after the Panel it found, inter alia, that the complainant (Marvin Lundy) “failed to establish common law service mark
rights” in the law firm name Marvin Lundy).
98 In a case involving non-use, and mere registration of a domain name, an ICANN panel deemed the registration tantamount to
bad faith under the UDRP where the registered name was widely know (here, the name Mario Lemieux, a NHL Hall of Fame
player), there was no showing a good faith use of the name by the registrant, and there was no demonstrable legitimate use of
the name by the registrant. Lemieux v. Creato, eResolution No. AF-0791, May 24, 2001 (decision found at
http://www.disputes.org/eresolution/decisions/0791.htm). A different perspective on whether bad faith can be shown can be
found in a 2006 case, in which the complaining party failed to show bad faith because the registrant had used the domain
name, as well as the corresponding mark, since before the complaining party began its own use of a similar name. Entre-
Manure, LLC v. Integriserv, NAF Case No. FA0606000741534 (Aug. 16, 2006).
99 See ICANN website statistics at http://www.icann.org/udrp/proceedings-stat.htm.
100 See Dluhos v. Strasberg, 321 F.3d 365 (3d Cir. 2003); Parisi v. Netlearning, Inc., 139 F. Supp.2d 745, 751-52 (E.D. Va. 2001).
101 UDRP, ¶ 4(k).
102 See, e.g., Barcelona.com, Inc. v. Excelentisimo Ayuntamiento de Barcelona, 2003 U.S. App. LEXIS 10840 (4th Cir. June 2,
2003); Sallen v. Corinthians Licenciamentos Ltda., 273 F.3d 14 (1st Cir. 2001); Weber-Stephen Products Co. v. Armitage
Hardware and Building Supply, Inc., 2000 U.S. Dist. LEXIS 6335 (N.D. Ill. 2000). Cf. Storey v. Cello Holdings, LLC, 182 F.
Supp. 2d 355 (S.D.N.Y. Jan. 23, 2002) (the final disposition of a trademark infringement case – here, dismissal with prejudice
– serves as a decision on the merits in favor of the defendant, and precludes the later filing of an arbitration proceeding under
the UDRP).
103 Nike, Inc. v. Circle Group Internet, 2004 U.S. Dist. LEXIS 9341 (N.D. Ill. 2004) (the prior ruling, WIPO No. D2002-0544, is
available at http://arbiter.wipo.int/domains/decisions/html/2002/d2002-0544.html).
Page 19
In yet another arena, the Federal Trade Commission filed a complaint against John Zuccarini, an infamous
cybersquatter, alleging three violations of Section 5 of the FTC Act.104 After issuing a temporary restraining order
against Zuccarini, and finding that the defendant attempted to evade service of process and transferred or concealed
evidence, the court subsequently entered a preliminary injunction against Zuccarini, which among other things,
ordered Zuccarini to discontinue operating certain websites, ordered a freeze on his registration and pseudonymous
use of domain names,105 imposed an asset freeze, redirecting persons to his websites, or otherwise “obstructing
consumers on the internet or World Wide Web.” His practice of obstructing consumers from exiting his websites
was viewed as a deceptive and unfair practice. The court awarded $1,897,166 million for equitable monetary relief,
imposed record-keeping and document retention requirements on Zuccarini and imposed notification requirements on
Zuccarini respecting his domain name registration. See FTC v. Zuccarini, 2002 U.S. Dist. LEXIS 13324 (E.D. Pa.
Apr. 10, 2002).
Mr. Zuccarini also has the dubious distinction of being the first
person charged, convicted, and sentenced to prison under a federal law
that makes it illegal to use a misleading domain name to deceive a
person into viewing obscene material.106 That law, called the
“Truth in Domain Names” Act (passed in 2003 as part of the federal
“Amber Law”), is also credited with
A new law makes it a
federal crime to use a
misleading domain name
to direct a person to a
pornographic website
convincing the owner of the website www.whitehouse.com (a website that once directed browsers ostensibly seeking
the Executive Office of the President of the U.S. (located at www.whitehouse.gov) to an adult content website
instead) to sell that domain name (to a real estate interest).107 The federal judge hearing the case sentenced Mr.
Zuccarini to 2½ years in prison, ending a criminal prosecution that followed numerous civil efforts to contain Mr.
Zuccarini’s recidivism as a cybersquatter and evasion of court orders.108
On September 3, 2001, the World Intellectual Property Organization (WIPO) issued its second report on
cybersquatting, entitled the “Report of the Second WIPO Internet Domain Name Process: The Recognition of
Rights and the Use of Names in the Internet Domain Name System.”109 Among other things the second report
addressed problems with cybersquatting involving non-proprietary names for pharmaceutical substances, names of
intergovernmental organizations, personal names, geographic identifiers, and trade names in general. WIPO’s first
report, issued in April 1999, led to the adoption of the UDRP later that same year. The second report proposes
changes that even further clamp down on the practice of cybersquatting. It is likely that the second report will lead
104 FTC v. Zuccarini, 2002 U.S. Dist. LEXIS 13324 (E.D. Pa. Apr. 10, 2002).
105 A German court, however, struck down the long-standing use of a pseudonym by a domain name registrant that precluded a
person from registering and using his own last name. See Domain Using Owner’s Pseudonym Infringed Rights of Person with
Identical Given Name, 8 E. Com. & L. Rep. 27, at 695 (July 16, 2003) (reporting on Maxem v. Maxem, Bundesgerichtshof,
No. 1 ZR 296/00, decided June 26, 2003).
106 18 U.S.C. § 2252B. See also Benjamin Weiser, Spelling It Dinsey, Children on Web Got XXX¸ The New York Times, Sept. 4,
2003 (reporting on Mr. Zuccarini's arrest under the new law with respect to his registration and use of domain names that
include typographical misspellings of popular names). Apparently, the criminal complaint cited Mr. Zuccarini’s admissions in
prior cybersquatting suits brought by the FTC and private parties with respect to his practice of buying typographically similar
domain names and redirecting them, as well as his admission that he “mousetrapped” browsers. Mark Hamblett, First
Charges Filed under New Internet Porn Law, 1 Internet L. & Strat. 9, at 3 (Sept. 2003). On February 26, 2004, a federal judge
sentenced Mr. Zuccarini to 30 months in prison after he plead guilty to the charges against him. Press Release, U.S. Attorney
for the Southern District of New York, Cyberscammer Sentenced to 30 Months for Using Deceptive Internet Names to
Mislead Minors to X-Rated Sites (Feb. 26, 2004) (available at
http://www.usdoj.gov/usao/nys/Press%20Releases/FEBRUARY04/ zuccarini%20sentence%20pr.pdf)
107 Dana Milbank, Curtain Goes Up on Glass-House Attack, The Washington Post, Feb. 15, 2004, at A4.
108 See Lewis, New York Federal Court Sends ‘Typosquatter’ to Prison, Legal Times, Oct. 18, 2004, at 28.
109 The report is available at http://wipo2.wipo.int.
Page 20
to changes in the law and that it will ultimately have as significant an impact as did the adoption of the UDRP in
1999 after the first WIPO report.
CRITICAL WEBSITES OR CYBERSMEARING
Any person or organization with a computer connected to the internet can “publish” information.110 One problem
with the internet is that disgruntled employees and unhappy customers can establish websites that are critical of
companies and the products and services they sell, whether or not such criticism may be warranted. The internet
gives everyone an inexpensive, broad-reaching, semi-permanent, and largely unregulated public soapbox to talk
about companies, their products, brands and services.
Critical websites – or cybergripe sites – are relatively commonplace occurrences. While traditional notions of
defamation law play a large role in addressing these matters, the fact that the cybergripe sites can be viewed on a
worldwide basis, and that some may use the target’s own trademark as the domain name of the cybergripe site,
further complicate the analysis of how to address cybergriping. Practitioners typically try to balance competing
considerations when analyzing critical websites – on the one hand, keep negative publicity to a minimum – but on
the other hand, right the wrong.111 This equilibrium is different for every company, and the proper analysis of these
cases involves more art than it does science – but always requires consideration of the fact setting, the content of the
critical website, the identity of the cybergriper, and the party that is the target of the commentary.
Defenses. Critical websites may be protected by the First Amendment and may prove very hard, if not impossible,
to shut down through legal action. For this reason, seeking voluntary cooperation by the host of a message board,
for example, to take down an untrue posting may prove far more productive than filing a lawsuit.
In Bally Total Fitness Holding Corp. v. Faber, 29 F. Supp.2d 1161 (C.D. Cal. 1998), Bally brought suit against
Faber with respect to his “Bally Sucks” website. Bally sued Faber for trademark infringement, unfair competition
and trademark dilution. The court ruled against Bally, finding that the goods and services offered by Faber were
unrelated to Bally’s goods and services and that no consumer would confuse the source of the “Bally Sucks”
website. Faber’s use of the Bally’s mark was also found to be non-commercial and the court declined to conclude
that his use of the Bally mark tarnished that mark. The court observed as well that Faber’s use was in the nature of
a consumer commentary protected by the First Amendment.
Other recent cases involving critical websites suggest that obtaining injunctions against the operators of such
websites is extremely difficult. In Taubman Co. v. Webfeats,112 the U.S. Court of Appeals examined a complaint
website operated and accessible through various “sucks” domain names, including taubmansucks.com. The
defendant asserted that its operation of these sites, and use of the “sucks” domain names, was an expression of Free
Speech entitled to protection under the First Amendment. The appeals court reversed the lower court’s injunction
against the use of the domain names, writing that:
110 One example of this is web bloggers. Anybody can set up a “web log” to publish his or her ideas – and at last count, an
estimated eight million people in the United States are doing so. J. Mintz, When Bloggers Make News, The Wall Street Journal
B1, Jan. 21, 2005.
111 A case in point case be found in a newspaper article contrasting the approach taken by Dunkin’ Donuts Incorporated in
dealing with a cybersquatter who operated a cybergripe site (dunkindonuts.org) with the approach taken by Ford Motor
Company in addressing a party that had allegedly posted Ford’s internal documents to his website. The article also noted that
other companies attracted negative publicity (such as the very newspaper article reporting the issue in the first place) by
virtue of having taken legal action against the cybergripers. Fara Warner, Holes in the Net: Can the Big Guys Rule The
Web? Ask Ford or Dunkin’ Donuts, The Wall Street Journal A1, Aug. 30, 1999.
112 319 F.3d 770 (6th Cir. 2003). See also J.K. Harris & Co LLC v. Kassel, 2003 U.S. Dist. LEXIS 6022 (N.D. Cal. Mar. 28, 2003)
(nominative fair use of the tradename “J.K. Harris” on a consumer complaint site was not actionable).
Page 21
Mishkoff’s use of Taubman’s mark in the domain name “taubmansucks.com” is purely an
expression of Free Speech and the Lanham Act is not invoked. And although economic damage
might be an intended effect of [defendant’s] expression [of Free Speech], the First Amendment
protects critical commentary when there is no confusion as to source, even when it involves the
criticism of a business. … Taubman concedes that Mishkoff is ‘free to shout Taubman Sucks!
from the rooftops. Essentially, this is what he has done in his domain name. The rooftops of our
past have evolved into the internet domain names of our present.
In SNA, Inc. v. Array,113 the court refused to enjoin a website operator’s statements, holding that damages are a
proper remedy for past statements and an injunction against future speech would be an unconstitutional prior
restraint. In Lucent Technologies, Inc. v. Lucentsucks.com,114
the district court commented on Lucent’s legal difficulty in
challenging a critical website that might be able to show it was
either an effective parody or a forum for critical commentary. In
either case the district court noted the elements for trademark
infringement and trademark dilution claims are seriously
undermined. In CPC Int’l, Inc. v. Skippy Inc., the Court of
Appeals for the Fourth Circuit noted that if a trademark owner
could shield itself from criticism about itself and its business
practices by a website owner, a corporation could forbid the use
of its name in commentaries critical of its conduct.115
However, in People for the Ethical Treatment of Animals, Inc. v. Doughney, 116 the district court dismissed a First
Amendment defense, observing that the defendant contended that the case was brought to “quash his First
Amendment rights to express disagreement with their organization.” The court noted that:
PETA does not seek to keep Doughney from criticizing PETA. They ask that
Doughney not use their mark. When Network Solutions, Inc. placed
“PETA.ORG” on ‘hold’ status, Doughney transferred the entire web page to
one of his other internet sites, ‘mtd.com/tasty.’ PETA has not complained
about that web site and even concedes that Doughney has a right to criticize
PETA or any organization.117
113 51 F. Supp.2d 542, 547 (E.D. Pa. 1999)
114 2000 U.S. Dist. LEXIS 6159 (E.D. Va. 2000). After this procedural decision, Lucent refiled the case. In that proceeding, the
defendant moved to dismiss the claim on the basis that “yourcompanysucks.com” domain names are entitled to a safe harbor
under the First Amendment to the U.S. Constitution. The court denied that motion. Lucent Technologies, Inc. v. Johnson, 56
U.S.P.Q.2d 1637 (C.D. Cal. 2000). Cf. Wal-Mart Stores Inc. v wallmartcandadasucks.com, WIPO No. D2000-1104 (Nov. 23,
2000) (in an ICANN UDRP proceeding, the panel denied the applicant’s request to transfer allegedly infringing domain
name).
115 CPC Int’l, Inc. v. Skippy Inc., 214 F. 3d 456 (4th Cir. 2000). See also L.L. Bean, Inc. v. Drake Publishers, Inc., 811 F.2d 26,
31 (1st Cir. 1987) (“Since a trademark may frequently be the most effective means of focusing attention on the trademark
owner or its product, the recognition of exclusive right encompassing such use would permit the stifling of unwelcome
discussion.”).
116 People for the Ethical Treatment of Animals, Inc. v. Doughney, 113 F. Supp.2d 915, 921 (E.D. Va. 2000) aff’d, 263 F.3d 359
(4th Cir. 2001). For other “issue oriented” cybersquatting cases, see also Morrison & Foerster LLP v. Wick, 94 F. Supp. 1125,
1134 (D. Colo. 2000) (involving morrisonfoerster.com); Jews for Jesus v. Brodsky, 993 F. Supp.282 (D. N.J. 1998), aff’d mem.,
159 F.3d 1351 (3d Cir. 1998) (involving jewsforjesus.com); Planned Parenthood Fed. of Am., Inc. v. Bucci, 42 U.S.P.Q.2d
(BNA) 1430 (S.D.N.Y. 1997), aff’d mem., 152 F.3d (2d Cir.), cert. denied, 199 S. Ct. 90 (1998) (involving
plannedparenthood.com).
117 People for the Ethical Treatment of Animals, Inc. v. Doughney, 113 F. Supp.2d at 921, aff’d, 263 F.3d 359 (4th Cir. 2001).
Courts have cast doubt on First
Amendment defenses in domain
name hijacking cases, but the
defense is often successfully
invoked by website operators in
content-oriented cases.
Page 22
Indeed, as in the Doughney case, the mere incantation of a First Amendment defense will not carry the day absent a
factual basis.118 In Coca-Cola Co. v. Purdy, the Court of Appeals observed that the defendant chose the domain
names (involving Coca-Cola Co. trademarks, among others) that were at the heart of the case “only because they
would attract unwitting Internet users to his antiabortion message.” The court noted that the case involved an
element of protecting the public interest – and wrote that “[t]he danger of consumer deception warrants some
regulation of trademark usage, and the public interest in free expression is adequately protected by leaving open
ample alternative avenues of communication.”119
Following its earlier rejection of the parody defense in Doughney, the U.S. Court of Appeals for the 4th Circuit in
Lamparello v. Falwell reversed a lower court and found that use of a domain name (fallwell.com) that was virtually
identical to the name of Rev. Jerry Falwell was not actionable under either the ACPA or traditional trademark
infringement theories because the website was used precisely for the purpose of criticizing Rev. Falwell’s views.
Considering whether there was a likelihood of confusion between the Lamparello site and that of Rev. Falwell, the
4th Circuit concluded that “no one seeking Reverend Falwell's guidance would be misled by the domain name -
www.fallwell.com - into believing Reverend Falwell authorized the content of that website.”120 The court
examined the degree to which Lamparello’s site, critical of Rev. Falwell’s views, contained content that might lead
a person seeking Rev. Falwell’s actual website to be confused, and found it unlikely that that would be the case.121
In addition to Doughney, Falwell, and Purdy, other “issue oriented” cases involving elements of both
cybersquatting and cybergriping issues include:
• Morrison & Foerster LLP v. Wick, involving morrisonfoerster.com and a website that was
critical of that firm; the same defendant also registered domain names mimicking the name of
over 75 other U.S. law firms, with similar websites mocking those firms;122
• Jews for Jesus v. Brodsky, involving a website operated at jewsforjesus.com that was critical
of the trademark holder; 123
• Planned Parenthood Fed. of Am., Inc. v. Bucci, involving plannedparenthood.com, which
was linked to an antiabortion website; and124
118 In Lamparello v. Falwell, 2005 U.S. App. LEXIS 18156 at *8-*9 (4th Cir. Aug. 24, 2005), the Court of Appeals observed that
in passing the ACPA, “Congress left little doubt that it did not intend for trademark laws to impinge the First Amendment rights
of critics and commentators.”
119 Id. at 789 (citations omitted). The court quoted McCarthy on Trademarks as well, noting: “As a leading treatise on trademark
law explains, “the right to disseminate criticism on the Internet cannot trump the public's right not to be deceived by a
confusingly similar domain name.” Id. Note, however, that defendants in California might seek to assert that state’s anti-
SLAPP statute as an affirmative defense against a cybersquatting lawsuit, alleging that the lawsuit’s purpose is to chill the
defendant’s exercise of free speech. In one such case, Bosley Medical Inst. v. Kremer, 2004 U.S. Dist. LEXIS 8336 at *3-4,
8 (S.D. Cal. Apr. 29, 2004), rev’d in part, aff’d in part, 2005 U.S. App. LEXIS 5329 (9th Cir. Apr. 4, 2005), the district court
struck down a cybersquatting claim in a matter involving a critical website, and upheld the defendant’s assertion of a defense
based on the California anti-SLAPP statute; however, that ruling was reversed on appeal. Id.
120 Lamparello v. Falwell, 2005 U.S. App. LEXIS 18156 at *13 (4th Cir. Aug. 24, 2005), citing New Kids on the Block v. News Am.
Publishing, Inc., 971 F.2d 302, 308-09 (9th Cir. 1992), for the proposition that one party’s use of a mark to criticize the
markholder implies that the markholder is not the sponsor of the use.
121 Id. at *13. The court suggested, however, that if the commentary site appeared to be the markholder’s official site, it might
have reached a different conclusion. Id. at *13, n.3.
122 94 F. Supp. 1125, 1134 (D. Colo. 2000).
123 993 F. Supp.282 (D. N.J.), aff’d mem., 159 F.3d 1351 (3d Cir. 1998).
124 42 U.S.P.Q.2d (BNA) 1430 (S.D.N.Y. 1997), aff’d mem., 152 F.3d (2d Cir.), cert. denied, 199 S. Ct. 90 (1998).
Page 23
• Anti-Defamation League v. Pribich, involving adlusa.com, at which the responded operated a
website that was critical of the Anti-Defamation League, the domain name of which
incorporated the “ADL” acronym instead of the trademark holder’s full name.125
Another defense that may be asserted against a cybergripe site is that the defendants may seek to assert that state’s
anti-SLAPP statute (Anti-Strategic Lawsuit Against Public Participation)126 as an affirmative defense against a
cybersquatting lawsuit, alleging that the lawsuit’s purpose is to chill the defendant’s exercise of free speech. In one
such case, Bosley Medical Inst. v. Kremer, the district court struck down a Lanham Act claim and a claim under the
Anticybersquatting Consumer Protection Act in a matter involving a critical website, and also upheld the
defendant’s assertion of a defense based on the California anti-SLAPP statute.127 However, the district court’s
ruling on the anti-SLAPP defense was reversed on appeal, with the U.S. Court of Appeals for the 9th Circuit noting
that “[a]n infringement lawsuit by a trademark owner over a defendant’s unauthorized use of the mark as his domain
name does not necessarily impair the defendant’s free speech rights.”128 In that case, the 9th Circuit reversed the
grant of summary judgment and remanded the case for further review of the state law claims.
Damages. In many instances, obtaining damages against a defamatory website operator may be difficult. In Nicosia
v. DeRooy,129 the website operator published derogatory comments, including statements that the plaintiff was a
“fraud” and a “criminal” who had embezzled funds from third parties, on her personal website and through internet
discussion groups. The court held that the website operator’s comments had to be considered in context to
determine whether they were assertions of fact or opinion. After reviewing the defendant’s website and associated
links, the court determined that the defendant’s statements did not amount to defamation because they were mere
hyperbole or because the defendant had included links to information on her website that supported her conclusions,
even if she was wrong.130 In another case, Bihari v. Gross,131 the court found that the purpose of the defendant’s
websites was to injure the plaintiff commercially. However, because the websites concerned the business practices
and alleged fraud of a well-known interior designer, it found such speech to be “ ‘arguably within the sphere of
legitimate public concern,’ which imbues the speech with a heavy presumption of constitutional protection.”132
Another aspect of this problem is that on the internet, each entity or individual with a website is a publisher. Some
website owners use the internet to publish the specifics of their disputes. This includes publishing letters (e.g.,
cease and desist letters from lawyers) and pleadings in lawsuits on their websites. Thus, the internet may make the
risk of adverse publicity associated with disputes much greater by providing worldwide access to the adverse
information, exacerbated by the website owner’s spin to place the information in the worst light possible. Once the
125 Anti-Defamation League v. Pribich, WIPO No. D2005-0751 (Sept. 22, 2005).
126 See, e.g., the California anti-SLAPP statute, Cal. Civ. Proc. Code § 425.16(a).
127 2004 U.S. Dist. LEXIS 8336 at *3-4, 8 (S.D. Cal. Apr. 29, 2004), rev’d in part, aff’d in part, 2005 U.S. App. LEXIS 5329 (9th
Cir. Apr. 4, 2005).
128 2005 U.S. App. LEXIS 5329 at *26-27 (9th Cir. Apr. 4, 2005).
129 72 F. Supp.2d 1093, 1101 (N.D. Cal. 1999).
130 See also New World Coffee-Manhattan Bagel, Inc. v. Abrams (filed Sept. 2000; settled November 2000) (N.J. Super. Ct.). In
this case, a complaint was brought in state court alleging, inter alia, defamation against the operator of a website alleging
various misdeeds by a company’s senior officers. The website (which used the domain name newworldcoffeefraud.com)
made inferences and references to Nazi slogans, alleged illegal drug use, and various other commercial fraud. The case was
settled by the defendant’s agreement to completely discontinue making any use of the domain name, operating the website, or
making any further statements along the lines described above.
131 119 F. Supp.2d 309, 325-26 (S.D.N.Y. 2000).
132 Id. In Nissan Motor Co. Ltd. v. Nissan Computer Corp., 378 F.3d 1002 (9th Cir. 2004), the court addressed a dispute between
Nissan Motor Co. and a computer company operated by Mr. Uzi Nissan involving the domain names Nissan.com and
Nissan.net, affirming the trademark infringement claim in favor of Nissan Motor as to automobile-related advertisements
Page 24
content is posted to the internet, it is available to most other internet users worldwide. Placing the content under
the confidentiality provisions of a subsequent settlement agreement may be wholly ineffective, especially to the
extent the content has by then already been included on third-party mirror websites over which neither party has any
relationship.
Traditional defamation law also plays an important role in connection with online postings that are defamatory or
libelous. For example, in December 2001, a jury in California awarded $425,000 in actual damages, and the court
later awarded $350,000 in punitive damages, in a case brought by a company and two of its managers against two
disgruntled former employees who posted multiple derogatory messages on the Internet.133 The award in that case
was upheld by an appellate court, but the judgment was later vacated by the California Supreme Court over a
procedural issue involving whether the case should have continued pending appeal of the initial denial of the
defendants’ motion to strike the case under California's anti-SLAPP statute.134 Libel cases regarding the Internet
appear to be increasing.135 The tremendous growth in blogging is certain to accelerate this trend.
Prevention. Companies go to great lengths to protect their e-brands from derogatory references. Wal-Mart Stores,
for example, requested registration for more than 200 anti-Wal-Mart names.136 Bell Atlantic’s experience when it
changed its corporate name to Verizon illustrates how difficult, if not impossible, it is to preempt every possible
domain name for critical websites. Bell Atlantic reportedly filed more that 650 domain names relating to
“verizon.com” including “verizonsucks.com.” However, others registered the domain name
“verizonreallysucks.com” and the domain name
“VerizonShouldSpendMoreTimeFixingItsNetworkAndLessMoneyOnLawyers.com.”137 Critical websites may also
become more difficult to preempt as new upper level domain registries are added.
Some vendors are now including an express prohibition against publishing disparaging remarks in their Acceptable
Use Policies in their web hosting, Application Service Provider and other agreements where Acceptable Use Policies
are applicable.
133 Shannon Lafferty, California Internet Libel Suit Yields Big Verdict, The Recorder (Dec. 14, 2001) (http://www.law.com). A
similar result was obtained in a French lawsuit brought by Disneyland Paris, which discovered a website
(http://fuckmickey.multimania.com – which is no longer active) on which there appeared photos of Disney employees, altered
to depict the employees in pornographic scenes and otherwise in an unflattering manner. A French court (the Tribunal of
First Instance of Meaux) assessed damages against the website’s creator, on grounds of libel and insult. La Soceiete
Eurodisney S.C.A. (T.G.I. Meaux, No. LJ4410, Nov. 23, 2001).
134 Varian Medical Sys., Inc. v. Delfino, 35 Cal. 4th 180 (2005) (remanding the case for retrial). See also Mathis v. Cannon, 252
Ga. App. 282, 556 S.E.2d 172 (Ga. Ct. Apps. 2001), rev’d, 276 Ga. 16 (2002), in which the Georgia Court of Appeals found
certain messages posted in an internet chat room to be libelous per se and further concluded that punitive damages were not
avoided by failure to demand a retraction, as the court determined that the retraction rules do not apply to internet postings.
That ruling was reversed on appeal by the Georgia Supreme Court, 276 Ga. 16, which held that the Georgia defamation
“retraction statute” required libel plaintiffs “who intend to seek punitive damages to request a correction or retraction before
filing their civil action….” Id. at 30-31. In reaching that conclusion, the court observed that publication of a retraction on the
Internet would have reached a similar audience, and would have therefore been analogous to, publication in conventional
media. Id. at 30.
135 See generally Van Buskirk v. The New York Times Co., 325 F.3d 87 (2d Cir. 2003); J. K. Harris & Company, LLC v. Kassel, 253
F.Supp.2d 1120 (N.D. Cal. 2003); Jane Doe v. Oliver, 2003 Conn. Super. LEXIS 1498 (Conn. Sup. Ct. May 19, 2003).
136 D. Streitfeld, Making Bad Names for Themselves, The Washington Post, Sept. 8, 2000, at A1, A30.
137 Id. In Ford Motor Co. v. 2600 Enterprise, 177 F. Supp.2d 661 (E.D. Mich. 2001), the court denied Ford’s motion for a
preliminary injunction because it failed to show that defendant’s use of the domain name fuckgeneralmotors.com, which was
linked to Ford.com, satisfied the commercial use requirements for trademark dilution, trademark infringement, or unfair
competition. Cf. Bosley Medical Inst. v Kremer, 2005 U.S. App. LEXIS 5329 at *10-11, 20-21 (9th Cir. Apr. 4, 2005) (while
Lanham Act claim requires proof of use in connection with the sale of goods or services, to be successful under the ACPA, a
claimant need not allege or prove commercial use, as other factors can be considered).
Page 25
INTELLECTUAL PROPERTY
Although most teenage users of the Internet may believe otherwise, intellectual property rights, of course, still exist
on the internet. These intellectual property considerations involve copyright, patent, trademark, and trade secret law
to one extent or another. Intellectual property owners need to protect their intellectual property rights so they do not
inadvertently forfeit or otherwise lose any rights in connection with their internet activities. Conversely, ecommerce
businesses and other internet users need to appreciate the existence of third-party intellectual property
rights and possible liability resulting from the infringement, misappropriation or violation of these third-party
rights. Intellectual property is the “web’s war zone.”138 Whole industries have their futures dependent on the
outcomes of these intellectual property battles.
Copyright. Probably the most misunderstood intellectual property law risk relates to the copyright laws. Many
information products and other materials available from websites are protected by copyright. This is the case
irrespective of whether the materials actually bear a copyright notice. Copying is inherent in the nature of the
internet medium and pervades virtually every activity such as browsing, linking, caching, accessing information and
operation of an online service. Posting materials on the web is considered a public display implicating the
exclusive copyright right to display a work publicly.139 Since copyright rights vest automatically in the author by
operation of law from the moment of creation and fixation in tangible media, the author of the materials has a
copyright in and to the materials without regard to whether copyright rights were sought and irrespective of whether
the materials include a copyright notice. The prudent strategy is to assume that copyrightable subject matter found
on the internet is subject to the exclusive rights of a copyright holder.
Much of the material on the internet will be subject to use agreements that may govern what can and cannot be done
with it. Except as specifically covered by website use agreements, much of the material on the internet can be
analogized to shareware. Users have an implied license to download and copy the material for their own use but not
to use the material to create derivative works or to distribute the material commercially. However, as the Supreme
Court suggested in its June 2005 Grokster decision, downloading a copyrighted work through a peer-to-peer
copying technology can constitute infringement140
Many company internet policies provide that materials on the internet should be considered to be copyrighted works
unless otherwise specified. Thus policies often prohibit employees from downloading such materials and/or
modifying such files without the permission of the copyright holder.
Companies should be mindful of the risks of contributory infringement arising from linking to other sites or
encouraging users to visit other sites, or in connection with facilitating the infringement or misappropriation of
someone else’s intellectual property on the internet.141
138 T. J. Mullaney and Spencer E. Ante, Info Wars, Bus. Week, e.biz Section, at EB 107 (June 5, 2000).
139 Getaped.com, Inc. v. Cangemi, 188 F. Supp.2d 398 (S.D.N.Y. 2002) (website deemed a publication for copyright purposes).
In New York Times Company, Inc. v. Tasini, 121 S. Ct. 2381 (2001), the U.S. Supreme noted the Copyright Office Register’s
argument that the electronic databases including the infringing freelance articles publicly display the articles. In denying
copyright compilation protection to the individual articles the Court emphasized that when a user conducts a search for an
electronic database each article appears as a separate item within the search result.
140 Metro-Goldwyn-Mayer Studios, Inc. v. Grokster, 125 S. Ct. 2764 (2005).
141 See, e.g., Batesville Serv., Inc. v. Funeral Depot, Inc., 2004 U.S. Dist. LEXIS 24336 (S.D. Ind. Nov. 10, 2004) (links to
website containing copyrighted photos of plaintiff’s products on a gallery found on the linked website that was designed and
paid for by the defendant); Intellectual Reserve, Inc. v. Utah Lighthouse Ministry, Inc., 75 F. Supp.2d 1290 (D. Utah 1999)
(links result in liability for contributory infringement). In Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 125 S. Ct. 2764
(footnote continued to next page)
Page 26
Trade Secret. It is important to make sure that trade secret information is not posted on the internet without being
secured because trade secret rights may be lost once the information is posted on the internet. Companies should
employ, as part of a larger overall trade secret program, security measures to prevent publication. Such
precautionary measures include encryption, firewalls, intrusion detection, network monitoring, filtering and internet
usage policies. Electronic security measures - such as the use of digital certificates - and enhanced physical security
measures - such as the use of graphical “passwords”142 and biometrics143 to secure individual computers and other
devices - will become more prevalent in the next few years. Indeed, the tragedies of September 11, 2001 will only
serve to hasten the use of biometrics as a means to enhance the reliability of id cards and to combat identity theft.
An article in The New York Times suggested that “[s]tirred by charges that a Virginia public notary helped one or
more of the Sep. 11 hijackers obtain fraudulent ID’s, the National Notary Public Association is urging its members
to put their own thumbprints and their clients’ thumbprints on all transaction documents.”144
Trademark. Trademark usage on the Web should conform to common trademark usage rules. Trademarks used on
websites should be designated with the “TM” or “®” symbols as appropriate, with notice of the trademark owner.
There is a tendency on the Web not to clutter websites with legal notices. This may prove fatal to recovery of
trademark infringement damages. One recent case sought to deny a well-known trademark owner damages from a
website that used a counterfeit trademark because the trademark owner had not given notice that its trademark was
registered.145
Another issue with trademarks on the internet concerns licensed trademarks. Trademark owners need to make sure
that their licensed trademarks are being used solely for the purposes authorized.146 Trademark law rewards the
vigilant. E-business companies should conduct periodic searches to discover whether their trademarks have been
improperly incorporated into websites of unlicensed third parties. Courts have consistently recognized that the use
of the internet exacerbates the likelihood of trademark confusion.147
Patent. E-business methods of doing business patents are an integral part of many business plans, and are used to
help them defend first-to-market positions. The number of business-method patent applications is soared in the late
1990s, from 2821 in 1999 to 7800 in 2000.148 The number of business-method patents granted has increased from
583 in 1999 to 899 in 2000,149 but decreased to 433 in 2001 and 492 in 2002. The success rate for such
(footnote continued from previous page)
(2005), the Supreme Court ruled that a contributory infringer may be held liable for intentionally inducing or encouraging
direct infringement by others.
142 See Anne Eisenberg, Instead of a Password, Well-Placed Clicks,” The New York Times, May 1, 2002, at E7.
143 Biometrics are various automated methods of verifying a person’s identity using a person’s unique physiological or behavioral
characteristics. For a comprehensive review of biometric devices in general, see Sally Grotta, Bio-Keys, PC Magazine, June
12, 2001, at 163. See also Biometric fact and fiction: Body-scanning technology has its drawbacks, The Economist, Oct. 26,
2002, at 12; David Lake, Aye for An Eye: More Companies are Looking to Retinal and Finger Scans for Better Security, The
Industry Standard, July 23, 2001, at 56; Cynthia Webb, ID in the Blink of an Eye, The Washington Post, Mar. 9, 2001, at E1.
144 Peter Kilborn, Your Thumb Here: Newest ID of Choice At Store and on Job, The New York Times, Feb. 20, 2002, at A1 and
A16.
145 See, e.g., Playboy Enterprises, Inc. v. Universal Tel-A Talk, Inc., 1999 WL 285883 (E.D. Pa. 1999).
146 See, e.g., Hard Rock Café International (USA) Inc. v. Morton, 1999 WL 701388 (S.D.N.Y. 1999).
147 See, e.g., Horseshoe Bay Resort Sales Co. v. Lake Lyndon B. Johnson Improvement Corp., 2001 Tex. App. Lexis 5355 (Tex.
Ct. App. 2001).
148 See “Raising the Bar on Business Patents,” Bus. Week at 46 (Apr. 2, 2001); see also The Intellectual Property Strategist at 8
(Oct. 2000).
149 Id. (Bus. Week).
Page 27
applications in 2001 went down to 45% compared to 70% for all other technologies.150 Amazon.com’s patent
infringement lawsuit against BarnesandNoble.com relating to its one-click purchase patent,151 Priceline’s patent
infringement suit against Microsoft concerning its online reverse auction patent, and SBH’s patent infringement
lawsuit against Yahoo! relating to SBH’s shopping cart patent suggest that patent rights are very important in ebusiness.
E-business business model patents, or method of doing business patent claims, are quite common and
need to be considered for some common e-business activities. Open Market, Inc. has a patent relating to an
electronic payment system for ordering merchandise. Cybergold has a patent relating to a system for viewing online
advertising. IBM and Microsoft are stockpiling e-commerce business patents. E-commerce patents promise152 to
be even more important in the future to obtaining a first-to-market position and early brand loyalty. In addition,
market leaders increasingly are receiving “invitations to license” from patent trolls who have little or no presence in
the market, but assert that the market leader’s technology or business method infringes the troll’s patent. Many
believe that a strong patent portfolio is necessary in today’s highly competitive environment, even if only used for
defensive purposes.153 One reason why business method patents have become important to e-business companies is
that once an e-business company goes live in cyberspace, other companies can easily duplicate their innovative
business model unless patent protection is available. Trade secret protection is not available to protect transparent
e-commerce business models.
Like trademarks, there is also a marking or notice issue with websites. Websites using patented technology should
be marked with the notice of the patents. Websites are currently viewed as “tangible items” for purpose of
complying with the patent marking provisions. Failure to mark the website may result in a failure to comply with
the marking requirements for actual notice.
In 1999, the American Inventors Protection Act was enacted to give protection to businesses that can show by clear
and convincing evidence that they previously were using the patented method of doing business. This statute is
difficult to apply but nevertheless it reflects the concern over internet method of doing business patents. There have
been no cases filed to date under this statute. Another reaction is the PTO’s adoption of a second level of review for
these patents as a quality assurance check.
Software, music and video piracy, particularly through viral peer-to-peer file sharing networks, has become common.
Another major IP violation on the internet is the unauthorized use of logos and images including the use of a
competitor’s name on the site. Some of the unauthorized use includes the use of logos or images in a pornographic
context. Domain name abuse is also prevalent.
Strategies for e-Business Sites to Protect IP in their Site. Trademark, copyright and other intellectual property
legends need to be used with full recognition that each web page is addressable separately. A proprietary rights
notice or legend on the home page may not be included on specific pages unless specifically referenced on each
applicable page. One approach is to consider including a corporate logo on each page of a website so that there is no
confusion as to whom the customer is dealing.154
150 John J. Love, “Business Method Patents from Past to Present, Keeping Pace with Today’s Emerging Technologies” (Feb.
2002).
151 The U.S. Court of Appeals for the Federal Circuit ultimately lifted the injunction that had theretofore prevented
Barnesandnoble.com, Inc. from using a one-click online ordering method. Amazon.com, Inc. v. Barnesandnoble.com, Inc.,
239 F.3d 1343 (Fed. Cir. 2001), reversing 73 F. Supp.2d 1228 (W.D. Wash. 1999) (settlement announced W.D. Wash. Mar. 6,
2002).
152 See, e.g., MercExchange v. eBay, 401 F. 3d 1323 (Fed. Cir. 2005).
153 T.J. Mullaney and S.E. Ante, Info Wars, Bus. Week, June 5, 2000, e.biz Section, at EB 107-108.
154 See, e.g., Ticketmaster Corp. v. Tickets.com, Inc., 2000 U.S. Dist. LEXIS 12907 (C.D. Cal. 2000).
Page 28
E-business companies should take advantage of the tools that are available today to mark their proprietary content
with electronic fingerprints and monitor cyberspace with software agents and bots (small computer programs that
automate searches and monitor content) to determine whether their intellectual property rights are being infringed or
abused. One commentator recommends that trademarks and logos used online be purposefully designed to
incorporate an electronic fingerprint for purposes of finding them in cyberspace.155
Safe Harbors from Copyright Infringement. A party that permits third-party postings on its website should be
sure to take advantage of the Digital Millennium Copyright Act’s “Safe Harbor” provisions to avoid potential
copyright liability for this third party content. Attached at Appendix A is a brief memorandum and sample clause
relating to the DMCA notice and takedown safe harbor procedures. These “safe harbor” provisions have been
applied broadly.156 The provisions protect qualifying “service providers”—including public network operators of
corporate networks, website hosts, and operators of e-commerce sites—from liability for the infringements of third
party users. For example, in one prominent case interpreting the safe harbor, eBay avoided liability in connection
with sale of unauthorized copies of a film on its site by one of its sellers.157
To qualify for the DMCA safe harbors, service providers must meet two conditions. First, they must designate on
their website and with the copyright office an agent to receive notices of claimed infringement. It is important to
make sure that the notice designation remains current and accurate to avoid issues respecting the sufficiency of any
contact information provided.158 Second, they must adopt, reasonably implement, and inform users (for example,
in a terms of use agreement or acceptable use policy) of a policy providing for the termination of the accounts of
repeat infringers “in appropriate circumstances.” Third, in the case of material that is stored by a third party, or
links to third party content located, on a site a service provider owns or operates, the service provider must
expeditiously take down content in two circumstances. First, if the service provider has actual knowledge of
infringement or is aware of facts or circumstances from which infringement is apparent. Second, if the service
provider’s designated agent receives a notice of claimed infringement from the copyright owner or its agent. This
notice to the designated agent must identify the infringing work and the infringing material clearly so that the
website operator or other online service provider can locate and identify the infringing material, and contain other
indicia of reliability set forth in the statute.159
Anti-circumvention. The DMCA also includes strong anti-circumvention provisions prohibiting circumventing
access control technologies for copyrighted works or manufacturing or distributing technologies that circumvent
access or copy control technologies.160 E-commerce business models involving copyrighted content should be
implemented with these anti-circumvention provisions in mind. These DMCA anti-circumvention provisions
provide a legal remedy against persons who (1) circumvent technological protection measures that control access to
copyrighted works, (2) manufacture or distribute devices or services that circumvent access controls, or (3)
manufacture or distribute devices or services that circumvent a technological measure that effectively protects a right
155 William A. Tanenbaum, Bricks to Clicks – Special E-Commerce Legal Issues for Taking Brick and Mortar Companies Online,
PLI’s Sixth Annual Institute For Intellectual Property Law Conference, Sept. 22, 2000.
156 See ALS Scan, Inc. v. RemarQ Communications Inc., 239 F.3d 619 (4th Cir. 2001); CoStar Group, Inc. v. LoopNet, Inc., 164
F. Supp.2d 688 (D. Md. 2001).
157 Hendrickson v. eBay Inc., 2001 U.S. Dist. LEXIS 14420 (C.D. Cal. 2001). See also Corbis Corp. v. Amazon.com, Inc., 2004
WL 3092244 (W.D. Wash., Dec. 21, 2004) (DMCA protects defendant Amazon.com, Inc. against claim of infringement
relating to photos sold by third party vendors on Amazon’s website).
158 See Ellison v. Robertson, 357 F.3d 1072 (9th Cir. 2004) (reversing district court’s grant of summary judgment for defendant
because AOL failed to update the contact information for its designated DMCA copyright agent on the copyright office
website).
159 See Perfect 10, Inc. v. CCBill, LLC, 2004 U.S. Dist. LEXIS 17643 (C.D. Cal. June 22, 2004).
160 17 U.S.C. §§ 1201 et seq. (enacted Oct. 28, 1998), see, e.g., Universal City Studios, Inc. v. Corley, 273 F.3d 429 (2d Cir.
2001); RealNetworks, Inc. v. Streambox, Inc., 2000 WL 127311 (W.D. Wash. 2000) (settled).
Page 29
of the copyright owner. The term “circumvent protection afforded by a technological measure” means “avoiding,
bypassing, removing, deactivating, or otherwise impairing a technological measure.”161 Effectiveness is measured
in relation to the ordinary operation of the technology. The DMCA provides the legal framework to support a
digital rights management program and enabling technology for many e-commerce business models, although it
does not address peer-to-peer infringement or removal of copy protection by translating content from digital to
analog format.
If nothing else, the Napster, Aimster, and Grokster cases highlight the critical importance of developing prudent,
well-considered intellectual property strategies for e-commerce applications from the start, and the risks of basing
business models on mass infringement.162 Grokster holds that a distributor of technology who intends that its
product be used for infringement, as shown by clear statements or by “other affirmative acts taken to foster
infringement is liable for resulting acts of infringement by third parties.” Providers of e-business technologies that
will be used to a significant degree for copyright infringement should proceed with caution in light of the Grokster
decision and conduct a careful legal review of business plans, marketing materials, training of customer support
personnel, among other activities.
LINKING
Linking is the fundamental navigational technology that has made the web so successful. A link is simply an
instruction to a browser to go to another web page. It serves as a connection between two files. The general view is
that by publishing a website, the website publisher makes the site available for linking. However, weblinking
agreements are used when the link involves economic considerations and in other situations, especially where the
linking party wants protection against any claim for contributory liability, negligent referral, endorsement liability or
other liability. The new adage is: think before you link. Linking agreements may be advisable in a number of
situations. One of those situations is where the linking is to an interior page of a website directly rather than
through the website owner’s home page.
Deep linking was challenged by Ticketmaster Corp. in Ticketmaster Corp. v. Microsoft Corp., No. 97-3055 DDP
(C.D. Cal. filed April 28, 1997). Here Ticketmaster alleged that Microsoft’s unauthorized links to interior pages of
Ticketmaster’s site represented a form of “electronic piracy” and alleged Microsoft was “feathering its own nest at
Ticketmaster’s expense.” Ticketmaster complained that Microsoft’s site wrongfully linked users directly to the
internal page within its website where tickets for local events could be purchased. Ticketmaster’s complaint
included claims for trademark infringement, trademark dilution, and unfair competition. Ticketmaster brought the
suit because Microsoft’s deep link allowed users to bypass advertising which was contained on the Ticketmaster
home page, thereby decreasing the viewing audience for and effectiveness of Ticketmaster’s ads. Ticketmaster
viewed Microsoft’s deep link as a threat to its advertising revenues.
This Ticketmaster case was settled with Microsoft agreeing to stop its direct internal deep link and to link to
Ticketmaster’s website solely through the home page.163 However, another Ticketmaster case has suggested that
161 17 U.S.C. §§ 1201(a)(3).
162 Metro-Goldwyn-Mayer Studios, Inc. v. Grokster Ltd., 125 S.Ct. 2764 (2005); In Re Aimster Copyright Litigation, 334 F.3d 643
(7th Cir. 2003), cert. denied, 157 L.Ed.2d 833 (2004); A&M Records, Inc. v. Napster, Inc., 114 F. Supp.2d 896 (N.D. Cal.
2000), aff’d in part, rev’d in part, 2001 WL 11503 (9th Cir. 2001).
163 See MS, Ticketmaster Bury Hatchet, Wired News Report (Feb. 16, 1999) (and at
http://www.wired.com/news/business/0,1367,17943,00.html).
Page 30
deep-linking may be difficult to stop legally. The Ticketmaster Corp. v. Tickets.com, Inc.164 litigation has also
focused on deep-linking. There the district court declined to enjoin Tickets.com from deep-linking to the ticketpurchasing
pages of the Ticketmaster website. The law remains very unclear today on deep-linking. The propriety
of deep-linking will depend on the specific facts in question. Under these circumstances, linking should only be
effected to a website’s homepage rather than an internal page without the third-party’s consent, especially where
there are possible adverse economic consequences to the linked site.
Deep linking may be a concern for other reasons as well. With deep linking the visitor does not enter the website
through the front door, i.e., the Home Page. As such, deep linking may result in the user bypassing disclaimers,
disclosures and website use agreements. Some website terms of use specifically prohibit deep linking.165
Linking to sites containing materials that infringe a third party’s intellectual property rights could subject the
linking party to a contributory infringement claim166 or direct infringement. 167 There is, as well, a potential
controversy concerning a claim by a company that it has a patent on the use of hyperlinks on the web.168
Reasonable steps should be taken to ensure that websites to which a link is made do not, in turn, contain any
content that infringes upon a third party’s intellectual property rights. This risk can be allocated under a linking
agreement. Another risk management technique is to use disclaimers. These disclaimers would contain a simple
disclaimer of responsibility for the content of the linked website, and further explain that the link does not constitute
a referral or endorsement of any product or service advertised or distributed through the linked website. Often the
disclaimer will state in effect that the links are provided solely for informational purposes and as a convenience to
164 Ticketmaster Corp. v. Tickets.com, Inc., 2000 U.S. Dist. LEXIS 4553, 54 U.S.P.Q. 2d (BNA) 1344 (C.D. Cal. 2000); injunction
denied, Ticketmaster Corp. v. Tickets.com, Inc., 2000 U.S. Dist. LEXIS 12987 (C.D. Cal. 2000), aff’d, 248 F. 3d 1173 (9th Cir.
2001).
165 See, e.g., Cairo v. Crossmedia Services, Inc., 2005 WL 756610 (N.D. Cal. April 1, 2005).
166 In Intellectual Reserve, Inc. v. Utah Lighthouse Ministry, Inc., 75 F. Supp.2d 1290 (D. Utah 1999), the District Court
determined that by virtue of the website links to infringing sites the plaintiff could be liable for contributory infringement and
inducement of infringement because browsing a website could constitute copyright infringement. The Court determined that
each time the users browsed the linked websites, the users loaded webpages into the random access memory of their
computers. A copy of the loaded webpage is cached on the IP server serving the user. See also Bernstein v. J. C. Penney,
Inc., 50 U.S.P.Q.2d 1063 (C.D. Cal. 1998) (contributory infringement alleged by virtue of links to other sites containing
infringing material). Allegations of contributory infringement were also raised against Google Inc., one of the premiere
search engine operators on the internet, which received DMCA notices from the Church of Scientology. The Church’s
DMCA notices objected to Google’s search results that linked the browser to sites that the Church alleged displayed infringing
material. Google removed those sites from its search results but instead referred browsers to an index on an internet rights
site that displayed the Church’s DMCA letter, from which, therefore, browsers could find the very sites to which the Church
raised an objection. Margery Gordon, The Google Way, Corporate Counsel (July 2002) at 13-14; David Gallagher, New
Economy: A copyright dispute with the Church of Scientology is forcing Google to do some creative thinking, The New York
Times, Apr. 22, 2002, at C4).
167 Getaped.com, Inc. v. Cangemi, 188 F. Supp.2d 398 (S.D.N.Y. 2002) (website deemed a publication for copyright purposes).
168 British Telecommunications PLC v. Prodigy Communications Corp., No. 7:00-CV-9451 (S.D.N.Y., filed Dec. 14, 2000). The
patent at the heart of this lawsuit, U.S. Patent No. 4,783,662, was issued in 1989 an includes an element in which the hyperlink
is stored in a central computer. The complaint includes both a claim that the defendant’s hyperlinks infringe upon the ‘662
patent both literally as well as under the doctrine of equivalents. (In an interim ruling in this case, the judge ruled that while
the patent covers linking within one computer system, the patent may not extend to cover the internet, which has millions of
computers, not just one central computer system. 2002 U.S. Dist. LEXIS 4110 (S.D.N.Y. Mar. 13, 2002).) The application of
the doctrine of equivalents in certain cases was validated in Festo Corp. v. Shoketsu Kinzoku Kogyo Kabushiki Co. Ltd.,
122 S. Ct. 1831 (2002), in which the U.S. Supreme Court generally upheld the right of patent holders to rely on the doctrine of
equivalents, which must be evaluated on a case-by-case basis. But see Johnson & Johnson Assocs., Inc. v. R.E. Service Co.,
Nos. 99-1076, 99-1179, 99-1180 (Fed. Cir., Mar. 28, 2002) (doctrine of equivalents cannot be invoked to cover subject
matters that were left unclaimed in original claim).
Page 31
customers and visitors and do not constitute an endorsement or referral to the linked company or any of its products
and services. These disclaimers are often included in the terms of use agreement for a website.
There may be other issues where linking agreements are desirable. When the logo or trademark of the linked-toparty
is used, or descriptive text is used regarding the linked-to site or company, a linking agreement is appropriate.
There also may be issues requiring the link to be maintained. For example, some regulatory requirements may
stipulate that a link be continuously available. Another reason for a linking agreement is that companies may want
to document the independent third-party nature of a link to avoid any implication of collusion or concerted action
arising from a hyperlink to another site. It may also be desirable to restrict the linked-to-site by agreement from
linking to objectionable content that may adversely affect your e-brand, other trademarks or reputation.169
Increasingly companies are also adopting policies prohibiting customers from creating or establishing links with
their site. eBay, for example, has prohibited its customers from establishing links, as it found that customers were
using links to avoid paying commissions to eBay. Others are concerned that through the link they will be
associated with people, companies, products, content or services they do not want to be associated. It remains to be
seen whether courts will enforce such policies in cases of simple, unadorned, and plain-text hyperlinks (a word on a
webpage that tells your browser to direct you to a new place on the same webpage or even to open a new webpage)
that do not claim or imply any affiliation between the website where the link is located and the linked site.
FRAMING
Framing is a variation of linking and may be used in various e-business applications. The practice uses frames to
incorporate third-party content into a website. The user may reasonably believe that all information displayed is
from the same website. Framing allows the display of the contents of two or more websites on the same web page
even though the content is located on different sites. Pages from other websites can be presented as the content of
the “framed” website without the casual observer being aware that the “framed” web page is from a different site.
Another form of framing is “inlining.” Inlining content from other websites is framing without the border around
the framed content. The practice of framing has proven quite controversial.
Several cases illustrate the potential liability for framing. In Washington Post Co. v. Total News, No. 97-1190
(S.D.N.Y. 1997), Total News hosted a website that provided a list of news services. These services were identified
by their respective trademarks. The Total News website also included a content window and an advertising banner.
When a user “clicked” on a news service, the content from that news service appeared in the content window for the
Total News website. Total News was obtaining advertising revenues based primarily on the content from the news
services. The plaintiffs in the Total News case (The Washington Post, CNN, Time, The Los Angeles Times,
Reuters and Dow Jones) alleged copyright and trademark infringement, false designation of origin under the Lanham
Act, and unfair competition. While this case was settled without any definitive court rulings, it does underscore the
litigation risk and potential legal liability from framing.
In another framing case, Futuredontics, Inc. v. Applied Anagramics, Inc.,170 the defendant Anagramics, a dental
marketing service, created a website which framed portions of Futuredontics’ website. Here Anagramics, the owner
of the “1-800-DENTIST” trademark, had licensed the trademark exclusively to Futuredontics but, despite the
license, displayed the 1-800-DENTIST mark by framing the Futuredontics’ website. Futuredontics sued for
169 In Morrison & Forrester LLP v. Wick, 94 F. Supp.2d 1125 (D. Colo. 2000), the Court observed that links to Anti-Semitic,
racists and other offensive domain names may cause users to be unsure about the website owner’s affiliation with the sites or
endorsement of the site.
170 45 USPQ2d (BNA) 2005, 1998 U.S. Dist. LEXIS 2265 (C.D. Cal.), aff’d, 1998 WL 417413 (9th Cir. 1998) (unpub. op.),
Page 32
copyright infringement and false advertising. In a subsequent action, the U.S. Court of Appeals affirmed the
issuance of an injunction against Futuredontics, noting that Futuredontics had ignored the disapproval of a proposed
advertisement. Rejecting Futuredontics’ claim that it was entitled to engage in free speech, the court noted that
“the First Amendment protects free speech only when it concerns lawful activity and is not misleading.”171
A case brought in Scotland, Shetland Times, Ltd. v. Jonathan Wills and Another,172 may have been the first
“linking” case, and addressed the problem of “deeplinking.” On the Web site for the Shetland News (“News”),
several hypertext-link headlines transported the internet user to Shetland Times (“Times”) articles on the Times
Web site. The transportation of the user to the embedded page on the Times Web site bypassed the Times front
page with its advertising, and removed the Times “frame” from view. The issue in the case was whether
“deeplinking” to internal or embedded pages of the Times Web site by the News through the use of the plaintiff
Web site’s news headlines was an act of copyright infringement under the U.K.’s Copyright Designs and Patents
Act of 1988. The plaintiff sought, and received, an injunction precluding such deeplinking. The News appealed
this ruling and the matter settled before trial. As part of the settlement, the News agreed to link only through the
Times’ Web site’s front page and agreed to include a legend identifying the headlines as from the Times wherever
such headlines were posted on the News’ Web site. A similar claim was brought in England in January 2001 by
Haymarket Publishing against an oil company, Burmah Castrol, which is alleged to have engaged in unauthorized
framing of two of the publisher’s websites.173 In another case, the EU Directive on Copyright and Databases
Regulations was invoked by a company that successfully obtained an injunction against deep linking.174
Framing may give rise to copyright infringement, violations of the Lanham Act and other potential liability. The
content in the outside frame may be objectionable to the owner of the content inside the frame. There are a number
of potential legal problems with framing. Framing will distort the accounting for advertising royalties because the
users visiting the framed site are not recorded at the content owner’s website. Copyright infringement arises because
the content is being copied without the copyright owner’s permission and this copying is not likely to be viewed as
a fair use.
Until the law respecting framing has been settled, framing of other website content should only be undertaken with
the express permission of the content owner. In negotiating e-business relationships, the parties should consider
whether framing will be authorized and, if authorized, any contractual restrictions to be imposed on the framing.
Attention must also be paid to the risk that others will frame the content of a website without the owner’s
authorization. E-business is very competitive. Particular vigilance is called for whenever a third party attempts to
frame a company’s website, for example, to ensure that intellectual property rights are protected adequately.
Framing is one good reason for registering the copyright claims in a website within ninety days of publication. In
Getaped.com, Inc. v. Cangemi175 the court ruled that making a website available constitutes a publication for
copyright purposes. Timely registration with the Copyright Office enables recovery of statutory damages and
attorney’s fees for unauthorized framing of a website’s content. This strategy is especially important because one of
171 Futuredontics, Inc. v. Goodman, 1999 U.S. App. LEXIS 26257 (9th Cir. Oct. 14, 1999) (not for publication).
172 1997 F.S.R. (Ct. Sess. O.H.), 24 October 1996.
173 See Jean Eaglesham, Publisher sues over web link, Financial Times, Jan. 10, 2001 (available at http://www.ft.com).
174 See Jean Eaglesham, Online recruiter wins ban on rival’s web links, Financial Times, Jan. 17, 2001 (available at
http://www.ft.com) (reporting on injunction obtained by StepStone ASA against OFiA). See also Imax Corp. v. Showmax Inc.,
[2000] FCJ No. 69 (FCC) (Canada), a 2000 case in which the Federal Court of Canada enjoined framing of the Showmax
website.
175 188 F. Supp. 2d 398 (S.D.N.Y. 2002). Interestingly, the court determined the HTML code for the website had been published
because of the ease with which the HTML code could be read. The copyrights in websites are principally registered as
online works. See Copyright Office Circular No. 66.
Page 33
the real problems on the internet is that it is often very difficult to prove actual damages from a third-party’s use of
content. As such, assuring the recovery of statutory damages and attorneys’ fees, even if the award of attorney’s fees
is discretionary and becoming increasingly more difficult to obtain unless the infringement suit or defense is
objectively unreasonable, is quite important. A copyright registration strategy for a website will help a company
manage this risk of framing and any copyright infringement applicable to its website and the content on that site.
META-TAGS
Meta-tags are embedded in the hypertext markup language (HTML) for websites. These meta-tags are invisible to
the user, but may be seen when viewing the HTML source code. Meta-tags are key words inserted by the website
designed to describe the site. Search engines use these “keyword” fields to evaluate whether to return a link to the
site when a user initiates a search request. The meta keyword tags or invisible tags embedded in the website allow
the website designer to manipulate to a certain extent the results a search engine will return in response to a user
request. The use of meta-tags has generated litigation.
To date the cases involving meta-tags concern one party using another party’s trademark or company name as a
meta-tag on their website. In Playboy Enterprises, Inc. v. Calvin Designer Label,176 for example, the defendant
was found to have infringed on Playboy Enterprises’ rights by embedding references to the term “Playboy” in the
HTML coding underlying the defendant’s website. Courts have generally been concerned about meta-tags using a
competitor’s trademarks. In Brookfield Communications, Inc. v. West Coast Entertainment Corp.,177 the Court of
Appeals concluded that the defendant’s use of another party’s trademarks in a website’s meta-tags created “initial
interest confusion” and, therefore, also violated the Lanham Act. However, in Bihari v. Gross,178 the court reached
the opposite conclusion, noting that while the allegedly infringing site used meta-tags that included the plaintiffs’
mark, searches that found the site displayed the information from the associated meta-description, which indicated
that the website was for the purpose of discussing consumer problems with the plaintiffs business. Understanding
“initial interest confusion” is important to assessing trademark infringement and dilution risks in connection with ecommerce.
The conclusion in Brookfield was echoed in a Seventh Circuit opinion, Promatek Industries, Ltd. v.
Equitrac Corp., in which the court concluded that an infringing use of a competitor’s name in a metatag was
improper, but observed as well that “it is not the case that trademarks can never appear in metatags, but that they
may only do so where a legitimate use of the trademark is being made.”179 The Promatek court observed that
“[t]he problem here is not that Equitrac, which repairs Promatek products, use Promatek’s mark in its metatag, but
that it used that trademark in a way calculated to deceive consumers into thinking that Equitrac was Promatek.”180
In Playboy Enters., Inc. v. Welles,181 the court also declined to find that use of another party’s trademarks was an
infringement. In this case, the defendant, a model who earned the title “Playmate of the Year,” used that phrase in
176 1997 U.S. Dist. LEXIS 14345 (N.D. Cal. 1997).
177 174 F. 3d 1036 (9th Cir. 1999). In the Brookfield case, the technology and function of meta-tags is explained. Id. at 1061-62,
n. 23.
178 119 F. Supp.2d 309 (S.D.N.Y. 2000). See also Northland Insur. Cos. v. Blaylock, 115 F. Supp.2d 1108 (D. Minn. 2000)
(refusing to apply initial interest confusion doctrine in case of consumer complaint site).
179 300 F.3d 808, 814 n.13 (7th Cir. 2002) (as amended, Oct. 18, 2002) (emphasis supplied).
180 Id. at 814. A similar result was reached in a March 2004 decision handed down by German court, which ruled that the use of
a competitor’s mark in a website’s metatag was an infringing use. See Competitor’s Use of Rival’s Mark As Metatag Held to
Be Infringing Use, 9 E. Commerce & L. Rep. (BNA) 30, at 679 (Aug. 4, 2004).
181 7 F. Supp.2d 1098 (S.D. Cal.); aff’d 162 F.3d 1169 (9th Cir. 1998); on remand, 60 F. Supp.2d 1050 (S.D. Cal. 1999); summary
judgment granted for defendant, 78 F. Supp.2d 1066 (S.D. Cal. 1999) (distinguishing Brookfield Communications). “Much like
(footnote continued to next page)
Page 34
her website’s meta-tags and elsewhere in the website, which the court found to be a fair usage of the term, since it
accurately described the appellation that plaintiff awarded to her. On appeal however, the Ninth Circuit, while
agreeing that Welles’ use of “playboy” and “playmate” in her metatags and banner ads were merely nominative and
non-infringing, found that Welles’ repeated stylized use of “PMOY 81” in the background or wallpaper for her site
failed the nominative use test.182
In an earlier decision, New Kids on the Block v. News Am. Publishing, Inc.,183 the U.S. Court of Appeals set up a
three part test to determine when “nominative fair use” was present, under which unauthorized use of another party’s
trademark would be permitted:
First, the product or service in question must be one not readily identifiable without use of the
trademark; second, only so much of the mark or marks may be used as is reasonably necessary to
identify the product or service; and third, the user must do nothing that would, in conjunction
with the mark, suggest sponsorship or endorsement by the trademark holder.184
The New Kids on the Block court further explained that “a soft drink competitor would be entitled to compare its
product to Coca-Cola or Coke, but would not be entitled to use Coca-Cola’s distinctive lettering.185
In one meta-tag infringement matter the website for a competitor used a company’s marks as keywords as well as a
number of keywords that were confusingly similar (virtually identical phonetically) to our client’s marks. This
meta-tag technique may result in the competitor’s website being returned more often than the trademark owner’s site
itself. In one reported case, this actually happened. The competitor’s website was returned more often than the
trademark owner’s site based on the use of meta-tags.
Meta-tags are a form of advertising. A website’s meta-tags should not mislead site visitors as to the nature of the
website. For example, the Federal Trade Commission filed a complaint against a website that included meta-tags
relating to cancer on the grounds that meta-tags were deceptive and misleading even though the site’s advertising
did not claim the herbal products were a cure for cancer. 186
Meta-tags should be selected carefully with due consideration to potential trademark infringement and deceptive
advertising claims. Generic terms should be used, as well as a company’s own trademarks (or those of parties with
which there is a license for such usage). It is advisable to include specific reference in a trademark license
authorizing the licensee to use the licensed trademark in meta-tags. Generally speaking, it is also advisable for
companies to avoid using the trademarks or names of competitors.
(footnote continued from previous page)
the subject index of a card catalog, the meta-tags give the web surfer using a search engine a clearer indication of the content
of the website.” 7 F. Supp.2d at 1104.
182 Playboy Enterprises, Inc. v. Welles, 279 F.3d (9th Cir. 2002). See also PACCAR, Inc. v. TeleScan Technologies, L.L.C., 319
F.3d 243 (6th Cir. 2003) (court upheld injunction against use of domain names incorporating plaintiff’s trademarks, but upheld
rejection of injunction against use of trademarks in metatags).
183 971 F.2d 302 (9th Cir. 1992).
184 Id. at 308.
185 Id. at 308 n.7. But see Horphag Research Ltd. v Pellegrini, No. 01-56733 (9th Cir. May 9, 2003) (excessive and
“unreasonably pervasive” use of a competitor’s mark was not protected by fair use defense).
186 In FTC v. Lane Labs USA, Inc., No. 00 CV 3174 (D. N.J. June 28, 2000), the FTC challenged the use of embedded words
relating to cancer therapy in metatags for shark cartilage product and in Natural Heritage Enterprises, C-3941 (FTC May 23,
2000) the FTC challenged the use of meta-tags that represented essiac tea could treat cancer, diabetes and HIV/AIDS.
Page 35
Using a competitor’s name or trademark in the meta-tag key words for a website or in hidden text “stealthing” at
the site are just several of the strategies e-competitors are using to divert traffic from one website to another. These
include key word advertising,187 search engine diversions, page jacking, spamdexing, pixel-tagging, cyberstuffing,
188 and mousetrapping.189 Spamdexing is the practice of placing the trademark in the text of the webpage
itself. It is important to be “streetwise” as to the techniques companies are using to divert traffic. Some of these
techniques may be legal. Some may not be, especially when viewed in the aggregate. In the aggregate these
activities may constitute unfair competition.
It is more difficult to prevent competitors from using key words as meta-tags if the words used are words in the
dictionary as opposed to fanciful, coined words. This is another reason for adopting trademarks that are fanciful and
not descriptive or suggestive.
PRIVACY
Privacy protection is a major issue in business-to-consumer e-business. Privacy concerns are often characterized in
the press as one of the main issues delaying wider use of the internet and e-business. Surveys have shown some
potential e-business customers shied away from buying online because of fears that their personal information will be
misused, although these surveys may conflate privacy concerns with security concerns. Privacy concerns often focus
on data mining and e-mail marketing to consumers based on who visited what site, who clicked where, who bought
what, and compilation of profiles based upon individual click histories.190
Privacy regulation in the U.S. is sector-specific, and generally focuses on particular industry sectors and specific
communications media (electronic communications, cable, video rentals, etc.) For years, web site privacy was
largely self-regulated, with the FTC and State Attorneys General bringing enforcement actions for material
misrepresentations in privacy policies.
Self-regulation and Deceptive Trade Practice Enforcement. Businesses developed industry standards to protect
the privacy of consumer information collected over the Internet and stored in databases. For example, the Direct
Marketing Association has adopted online privacy guidelines, an easy-to-use online privacy policy generator, and
will expel members who do not follow privacy safeguards set forth in its Ethical Principles. A variety of more
specialized self-regulatory initiatives followed. These self-regulatory efforts yielded significant results. In 1999, the
Georgetown Internet Privacy study found that 94% of the top 100 websites have posted a privacy policy.191
187 See B. Elgin, Web Searches: The Fix Is In, Bus. Week, Oct. 6, 2003, at 89, reporting on the impact of paid inclusion on
search engines, browsers, and advertisers.
188 Cyber-stuffing is the practice of repeating a term numerous times in a website’s meta-tags in order to lure the attention of
Internet search engines. Trans Union LLC v. Credit Research, Inc., 142 F. Supp.2d 1029, n. 8 (N.D. Ill. 2001).
189 See Electronics Boutique Holdings Corp. v. Zuccarini, 56 U.S.P.Q.2d (BNA) 1705 (E.D. Pa. 2000), motion to set aside denied,
2001 U.S. Dist. LEXIS 765 (E.D. Pa. 2001), aff’d, 2002 U.S. App. LEXIS 9247 (3d Cir. Apr. 25, 2002), for an explanation of
mousetrapping. In this case, the court noted that Zuccarini’s website used domain misspellings to draw visitors to his site,
which was designed to automatically display a succession of advertisements. Advertisers paid Zuccarini 10-25¢ for every
click. Browsers were unable to exit Zuccarini’s site until they clicked on each advertisement; hence the term
“mousetrapping.” This evidence was later cited in a criminal complaint filed against Zuccarini in Sept. 2003, alleging that he
violated a federal law intended to prevent diversion of web browsers to pornographic websites by the use of misleading
domain names. Mark Hamblett, First Charges Filed under New Internet Porn Law, 1 Internet L. & Strat. 9, at 3 (Sept. 2003).
190 See generally No hiding place: The protection of privacy will be a huge problem for the internet society, The Economist, Jan.
25, 2003.
191 The Industry Standard, Sept. 20, 1999, at 208.
Page 36
Websites posting privacy policies increased significantly.192 However, an FTC survey in 2000 of major ecommerce
Websites found that only about 20% addressed all five of the fair information practices regarding privacy
(notice; consumer choice regarding disclosures; right of access to and to correct information stored by the business;
maintaining the security of the information; and some right of redress in the event of a violation), even though the
FTC also found nearly 90% compliance rate by internet companies with respect to the first fair information
practice—posting notice of their privacy practices on their Websites.193
Several organizations, such as the Better Business Bureau Online (BBB Online) and TRUSTe, accept applications
for a privacy seal that enables consumers to identify Websites that pledge to meet privacy standards. In addition,
the Direct Marketing Association and the Online Privacy Alliance, have adopted self-regulatory programs, and the
Direct Marketing Association provides free of charge a privacy policy generator on its Website to assist companies
in asking the initial questions necessary to develop a privacy policy.194
Companies that make self-regulatory promises are required to keep them. The FTC and State Attorneys General in
the U.S. treat material violations of promises made in privacy policies as deceptive trade practices. Furthermore,
there is a possibility that class lawsuits could be brought by consumers against websites that violate their own
privacy policies in a way that causes harm to consumers. In recent years, the FTC has begun to expand the range of
deceptive trade practice enforcement actions it brings to promises regarding the security of personal information a
company collects,195 and failures to provide adequate notice to data subjects regarding major changes in privacy
practices.196
Where a franchisor provides basic business contact information about franchisees on its website, that information
does not appear to be prohibited under privacy law. Generally speaking, the only requirement that applies to such
information is that franchise advertising must be truthful and consistent with a franchisor’s disclosure document.197
Many states consider franchisor websites to be advertising even though the Internet is akin to a national publication,
which is exempted from most states’ advertising requirements under exemptions that apply to out-of-state
publications.198 However, there is a general exemption available for internet advertising in many states as also
discussed above.
Notably, the guidelines for preparing a disclosure document that were issued by the North American Securities
Administrators Association (NASAA)199 as well as the “FTC Franchise Rule,” promulgated by the Federal Trade
192 In “Leadership for the New Millennium: Delivering on Digital Progress and Prosperity,” the U.S. Government Working
Group on Electronic Commerce, 3rd Annual Report (2000) at viii the Working Group reports the number of commercial
websites that post privacy policies has jumped from 2% in 1998 to 62% in 2000.
193 Glenn Simpson, FTC Finds Websites Fail to Guard Privacy, The Wall Street Journal, May 11, 2000, at B12.
194 See http://www.the-dma.org/privacy/creating.shtml. Our firm has helped The DMA with this effort.
195 In the Matter of Guess? Inc., File No. 0223260 (FTC Aug. 5, 2003); In the Matter of Microsoft Corp., File No. 0123240 (FTC Dec.
24, 2002); In the Matter of Eli Lilly and Co., File No. 0123214 (FTC May 10, 2002).
196 In the Matter of Gateway Learning, FTC File No. 042-3047 (FTC July 7, 2004).
197 See, e.g., N.Y. Gen. Bus. Law § 683(11). “Any advertisement in whatever form, including periodicals or on radio or
television, shall contain a statement that no offer of such franchise is made except by such offering prospectus, and all such
advertising shall be consistent with the representations and information required to be set forth in such prospectus as
hereinbefore in this section provided.”
198 See, e.g., N.Y. Code Regs. and Rules § 200.9 (reprinted at Bus. Franchise Guide (CCH) ¶ 5320.09).
199 Guidelines for the Preparation of a Uniform Franchise Offering Circular, adopted April 25, 1993 (Item 20(B) and 20(E)).
Bus. Franchise Guide (CCH) ¶ 5700.
Page 37
Commission,200 require the disclosure of certain information about a franchisor’s current and former franchisees.
These records are available through commercial and state government sources, and sometimes this information is
available online or electronically. As a practical matter, neither franchisors nor franchisees should have any
expectation that their basic business contact information will be kept from discovery online.
E-businesses should develop privacy policies with input from operations, marketing and legal personnel and write
privacy policies so that internet users can understand them. E-businesses should treat the words in their privacy
policy seriously and only make promises that they are prepared to keep consistently. For example, unequivocal
promises, such as that a company will never disclose Personally Identifiable Information (“PII”) to third parties, are
inadvisable because disclosures almost invariably occur to carry out or enforce transactions, in responding to lawful
legal process from law enforcement or civil litigants, in the event of bankruptcy or liquidation of a company’s assets.
Thus, privacy policies should leave room for these and similar sorts of disclosures. Furthermore, human and
computer errors can result in the disclosure of PII. Finally, e-businesses should be wary of making ambitious
promises regarding data security. Companies that make such promises but do not live up to the Gramm-Leach-
Bliley Act safeguards procedures for data security have been targets of FTC enforcement in cases where they make
accidental disclosures.201
Privacy policies should be integrated by reference in website terms of use, including its limitations on liability,
dispute resolution and governing law provisions.202 Otherwise, privacy policies are likely to be treated as
contractual commitments without any limitation on liability or other contractual protection. Links to the privacy
policy should be located in conspicuous font or point size on the home page of an e-business size and near the point
of information collection on a website (for example, near a form).
While self-regulation continues to be the most important guide for e-business privacy practices, government
regulation has become a factor as well.
Online Privacy Regulation. California passed the first law in the U.S. that requires companies to publish and
conspicuously post a privacy policy on their Website if they collect any personally identifiable information over the
internet from California consumers who visit their site.203 This law applies to Website operators and online
services located both outside and inside California. Therefore all Website operators in the U.S. that collect PII
should reevaluate their privacy policies in light of California’s online privacy law, if they have not already done so.
The law’s requirements are not burdensome. They require that posted privacy policies: (1) identify the categories of
personally identifiable information collected and the categories of third-parties with which the Website operator may
share that information; (2) explain, if consumers may review and make changes to personally identifiable
information the site collects, how the consumers may do so; (3) describe how the website operator notifies
consumers of changes to the privacy policy; and (4) note the date when the current version of the privacy policy took
effect. Most privacy policies cover the first and second of these elements, but may not cover the third and fourth
elements. The law also requires that privacy policies be posted “conspicuously” through one of a variety of
methods, including a clearly visible hyperlink labeled privacy on an e-business’ home page. Companies have a
200 16 C.F.R. § 436.1(a)(16)(iii).
201 In the Matter of Guess? Inc., File No. 0223260 (FTC Aug. 5, 2003); In the Matter of Microsoft Corp., File No. 0123240 (FTC
Dec. 24, 2002); In the Matter of Eli Lilly and Co., File No. 0123214 (FTC May 10, 2002).
202 In Crowley v. CyberSource Corp., 166 F. Supp.2d 1263 (N.D. Cal. 2001), plaintiff claimed Amazon.com, Inc. violated its
privacy policy arising from Amazon.com’s disclosure of plaintiff’s personal information to CyberSource to verify the identity
of the person making an online purchase from Amazon.com. Amazon.com sought the protection of its Participation
Agreement’s terms and conditions. However, the court ruled these terms and conditions did not apply since the claim arose
under Amazon’s privacy policy. Amazon.com has since changed its privacy policy and expressly adopted the new policy
under, and subject to, its terms and conditions that are generally applicable to purchasers.
203 The California Online Privacy Protection Act of 2003, Cal. Bus. & Prof. Code §§ 22575 et seq.
Page 38
thirty-day grace period after notice of non-compliance to come into compliance with the notice requirement. In
addition, the law prohibits “negligent and material” or “knowing and willful” misrepresentations in privacy
policies. As a practical matter, due to recent reforms in California’s unfair competition statute, Business &
Professions Code § 17200, violations are likely to be enforced only by government officials, not the plaintiff’s bar.
Ironically, another California privacy law, Civil Code § 1798.83 (also known as “S.B. 27”), that is not specific to
online activities, is likely to have a greater effect on online privacy practices. S.B. 27 first requires businesses and
non-profits that disclose personal information regarding California consumers to third parties for the third parties’
commercial marketing purposes to designate a contact point to receive inquiries regarding privacy practices and
compliance with the statute. Designations may be made on a business’ or non-profit’s Website and should be
labeled “Your California Privacy Rights.”
Second, S.B. 27 requires businesses and non-profits who receive these inquiries either to provide: (1) a detailed,
annual notice of exactly what data elements they disclosed during the previous calendar year and the names of the
businesses to whom the data were disclosed; or (2) the opportunity to opt out or opt in to disclosures to third
parties (including, in the case of a range of more sensitive data elements, disclosures to affiliates).204 S.B. 27
allows privacy advocates and the press to obtain detailed information about business’ and non-profit’s data
disclosure practices for third party commercial marketing purposes unless the business or non-profit provides a broad
opt-out of disclosures, including in many cases an opt-out of disclosures to affiliates. Violations are enforceable by
the plaintiff’s bar through private lawsuits for statutory damages. The net effect of S.B. 27 is to give e-businesses a
significant incentive to provide an opt-out of disclosures to third parties for their marketing purposes, a requirement
that is missing from the state’s online privacy law.
With state legislatures lately far more interested in spyware, phishing and spam issues than in online or offline
privacy, these California laws have not spread to other states. Although the chairman of the U.S. House of
Representatives committee with jurisdiction over consumer protection issues supports broad privacy regulation,
federal privacy regulation of Websites is unlikely in the near to medium term. The Federal Trade Commission,
which would be the lead agency charged with enforcing federal requirements, has recommended against regulation of
sites that are not directed at children. In October 2001, FTC Chairman Timothy Muris suggested that Congress
hold off enacting additional privacy laws, and instead expressed a preference for vigilant enforcement of the present
standards and for letting industry innovate and self-regulate in the field.205 His successor, Chairwoman Deborah P.
Majoras, has not deviated from this position.
Regulation of Children’s Online Privacy. Because data regarding children is widely viewed as sensitive,
children’s online privacy is regulated at the federal level under a parental consent opt-in regime. The Children’s
Online Privacy Protection Act (“COPPA”)206 was enacted in 1998 with the support of industry. COPPA regulates
sites directed at children or that know that they are collecting PII online from a child or providing an online forum
through which children may communicate. The FTC’s Final Rule implementing COPPA207 applies to the
collection of personal information online from children under the age of 13.
204 Cal. Civ. Code § 1798.83.
205 See Remarks of FTC Chairman Timothy J. Muris at The Privacy 2001 Conference, Cleveland, Ohio (Oct. 4, 2001)
(http://www.ftc.gov/speeches/muris/privisp1002.htm).
206 15 U.S.C. § 6501 et seq., which is to be distinguished from the Child Online Protection Act (called COPA), codified at 47 U.S.
C. § 231. Enforcement of COPA was enjoined by a federal district court because of questions as to whether the content
restrictions in the statute were the least restrictive means of protecting children from harmful content. ACLU v. Reno, 31
F.Supp. 2d 473 (1999). That decision was ultimately upheld by the U.S. Supreme Court in Ashcroft v. ACLU, 124 S. Ct. 2783
(2004), and the case was remanded to the district court for further consideration of the other possible means of accomplishing
the same goal.
207 Children’s Online Privacy Protection Rule, 64 Fed. Reg. 59,888 (1999) (codified at 16 C.F.R. Part 312).
Page 39
COPPA requires sites, or portions of sites, that are “directed” at children under the age of 13 or that know that they
collecting PII from children to: (1) provide clear, prominent and understandable notice of what PII they collect
online from children, how it will be used, and how it will be disclosed; (2) obtain “verifiable consent” from a parent
of a child for the collection, use and disclosure of the child’s PII; (3) provide parents with the ability to opt-out of
further collection, retention or use of their child’s PII; (4) provide parents with a reasonable means to review
information that is collected from children; and (5) establish and maintain reasonable procedures to protect the
confidentiality, security, and integrity of PII online collected from children.208 The FTC’s Rule implementing
COPPA adopted a sliding-scale approach for providing verifiable parental consent, and the FTC recently proposed
making this approach permanent. It allows websites to use an e-mail-plus mechanism to obtain consent for internal
uses (as opposed to disclosures) of covered data.
COPPA’s requirements are burdensome, so that e-businesses should consider whether the costs and burdens of
compliance with COPPA are worthwhile or should be avoided by refraining from targeting sites or portions of sites
at children under 13 and from collecting age information from visitors. For example, children may sign up for
sweepstakes used as an incentive for registrations. They may also be discovered to be younger children during
customer support telephone calls, which is material because actual knowledge that the user is less than 13 years old
also requires compliance with COPPA. Companies subject to COPPA, as well as privacy obligations arising under
the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, and the Telemarketing Sales Rule cannot avoid their
obligations by transferring their data-processing activities overseas, according to a letter from former FTC Chairman
Tim Muris to Rep. Edward J. Markey (D-Mass.).209
E.U. Regulation of Data Protection. In late 1995, the European Union enacted its Data Protection Directive,
which governs all processing of personal data, including the transfer of personal data for processing in a third country
(such as the U.S.). It directs E.U. member countries to modify or adopt national data protection legislation
consistent with the Directive’s requirements.
The purpose of the Directive is to establish a regulatory framework (including minimum standards) for the
processing and use of personal data of E.U. citizens that:
Minimizes the differences between national data protection laws;
Ensures all data subjects an equivalent level of privacy protection, regardless of the specific
country involved in the processing of personal data; and
Prohibits the transfer of personal data to entities in countries that do not provide “adequate”
privacy protection.
The terms “personal data” and “processing of personal data” are defined broadly, and include the collection, storage,
retrieval, use, or disclosure of information relating to an identifiable natural person. Under the Directive, entities
that determine whether personal data gets processed, and for what purposes, is deemed to be a “controller.” An
entity that processes personal data on behalf of a controller is deemed to be a “processor.” The Directive requires
both entities, but particularly the controller, to comply with a series of requirements before they can collect, use, or
otherwise process personal data. These requirements include furnishing the data subject with an explanation about
the categories of data that the controller will collect about the individual and how the data will be processed
(“notice”), requiring the data subject’s consent unless the processing meets an enumerated exception (“consensual
processing” or “legitimate processing”), security, providing the data subject with the opportunity to review what the
controller has collected about him or her (“access”), as well as providing the data subject with the opportunity to
make corrections to such data.
208 15 U.S.C. § 6502(b).
209 FTC’s Muris Tells Market Laws Apply to Data Activities Wherever Conducted, 9 Elec. Com. & Law Rep. 22, June 2, 2004, at
509.
Page 40
The Directive governs transfers to third countries, including the United States, of personal data collected in Europe.
(That is, the Directive does not apply to personal data collected directly in the United States from a European. For
example, the assumption is that personal data that has been submitted by a European visiting a U.S.-based general
audience web site is deemed to have been “collected” rather than “transferred.”)
The European Union has not classified the United States as providing an “adequate” level of privacy protection. As
a result, data controllers in Europe face liability for transferring personal data to a company located in the U.S. —
even a corporate affiliate — unless the controllers: (1) meet the requirements of their country’s law (e.g., registration
of database with local data protection authority, notice to data subject, access mechanisms, etc.); and (2) obtain
assurances that the U.S. company has taken one of several steps to “adequately” protect the personal data.
The two principal “legitimate processing” purposes for transferring personal data outside of the E.U. are where:
(i) the data subject has given his or her informed consent; or (ii) the processing is necessary for the performance of a
contract to which the data subject is a party. Consent, for example, used to lie at the heart of most programs for
transferring human resources data to the United States from European corporate affiliates, but European regulators
have been distancing themselves from this view.
The four recognized means for controllers to obtain the requisite assurances from U.S. companies are: (a) have the
U.S.-based company enter into pre-approved model E.U. clauses or intra-group agreements based on these model
clauses, (b) have the U.S.-based company enter into specialized contracts with the E.U. controller, (c) participation
by the U.S.-based company in the Department of Commerce’s Safe Harbor program; or (d) binding corporate codes
or rules. Where the U.S. company is acting as a “controller,” the rigorous requirements for compliance are
numerous. Where, on the other hand, the U.S. company is acting as a “processor on behalf” of the controller, the
principal requirements are that it provide adequate security to safeguard the data and that it process the data only
upon the instructions of the controller.
Other Sector-Specific Laws. In various contexts, sector-specific privacy requirements will affect e-businesses.
Among the most significant of the requirements at the federal level are:
• The Health Insurance Portability and Accountability Act of 1996 (known as “HIPAA”),
which deals with health care information privacy by setting standards for electronic health
information transactions. HIPAA rules apply not only to medical providers and health plans,
but also to associated businesses and, in some cases, to companies that provide or collect
health insurance usage information; in the aggregate, these constitute approximately 13% of
the U.S. economy.210
• The Gramm-Leach-Bliley Act (known as “GLB”), which limits when a “financial
institution” may disclose non-public information about consumers.211 Because “financial
institutions” are defined extremely broadly under the FTC’s regulations that implement GLB,
many types of businesses, especially businesses engaged in the extension of credit to
consumers, are covered by the law’s notice, opt-out, and disclosure requirements.212
Data Security Regulation. There are a number of state laws and also pending federal legislation regarding data
security. California has taken a leading role in enacting security laws. For example, California “A.B. 1950”
210 See “Leadership for the New Millennium: Delivering on Digital Progress and Prosperity,” The U.S. Government Working
Group on Electronic Commerce, 3rd Annual Report (2000) at xiii.
211 Gramm-Leach-Bliley Act, Pub. L. No. 106-102, Title V, Privacy, 113 Stat. 1338, 1436-1450 (1999) (codified at 15 U.S.C. §§
6801-6809).
212 Privacy of Consumer Financial Information, 16 C.F.R. Part 313 (see also the FTC notice announcing the issuance of the new
rule, at 65 Fed. Reg. 11,174 (2000)).
Page 41
requires businesses to implement and maintain reasonable security procedures and practices to protect certain
unencrypted “personal information” from unauthorized access, destruction, use, modification, or disclosure; and to
contractually required unaffiliated third parties to which such information is disclosed to also implement and
maintain such procedures and practices. “Personal information” protected under this law is defined as a person’s
first and last name (or first initial and last name), in combination with one or more of the following sensitive data
elements: (a) a Social Security number (“SSN”); (b) a drivers license number; (c) California Identification Card
Number; (d) account number, credit card number, or debit card number in combination with any required security
code, access code, or password that would permit access to an individual’s financial accounts; or (e) information
regarding medical history, or medical diagnosis or treatment by a health care professional.213
Most importantly, California has led the way in enacting security breach notification laws.214 By January 2006, at
least 22 states had enacted new security breach notification laws, all generally based on the California law.215
Generally, these laws impose a duty on the party collecting personally identifiable information over the Internet, or
on whose behalf information is collected, to notify individuals whose unencrypted sensitive personal information
has been accessed or acquired without authorization (e.g., through hacking or other means). Notices of security
breaches provided to individuals must contain a description of the categories of information that were, or are
reasonably believed to have been, acquired by an unauthorized person. In addition, in certain cases, notice of the
breach must also be given to state enforcement agencies, such as the state Attorney General’s office, as well as to
consumer reporting agencies. Typically, sensitive personal information is defined as an individual’s first and last
name (or first initial and last name), in combination with his or her SSN, driver’s license or state identification
number, or financial account or credit or debit card number (along with the PIN or access code required to access the
account). Note that these laws apply only to unencrypted data, therefore, having personal information in an
encrypted system may avoid applicability of these laws – and the obligation to comply with their burdensome
security breach notification requirements – altogether.
Most laws provide some mechanism for state enforcement of the security breach notification requirements, and some
states also expressly provide for an individual right of action, permitting injured individuals to sue for damages.
Beginning in the spring of 2005, the U.S. Congress had also introduced legislation to require companies to notify
persons affected by data security breaches involving their sensitive personal information. This legislation would,
presumably, preempt conflicting state security breach notification laws.
In addition, both HIPAA and GLB have stringent data security components.
Other Consumer Data Protection and Security Regulation. There are additional federal and state laws that
restrict the use of account and identity numbers. Among these are:
• Credit Card Account Number Truncation - Section 605(g) of the FCRA (as amended by the
Fair and Accurate Credit Transactions Act) prohibits any person that accepts credit or debit cards
for the transaction of business from printing more than the last five (5) digits of the account
number or the expiration date of the card on any receipt provided to the cardholder. There are
some state laws have enacted more stringent requirements.216
213 See California Civil Code § 1798.81 et seq. “Personal information” excludes information if both the name and the other data
elements are either encrypted or redacted; and publicly available information that is lawfully made available to the general
public from federal, state, or local government records.
214 See California Civil Code §§ 1798.82 and 1798.29.
215 These states include: Connecticut, Delaware, Florida, Georgia, Illinois, Minnesota, Nevada, New Jersey, New York, Ohio
and Texas.
216 Section 625 of the FCRA generally provides that nothing in the FCRA shall exempt persons from complying with any state
laws regarding the collection, distribution or use of any information on consumers, or for the prevention or mitigation of
(footnote continued to next page)
Page 42
• Restriction on Use and Display of Social Security Numbers (“SSNs”) – There are a number of state
laws which prohibit or restrict certain uses or the display of SSNs, which generally serve as federal
identification numbers for U.S. nationals. Usually these laws restrict or prohibit the use of SSNs as
account numbers, and the ability to request from individuals or display SSNs on the Internet over an
unsecure connection or unencrypted transmission.217
WASH1:4841108.2
(footnote continued from previous page)
identity theft except to the extent of any inconsistency with the FCRA. However, the FCRA carves out specific exceptions to
this general rule, including with respect to truncation of credit and debit card numbers. Specifically, section 625(b)(5)(a) of
the FCRA provides that "no requirement or prohibition may be imposed under the laws of any State" with respect to the
requirement to truncate credit and debit card numbers and eliminate expiration dates from receipts issued to cardholders
(emphasis added). Operators of retail websites should also bear in mind that VISA and MasterCard have issued requirements
to all licensed merchants that not more than the last four (4) digits of the consumer's account number be displayed on a
receipt. Effective July 1, 2003, for all new terminals, Visa USA mandates that all but the last four (4) digits of the cardholder
account number and the entire expiration date, be suppressed on the cardholder copy of all transaction receipts generated
from electronic (including cardholder-activated) terminals. Effective April 1, 2005 MasterCard requires all cardholder
receipts generated by newly installed, replaced, or relocated ATM and point-of-interaction (POI) terminals, whether attended
or unattended, must reflect only the last four digits of the primary account number (PAN). Fill characters that are neither
blank spaces nor numeric characters, such as X, *, or #, must replace all preceding digits.
217 See, e.g. Michigan Stats. § 445.81 et seq. and California Civil Code §§ 1798.85-1798.86.
Page 43
Lee J. Plave
Plave Koch PLC
11250 Roger Bacon Drive (Suite 5)
Reston, Virginia 20190
Tel: 703.774.1203 · Fax: 7043.774.1201
lplave@plavekoch.com
www.plavekoch.com
Lee Plave is a partner in Plave Koch PLC. He has had extensive experience drafting and negotiating franchise,
license, and distribution agreements for international and domestic transactions, and advising clients in all aspects of
franchise and distribution law.
He also counsels manufacturers, distributors, and franchisors with respect to the application of technology to
franchise and distribution systems, including matters such as the development and implementation of e-commerce
strategies, system-wide internet roll-out policies and procedures, cybersquatting and domain name disputes,
consumer complaint and “cybergripe” web sites, unauthorized e-commerce, software and hardware licensing, and
issues relating to online and internet services. His practice involves business, technology, franchise, distribution,
international, and antitrust matters.
In addition, Mr. Plave represents clients in matters before the Federal Trade Commission, where he served in the
Enforcement Division of the Commission’s Bureau of Consumer Protection from 1983-87 before entering private
practice in 1987.
Mr. Plave is admitted to practice in the State of New York (1984), the District of Columbia (1987), and the
Commonwealth of Virginia (2004). He is a member of the District of Columbia Bar, the New York Bar
Association, the Virginia Bar Association, the American Bar Association, and the International Bar Association.
Mr. Plave has authored and co-authored numerous articles, has been interviewed by various media, and is a frequent
lecturer at business and legal conferences, seminars and programs on franchising and distribution, the internet,
e-commerce, and other information technology matters. Mr. Plave serves on both the Publications Committee and
the Technology Committee of the American Bar Association Forum on Franchising, as well as on the Information
Technology Task Force of the International Franchise Association.
Mr. Plave has been named to the Who's Who in America, the Who's Who in American Law, the Who's Who in the
South and Southwest, the International Who's Who of Franchise Lawyers, the International Who's Who of
Business Lawyers, and the Who's Who Legal: The International Who's Who of Business Lawyers. Franchise
Times magazine has named him one of its "Legal Eagles," and he was selected by his peers for inclusion in The Best
Lawyers of America. Mr. Plave has also been awarded an “AV” Martindale-Hubbell peer review rating.
He graduated in 1980 from Clark University in Worcester, Massachusetts. In 1983, Mr. Plave graduated cum laude
from New York Law School in New York, New York, where he was named as an associate editor of the Journal of
International and Comparative Law.

Labels: Franchise Opportunity