Cybersquatting: Even Today, an Important Concern for Online Businesses

October 16, 2018 | Privacy, Data & Cyber Law

It has been nearly 20 years since the federal Anticybersquatting Consumer Protection Act (the ACPA) was enacted in 1999 to battle what an alarmed Congress understood to be a rising wave of “cybersquatting.” As the Senate Judiciary Committee explained, the ACPA was designed to “protect consumers and American businesses, to promote the growth of online commerce, and to provide clarity in the law for trademark owners by prohibiting the bad-faith and abusive registration of distinctive marks as Internet domain names with the intent to profit from the goodwill associated with such marks.” S. Rep. No. 106-140, at 4 (1999).

Soon after the ACPA became law, the U.S. Court of Appeals for the Second Circuit, in apparently the first appellate interpretation of the ACPA, recognized that cybersquatting involves “the registration of domain names of well-known trademarks by non-trademark holders who then try to sell the names back to the trademark owners.” See Sporty’s Farm v. Sportsman’s Market, 202 F.3d 489, 493 (2d Cir. 2000).

Given the speed of technological developments that have occurred (and that keep occurring) this century, the relative “old age” of the ACPA, and the advent of more and more sophisticated legal issues involving the Internet and social media—such as data mining and privacy, public officials’ use of Twitter, website accessibility, and the use of secret “cookies”—one might reasonably suspect that cybersquatting is no longer an issue of concern for companies with an online presence, or to their counsel.

That view, however, is not accurate. Indeed, plaintiffs continue to file actions in New York courts involving allegations of cybersquatting under the ACPA (and even claims such as reverse domain-name hijacking, see, e.g., Wang v. Societe du Figaro S.A., No. 15 Civ. 9376 (PAE) (S.D.N.Y. June 26, 2018)).

This column summarizes the anti-cybersquatting rules under the ACPA and explores two recent New York court decisions that help to illuminate the kinds of cyberpiracy claims that courts are willing to consider, and those that they are not.

The Cybersquatting Test
To state a claim for cyberpiracy under the anticybersquatting section of the ACPA, 15 U.S.C. §1125(d), a plaintiff must allege that (1) its marks were distinctive at the time its domain name was registered; (2) the allegedly infringing domain names were identical to or confusingly similar to the plaintiff’s mark; and (3) the infringer had a bad faith intent to profit from that mark. See, e.g., Webadviso v. Bank of America, 448 F. App’x 95 (2d Cir. 2011).

A key element of the three-part test for an ACPA violation is “bad faith intent to profit.” The ACPA enumerates nine factors relevant to the bad faith inquiry, although it also expressly allows consideration of factors beyond the nine enumerated indicia.

Courts have identified two quintessential examples of bad faith: where a defendant “purchases a domain name very similar to the trademark and then offers to sell the name to the trademark owner at an extortionate price,” and where a defendant “intend[s] to profit by diverting customers from the website of the trademark owner to the defendant’s own website, where those consumers would purchase the defendant’s products or services instead of the trademark owner’s.” Utah Lighthouse Ministry v. Foundation for Apologetic Information and Research, 527 F.3d 1045 (10th Cir. 2008).

Just recently, in Excelsior College v. Wolff, No. 1:17-CV-0011 (GTS/DJS) (N.D.N.Y. Aug. 16, 2018), the U.S. District Court for the Northern District of New York considered a defendant’s motion to dismiss a cyberpiracy claim under the ACPA. Among other things, the court’s decision illustrates the kinds of allegations that can withstand a motion to dismiss. The Excelsior College Case

The case was brought by Excelsior College, a private, not-for-profit higher education institution offering students an associate degree from its nursing program upon passing a “Clinical Performance Nursing Exam,” or “CPNE,” which Excelsior College offered exclusively. Excelsior College registered the CPNE mark and owned copyright registrations for CPNE study guides.

According to the college, the defendant, Robbie Wolff, was a former student of its nursing program who owned a business that purported to provide training services and materials for individuals seeking an associate degree of nursing through Excelsior College. The college contended that Wolff used the domain names and to direct users to his website, where he advertised and sold his products, and that his domain names contained underlying source codes that included the words “CPNE” and “Excelsior College” as keywords and meta-tags.

Among the claims asserted by Excelsior College against Wolff was a claim of cyberpiracy under the ACPA. The college alleged that its federally registered CPNE mark was distinct at the time Wolff registered domain names confusingly similar to its CPNE mark and that, as a former student, Wolff knew of Excelsior College’s rights in and to the CPNE mark and, therefore, had acted in bad faith.

Wolff moved to dismiss, arguing that Excelsior College’s complaint did not allege facts to plausibly support the second and third elements of the test for an ACPA violation. The court denied his motion.

In its decision, the court explained that, with respect to the second element of the test, Excelsior College alleged that Wolff’s domain name was, which included its CPNE mark in the domain name and which was confusingly similar to the CPNE mark it owned.

The court added that, with respect to the test’s third element, Excelsior College alleged that Wolff derived substantial revenue from services provided in New York and interstate commerce. The court also pointed out that Excelsior College also alleged facts that plausibly suggested that Wolff had knowledge of Excelsior College’s rights to the CPNE mark and that Wolff registered the domain name using a privacy protection service to conceal his identity with the bad faith intent to profit from the CPNE mark.

The court was not persuaded by Wolff’s contention that Excelsior College’s allegations were not plausible because the domain directed users to and the content was “replete with references” to Wolff by name, including testimonials and reviews. The court concluded that Excelsior College’s allegations were plausible because Wolff’s website also was replete with Excelsior College’s mark and references to Excelsior College/Excelsior University, “which could cause confusion,” and Excelsior College alleged that Wolff acted in bad faith with intent to profit from its mark. Accordingly, the court found that Excelsior College had sufficiently stated a claim of cyberpiracy.

‘The Row’
The Southern District’s decision this summer in The Row v. Highgate Hotels, No. 15 Civ. 4419 (JFK) (S.D.N.Y. July 19, 2018), highlights the significance of the bad faith requirement for an ACPA claim to be able to proceed.

The plaintiff was the owner of “The Row” in Nashville, Tennessee, which offered restaurant, dining, pub, and take-out food services promoted through the “Genuine Food and Drink The Row Kitchen & Pub” trademark and trade name, including on its website “” The plaintiff registered the trademark and disclaimed “Genuine Food and Drink” and “Kitchen and Pub,” making “Row” the substantial basis for federal registration and the primary source identifier for its good and services.

The plaintiff sued an owner of the Milford Plaza Hotel in New York City’s Times Square, alleging that it operated it as “ROW NYC,” a hotel and restaurant complex that included the hotel “ROW NYC”; the café, bar, and cocktail lounge “DISTRICT M at ROW NYC”; and the restaurant market “CITY KITCHEN at ROW NYC.” According to the plaintiff, the defendant operated or controlled the domain names “” and “,” advertising food and restaurant services at the “ROW NYC” complex. The plaintiff asserted a cyberpiracy claim against the defendant, which moved to dismiss.

After considering the nine statutory bad faith factors, the court granted the defendant’s motion.

The court found that two of the first four factors suggested an absence of bad faith and two suggested its presence. The court explained that the plaintiff made it clear that the defendant did not own a trademark on “ROW NYC” (the first factor), and that the defendant’s use of the domain was commercial and not a “bona fide noncommercial or fair use of the mark” (the fourth factor). By contrast, the court continued, “ROW NYC” was a bona fide purveyor of goods and services and the domain was used in connection with that (the third factor) and the defendant operated under the “ROW NYC” mark, making it a name commonly used to identify the defendant (the second factor).

The court then ruled that all of the next four factors weighed against a bad faith finding. The court observed that the plaintiff did not allege that the defendant intended to divert consumers from the plaintiff’s site to its site for commercial gain or with the intent to tarnish or disparage the plaintiff’s mark through creating a likelihood of confusion between the plaintiff’s mark and “” (the fifth factor). Moreover, according to the court, the plaintiff did not allege that the defendant ever attempted to transfer, sell, or otherwise assign its domain name to the plaintiff or a third party for financial gain or that it had not used, and had never intended to use, the domain name for a bona fide offering of any goods and services (the sixth factor). The court added that the plaintiff also did not allege that the defendant had failed to maintain accurate contact information or posted “material and misleading” contact information (the seventh factor) or that the defendant had registered multiple domain names (the eighth factor).

Finally, the court decided that the plaintiff had not demonstrated that the mark that the defendant incorporated into its domain name—“ROW”—was “distinctive and famous” or widely recognized by the American general consuming public within the meaning of the ninth factor

The court concluded that although the plaintiff claimed that the defendant had acted in bad faith in attempting to profit from the plaintiff’s mark by registering its domain name, the plaintiff offered “no factual detail” as to why this constituted bad faith, and it concluded that the plaintiff had not adequately pleaded that element of it cyberpiracy claim. See also McAllister Olivarius v. Mermel, 298 F. Supp. 3d 661 (S.D.N.Y. 2018) (denying motion to dismiss ACPA claim, finding plaintiff asserted defendant had bad faith intent to profit).

Businesses have numerous Internet- and social media-related issues that they must keep in mind while trying to succeed. As the cases discussed in this column should make clear, however, cybersquatting remains an important subject for companies to consider. To help to avoid significant financial repercussions, companies should not fail to recognize when a third party’s website is diverting customer or vendor inquiries, or otherwise interfering with their online operations.

Reprinted with permission from the October 16, 2018 issue of the New York Law Journal. © ALM Media Properties, LLC.  Further duplication without permission is prohibited.  All rights reserved.

Related Publications

Get legal updates and news delivered to your inbox