Home / Blogs

To Fight Domain Name Theft: Sex.com Gives Birth to a New Property Right

Rod Dixon

For those who are Star Wars fans, the following scene from the prequel, Attack of the Clones, will be easy to recall: a young and misinformed Jedi, known as Obi-waan Kenobi, opines about how an army of clones had been able to snatch a victory from imminent defeat. Yoda, a Jedi Master and virtual fountain of wisdom, immediately gushes forth an important correction: "Victory? Victory you say? Master Obi-waan, not victory." Yoda explains that winning a battle is not a victory, if the win merely signals that the war has just begun. Yoda's apparent perception seems particularly apt for the precedent setting federal court opinion involving the sex.com domain name. Notwithstanding that individual domain name registrants may seek comfort in the victory obtained from the Ninth Circuit's opinion in Kremen v. Cohen, that decision merely signals a beginning — not an end — to the controversy over the proper legal framework for resolving domain name theft.

In Kremen v. Cohen, a federal appellate court accepted the view that a domain name is "property" and that domain name registrars should be held liable for the conduct of third-parties when a third-party interferes with the property interests of a domain name registrant by stealing their domain name. What is remarkable about the decision is its far-reaching implications and its potentially severe impact upon domain name registrars. Undoubtedly, there have been numerous claims that registrars were pilfering from individual domain name holders with impunity, and that domain name holders were clamoring for a legal remedy. In those instances, holding registrars directly liable for their illicit conduct is clearly sensible. The question remains, however, whether the court's ruling regarding registrar liability for the conduct of a third-party is a prudent and sensible response to domain name theft? I am doubtful.

Stephen Cohen stole Gary Kremen's domain name, sex.com, simply by submitting a fake transfer letter to domain registrar Network Solutions (now owned by Verisign) with a forged signature. Since it was once fairly common for ICANN-approved registrars to respond to domain name transfers in an automaton-like fashion, Stephen Cohen, a convicted felon, was able to exploit the domain transfer process, con Network Solutions, and ostensibly steal the domain name. Cohen pretended to be authorized by Kremen to order Network Solutions to transfer the name of the registrant of the sex.com domain name over to his company. Cohen used a phony letter from a non-existent executive at Kremen's company, Online Classifieds, authorizing transfer of Sex.com to Cohen. The letter was written and signed by a "Sharon Dimmick," identified as the president of Online Classifieds. The letter is addressed to Stephen Cohen, and states that Online Classifieds is relinquishing the rights of sex.com to Cohen. The letter contained an instruction from the non-existent Dimmick to Cohen: "Because we do not have a direct connection to the Internet, we request that you notify the internet registration on our behalf, to delete our domain name sex.com. Further, we have no objections to your use of the domain name sex.com and this letter shall serve as our authorization to the internet registration to transfer sex.com to your corporation." The Ninth Circuit considered the badly faked letter as well as the simple ease with which the transfer was effected as indicative of the fact that Kremen could not have been well-served by Network Solutions. This finding of the court seems unassailable.

Even so, that domain name registrars should be held liable for the wrongful conduct committed by third parties begs the question of to whom liability is, in actual fact, being extended. In practice, the chain of domain name registration extends from ICANN-accredited registrars to domain name resellers, web hosting service providers, web programmers, Internet Service Providers (ISPs), and a number of other service providers and professionals; each ostensibly may provide domain name registration services for any given individual domain name registrant or client. The Ninth circuit opinion is broad enough to sweep within its reach anyone in the chain of management of the so-called domain name property. The "registrar" need not be at fault or lacking in a clearly stated duty of care; to be found liable, the service provider need only supply the means or be the engine of a domain name transfer that happens to turn out to be improper. Even mistake may not be a defense to liability.

As the Court noted, "[w]e must, of course, take the broader view, but there is nothing unfair about holding a company responsible for giving away someone else's property even if it was not at fault. Cohen is obviously the guilty party here, and the one who should in all fairness pay for his theft. But he's skipped the country, and his money is stashed in some offshore bank account. Unless Kremen's luck with his bounty hunters improves, Cohen is out of the picture. The question becomes whether Network Solutions should be open to liability for its decision to hand over Kremen's domain name. Negligent or not, it was Network Solutions that gave away Kremen's property." Oddly, the court seems to adopt a legal theory that cuts both ways: that Cohen stole the domain name and that the registrar "gave away" the property are both regarded as factors supporting the court's ultimate decision despite the obvious consideration that both propositions cannot be true. In this manner, the court seems to extend strict liability to the "registrar" (or, likely, any service provider who transfers the domain name registration) without reflection upon what safeguards a registrar may rely upon to avoid the risk of liability.

What is more, broad registrar liability for the wrongful conduct of others may create perverse incentives in the marketplace of domain name registration: the cost of doing business as a domain name registrar has increased as a result of the potential liability (and insurance) due to this new liability, and as the costs of providing registration services increase, the cost of registering domain names will increase once those costs are passed on to registrants. Quite possibly, if domain name litigation increases due to this new property right, some registrars may drop out of the registrar space and competition could suffer just as prices increase. Notwithstanding that the scope of liability is virtually unbounded and indefinite as identified by the court, the best way to approach the question of registrar liability may be to consider the Ninth Circuit's determination that a domain name is "property;" certainly, for the Ninth Circuit, the holding in the decision hinged significantly on the contour of the property interest the court found existing in a domain name.

The sense in which a domain name is property, according to the appeals court, depends upon the application of a three-part test: "[f]irst, there must be an interest capable of precise definition; second, it must be capable of exclusive possession or control; and third, the putative owner must have established a legitimate claim to exclusivity."

In applying this test, the Court concluded that domain names satisfy each criterion. Reasoning that like a share of corporate stock or a plot of land, a domain name is a well-defined interest; the court urged that someone who registers a domain name decides where on the Internet those who invoke that particular name — whether by typing it into their web browsers, by following a hyperlink, or by other means — are sent. Ownership is exclusive in the sense that the registrant alone makes the decision to register the name. And, the court was persuaded that registrants have a legitimate claim to exclusivity. Thus, concluding that Kremen had an intangible property right in his domain name on the basis of the three-part test, the Ninth Circuit accepted the argument that a registrar improperly transferring a domain name — even if mistakenly so — would be liable for wrongfully disposing of the property right to the detriment of the proper domain name registrant.

Without explanation, the court's analysis conflates registration services with the alphanumeric designation of a domain name; in doing so, the court undermines any attempt it may take in considering the appropriateness of competing legal theories that may prove helpful in setting forth the legal contour of a domain name. To wit, certain jurisdictions have drawn a distinction between the right to use a unique telephone number and the right to receive telephone service. The Ninth Circuit did not create a new federal common law of property for domain names. This is especially noteworthy since doing so would contravene the long-established role that the States have played in creating property interests and in determining the definition and scope of property. Even so, the court was reluctant to consider alternative legal theory for defining the contours of a domain name. A domain name, for instance, may be a contract the owner has with the domain name registrar — the company that provided the name. There are federal cases that expressly have found that a domain name is not tangible real property, and at least one state Supreme Court held that domain names should be considered services rather than property. The Supreme Court of Virginia concluded that domain names are, therefore, not proper subjects for garnishment. Admittedly, domain names seem to have features of both tangible and intangible property. What is more, the scope of a property interest in a domain name may vary widely in the United States since States create and define property interests, not federal courts. More to the point, State court litigation would hardly serve the interests of uniformity.

Three years ago I wrote a column asking what standard of care registrars (and, in some cases, registries) owe domain name registrants in thwarting attempts of domain name theft. Or, what happens when a requester who requests a domain name transfer and the registrar refuses to do so because of suspected fraud? The domain name space seemed poised to impose a duty of care upon registrars in handling domain name transfers, but most discussions on the topic focused upon registrants and the data they provided to registrars rather than directly upon duties and obligations of registrars. There was little or no guidance on what safe harbors there should be for registrars who complied with ICANN (the Internet's domain name regulator) mandated fraud detection directives. In part, I viewed this as a question of Internet governance; ICANN was given short shrift by the Ninth Circuit. Would a private sector scheme of arbitration prove relevant and more responsive than the Ninth Circuit's choice?

ICANN was not around in 1995, but, today, ICANN has sufficient experience in managing the domain name space to insist that registrars install systems and procedures in place to avoid domain name theft. ICANN could also withdraw registrar-accreditation from registrars that have an identifiably significant number of illicit domain name transfers. ICANN has set-up contractual relations with domain name registries and registrars that could be the means to ensure that these entities have adequate safeguards against domain name theft. In doing so, ICANN could attempt to establish DNS policies aimed at benefiting all domain name holders while the courts could be a last resort under a careful and narrowly drawn standard of liability.

By Rod Dixon, Attorney

Related topics: DNS, Domain Names, ICANN, Internet Governance

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Re: To Fight Domain Name Theft: Sex.com Gives Birth to a New Property Right GoForLaw.com  –  May 11, 2004 3:26 AM PDT

With all due respect, your article is a misleading and alarmist reading of the 9th Circuit decision in Kremen v. Network Solutions. 

First off, the court did not create any "new property right," but applied settled principles of property conversion law — or as the court put it: "Exposing Network Solutions to liability when it gives away a registrant's domain name on the basis of a forged letter is no different from holding a corporation liable when it gives away someone's shares under the same circumstances." Indeed, much of the squabble was over legal technicalities of whether the domain name was reduced to a document for purposes of conversion law (and Network Solutions took the idiotic view that a domain name is not supported by any document).

Second, your characterization of the decision --"domain name registrars should be held liable for the conduct of third-parties when a third-party interferes with the property interests of a domain name registrant by stealing their domain name" — is completely inaccurate.  Interestingly, you even recite the egregious facts of the case, including the very conduct Network Solutions was being sued for, in the next paragraph.  Where in the decision does it say that the Court was holding NS liable for the conduct of third parties?

As the facts clearly state, NS was being sued for WRONGFULLY disposing of Kremen's property right - accepting an obviously forged letter (which claimed the registrant, Online Classifieds, had no internet access), and failing to contact the registrant of record before transferring the domain name.  Thus, NS was being sued for ITS OWN conduct, albeit following the fraudulent acts of a third party.

Third, regarding the "future cost" issues you bring up, now that poor NS has to pony up the damages - the court also addressed this issue sensibly: "Given that Network Solutions's "regulations" evidently allowed it to hand over a registrant's domain name on the basis of a facially suspect letter without even contacting him, "further regulations" don't seem like such a bad idea. And the prospect of higher fees presents no issue here that it doesn't in any other context.  A bank could lower its ATM fees if it didn't have to pay security guards, but we doubt most depositors would think that was a good idea."

Fourth, your concerns that other remedies and legal claims are preferable ignores the facts of the case.  The lower court threw out all of the claims, including breach of contract ("Kremen had no implied contract with Network Solutions because there was no consideration:  Kremen had registered the domain name for free" - way back when).  Thus, Kremen had absolutely no other recourse!

Last, your worries as to the scope of the opinion are unwarranted.  "Domain name resellers, web hosting service providers, web programmers, Internet Service Providers (ISPs), and a number of other service providers and professionals" can rest assured that as long as they do not "wrongfully" give away domain names, they will not be held liable for conversion.  Since the lower court threw out Kremen's conversion claim, the 9th circuit reversed and sent the case to be tried by a jury:  "a jury could find that Network Solutions "wrongful[ly] dispos[ed] of" that right to his detriment by handing the domain name over to Cohen."

There is dicta (interesting musings that do not necessarily apply to the facts) in the case, as you cited.  However, the court appears to have been trying to make a point - that as between the innocent Kremen and the not-so-innocent Network Solutions, it was better to put the cost of this tragedy on NS.  In the very next sentence (which you omitted), the court said: "It would not be unfair to hold Network Solutions responsible and force it to try to recoup its losses by chasing down Cohen.  This, at any rate, is the logic of the common law, and we do not lightly discard it."

I hope your readers get a more balanced legal view by reading the actual case - http://caselaw.lp.findlaw.com/data2/circs/9th/0115899p.pdf

You can learn more about the law through my free legal information website - http://GoForLaw.com

Re: To Fight Domain Name Theft: Sex.com Gives Birth to a New Property Right Rod Dixon  –  May 11, 2004 1:39 PM PDT

Goforlaw - thank you for taking time to comment. I will try to respond to what I view as your main point, rather than offer a point-by-point response.

Like the Ninth circuit, the commententer argues that Network Solutions deserved to be sued for "ITS OWN conduct, albeit following the fraudulent acts of a third party;" yet, that conclusion is wrong.

My article primarily addressed the implications of the court's property right determination. The commenter describes my points on that regard as "alarmist."

Indeed, my article is alarming, and one should be alarmed at the implications of the court's holding, if other courts find it suitable to follow.

There is no doubt that the court created a property right where one had not previously existed. As the court noted, it attempted to have California's highest court appropriately address the matter since the State courts had not done so.  Unfortunately, that court declined to do so.

Making matters worse, the Ninth circuit decided to adopt a "grudging reading" of a common law tort rather than to proceed more cautiously given the absence of state court opinion and the dynamic state of the Internet and electronic commerce.

This point is evident on at least two accounts: first, the court boldly found domain names to be a "species of intangible property" with at least a minimal connection to a tangible object or "document," which is a reading of California conversion law never authorized by the State's courts.  Though federal courts are not unknown to interpret common law without the guidance of a state's courts, it seems less prudent to do so using radically generous or very broad strokes...especially in cases that may lead to either the repudiation or declaration of new rights or interests.

Similarly, the court applied conversion to find wrongful disposition of a right of property on the basis of what it viewed as negligent conduct on the part of Network Solutions. Yet, given the district court's holding, it is less than clear how the Ninth Circuit accomplished its fact-finding.

What is more, the court provides no basis for its conclusion that Network Solution's conduct is properly denominated as the type of wrongful disposition intended to be covered by the tort of conversion. One is left to conclude that the court reached for a remedy off of the wrong shelf in its likely desire to provide Kremen with some relief.

The above notwithstanding, I have no quibble with thoughfully providing the plaintiff with relief when doing so is consistent with the reasoning and findings upon which the remedy is based.  Even so, my point is not to provide an apologia for Network Solutions.

Instead, my point is to raise issue with those who, in my opinion, quite mistakenly, have viewed the Ninth Circuit opinion as favorable to or desirable for domain name registrants, and the domain name system. For the domain name system, I think Kremen v. Cohen may have undesirable implications far beyond the matters before that court.

Re: To Fight Domain Name Theft: Sex.com Gives Birth to a New Property Right GoForLaw.com  –  May 13, 2004 3:13 PM PDT

You certainly raise valid concerns about the implications of Kremen, but I would respectfully disagree with you on the issue of whether the 9th Circuit misapplied (or at least extended) CA law.

While it is true that no CA state court had previously addressed the issue of whether a domain name is property, this does not necessarily mean that the 9th Circuit overreached in analyzing CA law and applying it to a new issue in front of the court.  What was the 9th Circuit to do when the CA Supreme Court declined to review the case?  Just say that because no CA court wants to tackle the issue, the federal court should just dismiss the case?  The 9th Circuit not only had the right, but the duty to intepret CA law under the circumstances.

The 9th Circuit looked at CA law, which has held (since 1880) that intangible property can be converted.  See, Payne v. Elliot, 54 Cal. 339 [shares of stock].  The 9th Circuit did a painstaking analysis of the long history, and the only real issue was whether there was some "document" supporting a domain name registration.  If there is, the intangible property "merges" with the document and can be converted.

It is silly to argue that there is no document supporting a domain name registration, as Network Solutions did, wouldn't you agree?  And if there is a document, why shouldn't CA law cover domain names?  After all, they are treated as very valuable property by owners of websites, who certainly go to great lengths to develop sites, especially on the basis of the domain name itself.

Negligent or innocent, Network Solutions gave away sex.com without confirming the registered owner's authorization (on the basis of a badly forged and implausible document).  Of course the implications of holding NS liable are far reaching, but let's not confuse the issue - the 9th Circuit did not hold NS liable, just reversed the judgment and sent the case for a trial, so that a jury could do the "fact finding" and determine if NS should pay.

To address your main point with some pointed questions - why is it so bad to hold NS liable under the circumstances?  Why is inconsistent with the purpose of CA conversion law?  Is buying stock in a corporation so significantly different than registering a domain name?  Why is undesirable to allow lawsuits for conversion when the registrar doesn't verify the registered owner's authorization?

The 9th Circuit holding is appropriate because it simply puts the cost of an improper domain name transfer on the party who takes on the responsibility (and these days gets paid) to register it, and is in the best position to guard against fraud.  Putting the cost on the registrar does not mean it must eat the costs, and can sue the tranferee in indemnity to recoup damages.  But as between the innocent domain name owner and the registrar, it is not unfair to place the cost of theft on the registrar.  While the implications are far reaching, the public policy rationale is consistent with the goal of conversion law - prevent theft.  This is, of course, just my opinion.

Dimitry Tsimberg
Attorney at Law
http://GoForLaw.com

Re: To Fight Domain Name Theft: Sex.com Gives Birth to a New Property Right Rod Dixon  –  May 14, 2004 7:14 AM PDT

I agree that federal courts face an unfortunate quandary in cases like Kremen v. Cohen, where the Stateís highest court declines to accept, for whatever reason, a federal court invitation to rule on a matter of state law before the federal court does so.

Even so, federal courts, generally, ought to be loathe to ďinterpretĒ state law in manner that ostensibly converts the court into a super-legislature, which is exactly how I view the repudiation or declaration of a new property interest. Though the Ninth Circuit indicated that its opinion was equivalent to an interpretation of state law, the fact that the court requested the Supreme Court of California to address a critical aspect of the conversion issue in the case and the courtís acknowledgement in footnote 10 of its opinion that the issue it was addressing was a question of state law (that the state courts had not provided an answer to) supports the view that the Ninth Circuit recognized that it was treading in new waters of state law. 

Of course, novel questions of state law do not preclude federal courts from using legal reasoning to interpret state law, but federal courts should be halting and languid in extending state law to areas where the state has been clearly reticent.  Rather than follow this prescription, the Ninth Circuitís opinion is quite the contrary. 

Notwithstanding the Ninth Circuitís analysis of conversion - - which as you correctly indicate was thorough - - the analysis, ultimately, did not drive the result.  Instead, the courtís opinion was outcome driven. As you indicated, what was the court to do, dismiss the case and leave Kremen nothing for his pain? The courtís opinion is filled with very similar sentiment.

We are mindful, however, that sentimentality is not a courtís first priority. Sentimentality may lead to erroneous reasoning such as confusing the value of a website with the value of a domain name; that a well developed website may be viewed as valuable property need not require the same conclusion for domain names.  Though websites and domain names are frequently related in valuations, a valuable website need not have a domain name. The distinction is not pedestrian, but of critical importance in reasoning about what legal theory best captures the nature of a domain name or a domain name transaction. Although there is no practical distinction for Network Solutions (especially given the dicta in the opinion), you are correct that the Ninth Circuit held that registrars should be liable, rather than that Network Solutions is liable. 

What the impact of the Ninth Circuit decision will be on the business of registrars remains to be observed.

Admittedly, I have not noticed the competitive price of domain name registration increasing; one reason may be that lawyers who counsel registrars have just begun to advise registrars on the likely insurance implications of the decision or that registrars are awaiting the complete results of ICANNís domain name transfer policy/initiative. Undoubtedly, if other state courts or federal circuits follow the lead of the Ninth Circuit, we will see precisely the impact of the propertization of domain names for the purpose of holding registrars liable for domain name theft by third parties.  At bottom, I think it is undisputable that there are better remedies than the Ninth Circuit solution for the type of negligent domain name transfer involved in Kremen v. Cohen.  Leaving aside monetary recovery - - which should not be applicable in most cases - - a well-managed ICANN should be best equipped to address this genuine concern.

Re: To Fight Domain Name Theft: Sex.com Gives Birth to a New Property Right AlanKelly  –  Nov 13, 2004 12:52 PM PDT

I read about 40-50% of the article, and get the gist, that dishonest and fast-buck schemers abound, but one of their subsequent leaps will land them in a hole to deep from which to emerge.

Re: To Fight Domain Name Theft: Sex.com Gives Birth to a New Property Right AlanKelly  –  Nov 09, 2007 3:55 PM PDT

"a hole TOO deep..."
self to no-self

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

ICANN Los Angeles Recap Webinar

TLD Registry Appoints First China General Manager, Mr Jin Wang

TLD Registry Opens China Headquarters in "China's Silicon Valley"

.nyc Goes Public to Brand the Big Apple

pink.host: Breast Cancer Awareness by Bluehost

3 Questions to Ask Your DNS Host About DDoS

Introducing Our Special Edition Managed DNS Service for Top-Level Domain Operators

Afilias Director Wins ICANN's 2014 Leadership Award

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Infographic: Where in the World Do Chinese People Live?

Auctions Update: MMX Wins .law and .vip

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

New .ORGANIC Top-Level Domain Welcomes Leading Brands As .ORGANIC Pioneers

Dot Chinese Online and Dot Chinese Website Featured in EURid's World Report on IDNs 2014

New .ORGANIC Top-Level Domain Opens to Serve the Organic Community

DotConnectAfrica Contributes at the 9th IGF in Istanbul, Turkey

Independent Endorsement of Dot Chinese Online & Dot Chinese Website by by FiarWinds Partners

New gTLDs and Best Practices for Domain Management Policies (Video)

.Host Announces Top Global Players As Pioneer Partners

Sponsored Topics

dotMobi

Mobile

Sponsored by
dotMobi
Afilias

DNS Security

Sponsored by
Afilias
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Verisign

Security

Sponsored by
Verisign