[stextbox id="info"]This is a summary and analysis of the recent (July 22, 2010) decision in Baidu, Inc. v. Register.com, 2010 WL 2900313 (S.D.N.Y), in which Judge Denny Chin refused to extend the concept of contributory infringement in trademark to a domain name registrar that was, at worst, negligent in permitting the putative direct infringement to take place. The case has been added to Jane Coleman‘s updated online treatise Secondary Trademark Infringement; the full update should be done in September. Below is an adaptation of the integration of Baidu into the treatise text.[/stextbox]
Baidu is another case in which the court declined to extend anything like a strict-liability standard for contributory infringement, in this case against a domain registrar. In Baidu, the court considered allegations that the domain name registrar had allegedly been “tricked” by the alleged direct infringer into divulging security information about its customer, the Chinese search engine “Baidu,” it dismissed the contributory liability claim against the registrar, “Register.com.” Although the opinion is not clear as to the exact nature of the direct trademark infringement, much less of the contributory claim, the Baidu court nevertheless addressed in some detail the arguments raised by Register in its motion to dismiss. It found that the immunity provisions of the Anticybersquatting Consumer Protection Act (“ACPA”) were inapplicable, because Register was not acting in its capacity as a registrar by registering or maintaining a domain name.
As to the registrar’s secondary liability under Inwood, the court found further that Baidu failed to allege the requisite elements — inducement, monitoring and control, and knowledge — to sustain its claim. The dispute in this case arose out of a cyber-attack on Baidu by an unnamed individual referred to by the court as “the Intruder,” who pretended to be one of Baidu’s agents. The Intruder deceived one of Register.com’s service representatives into providing him with security information that enabled him ultimately to change the email address for Baidu on file with Register to a new one provided by the Intruder. Armed with this new, bogus email address, the Intruder accessed Baidu’s account with Register, and eventually re-routed Internet traffic from Baidu’s website to one called the “Iranian Cyber Army” site. Baidu contended that in the ensuing havoc, its operations were interrupted for five hours and took two days to fully recover, resulting in the loss of millions of dollars of revenue.
Baidu sued Register for its damages, asserting, inter alia, a claim for contributory infringement under the Lanham Act. Specifically, Baidu alleged that “the Intruder’s use of the trademark “Baidu” in the domain name “baidu.com” … constituted trademark infringement, and that Register facilitated that infringement by providing the Intruder with access to Baidu’s account at Register.” As noted above, little in the opinion sheds light on the direct infringement claim against the Intruder. Nor is it clear why Baidu is said to have attempted to plead a contributory liability claim “under the Lanham Act,” which nowhere provides for such a claim. (See discussion in the Introduction and in Section II.A of the treatise.) Register moved under Rule 12(b)(6) to dismiss the contributory liability claim on two grounds: (1) that it was immune from liability for trademark infringement under 15 U.S.C. Sec. 1114(2)(D)(iii) of the Lanham Act (the safe harbor provisions of the ACPA) and (2) that the complaint failed to state a claim for contributory liability pursuant to Inwood and caselaw following it.
As to Register’s argument that it should be protected by the ACPA immunity provisions, the court disagreed, citing the plain language of the statute:
A domain name registrar, a domain name registry, or other domain name registration authority shall not be liable for damages under this section for the registration or maintenance of a domain name for anotherabsent a showing of bad faith intent to profit from such registration or maintenance of the domain name.
The court consequently reasoned that the immunity provisions apply when a registrar registers or maintains a domain name for another. It found that Register’s actions, however, “went well beyond those of a mere registrar,” when it allowed the Intruder to compromise Baidu’s account.
It is not entirely clear why Baidu’s actions, or failure to act, would not involve “maintenance” of Baidu’s domain name, considering that administration of access for a domain is a typical aspect of domain maintenance. The court acknowledged that “while Register’s actions arguably concerned the maintenance of Baidu’s account with Register, they did not concern the maintenance of Baidu’s domain name.” The court did not elaborate, however, on the substance of this distinction. It simply found that because its actions “occurred in the context of security protocols and access to an account[,]” they went beyond those contemplated in the statute, and therefore rejected the immunity defense. Notwithstanding the inference from the allegations that there was an absence of “bad faith intent to profit” on Register’s part, the court did not reach that issue.
Applying the Inwood test, however, the court found that Baidu failed to state a claim for contributory trademark infringement. Secondary liability arises, the court recited, when “a manufacturer or distributor intentionally induces another to infringe a trademark, or … continues to supply its product to one whom it knows or has reason to know is engaging in trademark infringement. It further cited Hard Rock CafÃ©, Lockheed Martin, and Tiffany v. eBay for the application of Inwood in the service provider context, noting the “direct control and monitoring” of the direct infringer required under Lockheed, and the specific knowledge of the infringement required under Tiffany. Given the allegations that Register had been “tricked” by the intruder, the court found no allegation of inducement on Register’s part. Moreover, Baidu had not alleged any facts to show that Register directly controlled and monitored the Intruder. Finally, Register had no knowledge of the alleged infringement, other than general knowledge of the risk of cyber-attacks, which the court held fell short of the standard for contributory infringement under the cases.