After receiving several questions from the Ethereum community regarding this topic, Bern Weiss LLP spent the last week producing an in-depth analysis of ENS-name cybersquatting and the legal and pragmatic considerations surrounding the practice. This three-part series contemplates this scenario. Part One is an introduction for newcomers to the nature of cyber-squatting and why the ENS system presents new challenges in curbing the phenomenon. Part Two explains how laws developed for the legacy DNS system will likely apply to squatters in the decentralized web. And Part Three considers the difficulties in enforcing courts’ decisions over these matters given the decentralized nature of Ethereum, and elaborates on different perspectives and solutions offered by key players in the ENS community on how the situation may unfold over the next few years.
2. The Anticybersquatting Consumer Protection Act Probably Applies to ENS-Squatters
Assuming it is not Samsung itself, the owner of the wallet address that won the auction for Samsung.eth likely violated the Anticybersquatting Consumer Protection Act (“ACPA”) and several federal and state intellectual property/trademark laws. A cyber-squatting victim can recover under the ACPA if it can show that a cyber-squatter registered a domain name, which is identical to, similar to, or includes the other party’s names, tradenames, or trademark, with a bad faith intent to profit.
Registration of a Domain Name
ENS names likely qualify as “domain names” sufficient to satisfy the ACPA. The statute defines a “domain name” as “any alphanumeric designation which is registered with or assigned by any domain name registrar, domain name registry, or other domain name registration authority as part of an electronic address on the Internet.” ENS names are clearly alphanumeric designations given their use of letters and numbers to create an address.
The more complicated question is whether the ENS registrar contract that assigns these alphanumeric designations qualifies as a “registrar,” “registry,” or “registration authority” under the ACPA. The statute does not give a clear definition of any of these terms, and there has never been any litigation concerning these terms as ICANN – a nonprofit organization responsible for administering the global DNS infrastructure – has served as the only certified authority for legally accrediting domain name registries (such as godaddy.com or namecheap.com), and therefore courts have generally accepted ICANN (and its affiliates) as implicitly qualifying as a “registrar,” “registry,” or “registration authority” under the ACPA.
The ENS registrar contract is not accredited by ICANN, leaving the possible argument that it should not qualify as a domain name registrar, registry, or registration authority because it falls outside the traditional functions of registries. According to this line of reasoning, the fact that the ENS registrar is just one of possibly numerous EDCCs launched to serve the purpose of directing browsers pointed at plain text identifiers towards Ethereum addresses means it is not an “authority,” and that its failure to be licensed by ICANN, the government, or another administrator means that it is not a legally recognized registrar or registry at all.
The foregoing reasoning is not supported by the plain text or the intent of the ACPA, nor does it reflect an understanding of how decentralized systems are fundamentally changing the conception of the internet. First, there is no language in the ACPA limiting its application to entities licensed by ICANN or any other administrator. Instead, the ACPA applies to domain names recognized by “any domain name registrar, domain name registry, or other domain name registration authority.” Second, in passing the bill, the Senate stated that its purpose was to focus on the prevention of conduct by individuals intending to register domain names in order to exploit other parties’ protected marks. The Senate never expressed an intent to limit the ACPA’s scope to officially licensed registries or registrars; the Senate’s discussion even explicitly contemplated the possibility of registrars and registries evolving away from their current practices, implying that the ACPA’s application should be flexible enough to account for changes in the domain name system driven by technological transformation. Finally, some argue the decentralized web – as promoted by Ethereum and ENS names – is making the internet more secure in its communications, specifically because it removes vulnerabilities represented by centralized DNS authorities like ICANN. However, that does not require the abandonment of the concept of domain names or their registries, registrars, or registration authorities as they are applicable to ENS as well. Indeed, the facts that the ENS registry is called a “registry” and that the system’s home page reflects that it is designed so that “[a]nyone can register a .eth domain name for themselves” indicate that its creators share this belief. Further, the function of ENS names is essentially the same as traditional domain names, in that they both help users access certain websites through the use of plain-text names rather than complicated numeric or hexadecimal codes. Thus, for a court to recognize ENS as outside of the ACPA’s purview simply because it is not licensed by ICANN would be inconsistent with the law’s plain text meaning, a misapplication of Congress’ intent, and a misunderstanding of how technological evolution is creating novel methods of accomplishing functions that have traditionally been the purview of centralized authorities. Therefore, ENS names satisfy the domain name registration requirement of the ACPA.
Identical or Similar to Another Party’s Trademark, Trade Name, or Personal Name
“Trademarks” are words or names that distinguish goods or services sold by one entity from those sold by another. “Trade names” are names used by a person to identify his or her business or vocation. “Personal names” are the names of living people. Collectively, these are called “protected names” or “protected marks.”
Domain names that are identical to protected names or marks will obviously satisfy this element (e.g., Samsung.eth), but the statute also allows for liability for any domain name that is confusingly similar to a distinctive or famous mark, or is dilutive of a famous mark. Courts have found that a domain name satisfies this element of ACPA liability where a protected mark or name comprises a “dominant or salient portion of the marks.” For example, a defendant’s domain name “www.atlascopcoiran.com” was held to violate the ACPA because it contained plaintiff Atlas Copco’s name. Courts have also recognized “typosquatting” – registering domain names that are close to a famous trademark, but which contain common typographical or spelling errors for the purpose of causing users to mistakenly arrive at the squatter’s website – as impermissible under the ACPA. For example, a court has determined that “www.eletronicsboutique.com” and “www.electronicbotique.com” were impermissibly close to “Electronics Boutique.” Names that are considered “dilutive of a famous trademark” are further protected under ACPA. For example, several cases held that defendants impermissibly used the “Barbie” name in their websites (“www.barbiesplaypen.com” and “www.barbiesbeachwear.com”) in a way that diluted Mattel’s trademark. Trademark dilution is its own complicated legal issue, but suffice it to say that an ENS name can violate the ACPA if it is identical or confusingly similar to another name or mark in the same manner as the foregoing examples.
Whether a domain name is on a centralized or decentralized internet should not impact the foregoing analysis. Thus, if a court finds an ENS name is identical or similar enough to cause confusion among users, this element of the ACPA will be satisfied.
Bad Faith Intent to Profit
Bad faith intent to profit means that a person registered a domain name hoping to unfairly exploit its connection to protected marks or names for personal financial gain. The clearest instance of bad faith intent to profit is when a squatter registers a domain name that is identical to, or contains, another party’s trademark or name, and then attempts to sell it to the other party at a premium without her having any bona fide claim to the domain name. Bad faith has also been found in other circumstances involving attempts to profit, such as where a company registered a competitor’s name in order to encourage customers to use its own product, when a party to a dispute registered the protected name of another party and refused to let the other party place content on the website in order to gain leverage in negotiating a resolution, and when an antiabortion activist solicited monetary contributions and sold merchandise for his cause on websites like “www.drinkcoke.com” and “www.mymcdonalds.com.”
The ACPA provides a safe harbor defense to bad faith, explicitly stating that a bad faith intent does not exist when an alleged squatter “believed and had reasonable grounds to believe that the use of the domain name was a fair use or otherwise lawful.” Courts, however, tend to apply this safe harbor provision narrowly to activity substantially linking an alleged cyber-squatter to his or her justified belief. For example, the Fourth Circuit found a squatter’s discovery of a mark’s protected status after it had initially registered a potentially infringing domain name but before its continued registration of the name meant that the re-registration was “partially in bad faith” such that the squatter could not rely on the safe harbor provision. Further, the well-established parody fair use defense to trademark infringement – which requires that a parody “convey two simultaneous-and contradictory-messages: that it is the original and that it is not the original and is instead a parody” – has been narrowly interpreted in its application to domain name cyber-squatting cases because a domain name itself cannot indicate whether it is employed by the original protected mark’s holder or an individual creating a parody website.
While bad faith is a somewhat elusive concept to pinpoint, legal precedent and the ACPA’s plain language suggest that courts will look at the following types of factors to determine whether an ENS name was registered with a bad faith intent to profit:
- Whether an alleged squatter demonstrates her own bona fide interest in or use of an ENS name;
- Whether the wallet address associated with the alleged squatter has registered a large number of ENS addresses, many of which contain protected names and marks that do not belong to that alleged squatter; 
- Whether the alleged squatter who owns the ENS name has contacted the owner of the protected mark in an attempt to sell it to them without having attempted to use the name for a bona fide purpose;
- Whether the ENS name in question was famous or distinctive, or if an alleged squatter otherwise knew the name was protected (possibly because there were many unique bidders on the name or the final asking price was excessively high) and registered the name anyways;
- Whether it appears that the alleged squatter is attempting to divert to her own web page users attempting to access a protected mark holder’s website; and
- Whether there are fraudulent goods and services listed on the underlying site.
While this list is non-exhaustive and none of these factors is dispositive on their own, the general rule is that the more it appears that a potential squatter is exploiting another’s mark or name for personal financial gain, the more likely it is for the court to find a bad faith intent to profit. Courts have wide discretion in making this determination.
Additionally, even if the ACPA can be applied to ENS-squatters, the next section considers whether such applicability is useful to a victim of ENS-squatting, given the manner in which ENS and decentralized systems function.
 WestLaw’s guide to Internet Law and Practice was used for reference throughout this document. Susan Schultz Laluk, Internet Law and Practice Vol. 1, Chap. 14 (Thomson Reuters/West 2011).
 15 U.S.C. § 1125(d).
 While a cyber-squatting action can be brought under any of these laws, this piece focuses on the ACPA because it is specifically tailored for this type of infringement and provides the most encompassing set of remedies.
 Virtual Works, Inc. v. Volkswagen of America, Inc., 238 F.3d 264, 267-68 (4th Cir. 2001).
 15 U.S.C. § 1127.
 Steve Crocker, Cheers to the Multistakeholder Community, ICANN Sept. 30, 2016, https://www.icann.org/news/blog/cheers-to-the-multistakeholder-community.
 See ICANN-Accredited Registrars, https://www.icann.org/registrar-reports/accredited-list.html (last visited June 2, 2017).
 See Virtual Works, 238 F.3d at 266 (recognizing a defendant’s domain name that was registered with Network Solutions Inc., a “company authorized by the government to serve as a registrar for Internet domain names,” as subject to the ACPA).
 15 U.S.C. § 1127 (emphasis added).
 According to the legislative history of the ACPA, the Senate defined “domain name” as it did because it “is technology neutral enough to accommodate names other than second-level domains that are actually registered with domain name registration authorities.” S. Rep. No. 106-140, at 10 (1999) (emphasis added).
 See 15 U.S.C. § 1127.
 See id.
 See id.
 15 USC §1125(d)(1)(A)(ii).
 Atlas Copco AB v. Atlascopcoiran.com, 533 F. Supp. 2d 610, 614 (E.D. Va. 2008).
 Electronics Boutique Holdings Corp. v. Zuccarini, No. Civ.A. 00-4055, 2000 WL 1622760 (E.D. Pa. Oct. 30, 2000).
 See e.g., Mattel, Inc. v. Internet Dimensions Inc., No. 99 Civ. 10066(HB), 2000 WL 973745 (S.D.N.Y. July 13, 2000); Mattel, Inc. v. Adventure Apparel, No. 00-CIV.4085(RWS), 2001 WL 1035140 (S.D.N.Y. Sept. 7, 2001).
 See Flentye v. Kathrein, 485 F. Supp. 2d 903 (N.D. Ill. 2007) (holding that a plaintiff’s allegations that defendant competitor registered names to confuse and drive away plaintiff’s customers and tarnish plaintiff’s goodwill were sufficient to allege a violation of the ACPA).
 See The Christensen Firm v. Chameleon Data Corporation, No. C06-337Z, 2006 WL 3158246 (W.D. Wash. Nov. 1, 2006) (finding that plaintiff sufficiently alleged a violation of the ACPA by alleging that that defendant impermissibly withheld rights to a domain name identical to the plaintiff’s name in order to gain leverage in a dispute over unpaid fees).
 Coca-Cola Co. v. Purdy, 382 F.3d 774 (8th Cir. 2004).
 15 U.S.C. § 1125(d)(1)(B)(ii).
 Domain Name Clearing Co., LLC v. F.C.F. Inc., 16 F. App'x 108, 111 (4th Cir. 2001).
 Pinehurst, Inc. v. Wick, 256 F. Supp. 2d 424, 429 (M.D. N.C. 2003)
 On the other hand, courts have recognized that the First Amendment protects the registration of a domain name that is similar to a protected name if it is used to publically criticize or complain about the owner of the protected name AND there is no other indication of an attempt to profit. See Northland Ins. Companies v. Blaylock, 115 F. Supp. 2d 1108 (D. Minn. 2000).
 For example, in Pinehurst, the court found that the defendant’s registration of “www.pinehurstresort.com” and “www.pinehurstresorts.com” impermissibly used plaintiff high-end resort’s protected mark of “Pinehurst” under the ACPA because the name itself was not clearly a parody even though the defendant had posted pictures of a miniature golf course, trailer park, and a pond with people swimming on the site. Pinehurst, 256 F. Supp. 2d at 429.
 15 U.S.C. § 1125(d)(1)(B)(i)(I-IV).
 15 U.S.C. § 1125(d)(1)(B)(i)(VIII).
 15 U.S.C. § 1125(d)(1)(B)(i)(VI).
 15 U.S.C. § 1125(d)(1)(B)(i)(VIII) .
 See Virtual Works, 238 F.3d at 270 (“The ACPA allows a court to view the totality of the circumstances in making the bad faith determination”).
 Domain Name Clearing, 16 F. App'x at 111 (holding that a defendant’s learning of a protected mark’s status after his original registration of the domain name in question but before its subsequent re-registration contributed to a finding of bad faith intent to profit).
 15 U.S.C. § 1125(d)(1)(B)(i)(V).
 See 15 U.S.C. § 1125(d)(1)(B)(i)(III); see also Coca-Cola, supra, 382 F.3d 774.
 See Sporty's Farm L.L.C. v. Sportsman's Mkt., Inc., 202 F.3d 489, 498 (2d Cir. 2000) (“[W]e are not limited to considering just the listed factors [whether there is a bad faith intent to profit]. The factors are, instead, expressly described as indicia that ‘may’ be considered along with other facts.”).
 See Morrison & Foerster, LLP v. Wick, 94 F. Supp. 2d 1125, 1132 (D. Colo. 2000) (finding a defendant’s mere registration of the domain “www.nameisforsale.com” indicated that the defendant more likely than not intended to sell another, unrelated domain name that was confusingly similar to the plaintiff’s protected mark, despite the fact that the defendant never sold any domain names on that or any other service and that the service’s website stated its purpose as selling property generally, without specifically mentioning domain names or similar materials).