How to protect your domain name from cybersquatting in Malaysia?almost 2 years ago Denise C.
While you may not have heard of the term “cybersquatting”, you would definitely have experienced it at some point in time online. Perhaps you may have tried to set up a website, only to find that someone had already taken it and is offering to sell it at a high price. Otherwise, maybe you accidentally mistyped a popular brand name’s URL (ie, goigle.com instead of google.com) and ended up in some dodgy website.
Cybersquatting means the act of registering, selling or using a domain name with the intent of profiting from someone else’s name or trademark. There are three ways this might happen:
- Someone registering a domain name under your name/trade mark
- Someone registering a domain name with your name/trade mark under a different extension (if you have a domain name ali.my and they registered it as ali.com.my, you might have an action against them)
- Someone registering a domain name under a common typo of your name/trade mark (if your domain name is ali.my and they registered it as aki.my, you might have an action against them)
[READ MORE: What is a trademark?]
You may have heard of several famous cases such as the one involving famous rapper, Eminem. A man registered his domain as eminemmobile.com and the United Nations World Intellectual Property Organisation found that the owner of that domain had registered his domain with the intention of profiting from Eminem’s fame. Aside from that, there is the case of Microsoft taking action against a guy called Mike Rowe for registering a domain name under the name mikerowesoft.com.
But the good news is that there are international agencies such as ICANN that govern how site addresses are used and issued, and they can assist in cases where you feel that a site address you want has been cybersquatted. And what’s better is that you can do it right here in Malaysia!
But first you have to prove that the person is cybersquatting
In a nutshell, you first need to prove that the current owner of the site address was acting under bad faith.
Here in Malaysia, the registration of domains is governed by the Malaysian Network Information Centre Berhad (“MYNIC”), which is an agency under the Ministry of Science, Technology and Innovation. MYNIC does not actually administer laws or regulations on how to register domain names (you are allowed to register any domain name as long as it is available) but they do have a policy (which you must agree to be bound by the moment you register for a domain) that is used to handle disputes on domain names.
This policy is known as MYNIC’s Domain Name Dispute Resolution Policy (“MYDRP”). The policy is eight pages long and it covers several areas, including what is necessary to establish a cybersquatting claim.
In essence, you must prove two things when complaining of a cybersquatting incident:
- The domain name is identical or similarly confusing to your trade mark
- You can show that the domain name was registered and/or used in bad faith
Clause 5.2 of the MYDRP:
“The Complainant must establish BOTH of the following elements in the Complaint:-
(i) the Domain Name is identical or confusingly similar to a trade mark or service mark to which the Complainant has rights; and
(ii) you have registered and/or used the Domain Name in bad faith.”
Clause 6 then goes on to tell us what is required before you can establish bad faith. The list of situations which are said to reflect bad faith is summarised below but it may not encapsulate MYNIC’s points perfectly. To further illustrate this, we came up with some examples using a hypothetical site called ali.com
- You can prove that registration/use of the domain name was mainly to rent, sell or transfer the domain name to you, the owner of the trade mark, or your competitor. Example: You have a website registered under ali.my and someone else registers a website under ali.com.my in order to force you to buy that domain name, you might have an action against them.
- You can prove that registration/use of the domain name is to prevent you, the owner of the trade mark, from using that domain name (which is identical to your trade mark). Example: someone registered ali.com.my with the sole purpose of preventing you from using it, then you might be able to submit a complaint.
- You can prove that registration/use of the domain name is to disrupt your business. Example: Internet users who think that your site is ali.com.my end up being diverted from your actual site.
- You can prove that registration/use of the domain name is to attract/divert (for commercial gain), internet users from your website, a website belonging to your competitor or any other website through confusing/deceiving internet users. Example: someone registered ali.com.my in order to confuse internet users or trick them into thinking that that domain name belongs to you.
By the way, typing ali.com in real life actually brings you to Muhammad Ali’s website. Guess the legendary boxer was ready for cybersquatters.
The list of situations provided under the policy is non-exhaustive. This means that as long as you can prove that there was bad faith, you would most likely be able to show that cybersquatting has taken place.
But what if the domain name was genuinely registered? What can I do then?
This is where clause 7 of MYDRP comes in. It talks about rights and legitimate interests in the domain name. This means that if that guy who you thought cybersquatted you actually has rights and legitimate interests in the domain name, then he would not have bad faith. The question that you would have now is what in the world counts as rights and legitimate interests?
Similar to proving bad faith, the MYDRP also provides a list of non-exhaustive scenarios that can be used to prove rights and legitimate interests. Once again, we have summarised them in the points below but it might not accurately reflect the encapsulating properties of MYDRP.
The list of situations for proving rights and legitimate interests is as follows:
- Before receiving your complaint, the ‘cybersquatter’ had already used/made preparations to use the domain name or a name related to that domain name to genuinely offer goods or services. For example, if someone registered a domain name under ali.com.my and was actually providing goods/services, then you might not be able to bring an action against them.
- The ‘cybersquatter’ is commonly known by the domain name even if he does not have a trade mark in it. A famous example of this would be the case where a student named Mike Rowe registered a website under the name mikerowesoft.com and was sued by Microsoft. They eventually settled the case for, among other things, an Xbox.
- The domain name is being used for legitimate, non-commercial and /or fair purposes and there is no intention to use the domain name for profits or to deceive the public. An example of this would be if the domain name was registered to profess their love for you. So, iloveali.com is not cybersquatting but ali.com.my might be.
The list provided by MYDRP seems to indicate that as long as there is no intention to profit of someone else’s trade mark, then cybersquatting does not happen.
If I do manage to prove cybersquatting, can I get damages?
The answer is no.
MYDRP states that there are only two remedies. The first would require the cybersquatter to transfer their domain name to you and the second is requiring the cybersquatter to delete their domain name. The MYDRP does not allow for there to be any other remedies such as claiming for damages so you might be a little disappointed.
If you are unhappy with the MYDRP proceedings or want to take the case to court, you are allowed to do so but you must provide MYNIC with the documentation indicating that you have chosen to bring the issue to court or through any alternative dispute resolution mechanism. If you fail to provide MYNIC with such documents, then they would proceed to implement the decision from the MYDRP proceedings. This is found in clause 14.3:
“If you are not satisfied with the decision of the Panel, you may commence a Court action or any alternative dispute resolution process in respect of the subject matter of the Proceeding and in so doing, you must provide us with official documentation pertaining to the Court action or the alternative dispute resolution process, as the case may be, as evidence of the same. This must be done within ten (10) Working days from the date the Provider informs us of the Panel's decision. If you do not do so within the said time period, we will proceed to implement the decision of the Panel above...”
[READ MORE: How does Malaysia’s copyright laws protect me?]
One sec. What if the cybersquatter isn’t from Malaysia?
Depending on how you choose to bring an action, you might be subject to the MYDRP or the Uniform Domain-Name Dispute-Resolution Policy (“UDRP”). In essence, the requirements to prove cybersquatting under the UDRP is the same as that under MYDRP. The difference is that the action would proceed through the international arbitration system created by the Internet Corporation of Assigned Names and Numbers (“ICANN”).
Several international arbitration centres that provide UDRP proceedings include the Asian Domain Name Dispute Resolution Centre (which the KL Regional Centre for Arbitration is a part of) and the World Intellectual Property Organization.
Similar to MYDRP, if you are unhappy with the decisions of the UDRP, you are allowed to bring another case under the local laws, which in our country, would be through MYNIC, using the MYDRP or through court proceedings.
Laws regarding the internet are still being discovered every day and it is pretty heartening to see that Malaysia is making sure that its citizens do not fall prey to unscrupulous cybersquatters by adopting the international standard to resolve such disputes.