Individual to be prosecuted for domain name 'theft'

A number of news agencies are reporting that Daniel Goncalves, a 25 year-old law firm technician, is being prosecuted for the ‘theft’ of domain name

Attorney Paul Keating told DNN that most cases of domain theft recovery that he has dealt with have been complicated at best. The real problem stems from the fact that domain names aren’t considered property. “The laws do not specifically identify domains as property. That has been the subject of various court decisions. Not all courts have issued consistent decisions. For example, bankruptcy courts have no difficulty treating domains as property. The IRS treats domains as a form of intellectual property and allows amortization along the lines of a trademark though over a shorter period,” Keating said. Further complications come in to play when we look at the rulings in different states. “California is believed to treat them as property after the case but that was a federal decision interpreting California law. The Eastern District of Virginia (where the Verisign registry is headquartered) clearly holds domains to be the subject of a license and thus not property. I have been involved in various state-level cases seeking recovery of stolen names or trying to specifically enforce a domain purchase agreement in California and the courts have always honored the claim.”

There are two interesting aspects of this case. First, are domain names ‘property’, in the sense that they may be the subject of interests classified by law as having proprietary characteristics? Second, what is the liability of the gatekeeper (here the registrar),, which allegedly permitted the fraud to be perpetrated with some knowledge of the accused’s mischief?

The first question has no simple answer. Much has been written on the subject. At first glance, domain names appear to be mere licences to use and control the designated internet address. However, it is also well established that such licences (which are given for value) can create proprietary rights — and, indeed, when one begins to examine the nature and operation of domain names, they start to resemble many of the hallmarks of property. A domain name licence is exclusive — a right to control the domain name to the exclusion of all others — and the licence can be assigned or alienated. The licensee can, through an agent (the registrar), enforce in a practical sense the configuration of the domain name against third parties (visitors to the internet address). Interestingly, clause 3.3 of the auDA standard domain name licence states:

You accept that neither you, nor we, have any proprietary right arising from the registered Domain Name, or the entry of a Domain Name in the domain names registry.

It remains unclear whether a court would grant specific performance of such a licence (though one can’t think of any reason why, in principle, specific performance would be declined). American courts seem to have come down on both sides of the issue. It will be necessary for the criminal case to resolve this issue decisively: the theft metaphor is not appropriate until there has been some ‘property’ which has been appropriated by the accused.

As to the second question, which arises in the parallel civil proceedings, GoDaddy appears to played a significant role in the fraud. First, was registered using its registration services. Second, the details were fraudulently updated using GoDaddy’s systems, in circumstances where GoDaddy had (or must have known) that the accused had previously carried out domain name theft. Third, the domain name’s ownership is now obfuscated using GoDaddy’s WHOIS privacy protection. Fourth, GoDaddy refused to assist in investigations. It’s arguable that GoDaddy’s liability should reflect this level of involvement. The counter-argument, of course, is that registrars like GoDaddy cannot possibly be expected to know the circumstances of each domain name transfer. Perhaps an analogy can be drawn between the position of GoDaddy, as registrar, and a bank as agent for the mortgagee that allows a fraudulent transfer of land to take place.

With any luck, this case wlil provide an opportunity for these questions to receive judicial attention. Oh, and I wonder how long it will be before someone points out the irony of stealing a domain name called ‘P2P’.com.