According to a blog post on Facebook’s corporate blog, the social network company filed a lawsuit against Namecheap. The suit was filed because there were domain names registered at Namecheap under Whois privacy proxy that allegedly infringed on Facebook’s trademarks. The blog post was written by Christen Dubois, Director and Associate General Counsel, IP Litigation at Facebook.
Here’s an excerpt from the blog post outlining the lawsuit:
“This week we filed a lawsuit in Arizona against Namecheap, a domain name registrar, as well as its proxy service, Whoisguard, for registering domain names that aim to deceive people by pretending to be affiliated with Facebook apps. These domain names can trick people into believing they are legitimate and are often used for phishing, fraud and scams.
We regularly scan for domain names and apps that infringe our trademarks to protect people from abuse. We found that Namecheap’s proxy service, Whoisguard, registered or used 45 domain names that impersonated Facebook and our services, such as instagrambusinesshelp.com, facebo0k-login.com and whatsappdownload.site. We sent notices to Whoisguard between October 2018 and February 2020, and despite their obligation to provide information about these infringing domain names, they declined to cooperate. “
I understand why Facebook would not want domain registrants to infringe on its trademarks, but I also understand why Namecheap would not reveal the names of registrants without a court order. International trademark law is a complicated field, and there is a lot of grey area. While a domain name like Facebook-Login.com might be infringing on Facebook’s IP rights, a company like North Face could conceivably own NorthFaceBooks.com without infringing on Facebook’s rights. I don’t think a domain registrar should be put in the position of being a judge about when to hand over private registrant information.
I am not really surprised Namecheap would not provide contact details of domain name registrants, since that could pose an existential danger for registrants. For instance, if a registrant was using [Company]Sucks.com to air grievances about a company, it would be dangerous if the registrar simply gave the registrant’s name after being pressured by the company. The company could then use this information to harass the registrant, who may have a right to free speech.
It will be interesting to follow this suit to see what happens. I do not have a copy of the litigation to see what Facebook is claiming against Namecheap or what Facebook is aiming to achieve with the lawsuit as it relates to Namecheap.
Notably for domain investors who want free privacy proxy services for their domain names, there can be a great legal cost to registrars to protect the privacy of registrants.
This will be a lawsuit to follow, and there is an active discussion about it on Hacker News.
Thanks to Stephen H. for sharing this with me.
Update:
Namecheap CEO Richard Kirkendall shared the following statement with me in response to the litigation:
“Namecheap takes every fraud and abuse allegation extremely seriously, and diligently investigates each reported case of abuse. We want to be clear, we actively remove any evidence-based abuse of our services on a daily basis. Where there is no clear evidence of abuse, or it is purely a trademark claim, Namecheap will direct complainants, such as Facebook, to follow industry standard protocol. Outside of said protocol, a legal court order is always required to provide private user information
Facebook may be willing to tread all over their customers privacy on their own platform, and in this case it appears they want other companies to do it for them with our own customers. This is just another attack on privacy and due process in order to strong arm companies that have services like WhoisGuard, intended to protect millions of internet users’ privacy.”
Facebook is committing blatant grotesque abuse with this and should be counter-sued as possible.
“Facebook may be willing to tread all over their customers privacy on their own platform, and in this case it appears they want other companies to do it for them with our own customers.”
Bingo. To be clear, Facebook has a contractor that regularly spams registrar abuse contacts with demands for customer personal information. They are quite aware that there are appropriate procedures for doing that, but they believe they should simply have it for the asking.
The irony, of course, is that Facebook is simply not a responsible and trustworthy outfit to be provided with such information. They have proven time and time again that their approach to relevant laws and regulations is one of pure hypocrisy. To simply turn over customer information to that type of company on the basis of nothing other than an outright demand for it is simply irresponsible.
It will be interesting to see a federal court get its hands on this bizarre belief by Facebook that they are entitled to customer data on demand.