by Paul Alan Levy
Recently, Public Citizen was aligned with a lawyer named Charles Carreon, filing an amicus brief in support of his argument against allowing a publisher to pursue a a copyright-infringement lawsuit against his wife’s Oregon company in federal court in New York. The former colleague who wrote this amicus brief argued the personal jurisdiction issue orally, so well that Carreon did not feel the need to come argue himself (a good thing too – his appellate brief was terrible). And it has seemed to me that some of the online criticism directed his way for having sent a demand letter for a client, complaining that a blogger had defamed the client, had become a bit excessive. I had turned down requests that I represent some of the defendants in Carreon’s earlier litigation, because, although it was apparent that he was litigating strange claims to punish his critics, the theories in the case either were not interesting enough to make a good vehicle for impact litigation, or would have had to be advanced on behalf of entities that could easily afford to hire their own lawyers. (But see EFF’s fabulous response to Carreon’s TRO motion) .
However, when Carreon put forward bogus trademark theories as a basis for threatening suit against a critic, he crossed a line that has now brought Public Citizen into the fray.
Most immediately, we have agreed to represent the anonymous author of a blog at www.charles-carreon.com that satirizes Carreon mercilessly by speaking in his voice and imitating the rather pompous and over-the-top language that Carreon himself uses. Carreon claimed that the domain name infringes the registered copyright in his name, and constitutes cybersquatting, and threatened to add our client as an additional defendant in the peculiar lawsuit that he has filed against Matt Inman and others over Inman’s satirical charity-fundraising campaign. We have long been interested in the abuse of trademark law to suppress dissent, and Carreon’s claimed basis for threatening suit—that a domain name using his trademark is inherently infringing—ran afoul of several cases we have won for other clients (for example, here and here). Trying to avoid the need to actually litigate the case, I explained to Carreon the legal case against him (see Exhibit E near the end of this document), and even offered to let him save face, by offering to keep the explanation unpublished if he would just do the right thing.
Sadly, instead of agreeing to stand down, Carreon apparently took the fact that I had written him at length as a sign of concern and hence weakness, because he responded with a completely over-the-top threat. (Exhibit F at the end of this document). He instructed me to warn my client to worry about being sued at a later time when Public Citizen might not defend him and about being sued for six-figures worth of damages that would not be dischargeable in bankruptcy; he also pointed to what he claimed to be a reputation for “extended” litigation including “appeals for years.” The response took a bizarre turn at the end, proclaiming that he was a major contributor to Ralph Nader last campaign for President (does he not know how most Public Citizen staff feel about that candidacy?) and demanding that I promptly send a copy of his email to Ralph, to Joan Claybrook (does he not know that she retired as president of Public Citizen years ago?), and to Public Citizen’s board. I could also not help wondering whether Carreon understood how this sort of threat, that he would run up his alleged damages but allow the threat of litigation to linger for years, sets him up for a declaratory judgment action of non-infringement.
We have sought such a declaratory judgment in federal court in San Francisco, the very court where he had threatened to sue our anonymous client. Our client has sued as a Doe, although there is a story there.
Can Register.com Be Trusted to Keep Its Customers Anonymous?
Carreon's initial threat to sue the Doe was made in a letter to Register.com that also threatened to make the domain name registrar the defendant if it did not deny our client’s right to remain anonymous by entering her name into the WHOIS record (Doe had paid extra for Register.com’s privacy service). This aspect of the threatened suit was doubly frivolous — in addition to the flaws in the merits of the claim noted above, the Court of Appeals for the Ninth Circuit has squarely held that a domain name registrar cannot be sued for trademark infringement. Yet Register.com caved in, putting Doe’s personal information in the WHOIS, violating the promises inherent in its broadly advertised private registration service, as well as the explicit commitment I received from Register.com staff when I called them to make sure that company would stand up for its customer. Happily, both the blogger who broke this story and reporters from Ars Technica who were covering the Carreon story resisted the temptation to identify our client by name in their posts, and by the following day Register.com had responded to my warning that it faced a claim for breach of contract by restoring the privacy of Doe’s domain name registration.
Still, the problem of Register.com’s response to baseless threats remains. As others have observed, the fine print in Register.com’s terms of service gives it broad discretion to disclose identifying information. A company that advertises privacy protection that it takes away in fine print that is not disclosed before the purchase is made may well be susceptible to litigation. Yet when, just as a test, I went through the motions of preparing to buy a domain name with privacy protection from Register.com, using the trademark of a D.C. real estate developer who is in the process of destroying the character of my residential neighborhood, there was no disclosure at any time that the privacy I was about to purchase would be given away if somebody even hinted in a letter that I had used the domain name in violation of the trademark, or otherwise improperly. I went all the way to the page where I was invited to "submit order" with my credit card number without seeing anything about how illusory the privacy protection really was.
In the comments on one of the posts about Carreon, Marc Randazza argues that domain name registrars can be held liable for the misconduct of their registrants, based on language in an ICANN rule. But ICANN rules do not override national law, and my experience contradicts Marc’s assertion that “Domain privacy services all reveal your information if presented with a letter [claiming infringement].” I have been through this drill multiple times with Domains by Proxy (GoDaddy’s private registration service), and I have found, at least under its recently departed general counsel Christine Jones, that even if suit is filed over a claimed infringement by a domain name, it notifies the Doe first, and gives the Doe a few days to get into court over a bogus trademark claim. I am aware as well of cases where counsel with a track record of responsible advocacy gave a cogent explanation in support of the Doe’s position, and GoDaddy extended the Doe’s time to get into court, which makes it easier to find local counsel. I wish GoDaddy gave a longer notice period as a matter of course (and I have told its representatives so), but although many in the tech community like to sneer at GoDaddy, this is certainly one respect in which this company stands up for its users. I have asked the new General Counsel for confirmation that this policy continues. UPDATE: GoDaddy has confirmed that this continues to be its policy.
The public should certainly be complaining to Register.com for violating its customer’s trust. Other ISP’s have responded to bad publicity about the unreliability of their privacy protections by apologizing and adopting new procedures to protect anonymity, as Weebly did after it outed a Doe who blogged about Thomas Cooley Law School, and as nj.com did after it outed Michael Gallucci. I have asked Register.com for information about what it is going to do differently in the future; I hope others will join me in pressing Register.com for answers.