2020 (6) TMI 818 - HC - Indian Laws

Registration of fake and fraudulent domain names - seeking to ensure the continued suspension of and block access to fraudulent domain names - HELD THAT - The internet is a network of networks. Every machine linked to any network has an IP address. Internet service providers assign these IP addresses and these may be static or dynamic (changing with each login). When this happens, the login being provided by an ISP, it is always possible to determine the country where the login originates. An 'access blocking' instructions only serves to block access to a remote website or server (possibly overseas) from an IP address of domestic origin, i.e. from the country ordering the block. Any such 'block' is easily circumvented by masking the originating country IP of the user. He or she only needs to use any of the commonly available VPN products. A VPN is a Virtual Private Network. A VPN user establishes a secure connection to another network over the internet, thus by-passing region-restrictions, shielding browsing activity and so on - the access to such bypassing technology is still not common, and the average user may not know about it or even how to use it. But VPN products are available for mobile phone platforms as well now. Therefore, other than lulling an applicant into a completely hollow and faux sense of safety (and conceivably giving some ill-informed government functionary an entirely unwarranted sense of power or authority), blocking access achieves next to nothing. A 'continued suspension' is therefore not possible or practicable at least in the current technology - Upon that end of registration period, there is a further period of two to three weeks as a cooling-off period for the registrant to apply for re-registration in case the registration has inadvertently lapsed. Obviously, that cooling-off period would also be covered by the present order. However, once the domain name is released from registration by one domain name registrar then it is released worldwide across the entire cyber system and network of the internet. This means that any person can then attempt and will succeed in getting a registration through any other registrar or even the very same registrar by a process that is entirely automated and requires no manual intervention - it is therefore not possible to allow the prayer to include the words 'ensure continue suspension of and block access to'. This will conceivably put the Defendant No. 1 in a state of being constantly in threat of contempt proceedings. Therefore, those words will be excluded. Disclosure of registrant information from Endurance Domains, GoDaddy and Porkbun as also from the .in registry and NEIE in respect of the offending registration - HELD THAT - Relief granted only against Endurance Domains, GoDaddy and Porkbun, not against the .in registry and NEIE. So far as Endurance Domains, GoDaddy and Porkbun are concerned, this is a matter that should lend itself to a structured resolution that would result in no longer requiring these parties to continue as party defendants to the Suit. What needs to be established is a working protocol within the limits of what the technology can do and what the law permits. Application disposed off.

Summary

Issues Involved:
1. Fraudulent domain name registrations.
2. Infringement of Plaintiff's statutory and common law rights.
3. Injunction against domain name registrars.
4. Technical feasibility of blocking access to domain names.
5. Disclosure of registrant information.
6. Freezing and disclosure of fraudulent bank accounts.
7. Dynamic injunction against future fraudulent domain name registrations.
8. Mechanisms for addressing future fraudulent domain names.

Issue-wise Detailed Analysis:

1. Fraudulent Domain Name Registrations:
The Plaintiff, a major company, alleged that the 5th Defendant and unknown persons registered fraudulent domain names mimicking the Plaintiff’s official domain names to deceive the public. These fake domains were used to lure unsuspecting individuals into fraudulent schemes, promising them authorized dealership of the Plaintiff's products.

2. Infringement of Plaintiff's Statutory and Common Law Rights:
The court acknowledged the Plaintiff’s claim, stating that the registration of the fraudulent domains was "entirely mala fide" and constituted an infringement of the Plaintiff's valuable statutory and common law rights. This warranted an immediate injunction.

3. Injunction Against Domain Name Registrars:
The Plaintiff sought an injunction to suspend and block access to the fraudulent domain names registered through Endurance Domains, GoDaddy, and Porkbun. The court noted that while domain name registrars could suspend registrations, they could not block access, as this involved different technical processes.

4. Technical Feasibility of Blocking Access to Domain Names:
The court explained the technical aspects of domain name registration and access, emphasizing that blocking access was not feasible through domain name registrars. Blocking access typically required intervention by internet service providers under government directives, which could be easily circumvented using VPNs.

5. Disclosure of Registrant Information:
The Plaintiff requested the disclosure of registrant details for the fraudulent domain names. The court granted this relief against Endurance Domains, GoDaddy, and Porkbun but not against the .in registry and NIEI, as they were not registrars and did not handle domain name registrations.

6. Freezing and Disclosure of Fraudulent Bank Accounts:
The Plaintiff sought to freeze and obtain details of fraudulent bank accounts linked to the 5th Defendant. The court did not grant a blanket injunction to freeze the accounts but ordered the banks to disclose details of these accounts, given the significant amounts involved.

7. Dynamic Injunction Against Future Fraudulent Domain Name Registrations:
The Plaintiff sought a dynamic injunction to prevent future registrations of domain names similar to its own. The court found this technically unfeasible due to the nature of domain name registration technology, which is automated and does not involve manual oversight.

8. Mechanisms for Addressing Future Fraudulent Domain Names:
The Plaintiff requested a mechanism to deal with future fraudulent domain names without constantly approaching the court. The court rejected this request for ad interim relief, emphasizing that the Plaintiff, with its resources, could manage repeated applications. However, to ease the court's burden, the court allowed the Plaintiff to file an affidavit listing new fraudulent domain names and approach the court without a formal interim application if direct negotiation with the domain name registrars failed.

Conclusion:
The court provided a nuanced judgment balancing the Plaintiff's rights against the technical limitations of domain name registration and access. It granted specific reliefs while denying others due to practical constraints, emphasizing the need for structured resolutions and cooperation between the parties to address the root issue of fraudulent domain names.