The National Arbitration Forum (NAF) recently ruled in favor of the domain name registrar easyDNS, protecting the ability of domain name owners to transfer their names from registrars “locking down” the names. Credit goes to easyDNS for its work summarizing the issue here.
The case involved three domain names locked down by the Public Domain Registry (PDR), which refused to transfer the names to easyDNS. PDR locked down the names due to repeated takedown requests from the City of London’s Intellectual Property Crime Unit. The domain name owners wanted to transfer the names to easyDNS because they agreed not to lock down the names.
The NAF ruled that a registrar could not hold a domain name hostage, essentially, without a court order barring transfer. The NAF held that nothing in the relevant Transfer Policy authorized PDR to refuse to transfer the names. It also warned that such refusals were possibly violations of Due Process under the US Constitution. The NAF wrote:
“To permit a registrar of record to withhold the transfer of a domain based on the suspicion of a law enforcement agency, without the intervention of a judicial body, opens the possibility for abuse by agencies far less reputable than the City of London Police. Presumably, the provision in the Transfer Policy requiring a court order is based on the reasonable assumption that the intervention of a court and judicial decree ensures that the restriction on the transfer of a domain name has some basis of “due process” associated with it.”
The NAF’s strong language goes a long way in protecting domain names. The ruling allows registrars like easyDNS to house domain names when other registrars lock down those names. The ruling also reduces the ability of law enforcement agencies to “bully” domain name owners by threatening the controlling registrar with takedown requests.
For more information about the TDRP process, read our post here.
To understand why the easyDNS ruling matters, it helps to understand the framework governing domain name transfers. ICANN—the Internet Corporation for Assigned Names and Numbers—administers the domain name system under contracts with domain registries and registrars. ICANN’s Transfer Policy governs when and how registrars may refuse to transfer a domain name from one registrar to another.
The Transfer Policy identifies a specific, limited set of circumstances under which a registrar may place a domain name on “transfer lock” and refuse a transfer: for example, when a valid UDRP or URS decision is pending, when the domain is within 60 days of initial registration, or when a court order expressly prohibits the transfer. Critically, an informal request from a law enforcement agency—without a court order—does not appear on this list. The easyDNS ruling reaffirmed this: unless a court has issued an order barring the transfer, the registrar has no authority under the Transfer Policy to refuse.
The easyDNS case brought into sharp focus a tension that has grown as law enforcement agencies increasingly seek to use registrars as de facto enforcement tools. In the United States, the First and Fifth Amendments impose due process requirements before the government can deprive a person of property. A domain name is property—it has been recognized as such in federal courts. See Kremen v. Cohen, 337 F.3d 1024 (9th Cir. 2003) (holding that a domain name is intangible property cognizable under the California law of conversion).
When law enforcement agencies pressure registrars to lock or transfer domain names without judicial process, they circumvent the procedural protections that courts provide. There is no opportunity for the domain name owner to be heard, to challenge the factual basis of the law enforcement request, or to present a defense. The NAF’s observation that such practices open the door to abuse by “agencies far less reputable” than the City of London Police is a pointed warning about the systemic risks of extra-judicial domain seizure.
In the United States, law enforcement domain seizures are conducted through a different mechanism: the government obtains a seizure warrant from a federal court under 18 U.S.C. § 981 (civil forfeiture) or through a criminal forfeiture order. These mechanisms require judicial approval and are served on the registry—not simply requested informally from the registrar. When a federal court issues a seizure warrant for a domain name, the registry is required to redirect the domain to a government-controlled server, typically displaying a seizure notice.
This process, while more procedurally robust than the informal takedown requests at issue in easyDNS, is not without controversy. Domain seizures have occurred without prior notice to the domain owner, and owners whose domains were seized have sometimes had to litigate for months or years to recover them—even when the underlying allegations were ultimately not sustained. The Anticybersquatting Consumer Protection Act (ACPA), 15 U.S.C. § 1125(d), provides a civil mechanism for trademark holders to pursue domain name disputes in federal court, which includes judicial oversight and procedural protections for both parties.
Domain name owners can take several practical steps to reduce the risk of unauthorized lock or transfer:
If your domain name has been locked, transferred without your consent, or is the subject of a law enforcement request, Revision Legal’s internet attorneys can evaluate your options and help you pursue the appropriate remedies. Contact us at 855-473-8474 or through the contact form on this page.
For trademark owners whose marks are being used in domain names without authorization, the Anticybersquatting Consumer Protection Act (ACPA), 15 U.S.C. § 1125(d), provides a federal court remedy that complements the ICANN-based dispute resolution mechanisms. The ACPA allows a mark owner to bring a civil action in federal district court against a person who registers, traffics in, or uses a domain name that is identical or confusingly similar to a distinctive or famous mark, with a bad faith intent to profit from the mark.
The ACPA provides for both in personam and in rem jurisdiction. In personam jurisdiction requires the plaintiff to establish personal jurisdiction over the domain name registrant in the relevant federal court—a challenge when the registrant is located overseas or has concealed their identity through WHOIS privacy services. In rem jurisdiction under § 1125(d)(2) allows the mark owner to bring an action against the domain name itself in the judicial district where the domain name registry is located, regardless of where the registrant is found. This in rem mechanism is what allowed the Eastern District of Virginia to assert jurisdiction over foreign-based domain names registered under .com and .org TLDs—a scenario discussed in our related post on cybersquatting enforcement. For trademark owners dealing with bad-faith domain registrations, the ACPA provides a powerful set of remedies that registrar-level processes alone cannot deliver.
Artificial intelligence has become part of nearly every business operation. Businesses now use AI tools to write marketing copy, generate product images, compose emails, draft social media posts, and produce video and audio content at a scale that was not possible a few years ago. The efficiency gains are real. But so are the legal […]
Read more about The Risks of Using AI-Generated Content in Your Business
Receiving a cease and desist letter can feel alarming. One minute you are running your business as usual, and the next you are staring at a legal demand accusing you of trademark infringement, copyright violation, breach of contract, or some other wrong. The situation can escalate quickly if not handled properly. But receiving a cease […]
Read more about How to Respond to a Cease and Desist Letter
Learn what counts as deceptive pricing in e-commerce, including false discounts, hidden fees, drip pricing, and fake urgency. Revision Legal’s internet law attorneys help online retailers stay compliant with FTC rules.
Read more about What Counts as Deceptive Pricing in E-Commerce?