Policing and Takedown Strategies for Rogue Websites

For IP owners, online infringement has perhaps been the bane of the Internet, and the issues only increase by the day with the mushrooming of e-commerce operators. The Internet has allowed operators to conveniently sell counterfeit products, host pirated content, cybersquat rampantly and resurface despite action by using the shield of anonymity otherwise unavailable in the physical world.

While the advent of the ‘marketplace’ and ‘aggregator’ models only added to the problem, the next immediate threat is already approaching with the expansion of the ‘metaverse’. IP owners must be fast enough to keep a grip on online infringement of their rights lest the value of their IP gets diluted beyond repair.

India has been no stranger to these issues, and the courts and enforcement authorities in India have been sensitive to the IP rights of owners. Accordingly, there has been litigation concerning rogue websites and other online infringement, as well as alternative strategies for effective legal protection against such infringement; notable instances of which are discussed in this chapter.

Online counterfeiting and piracy

The success of e-commerce businesses in India has allowed illegal operators to conveniently sell counterfeit products under the guise of heavy discounts and the shield of anonymity otherwise unavailable with original products. The ease of registering a domain name or creating a seller account on online portals anonymously has enabled counterfeiters to sell counterfeit products rather conveniently.

India has seen litigation recently concerning rogue websites or flagrantly infringing online locations (FIOLs) in addition to traditional forms of online infringement. Several of such cases before the Delhi High Court have resulted in the court passing dynamic injunctions for takedowns against ‘John Does’, recognising that the unusual nature of these violations necessitates an extraordinary remedy. A dynamic injunction enables a plaintiff to approach the court in the same suit seeking extension of the injunction order against newly discovered FIOLs if the violation complained of relates to the same IP right.

An important outcome from the lead case (UTV Software Communications Ltd v 1337X.TO; Delhi High Court order dated 10 April 2019 in CS (Comm) 724/2017) on this issue was the framing of (illustrative not exhaustive) factors for determining what qualifies as a rogue website from a legal point of view. These factors as determined by the court are:

• whether the primary purpose of the website is to commit or facilitate copyright infringement;
• the flagrancy of the infringement, or the flagrancy of the facilitation of the infringement;
• whether the details of the registrant are masked and no personal or traceable details are available either of the registrant or of the user;
• whether there is silence or inaction by such website after the receipt of takedown notices pertaining to copyright infringement;
• whether the online location makes available or contains directories, indexes or categories of the means to infringe, or to facilitate the infringement of, copyright;
• whether the owner or operator of the online location demonstrates a disregard for copyright generally;
• whether access to the online location has been disabled by orders from any court of another country or territory on the ground of, or related to, copyright infringement;
• whether the website contains guides or instructions to circumvent measures, or any order of any court, that disables access to the website on the ground of, or related to, copyright infringement; and
• the volume of traffic at, or frequency of access to, the website;

It was also clarified by the court that these factors will not apply to intermediaries as they are governed by the Information Technology Act, which provides for statutory immunities, and they perform a function of a different nature.

The Delhi High Court also directed India’s Department of Telecommunications of the Ministry of Electronics and Information Technology to frame policies that can facilitate the issuance of warnings to consumers watching infringing content and the imposition of penalties if the subscriber or viewer continues to access the infringing content.

Intermediary liability

While Indian law distinguishes an intermediary as a ‘rogue website’ and provides it with legal immunity in certain situations, intermediaries are not completely immune and can be held liable. The definition of an ‘intermediary’ includes internet services providers (ISPs), hosts, search engines, online payment sites, online auction sites, online marketplaces and cybercafes.

Intermediary liability is limited by certain exemptions if the intermediary complies with due diligence requirements under law. As per a leading Supreme Court ruling, a rights holder seeking to take down online infringement through an intermediary must approach the competent court, name the intermediary as the defendant and seek specific directions against it.

At the same time, Indian courts are becoming much stricter with intermediaries and have been passing orders of injunction as intermediaries are increasingly playing an active role in committing infringements and deriving substantial revenue as a result. The most apt example is of domain name infringements, wherein courts are increasingly passing orders against domain registrars owing to the increasing number of cybersquatting cases and the very limited interest shown by domain registrars in playing an active role in controlling it.

Cybersquatting and domain name infringements

A domain name can be registered by anyone upon payment of the applicable fee and by providing basic contact information, which then forms part of the domain’s Whois database entry. The process of allotment of a domain has been on a first come, first served basis, with no real responsibility on anyone towards legitimacy or correctness of allotment of a particular domain to an applicant. Consequently, it has always been very easy for anyone to engage in cybersquatting (ie, to obtain a domain name comprising someone else’s trademark or even personal name without any legal or procedural hurdles, as long as the particular domain is available for registration).

Cybersquatting has recently experienced a sudden surge, owing primarily to the ease of registering a domain name and the absence of any checks or oversight regarding the identification of domain registrants. As a result, Whois data becomes meaningless in many, if not most, cases of dishonest domain registrations, as it fails to identify the actual registrant of the fraudulent domain. Since a dishonest registration of a domain name comprising an identical or confusingly similar trademark is actionable, a rights holder can still seek an injunction for the interim and permanent takedown or transfer of the domain name through a civil lawsuit by making the domain registrar a co-defendant.

Management of the Whois database is administered by the Internet Corporation for Assigned Names and Numbers (ICANN), and it intends to make information on websites and their owners accessible to enable the resolution of disputes relating to them. However, the lack of any sanctity, legal obligation or even basic oversight regarding the contact information provided by the domain registrant has enabled squatting of (infringing) domain names to be an extremely easy and largely risk-free exercise. As a result, the effectively meaningless Whois data fails to identify the actual registrant of unscrupulous domains, thereby preventing rights holders from taking legal remedies as they cannot ascertain the actual identity of the wrongdoer. The eventual fallout is that internet fraud continues to grow at an ever-increasing pace, aided by faster and more accessible internet connection, rising technology literacy and, most crucially, the availability of almost absolute anonymity, providing an in-built shield against any swift legal actions or consequences.

Cybersecurity and brand protection

A recent trend has been observed regarding the overlapping issues of cybersecurity and brand protection. This issue has been noticed in cases of tech support fraud, one of the most common call centre scams. In tech support fraud, certain individuals impersonate certified technical experts from renowned IT companies and plant fake malware pop-ups on a victim’s computer. They then inform the victim that their computer has been infected with a virus that will lead to permanent damage. These fake experts offer to rectify the issue, seeking money to do so. The transaction is made to look genuine as the pop-ups are taken down, making the user believe that it was a genuine virus.

Various brand owners that have been impersonated in this manner have lodged complaints that have prompted police raids, revealing huge fake transaction operations in their names and leading to arrests of a large number of culprits.

Enforcement strategies

Injunction suits

A civil suit seeking injunction against known and/or unknown defendants is perhaps the quickest and most effective remedy in India for immediately blocking online infringing content. For meaningful implementation of an order, especially at the ad interim admission stage, it is useful to implead a domain registrar, social media website or intermediary as a pro forma defendant.

Criminal actions

For certain cases involving high-volume counterfeiting or piracy, fintech fraud, or impersonation, and cases involving serious criminality in the violation, a criminal action becomes the most appropriate remedy. Since the police and investigating authorities have wide powers of investigation, including search, seizure and arrest, which a plaintiff may not be able to seek through court orders in a civil proceeding as quickly and effectively as the police can, rights holders should be conscious when choosing the penal route of whether the facts warrant such an action.

INDRP/ UDRP proceedings

The ‘.in’ Domain Name Dispute Resolution Policy (INDRP) provides the legal framework for resolution of a ‘.in’ domain (ie, the country code top-level domain for India) infringing upon a trademark. The process is similar to the Uniform Domain-Name Dispute Resolution Policy (UDRP) of the ICANN for generic top-level domains. Any person aggrieved by registration of a ‘.in’ domain that is identical or confusingly similar to their name or trademark may file a complaint before the National Internet Exchange of India, which is the administrative body for entertaining complaints under the INDRP. In the case of the UDRP, a complaint may be filed with the WIPO’s Arbitration and Mediation Center, which is run under the aegis of ICANN. The procedure is a quick and effective grievance redressal mechanism against the bad faith registration of a domain name using the rights holder’s trademark. The proceedings are in the nature of arbitration and the domain registrant must submit to the proceedings upon a complaint.

Takedown notices

A large amount of routine online infringing content on intermediaries such as marketplaces, social media pages, passive domain names can be easily handled through takedown notices provided by the intermediary on their portals. Most popular intermediaries now have an in-built IP violation policy providing for a notice and takedown strategy on the website itself, which has served as an effective route for getting simple and basic violations delisted from the concerned forum.

Cease and desist notices

In several instances, a violator may crop up on a different portal after a takedown notice or may be present on multiple portals or have offline infringing activity, which may not fully get resolved through delisting actions. Depending upon the severity of the violation, a cease-and-desist notice directly to the violator serves as a good first step and helps to show the court the bona fide attempt by a rights holder to give the offender an out-of-court opportunity to cease the violation.

Tackling online infringement also requires a sophisticated investigation strategy, which may include a combination of online surveillance using high-tech tools, personal visits and physical relative analysis of the products. Further, an effective online counterfeiting strategy requires identification of the most relevant targets along the chain, including website owners, domain hosts, ISPs and payment gateways, which should be strategically targeted and examined to secure effective blocking of the violation and apprehend the violator(s) in the anonymous virtual world.