An interesting article appeared today in the Tech section of Forbes about an esoteric form of domain name squatting that has been described as “bit-squatting.”
This phenomenon is rooted in the binary nature of communication used by the Domain Name System (DNS): computers relying upon the DNS communicate with one another through a series of 1′ and 0’s. There are some interesting intellectual property issues here that are worth some discussion, but a little technical overview might be useful first.
Every computer connected to the Internet is assigned a unique numerical identifier known as an internet protocol (IP) address. IP addresses serve to identify individual computers and they make it possible for computers to locate one another on the internet. These addresses consist of four numeric strings ranging from 0 to 255, separated by periods, for example, 18.104.22.168. A portion of each IP address represents the network that the computer utilizes, and the remaining portion identifies the individual server machine where the hosted web content resides.
Because it would be difficult to remember the numeric addresses which computers utilize to locate one another via the Internet, the Domain Name System was developed to associate IP addresses with the more memorable domain name addresses with which we are all familiar. When an Internet user types a domain name like example.com into the address box of a web browser, a request is sent to a remote domain name server to query the IP address associated with that domain name. The name server then reports the IP address to the browser and the browser attempts to make a connection to the computer located at that numeric address. In this sense, a name server acts as a sort of automated phone book for Internet users. Once the domain name is translated into an IP address and the connection is made, web content stored on the remote computer is sent to the user’s browser and a web page appears.
In the above example, the IP address 22.214.171.124 is the location of a computer that hosts the content that is available at example.com. Thus, if a user types <www.example.com> into a browser address box, the user’s browser will report <example.com> to a name server and request the associated IP address, and it will then be informed that the user’s desired content is available on a server located at 126.96.36.199. The user’s browser then requests and is provided with content including html code, images, etc., which are integrated by the user’s browser to render the web pages located on the server. In this sense, IP addresses, though less memorable than domain names, are equally important in making it possible for users locate websites.
All of these communications rely upon ASCII binary encoding and therefore each letter in a domain name is converted to a series of 1’s and 0’s for purposes of simplifying communication between machines. For example, the letter ‘e’ would appear as “01100101.” The word “example” would appear as a longer string:
Occasionally, these strings may be corrupted due to hardware issues (e.g., overheating) in the course of communicating with DNS servers, and this results in an inaccurate interpretation of the string, i.e., a misspelled domain name. As the Forbes article points out, even an iPhone being used on a very hot day could be warm enough to cause a minor hardware error, converting a single 0 to a 1. As a result, the website that you request might not be the website that is delivered to you when you enter a domain name in your iPhone’s browser address box.
Taking their cues from typo-squatters, bit-squatters take advantage of these errors. Typo-squatters have long enjoyed the practice of registering common misspellings of well-known domain names with the intent to divert Internet traffic to their own websites, usually for commercial gain or social commentary. A typo-squatter might register the domain name <gooogle.com> or <generalectric.com>, hoping to capitalize on Internet user misspellings. By the same token, bit-squatters register domain names that may result from binary errors. For example, in the domain name <walmart.com>, the word “walmart” converts to the following binary string:
If your browser correctly reports the preceding string to a domain name server, you will be provided with content located at Wal-Mart’s website. However, if even a single binary digit is flipped, the result will be different; for example, changing one digit in the string from a 1 to a 0 results in the following revised string:
Converting this revised binary string back to text results in “walmazt.” Likewise, converting just the second digit from a 1 to a 0 results in the text “7almart.”
Both <walmazt.com> and <7almart.com> may serve as valid domain names, but only a small proportion of Internet users are likely to mistype either of those domains when they intend <walmart.com>; most would be more likely to generate typographical errors such as <wamlart.com> (transposing the ‘l’ and ‘m’) or <wallmart.com> (adding an extra ‘l’). So, for typo-squatters, <walmazt.com> and <7almart.com> might not be a very useful. However, machines may very well flip a single binary digit, altering the string that is ultimately translated into a domain name by the DNS name server. A savvy bit-squatter who registers the domain names <walmazt.com> and <7almart.com> might notice an influx of traffic to his or her website from machine errors that mistranslated <walmart.com>.1
But how should judicial bodies approach this form of cybersquatting? It would appear that the test articulated in ICANN’s Uniform Domain Name Dispute Resolution Policy (UDRP) does not cover this behavior. The UDRP requires the complainant to prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred: (1) the domain name registered by the respondent is identical or confusingly similar to a trademark or service mark in which the complainant has rights; (2) the respondent has no rights or legitimate interests in the domain name; and (3) the domain name has been registered and is being used in bad faith. Likewise, the Anticybersquatting Consumer Protection Act (ACPA) requires the complaining trademark owner to demonstrate that the registrant acted in bad faith in registering a domain name that is identically or confusingly similar to the complainant’s mark.
In disputes that result from the practice of bit-squatting, the bad faith prong might be easily met, but what about the requirement to show similarity? Very similar binary strings may result in very dissimilar domain names; therefore, if the text of the UDRP and ACPA are read literally, the first prong is not met, because the domain name itself is not identical or confusingly similar to the bit-squatter’s registered domain name. Otherwise stated, WALMAZT and 7ALMART are not likely to be viewed by consumers as terms associated with the retail giant (i.e., there is little likelihood of confusion with WALMART), so it would seem that the anti-cybersquatting legal frameworks currently in place would not apply.
But add a little heat or radiation, and an Internet user’s device might make that very small error when it converts WALMART to a binary string, which results in redirecting the user to <walmazt.com> — in effect, the machine gets confused. Presumably confused machines are not covered by the applicable legal frameworks, but one could argue that the user experiences confusion as well — most likely of the initial interest variety — because the page that is delivered is not the page that was sought. Essentially, the user sought products or services endorsed/affiliated/associated with Wal-Mart Stores, Inc. by relying upon the WALMART trademark, but through a technical error exploited by an opportunist, the user was redirected to the products and services of another.
A defensive argument for the bit-squatter might suggest that bit flipping errors, like all machine errors, will happen with or without any bad faith: machines are imperfect and the bit-squatter is simply there to catch and make use of whatever falls through the cracks. If my competitor moves his business to a new location and I set up shop in the old location, knowing that the locals will occasionally mistakenly direct his potential customers to me, the confusion on the part of the locals may result in my favor, but where does the blame lie, particularly if I have no influence upon the bad information given by the locals?
Further, it seems nonsensical to attempt to measure the likelihood of confusion by applying the traditional confusion tests (Polaroid, DuPont), considering that the confusion doesn’t exist at the level of the marks — no one (human) is confusing 7ALMART with WALMART.
On the other hand, bit-squatters, like cyber-squatters and typo-squatters, rely upon new technology — technology not envisioned by the legislature — to exploit the intellectual property rights of others. It is difficult to get around the fact that, but for the existence of consumer recognition of the WALMART trademark, the would-be registrants of <walmazt.com>, <7almart.com>, and the like would not enjoy the opportunity for a certain amount of financial gain attributable to that recognition. That sounds an awful lot like unfair competition.
1. I should note that at the time of this blog post, no one has registered either <walmazt.com> or <7almart.com>, which suggests one of two things: (1) the bit flipping machine error effect is actually much ado about nothing; or (2) I should be registering those domain names at NameCheap.com right now.
Very interesting article. I’m sure that the legislation will eventually be updated to account for bit-squatting, but in my view it will only be a matter of time before another technology not envisioned by the legislature will emerge. In a way, these entrepreneurial squatters (and others who use technology in unenvisioned or unintended ways) may continue to force legislators to keep up with ever-changing technology.
Very interesting article. I am not sure we can or should legislate against bit-squatters or typo-squatters. I fear any legislations might be over-reaching.
Plus, if a consumer were to enter a site by mistake, he or she should be able to notice the mistake readily and exit. There is nothing to keep them there; unless, the squatters have modeled their site to be near-identical with the original site. In that case, squatters have taken another action leading to fraud.
Well written, Jude. The detail of your explanation is suitable for experts and novices alike for this subject matter. Did the Forbes article mention a possible number of known bit-squatters out there? It would be interesting to find out if many of these sites are known and how much potential web traffic they may be able to influence to their own benefit.
We always look forward to your posts.