Statutory Concept
Cyber-squatting under the Cybercrime Prevention Act is the bad-faith acquisition of a domain name over the internet in order to exploit another's protected identifier. The wrong is committed through the registration or acquisition of the domain name itself, not merely through the later publication of content on the website connected to that domain.
The offense protects the integrity of online identifiers, the reliability of the domain-name system, and the interest of trademark owners and named persons in preventing deceptive or hostage registrations. A domain name can become a digital substitute for goodwill, identity, and public recognition, so bad-faith appropriation of that name is treated as a cybercrime and not only as a civil intellectual property dispute.
Section 4(a)(6) of Republic Act No. 10175 is the operative provision because it specifically defines cyber-squatting. It covers the acquisition of a domain name in bad faith to profit, mislead, destroy reputation, or deprive another from registering the same, where the domain name is connected with a registered trademark, the name of another person, or an identifier in which the registrant has no right or intellectual property interest.
Elements
Criminal liability requires proof of the acquisition of a domain name, the bad-faith character of that acquisition, a prohibited purpose, and the relationship of the domain name to a protected name or mark. The prosecution must prove more than mere similarity; it must connect the registration to the wrongful intent punished by the law.
- The offender acquired or registered a domain name over the internet.
- The domain name is identical, similar, or confusingly similar to an existing registered trademark, or identical or similar to the name of a person other than the registrant.
- The offender had no right, authority, license, legitimate interest, or intellectual property interest in the domain name.
- The acquisition was made in bad faith.
- The bad-faith acquisition was directed toward profiting from the protected identifier, misleading internet users, damaging reputation, or preventing the legitimate holder from registering the domain name.
The acquisition element is satisfied by acts that result in control of the domain registration, such as original registration, transfer, or procurement through another person acting for the offender. Mere brainstorming, checking availability, or preparing a proposed domain name is not enough unless it progresses into an overt act punishable under applicable principles.
The offense may be consummated even before the domain name is used for a live website. Use of the domain, redirection of traffic, sale offers, parked advertisements, or impersonation pages are strong evidence of bad faith, but the statutory focus remains the bad-faith acquisition.
Protected Identifiers
Registered Trademarks
For the trademark branch, the mark must be existing and registered with the proper government agency at the time of the domain-name registration. The timing requirement matters because a later trademark registration should not retroactively make an earlier innocent domain registration criminal.
Similarity is assessed by the overall impression created by the domain name, including spelling, sound, visual resemblance, and the likely association formed by internet users. Exact copying is not required; a domain may be confusingly similar through misspellings, omitted characters, added generic words, pluralization, hyphenation, or other variations that still ride on the protected mark.
The top-level domain, such as .com, .net, .org, or a country-code extension, is usually a technical part of the address and rarely removes confusing similarity by itself. The more important inquiry is whether the distinctive portion of the domain appropriates the mark or creates a false association with the trademark owner.
Names of Persons
The personal-name branch covers a domain name identical or similar to the name of a person other than the registrant. The law is concerned with online identity capture, especially when the registrant uses another's name as a domain to profit from public recognition, divert communications, mislead the public, or hold the name against the person identified.
A personal name need not always have the same commercial distinctiveness as a trademark, but the prosecution must still prove that the domain name points to an identifiable person other than the registrant and that the acquisition was in bad faith. Where the name is common, evidence tying the registration to a particular person becomes more important.
When the claimed identifier belongs to a corporation, association, public office, school, or business, liability depends on the proof connecting the domain to a protected mark, trade identifier, or legally recognized person whose name has been appropriated. A generic or descriptive domain name is not criminal merely because another party also uses similar words in commerce.
Bad Faith
Bad faith is the mental element that separates cyber-squatting from legitimate domain registration. It means the registrant acquired the domain with a dishonest purpose connected to another's mark, name, goodwill, identity, or registration opportunity.
Bad faith may be inferred from surrounding facts because it is usually proved by conduct, communications, timing, and the use or non-use of the domain. A direct admission is not necessary if the totality of circumstances shows that the acquisition was meant to exploit another's identifier.
| Fact Pattern | Relevance to Bad Faith |
|---|---|
| Registering a domain immediately after a mark becomes known or after a public announcement | May show knowledge of the mark or name and an intent to capture its expected online value. |
| Offering to sell the domain to the mark owner or named person for an excessive price | Supports an inference that the domain was acquired to profit from the protected identifier rather than for bona fide use. |
| Using the domain for pay-per-click advertisements, competing goods, phishing, impersonation, or traffic diversion | Shows exploitation of confusion or reputation generated by the protected name or mark. |
| Providing false contact details or hiding the true registrant while targeting another's identifier | May indicate consciousness of wrongful registration, although privacy services alone are not automatically criminal. |
| Registering several domains patterned after different marks or names | May show a pattern of cyber-squatting rather than an isolated innocent registration. |
Bad faith is not established by similarity alone. A registrant may have a legitimate reason for using a domain if it corresponds to the registrant's own name, business, prior bona fide project, authorized license, or independent intellectual property right.
Non-use of a domain does not automatically negate liability. Passive holding may still be bad faith when the circumstances show that the domain was registered to block the rightful holder, extract payment, preserve leverage, or keep a deceptive online address for future use.
Absence of Right or Legitimate Interest
The statute requires attention to whether the registrant had a right or intellectual property interest in the domain. This requirement prevents criminal liability for a person who honestly registers a domain corresponding to that person's own name, mark, business, advocacy, or authorized undertaking.
A right or legitimate interest may arise from ownership of a trademark, authority from the trademark owner, a registered business name, a trade name used in good faith, a person's own legal name, or a bona fide offering of goods or services unconnected with deception. The existence of a right does not excuse fraud, impersonation, or deliberate confusion, but it may defeat the charge when it negates bad faith.
Priority matters but is not conclusive. Earlier registration of a domain can support good faith, especially if it preceded the complainant's mark or public identity, while later registration after knowledge of another's established identifier may support bad faith.
Good-faith criticism, commentary, fan activity, or noncommercial expression may negate the intent to profit or mislead, but the domain name itself must still be examined. A domain that falsely appears to be the official address of the person or mark owner may remain problematic even if the page later contains critical or expressive content.
Distinctions from Related Wrongs
| Concept | Primary Wrong | Key Difference |
|---|---|---|
| Cyber-squatting | Bad-faith acquisition of a domain name connected to another's mark or name | The punishable focus is the domain registration or acquisition itself. |
| Trademark infringement | Unauthorized use of a mark in commerce causing likelihood of confusion | It centers on commercial use of the mark, not necessarily on acquisition of a domain name. |
| Unfair competition | Passing off one's goods, services, or business as those of another | It requires deceptive market conduct and may exist even without a domain-name registration. |
| Computer-related fraud | Use of a computer system to cause damage through fraudulent input, alteration, or interference | It punishes computer-enabled fraud; cyber-squatting punishes bad-faith domain-name acquisition. |
| Cyber libel | Defamatory imputation committed through a computer system | Defamatory website content may be separate from the registration of the domain name. |
A single course of conduct may generate more than one liability if the acts satisfy separate offenses. A person who registers a confusing domain in bad faith and then uses it for phishing, defamatory content, or fraudulent transactions may face liability for cyber-squatting and other applicable crimes, subject to rules on double jeopardy, absorption, and identity of offenses.
Proof and Evidentiary Considerations
Proof commonly includes registrar records, WHOIS history, domain-transfer records, payment records, email communications, screenshots, archived pages, DNS records, trademark certificates, business records, and evidence showing the complainant's name or mark was known before registration.
The prosecution should connect the accused to the domain registration. Use of nominees, privacy shields, hosting accounts, payment instruments, administrative email addresses, or later control of the website may establish authorship or participation when they point to the same person or group.
For the trademark branch, the certificate or official record of registration is important because the statute refers to an existing registered mark at the time of domain-name registration. For the personal-name branch, identity proof and circumstances showing that the registrant targeted that person are central.
Evidence of actual confusion, diverted traffic, reputational harm, or completed sale is useful but not always indispensable. The statutory wrong is the bad-faith acquisition, so liability may arise even before actual injury becomes extensive, provided the required intent and protected identifier are proved beyond reasonable doubt.
Liability, Participation, and Penalties
The principal offender is the person who acquires or causes the acquisition of the domain name with the required bad faith. Those who knowingly cooperate in the registration, concealment, transfer, or exploitation of the domain may incur liability according to their participation and the provisions of the Cybercrime Prevention Act and suppletory criminal law principles.
When the act is done through a corporation or other juridical entity, liability may attach to responsible natural persons who knowingly authorized, directed, or participated in the offense. Corporate liability provisions may also impose fines on the juridical entity when the cybercrime is committed for its benefit or through deficient supervision, without extinguishing the liability of the participating individuals.
Cyber-squatting is punished under the penalty provisions for offenses under Section 4(a) of the Cybercrime Prevention Act. The general statutory penalty includes imprisonment and/or fine, with heavier consequences when the offense falls within circumstances that the Act treats with greater severity, such as attacks against critical infrastructure.
Domain cancellation, transfer, suspension, or recovery may be pursued through separate civil, administrative, intellectual property, or registrar-based remedies where available. Those remedies do not by themselves replace the criminal case, and a criminal prosecution still requires proof of every element of the offense beyond reasonable doubt.
Operational Principles
- Cyber-squatting is concerned with acquisition in bad faith, so the timing and purpose of registration are central.
- A registered trademark must already exist when the domain name is registered under the trademark branch of the offense.
- The personal-name branch requires proof that the domain name appropriates the name of a person other than the registrant.
- Confusing similarity may arise from small variations that preserve the commercial or identity impression of the protected mark or name.
- Bad faith may be inferred from offers to sell, traffic diversion, impersonation, concealment, blocking conduct, or a pattern of registrations.
- A bona fide right, authorization, or legitimate interest in the domain may defeat the charge when it negates wrongful intent.
- Use of the domain for a website is strong evidence but is not the defining act; the defining act is bad-faith acquisition of the domain name.
- Civil trademark remedies and domain-dispute remedies may coexist with criminal liability, but they do not lower the prosecution's burden of proof.