Baidu, Inc. et al v. Register.com, Inc.MEMORANDUM OF LAW in Support re: 14 MOTION to Dismiss.. DocumentS.D.N.Y.March 16, 2010 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - BAIDU, INC. and BAIDU NETCOM SCIENCE & TECHNOLOGY CO., LTD., Plaintiffs, v. REGISTER.COM, INC., Defendant. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - x : : : : : : : : : : x No. 10 Civ. 444 (DC) DEFENDANT REGISTER.COM’S MEMORANDUM OF LAW IN SUPPORT OF ITS MOTION TO DISMISS PLAINTIFFS’ COMPLAINT GIBSON, DUNN & CRUTCHER LLP 200 Park Avenue New York, New York 10166-0193 Phone: (212) 351-4000 Fax: (212) 351-4035 Attorneys for Defendant Register.com March 10, 2010 Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 1 of 32 i TABLE OF CONTENTS Page PRELIMINARY STATEMENT ................................................................................................... 1 STATEMENT OF FACTS ............................................................................................................ 2 A. The Parties And Their Contract ................................................................. 3 B. The Cyber-Attack On Register And Baidu................................................ 6 C. The Complaint ........................................................................................... 7 STANDARD ON THIS MOTION ................................................................................................ 7 ARGUMENT................................................................................................................................. 8 I. The Complaint Is Barred By The Contractual Limitations Provisions.................. 8 A. In Its Agreement With Register, Baidu Agreed To Waive The Very Liability Against Register It Now Asserts ........................................ 8 B. Baidu Cannot Plead Around Its Agreement To Limit Liability For Register By Baldly Asserting Gross Negligence .............................. 11 II. The Tort Claims Fail As A Matter Of Law Independent Of The Agreement...... 15 A. The Tort Claims Must Be Dismissed As Duplicative Of The Contract Claim......................................................................................... 15 B. The Claim For Gross Negligence Fails To State A Claim....................... 17 C. No Claim For Tortious Conversion Is Stated .......................................... 17 D. No Claims For Aiding And Abetting Conversion Or Trespass Are Stated................................................................................................. 18 E. No Claim For Breach Of The Duty Of Bailment Is Stated...................... 20 III. The Complaint Fails To State A Claim For Contributory Trademark Infringement......................................................................................................... 21 A. Register Is Statutorily Immune From Baidu’s Lanham Act Claim........................................................................................................ 21 B. The Complaint Fails To Allege Contributory Trademark Infringement By Register......................................................................... 22 Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 2 of 32 TABLE OF CONTENTS (Continued) Page ii C. The Complaint Fails To Allege A Direct Violation Of The Lanham Act By The Imposter.................................................................. 24 CONCLUSION............................................................................................................................ 25 Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 3 of 32 iii TABLE OF AUTHORITIES Page(s) Cases Abu Dhabi Commercial Bank v. Morgan Stanley & Co. Inc., 651 F. Supp. 2d 155 (S.D.N.Y. 2009) ...................................................................................... 20 Academy of Motion Picture Arts and Sci. v. Network Solutions, Inc., 989 F. Supp. 1276 (C.D. Cal. 1997) ......................................................................................... 22 Alitalia Linee Aeree Italiane, S.p.A. v. Airline Tariff Pub. Co., 580 F. Supp. 2d 285 (S.D.N.Y. 2008) ...................................................................................... 10 Am. Tel. and Teleg. Co. v. The City of New York, 83 F.3d 549 (2d Cir. 1996) ....................................................................................................... 14 Ashcroft v. Iqbal, 129 S. Ct. 1937 (2009)................................................................................................................ 7 ATSI Commc’ns, Inc. v. Shaar Fund, Ltd., 493 F.3d 87 (2d Cir. 2007) ......................................................................................................... 8 Bally Total Fitness Holding Corp. v. Faber, 29 F. Supp. 2d 1161 (C.D. Cal. 1998) ...................................................................................... 25 Bell Atl. Corp. v. Twombly, 550 U.S. 544 (2007).................................................................................................................... 7 Berman v. Sugo LLC, 580 F. Supp. 2d 191 (S.D.N.Y. 2008) ...................................................................................... 18 Bosley Med. Inst., Inc. v. Kremer, 403 F.3d 672 (9th Cir. 2005) .................................................................................................... 24 Calcutti v. SBU, Inc., 273 F. Supp. 2d 488 (S.D.N.Y. 2003) ...................................................................................... 19 Clark-Fitzpatrick, Inc. v. Long Island R.R. Co., 70 N.Y.2d 382 (1987) ............................................................................................................... 15 Colangione v. State, 187 A.D.2d 844 (3d Dep’t 1992).............................................................................................. 21 Colavito v. N.Y. Organ Donor Network, Inc., 8 N.Y.3d 43 (N.Y. 2006) .................................................................................................... 17, 19 Colnaghi, U.S.A., Ltd. v. Jewelers Protection Servs., Ltd., 81 N.Y.2d 821 (1993) ......................................................................................................... 11, 15 Consol. Edison Co. of N.Y. v. Port Auth. (In re September 11 Litig.), 640 F. Supp. 2d 323 (S.D.N.Y. 2009) ...................................................................................... 16 Consumers Distrib. Co. v. Baker Protective Servs., 202 A.D.2d 327 (1st Dep’t 1994) ....................................................................................... 14, 17 Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 4 of 32 TABLE OF AUTHORITIES (Continued) Page(s) iv Dangerfield v. Merrill Lynch, Pierce, Fenner & Smith, Inc., No. 02 Civ. 2561 (KMW), 2006 WL 335357 (S.D.N.Y. Feb. 15, 2006) ................................. 19 DiSanto v. Forsyth, 258 A.D.2d 497 (2d Dep’t 1999).............................................................................................. 16 Fine v. Gordon, Kushnick & Gordon, 238 A.D.2d 373 (2d Dep’t 1997).............................................................................................. 16 Florence v. Merchants Cent. Alarm Co., Inc., 51 N.Y.2d 793 (1980) ............................................................................................................... 11 Gen. Elec. Co. v. Varig-S.A., No. 01 Civ. 11600 (RJH) (JCF), 2004 WL 253320 (S.D.N.Y. Feb. 10, 2004) ........................ 10 Harris v. Mills, 572 F.3d 66 (2d Cir. 2009) ......................................................................................................... 8 Hartford Ins. Co. v. Holmes Protection Group, 250 A.D.2d 526 (1st Dep’t 1998) ............................................................................................. 14 In re Parmalat Sec. Litig., No. 05 Civ. 9934 (LAK), 2010 WL 545964 (S.D.N.Y. Feb. 17, 2010) ................................... 11 In re Sharp Int’l Corp. v. State Street Bank & Trust Co., 403 F.3d 43 (2d Cir. 2005) ....................................................................................................... 20 Indus. Risk Insurers v. Port Auth. of N.Y. and N.J., 387 F. Supp. 2d 299 (S.D.N.Y. 2005) ...................................................................... 8, 11, 14, 15 Inwood Labs., Inc. v. Ives Labs., Inc., 456 U.S. 844 (1982).................................................................................................................. 22 Kalisch-Jarcho, Inc. v. City of New York, 58 N.Y.2d 377 (1983) ................................................................................................................. 8 L-7 Designs, Inc. v. Old Navy, LLC, No. 09 Civ. 1432 (DC), 2010 WL 157494 (S.D.N.Y. Jan. 19, 2010) .................................. 7, 14 Lockheed Martin Corp. v. Networks Solutions, Inc., 985 F. Supp. 949 (C.D. Cal. 1997) ..................................................................................... 22, 23 Metro. Life Ins. Co. v. Noble Lowndes Int’l, Inc., 84 N.Y.2d 430 (1994) ........................................................................................................... 9, 10 Moore v. Microsoft Corp., 293 A.D.2d 587 (2d Dep’t 2002)................................................................................................ 8 Morgan Stanley & Co. v. JP Morgan Chase Bank, N.A., 645 F. Supp. 2d 248 (S.D.N.Y. 2009) ...................................................................................... 20 Niagara Mohawk Power Corp. v. Stone & Webster Eng’g Corp., 725 F. Supp. 656 (N.D.N.Y. 1989)........................................................................................... 15 Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 5 of 32 TABLE OF AUTHORITIES (Continued) Page(s) v Nike, Inc. v. Variety Wholesalers, Inc., 274 F. Supp. 2d 1352 (S.D. Ga. 2003)...................................................................................... 24 Panavision Int’l v. Toeppen, 141 F.3d 1316 (9th Cir. 1998) .................................................................................................. 22 Philbrick v. eNom, Inc., 593 F. Supp. 2d 352 (D.N.H. 2009).......................................................................................... 22 Rapoport v. Asia Elecs. Holding Co., 88 F. Supp. 2d 179 (S.D.N.Y. 2000) .......................................................................................... 8 Register.com, Inc. v. Verio, Inc., 356 F.3d 393 (2d Cir. 2004) ................................................................................................... 3, 9 Rizer v. Breen, No. 601676/05 (JSC), 2007 WL 4378149 (Sup. Ct. N.Y. County Jan. 29, 2007).................... 19 Ross v. Louise Wise Servs., Inc., 8 N.Y.3d 478 (2007) ................................................................................................................. 25 Size, Inc. v. Network Solutions, Inc., 255 F. Supp. 2d 568 (E.D. Va. 2003) ....................................................................................... 23 SNS Bank, N.V. v. Citibank, N.A., 7 A.D.3d 352 (1st Dep’t 2004) ............................................................................... 10, 11, 14, 17 Sommer v. Fed. Signal Corp., 79 N.Y.2d 540 (1992) ............................................................................................................... 14 Sutton Park Dev. Corp. Trading Co. v. Guerin & Guerin Agency Inc., 297 A.D.2d 430 (3d Dep’t 2002).............................................................................................. 17 Tabachnik v. Dorsey, No. 04 Civ. 09865, 2005 WL 1668542 (S.D.N.Y. July 15, 2005), aff’d, 257 Fed. App’x 409 (2d Cir. Dec. 13, 2007) ........................................................................................................ 3 Tiffany, Inc. v. eBay, Inc., 576 F. Supp. 2d 463 (S.D.N.Y. 2008) ................................................................................ 23, 24 Transamerica Corp. v. Moniker Online Servs., No. 09-60973-CIV(CMA), 2009 WL 4715853 (S.D. Fla. Dec. 4, 2009)................................. 22 Via Viente Taiwan, L.P. v. United Parcel Serv., Inc., No. 4:08-cv-301 (RAS), 2009 WL 398729 (E.D. Tex. Feb. 17, 2009) ...................................... 9 Watts v. Jackson Hewitt Tax Serv., No. 06-CV-6042 (DLI), 2009 WL 3817668 (E.D.N.Y. Nov. 13, 2009) .................................. 19 Wornow v. Register.com, Inc., 8 A.D.3d 59 (1st Dep’t 2004) ....................................................................................... 17, 19, 20 Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 6 of 32 TABLE OF AUTHORITIES (Continued) Page(s) vi Statutes 15 U.S.C. § 1114(1) ...................................................................................................................... 24 15 U.S.C. § 1114(1)(a).................................................................................................................. 21 15 U.S.C. § 1114(2)(D)(iii)........................................................................................................... 22 Rules Fed. R. Civ. P. 12(b)(6)................................................................................................................... 7 Fed. R. Civ. P. 12(f)...................................................................................................................... 25 Fed. R. Evid. 201(b)(2) ................................................................................................................... 3 Other Authorities 4 McCarthy on Trademarks and Unfair Competition § 25:73.40 (4th ed. 2010) ......................... 22 8 Williston on Contracts § 19.27 (4th ed. 2009)........................................................................... 11 Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 7 of 32 1 Defendant Register.com, Inc. (“Register”) respectfully submits this memorandum of law in support of its motion to dismiss the Complaint (“Compl.”) of Plaintiffs Baidu, Inc. and Baidu Netcom Science & Technology Co., Ltd. (collectively, “Baidu”) with prejudice for failure to state a claim upon which relief can be granted, pursuant to Federal Rule of Civil Procedure 12(b)(6). PRELIMINARY STATEMENT The Complaint in this action contains a glaring—and inexcusable—omission. It fails to disclose that each and every claim asserted in this ill-conceived action is expressly barred by the clear and unequivocal terms of the parties’ binding written agreement. Asserting a laundry list of inflammatory claims, Baidu seeks to hold Register liable for the January 11, 2010 cyber-attack, which appears to have originated from unknown criminals who also targeted sites such as Twitter, and which resulted in a brief interruption of service on Baidu’s Web site, baidu.com. But Baidu fails to inform the Court that when it registered its domain name through Register more than a decade ago, it expressly agreed to waive any future claims against Register for precisely the kind of service interruptions that form the basis of this lawsuit. Indeed, in numerous provisions of the parties’ contract, Baidu agreed that it would not and could not bring the very claims it now attempts to assert. It is bad enough that Baidu seeks to disavow the contractual waiver and liability limitations provisions to which it agreed. Even worse, Baidu has attempted to conceal these dispositive provisions from the Court. The parties’ written agreement is clear. It provides, in affirmative and absolute terms, that Register cannot be held liable “under any circumstances” for (1) the unauthorized use or misuse of a user name or password, (2) any interruption of business or unauthorized access to or alteration of Baidu’s data, or (3) any modification, interruption, or termination of Baidu’s service. If contracts mean anything at all, then this contract means that Baidu’s lawsuit—which seeks to impose liability on Register for the very circumstances covered by the limitations of liability provisions— fails as a matter of law. Accordingly, liability is barred by the express terms of the contract that Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 8 of 32 2 defines the parties’ relationship—the same contract that Baidu relies on in its Complaint, yet does not cite or attach. In an effort to avoid these iron-clad contractual waivers, Baidu strews its Complaint with the buzzwords of “gross negligence” and “recklessness,” hoping to avoid the very contract it seeks to enforce. But conclusory allegations of this sort cannot overcome the express limitations of liability and are not actionable. Accepting Baidu’s allegations as true, Register’s response to the cyber-attack at issue was, at worst, an inadvertent mistake. Baidu’s own allegations make clear that it cannot come close to meeting the exceedingly high standard required to override the express intent of the parties to limit liability—“reckless disregard” of a customer’s rights typified by repeated and intentional misconduct. Indeed, Baidu’s own binding admissions in the Complaint are fatal because they confirm the reasonableness of Register’s response to the organized criminal attack. Thus, the claims against Register fail as a matter of law and should be dismissed for at least three independent reasons. First, the limitations of liability and damages exclusions in the express provisions of the parties’ contract are valid and enforceable. Second, Baidu’s tort claims are improperly pled because they are duplicative of the contract claim, and thus not actionable, and because each fails to state a claim. Third, Baidu’s Lanham Act claim fails because Register has statutory immunity from the claim and Baidu has pled neither a primary trademark infringement nor Register’s knowledge of such infringement, if any did exist. The Complaint should be dismissed in its entirety with prejudice. STATEMENT OF FACTS The well-pleaded allegations of the Complaint are assumed true for the purposes of this motion only. As demonstrated below, Baidu’s allegations are self-defeating and mandate dismissal. Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 9 of 32 3 A. The Parties And Their Contract Defendant Register is an accredited domain name registrar, one of several hundred from which parties interested in acquiring domain registry services can choose. A privately-held company, Register provides an administrative service by processing and submitting registrations for, and renewals of, domain names to the applicable authoritative registry operator.1 Baidu, Inc. is a NASDAQ-listed global technology company with a market capitalization of over $15 billion.2 Baidu operates the largest Internet search engine in China, in addition to offering an Instant Messaging service, customer-to-customer shopping platform, Internet security service, a media sharing Web site, and Chinese Internet marketing operations.3 Baidu.com is the third-largest Internet search engine in the world (after Google and Yahoo!) and the world’s fourth- largest Web site overall.4 (See Compl. ¶ 2). 1 Register has provided these services for over ten years in connection with over 2.5 million domain names. Apart from its domain name registration services, Register also provides Web site design, management, and hosting services, having won multiple awards including J.D. Power & Associates’ award for “An Outstanding Customer Service Experience” for the past five years. See register.com/about.rcmx and register.com/about/awards.rcmx (last visited March 8, 2010) attached as Ex. A to the accompanying Declaration of Orin Snyder executed March 10, 2010 (“Snyder Decl.”). Register respectfully requests that the Court take judicial notice of the public Web sites, SEC filings, and newspaper articles cited herein and attached to the Snyder Declaration. See Tabachnik v. Dorsey, No. 04 Civ. 09865, 2005 WL 1668542, *2 (S.D.N.Y. July 15, 2005), aff’d, 257 Fed. App’x 409 (2d Cir. Dec. 13, 2007) (court may “take judicial notice of facts within the public domain and public records if such facts and records are ‘capable of accurate and ready determination by resort to sources whose accuracy cannot reasonably be questioned.’”) (quoting Fed. R. Evid. 201(b)(2)). For a description of the domain registration system, see Register.com, Inc. v. Verio, Inc., 356 F.3d 393, 409–10 (2d Cir. 2004). 2 Plaintiff Baidu Netcom Science & Technology Co., Ltd. is a Chinese corporation, through which Baidu operates its Chinese Web sites and online advertising business. See Baidu, Inc., Annual Report (Form 20-F) at 22 (April 9, 2009) (Snyder Decl., Ex. B). Both Plaintiffs have their principal place of business in Beijing, China. It has been publicly reported that Baidu’s dominant market position has been “sealed . . . with support from the Chinese government” in exchange for letting Chinese governmental censors oversee its Web site. See David Barboza, The Rise of Baidu (That’s Chinese for Google), N.Y. TIMES, Sept. 7, 2006, p. BU1 (Snyder Decl., Ex. C). 3 See Baidu, Inc., Annual Report (Form 20-F) at 34 (April 9, 2009) (Snyder Decl., Ex. B). 4 Baidu’s public filings indicate that it regularly retains some of the most sophisticated investment banks and law firms in the world to represent its business interests in important transactions, such as its 2005 initial public offering. See, e.g., Baidu, Inc., Registration Statement (Form F-1) at 133 (July 12, 2005) (underwriters include Goldman Sachs (Asia) L.L.C. and Credit Suisse First Boston) and 139 (legal counsel include Latham & Watkins and Davis Polk & Wardwell) (Snyder Decl., Ex. D). Baidu is represented in litigation matters by law firms such as Davis Polk, Stormhale Inc. v. Baidu.com, Inc., No. 09 Civ. 5273 (VM) (S.D.N.Y. filed June 5, 2009), and in the instant lawsuit by Paul, Weiss, Rifkind, Wharton & Garrison. Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 10 of 32 4 Baidu registered its domain name through Register, which provided the domain registration services pursuant to the parties’ Master Services Agreement (the “Agreement” or “MSA”). (See Declaration of Roni Jacobson executed March 10, 2010 (“Jacobson Decl.”), Ex. A). Baidu affirmatively accepted the terms and conditions of the Agreement before proceeding with the registration process and, again, each time Baidu renewed its registration.5 (See id. ¶ 2). The Agreement clearly and comprehensively defined the parties’ rights and obligations related to the domain name registration services provided by Register. Reflecting the narrow scope of the services provided by Register, Baidu agreed to use the services “entirely at [its] own risk” and agreed to numerous and absolute limitations on Register’s potential liability throughout the Agreement. (MSA, Limitation of Liability, 9). Most significantly, in a section entitled “Limitation of Liability,” Baidu agreed to a broad waiver of liability related to any termination or disruption of service, business interruption, or unauthorized access to its data. (Id.). Specifically, in language carefully tailored to the domain name registration services, the Agreement made clear that Register cannot be liable, “under any circumstances,” for, inter alia, “termination, suspension, loss, or modification of [Baidu’s] services,” “use of or inability to use the services,” “interruption of business,” “unauthorized access to or alteration of” data transmissions, and “conduct of any third party using [Baidu’s] services.” (Id.). In the provisions of the Agreement related to Baidu’s responsibility to maintain the security of its own user name and password, Baidu further agreed to Register’s disclaimer of liability for any unauthorized use or misuse of its user name or 5 Register uses a mandatory “click-through” process, by which customers must assent to the Agreement before proceeding with initial and renewal registrations. (See Jacobson Decl., Ex. A ¶ 2). The current agreement, dated December 18, 2009, applies to the facts alleged in the Complaint and is the version cited herein, although Baidu first registered the domain “baidu.com” through Register in 1999 and has since that time renewed the registration three times. (Id.; see id., Exs. B (attaching all versions of Register’s Agreement that Baidu assented to throughout Baidu’s business relationship with Register). The portions of the Agreement relevant here are essentially unchanged. The parties’ rights and obligations are governed by New York law pursuant to the Agreement. (MSA, Governing Law, 10). Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 11 of 32 5 passwords.6 (MSA, User Name and Password; Account Manager, 6). Again reflecting the narrow scope of services and limited payment for the services, the liability limitation provisions additionally covered “any other matter relating to [Baidu’s] use of the services.” (MSA, Limitation of Liability, 9). In addition to these contractual limitation of liability provisions, and to provide further immunity against suit by Baidu, the Agreement contained an express and unequivocal limitation of damages that could be theoretically asserted against Register in the event of any alleged failure under the contract or other claim. (Id.). That provision precluded liability for Register for: any indirect, special, incidental, or consequential damages of any kind (including lost profits, goodwill, data, the cost of replacement goods or services, or other intangible losses) regardless of the form of action whether in contract, tort (including negligence), or otherwise, even if Register.com has been advised of the possibility of such damages. (Id.). The Agreement further protected Register under a liquidated damages clause, which capped liability at the total paid for the services, but not greater than $500.7 (Id.). In the Agreement, Baidu also agreed that Register has no independent obligation to it beyond the terms of the parties’ contractual relationship. Specifically, Baidu agreed to accept the services on an “as is” basis. (MSA, Disclaimer of Warranties, 9). In addition, Baidu agreed to Register’s explicit and unequivocal disclaimer of any representation or warranty “that the services will meet [Baidu’s] specific requirements” and “that the services will be uninterrupted, timely, secure, or error-free.” (Id.). Collectively, these provisions (hereinafter referred to as “Contractual Limitations Provisions”) clearly and absolutely bar Baidu from suing or seeking damages from Register under the theories alleged. 6 Baidu further agreed that security was its own responsibility, not Register’s: “You are responsible for maintaining the security of your account, and you are fully responsible for all activities that occur under that account and in connection with your use of the Service(s), and for any other actions taken in connection with a registered domain name.” (MSA, Security, 6). 7 Of note, in exchange for the basic domain registration services, Baidu paid Register rates generally set out on Register’s Web site, specifically an average annual fee of less than $25. (Jacobson Decl. ¶ 3). Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 12 of 32 6 B. The Cyber-Attack On Register And Baidu On January 11, 2010, a cyber-criminal attacked Register, gaining unauthorized access to Baidu’s account and redirecting Internet traffic intended for Baidu’s Web site to an “Iranian Cyber Army” Web site. (Compl. ¶ 22). Web traffic was diverted for around five hours. (Id. ¶ 5). At approximately 5:03 p.m. EST on January 11th, a person claiming to be an agent of Baidu (the “Imposter”) requested a change to Baidu’s administrative e-mail address in a live chat with a Register customer service agent. (Id. ¶ 18). Following company protocol to verify the requester, the agent sent a security code to the e-mail address on file for Baidu and asked the Imposter to “convey the security code back to Defendant via the Internet chat.” (Id.). The Imposter replied by chat, providing a code that was similar but not identical to the one the agent had sent. (Id. ¶ 19). In what is essentially Plaintiffs’ only allegation of negligence, Baidu asserts that Register’s agent “failed to compare the code received from the Imposter to the code Defendant had mailed to Baidu.” (Id.). As a result, the Imposter was able to change the e-mail address of record for Baidu to the Imposter’s own e-mail address, “antiwahabi2008@gmail.com,” which Baidu alleges contains a “highly politically charged message.” (Id. ¶ 20). The Imposter subsequently used the automated “forgot password” utility in order to change the Baidu account password, unlawfully gaining full access to the account. (Id. ¶ 21). The Imposter’s next criminal act was to change the IP address associated with the Baidu domain name to one that pointed Internet users seeking to reach baidu.com to a rogue Web site of the self-proclaimed “Iranian Cyber Army.” (Id. ¶ 22). Although Baidu obviously has no knowledge of the affirmative steps undertaken by Register in the incident’s immediate aftermath, the Complaint does acknowledge many of them, Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 13 of 32 7 including that Baidu’s operations were restored after “approximately five hours” (id. ¶ 5), and that “restoration work” by Register began “two hours after first being contacted by Baidu” (id. ¶ 23).8 C. The Complaint Baidu’s complaint—filed just eight days after the cyber-attack on Register and Baidu and in the context of notable global events9—contains a kitchen-sink list of claims, specifically a contributory infringement claim under the Lanham Act, a breach of contract claim, and an assortment of tort causes of action, including gross negligence/recklessness, tortious conversion, aiding and abetting tortious conversion, aiding and abetting trespass, and breach of duty of bailment. For the reasons detailed below, the Complaint should be dismissed with prejudice under Rule 12(b)(6). STANDARD ON THIS MOTION Rule 12(b)(6) of the Federal Rules of Civil Procedure mandates dismissal of a complaint that fails to state a claim on which relief can be granted. See Fed. R. Civ. P. 12(b)(6). To avoid dismissal, a complaint must plead facts that, when taken as true, “state a claim to relief that is plausible on its face.” Ashcroft v. Iqbal, 129 S. Ct. 1937, 1949 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). As this Court recently explained, “[p]leadings that are no more than conclusions are not entitled to the assumption of truth. Bald contentions, unsupported characterizations, and legal conclusions are not well-pleaded allegations, and will not defeat the motion.” L-7 Designs, Inc. v. 8 Baidu also misleadingly asserts that “[f]ull service was not restored to Baidu and its users for two days” (id. ¶ 24), failing to distinguish between when service was restored such that visitors to baidu.com could use the search engine (which the Complaint admits was “approximately five hours”) and when changes were again allowed to be made to the Baidu account following the removal of a “registry lock” Register implemented as part of its security protocols (which the Complaint correctly notes was two days). 9 The Complaint’s timing and its specific reference to the Imposter’s use of an e-mail address with “the domain name (‘gmail.com’) of a competitor of Baidu” (id. ¶ 20), provide insight into Plaintiffs’ apparent motive here. The Complaint was generated contemporaneously with news concerning Google ceasing its cooperation with Chinese Internet censors and considering shutting down its operations in China altogether. See Miguel Helft, Google’s Threat Would Mean Giving Up a Lucrative Market, N.Y. TIMES, Jan. 13, 2010, p. A3 (Snyder Decl., Ex. E). Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 14 of 32 8 Old Navy, LLC, No. 09 Civ. 1432 (DC), 2010 WL 157494, at *5 (S.D.N.Y. Jan. 19, 2010) (internal quotation marks, citations, and modifications omitted); see also Harris v. Mills, 572 F.3d 66, 72 (2d Cir. 2009) (“Threadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice.”). Further, where a plaintiff relies on a document, but contradicts its clear terms in pleading its case, “the document[] control[s] and this Court need not accept as true the allegations in the [] complaint.” Rapoport v. Asia Elecs. Holding Co., 88 F. Supp. 2d 179, 184 (S.D.N.Y. 2000).10 ARGUMENT I. THE COMPLAINT IS BARRED BY THE CONTRACTUAL LIMITATIONS PROVISIONS A. In Its Agreement With Register, Baidu Agreed To Waive The Very Liability Against Register It Now Asserts Baidu’s entire Complaint is barred by the Contractual Limitations Provisions, to which Baidu agreed when it registered its domain name through Register. Whether proceeding under a contract or tort theory, Baidu is seeking redress under the precise liability theories that it waived. Contractual provisions that “clearly, directly and absolutely” limit liability for “any act or omission” of the service provider are enforceable, “especially when entered into at arm’s length by sophisticated contracting parties.” Kalisch-Jarcho, Inc. v. City of New York, 58 N.Y.2d 377, 384 (1983). Courts presume the validity of—and routinely enforce—such contractual limitations of liability. See, e.g., Indus. Risk Insurers v. Port Auth. of N.Y. and N.J., 387 F. Supp. 2d 299, 307 (S.D.N.Y. 2005) (“[P]arties, especially those of equal bargaining power, should be able to rely upon the general New York rule that enforces contracts for the release of claims of liability.”); Moore v. Microsoft Corp., 293 A.D.2d 587, 587–88 (2d Dep’t 2002) (plaintiff’s deceptive trade 10 In ruling on a motion to dismiss, this Court may properly consider “any written instrument attached to the complaint, statements or documents incorporated into the complaint by reference, legally required public disclosure documents filed with the SEC, and documents possessed by or known to the plaintiff and upon which it relied in bringing the suit, and matters subject to judicial notice.” ATSI Commc’ns, Inc. v. Shaar Fund, Ltd., 493 F.3d 87, 98 (2d Cir. 2007). Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 15 of 32 9 practices claims barred by clear disclaimers, waivers of liability, and limitations of remedies contained in the parties’ click-through agreement). The enforcement of contractual limitations of liability serve an important public policy— permitting parties to contractually limit their liability and allocate business risks according to their business judgment. See, e.g., Metro. Life Ins. Co. v. Noble Lowndes Int’l, Inc., 84 N.Y.2d 430, 436 (1994) (“A limitation on liability provision in a contract represents the parties’ agreement on the allocation of the risk of economic loss in the event that the contemplated transaction is not fully executed, which the courts should honor. . . . Parties sometimes make agreements and expressly provide that they shall not be enforceable at all, by any remedy legal or equitable. They may later regret their assumption of the risks of non-performance in this manner; but the courts let them lie on the bed they made.”). In this case, Baidu accepted the benefit of Register’s services subject to the terms and conditions of the Agreement, including the Contractual Limitations Provisions, which operate to bar the entire Complaint.11 Due to the narrow scope of services offered by Register and Baidu’s minimal payment for those services since 1999, the parties expressly agreed to limit Register’s liability. As detailed above, Baidu agreed to a broad waiver of liability in the Contractual Limitations Provisions. Those provisions explicitly covered “any . . . matter relating to [Baidu’s] use of [Register’s domain name registration] services” (MSA, Limitation of Liability, 9), as well as numerous specific liability limitations related to the services, including a waiver of liability for Register for any termination or disruption of service, interruption of business, unauthorized access to data, or unauthorized use or misuse of user names and passwords (MSA, User Name and 11 The Agreement is a valid and enforceable “click-through” agreement; Baidu was required to review and confirm acceptance of its terms as a condition of receiving services from Register. See Register.com, Inc. v. Verio, Inc., 356 F.3d 393, 401–403 (2d Cir. 2004) (finding prior iteration of the Agreement to be valid “click-through” agreement); Via Viente Taiwan, L.P. v. United Parcel Serv., Inc., No. 4:08-cv-301 (RAS), 2009 WL 398729, at *2 (E.D. Tex. Feb. 17, 2009) (rejecting contention of “sophisticated company which boasts international operations” that it should not be bound by a click-through agreement). Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 16 of 32 10 Password; Account Manager, 6 and Limitation of Liability, 9). These express Contractual Limitations Provisions are addressed particularly to the services Register provided to Baidu and the potential areas of liability that could conceivably arise from that relationship. Indeed, the Contractual Limitations Provisions expressly contemplate and preclude the precise liability theories advanced in Baidu’s Complaint, namely asserted liability for the interruption of Baidu’s service due to the unauthorized access of its account. Metro. Life, 84 N.Y.2d at 436 (plaintiff’s allegations were thus insufficient as a matter of law to overcome limitations of liability entered into by two sophisticated parties and under which plaintiff assumed the risk of events giving rise to alleged damages). Particularly given that the parties here are sophisticated companies, these provisions must be enforced to effectuate their clear purpose.12 See Gen. Elec. Co. v. Varig-S.A., No. 01 Civ. 11600 (RJH) (JCF), 2004 WL 253320, at *4 (S.D.N.Y. Feb. 10, 2004) (where “sophisticated companies” have “bargained for and agreed to [a] limitation of liability provision,” it will be enforced). Thus, these broad and comprehensive Contractual Limitations Provisions bar the entirety of Baidu’s Complaint, which must be dismissed. Alitalia Linee Aeree Italiane, S.p.A. v. Airline Tariff Pub. Co., 580 F. Supp. 2d 285, 295 (S.D.N.Y. 2008) (“[L]imitation of liability provision in the contract between sophisticated commercial entities precludes, as a matter of Virginia [or New York] law, recovery for the lost revenue and profits sought in this action.”); SNS Bank, N.V. v. Citibank, N.A., 7 A.D.3d 352, 355 (1st Dep’t 2004) (affirming dismissal of complaint alleging breach of financial management agreement, which was barred by contract’s exculpatory clause). 12 Indeed, to not enforce the unequivocal exculpatory clause in this commercial relationship could call into question millions of similar provisions that are a basic tenet of e-commerce. Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 17 of 32 11 B. Baidu Cannot Plead Around Its Agreement To Limit Liability For Register By Baldly Asserting Gross Negligence In a transparent effort to avoid the Contractual Limitations Provisions, Baidu asserts that Register acted with gross negligence, but then fails to allege anything but insufficient conclusory allegations. While courts recognize a narrow exception to the enforceability of limitations of liability where a plaintiff can establish gross negligence, the standard required is an exacting one, Colnaghi, U.S.A., Ltd. v. Jewelers Protection Servs., Ltd., 81 N.Y.2d 821, 823–24 (1993), and Baidu cannot satisfy it. Under New York law, “‘gross negligence’ differs in kind, not only degree, from claims of ordinary negligence. It is conduct that evinces a reckless disregard for the rights of others or ‘smacks’ of intentional wrongdoing.” Indus. Risk Insurers, 387 F. Supp. 2d at 306 (quoting Colnaghi, 81 N.Y.2d at 823–24); see also In re Parmalat Sec. Litig., No. 05 Civ. 9934 (LAK), 2010 WL 545964, at *21 (S.D.N.Y. Feb. 17, 2010) (same). Indeed, “[i]f a party needs only to add gross negligence as a theory of liability to force litigation to proceed through discovery and a trial, contracting parties would be stripped of the substantial benefit of their bargain, that is, avoiding the expense of lengthy litigation.” Indus. Risk Insurers, 387 F. Supp. 2d at 307. Accordingly, “[e]ven on a motion to dismiss, a court need not accept as true conclusory allegations that a defendant was grossly negligent or acted willfully, in bad faith or with reckless disregard of its duties.” SNS Bank, 7 A.D.3d at 355.13 13 New York law recognizes a few additional rare circumstances, not pertinent here, where valid contractual limitations of liability might not be enforceable on the basis of public policy. For example, exculpatory clauses are generally not enforceable by a common carrier, public utility, or by a business specifically precluded from such limitations under New York General Obligations Law, such as amusement parks and gymnasiums. See generally, 8 Williston on Contracts § 19.27 (4th ed. 2009); Restatement (Second) of Contracts § 195(2); see also Florence v. Merchants Cent. Alarm Co., Inc., 51 N.Y.2d 793, 795 (1980) (“In this commercial setting, where the language of the limitation is clear, there is no necessity to ‘resort to a magnifying glass and lexicon,’ no governing statute and no special relationship between the parties that would warrant relieving plaintiffs of their contract.”). Such circumstances are plainly not present in this case as Baidu alleges no special relationship or public duty. Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 18 of 32 12 Baidu’s allegations in the Complaint do not come close to pleading gross negligence and Baidu therefore cannot avoid the agreed-upon Contractual Limitations Provisions. In fact, Baidu’s own binding admissions in the Complaint negate any such inference. The relevant gross negligence allegations, assumed true for purposes of this motion only, are that: The Imposter requested a change to Baidu’s administrative e-mail in a live chat with a Register customer service agent. The agent sent an e-mail with a security code to the administrative e-mail address as a means to verify the identity of the requester after the Imposter was unable to verify his identity. (Compl. ¶ 18). The e-mail address the Imposter requested for the change was “antiwahabi2008@gmail.com” (id. at ¶ 19), which contained a political message and its domain was from a competitor of Baidu’s (whereas the original administrative e-mail used the baidu.com domain). (Id. ¶ 20). The Imposter replied to the customer service agent via chat with a security code, although it was not the legitimate security code. The customer service agent mistakenly authorized the request and changed the Baidu administrative address to the one requested by the Imposter. (Id. ¶ 19).14 Register’s online customer service agent “refused” to “help” when someone purportedly representing Baidu asked for assistance and Baidu was unable to reach anyone at Register by telephone. (Id. ¶ 23). Restoration work did not begin for two hours after Register was first contacted and “full service” was not restored for two days. (Id. ¶¶ 23–24). These allegations are self-defeating. As an initial matter, they establish that the events at issue were initiated by a criminal attack and that both Baidu and Register were victims of that attack. It defies logic to infer “intentional wrongdoing” given that Register itself was criminally victimized by the cyber-attacker. Indeed, our research has not identified a single New York case in any area of tort law where gross negligence was found against a defendant who—like Register here—was the victim of the same criminal act that harmed the plaintiff and who—again, like 14 The Complaint asserts further actions by the Imposter, but none that are alleged to result from the purported negligence of Register, specifically: the Imposter used the automated “forgot password” utility which sent a link to the Imposter’s e-mail address allowing the Imposter to change the password on the account (Compl. ¶ 21), and then the Imposter altered the domain name address for Baidu.com, which re-routed traffic to a rogue site, (id. ¶ 22). Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 19 of 32 13 Register here—had no contractual or public duty to guarantee the safety and security of the plaintiff. Beyond this threshold issue, which Baidu ignores, the allegations of the Complaint establish—at most—an inadvertent and isolated mistake by a Register customer service agent, and not the kind of intentional wrongdoing or reckless disregard required to avoid the Contractual Limitations Provisions. When the hyperbole and conclusory buzzwords of the Complaint are stripped away, Baidu’s allegations entirely fail to support gross negligence. The first allegation— that the Imposter could not initially be verified, prompting the Register customer service agent to e-mail a security code (id. ¶ 18)—is obviously not evidence of gross negligence; in fact, it is evidence that Register acted to protect the security of its customer. Common sense confirms that Web site users often forget their user name, password, or “secret question,” and so it is unsurprising that a requester would be unsuccessful at initially verifying his identity. This alleged initial provision of incorrect information by the Imposter to Register, therefore, does not support an inference of gross negligence. The Complaint also focuses on the Imposter’s use of the e-mail address “antiwahabi2008@gmail.com”—which Baidu asserts “convey[s] a highly politically charged message.” (Id. ¶ 20). But for this allegation to suggest gross negligence requires a number of inferential leaps, each of which is nonsensical—and also not pled. The Complaint does not allege that Register’s customer service agent knew what baidu.com was or should somehow have comprehended a political message implicitly conveyed by the words embedded in the e-mail address. Indeed, assuming a political message exists, it is far from obvious, particularly because it is hardly common knowledge that “Wahabi” typically refers to a strict Muslim sect. Baidu also fails to explain why a “gmail” address necessarily implies a non-business purpose for an e-mail account. And, most importantly, the Complaint fails to allege why a Register customer service agent communicating over a chat session should have inferred from any of this that the requester Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 20 of 32 14 was illegitimate. Such bald contentions of gross negligence should not be accepted as true. L-7 Designs, 2010 WL 157494, at *5; SNS Bank, 7 A.D.3d at 355. In terms of the criminal attack, then, Baidu’s allegations boil down to the core of what actually happened here: a customer service agent mistakenly verified a customer by failing to confirm that the correct security code was provided back by the requester. But that is not an allegation of gross negligence; at best, it is simple mistake or ordinary negligence. As such, it is insufficient as a matter of law to establish reckless disregard. Am. Tel. and Teleg. Co. v. The City of New York, 83 F.3d 549, 549 (2d Cir. 1996) (“Under New York law, a mistake or a series of mistakes alone, without a showing of recklessness, is insufficient for a finding of gross recklessness.”) (citing Sommer v. Fed. Signal Corp., 79 N.Y.2d 540, 555 (1992)); Indus. Risk Insurers, 387 F. Supp. 2d at 307 (“Ordinary mistakes or miscalculations in performing a task will not meet [the gross negligence] standard.”). Moreover, by Baidu’s own allegations this mistake violated existing Register “verification procedure” (Compl. ¶18), further confirming a lack of gross negligence on Register’s part. After the attack, the Complaint also claims gross negligence by baldly alleging that Register failed to help remedy the situation. But, once again, Baidu’s own Complaint refutes this allegation by acknowledging that Register began “restoration work” within hours, negating any inference of reckless disregard to Baidu’s rights. In any event, conclusory allegations that Register did not act quickly enough after being informed of the security breach (Compl. ¶¶ 18, 23), are legally inadequate. See Hartford Ins. Co. v. Holmes Protection Group, 250 A.D.2d 526, 528 (1st Dep’t 1998) (“Delayed or inadequate response to an alarm signal, without more, is not gross negligence.”); Consumers Distrib. Co. v. Baker Protective Servs., 202 A.D.2d 327, 327 (1st Dep’t 1994) (finding that employee’s repeated failure to respond to a signal indicating a possible burglary to be ordinary negligence, but not gross negligence). Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 21 of 32 15 Thus, Baidu’s allegations, at the most, plead a single, isolated case of a mistake or ordinary negligence, following a criminal attack. Particularly in the context of the decade-long commercial relationship between the parties, these allegations certainly do not rise to the level of gross negligence or reckless disregard, and are nowhere near the “smacking” of intentional wrongdoing required to avoid the Contractual Limitations Provisions. See Indus. Risk Insurers, 387 F. Supp. 2d at 307; Colnaghi, 81 N.Y.2d at 824–25. As a result, Baidu cannot avoid the parties’ Contractual Limitations Provisions, which must be enforced. The Complaint must therefore be dismissed. II. THE TORT CLAIMS FAIL AS A MATTER OF LAW INDEPENDENT OF THE AGREEMENT A. The Tort Claims Must Be Dismissed As Duplicative Of The Contract Claim Baidu attempts to escape the Contractual Limitations Provisions by pleading five different tort claims, all of which are based on the very same factual allegations as its contract claim. Not only are the blizzard of tort claims barred by the express terms of the Agreement, but they fail as a matter of law for the alternative reason that they are duplicative of Baidu’s breach of contract claim. Counts Three through Seven of the Complaint must therefore be dismissed. As the New York Court of Appeals has explained, a “simple breach of contract is not to be considered a tort unless a legal duty independent of the contract itself has been violated.” Clark- Fitzpatrick, Inc. v. Long Island R.R. Co., 70 N.Y.2d 382, 390 (1987). Such legal duty “must spring from circumstances extraneous to, and not constituting elements of, the contract.” Id. Although Baidu’s Complaint “employ[s] language familiar to tort law,” that “does not, without more, transform a simple breach of contract into a tort claim.” Id.; see also Niagara Mohawk Power Corp. v. Stone & Webster Eng’g Corp., 725 F. Supp. 656, 666 (N.D.N.Y. 1989) (dismissing tort claims and noting “[i]t would appear that the plaintiff is using language familiar to the law of tort when describing the breach of a contract. Such a transmogrification is generally prohibited by the courts of New York”). Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 22 of 32 16 Using buzzwords and conclusory language, Baidu alleges that Register had a duty to (a) “maintain the confidentiality and security of Baidu’s confidential and proprietary information,” (b) “provide continuous service to Baidu, including correctly routing Internet traffic to Baidu’s website,” and (c) “adopt and follow reasonable security measures to ensure the reliability and integrity of [Register’s] services and protect its clients, including Baidu, from vandalism and loss.” (Compl. ¶¶ 40–42).15 But Register had no affirmative duty to do any of these things, separate and apart from what it had contracted to do under the terms of the Agreement, which “was comprehensive, and inconsistent with an independent obligation in tort.” Consol. Edison Co. of N.Y. v. Port Auth. (In re September 11 Litig.), 640 F. Supp. 2d 323, 341 (S.D.N.Y. 2009). Baidu’s “tort claim[s], arising from the same duty to [Baidu] and well-contemplated by the provisions of the [Agreement], [are] redundant and not independently viable.” Id. at 340. Baidu “plead[s] the same acts” by Register and “seek[s] essentially the same relief” for its contract and tort claims. Id. at 339. The tort claims “mention no new events, actors, or circumstances, and concern the same alleged conduct.” Id. at 341. Indeed, Baidu’s tort claims “simply mirror the [contract] claim.” Id. Thus, Register’s alleged failure to meet its obligations under the Agreement cannot serve as the basis for a tort claim. To hold otherwise, and permit Baidu to proceed in tort on the basis of the allegations pled here, would “distort the balance for which the parties bargained.”16 Id. at 340. 15 Each of the Complaint’s other tort claims are premised on the same alleged breach of these alleged obligations, (see Compl. ¶¶ 46, 49, 54–55, 58–60), which, in addition to being implausible and conclusory, are blatantly inaccurate. As an example, Register, as domain registrar for Baidu.com, does not provide the service of “routing Internet traffic to Baidu’s website,” (id. ¶ 41), it merely set up addressing information for the domain name. 16 Baidu’s damages claim is also facially inadequate. Baidu asserts actual damages amounting to “millions of dollars of lost revenue and out-of-pocket costs expended in restoring service to its users.” (Compl. ¶ 6). This general allegation is not sufficient because special damages, such as lost revenue claims, must be alleged with sufficient particularity to identify actual losses and to show that they are causally related to the alleged tortious act. Fine v. Gordon, Kushnick & Gordon, 238 A.D.2d 373, 373 (2d Dep’t 1997). “General allegations of lost sales from unidentified lost customers are insufficient.” DiSanto v. Forsyth, 258 A.D.2d 497, 498 (2d Dep’t 1999). Baidu is not entitled to seek any alleged lost revenue based on such an inadequately-pled damages claim. Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 23 of 32 17 B. The Claim For Gross Negligence Fails To State A Claim Count Three of the Complaint also fails to state a claim. “Gross negligence . . . is conduct that evinces a reckless disregard for the rights of others or smacks of intentional wrongdoing.” Sutton Park Dev. Corp. Trading Co. v. Guerin & Guerin Agency Inc., 297 A.D.2d 430, 431 (3d Dep’t 2002) (internal quotation marks omitted). The standard for stating such a claim is an exacting one, SNS Bank, 7 A.D.3d at 355, and it has not been met here. Stripped of its conclusory allegations, the Complaint is devoid of a single assertion demonstrating that Register acted intentionally or recklessly. At best, Baidu may have pled an inadvertent mistake by Register or simple negligence. See Part I.B., supra. But as explained above, Baidu’s allegations are in no way sufficient to show, and in fact positively refute, any suggestion of gross negligence. See, e.g., Consumers Distrib. Co., 202 A.D.2d at 327. C. No Claim For Tortious Conversion Is Stated Count Four of Baidu’s Complaint—which alleges that Register “wrongfully converted Baidu’s proprietary and confidential account information and electronic records held in safe- keeping by [Register], as well as Baidu’s domain name baidu.com” (Compl. ¶¶ 45–47)— independently fails to state a claim. “A conversion takes place when someone, intentionally and without authority, assumes or exercises control over personal property belonging to someone else, interfering with that person’s right of possession.” Colavito v. N.Y. Organ Donor Network, Inc., 8 N.Y.3d 43, 49–50 (N.Y. 2006). As an initial matter, Baidu is essentially claiming that its domain name was wrongfully converted by virtue of Register allegedly allowing it to be hijacked. But a domain name is not property and therefore a tortious conversion claim cannot stand. Under New York law, “a domain name that is not trademarked or patented is not personal property, but rather a contract right that cannot exist separate and apart from the services performed by a registrar.” Wornow v. Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 24 of 32 18 Register.com, Inc., 8 A.D.3d 59, 59 (1st Dep’t 2004) (collecting authorities). Because a domain name is not property, no claim for conversion can be stated and Count Four should be dismissed. Moreover, nowhere in the Complaint does Baidu plead facts indicating that Register “exercised an unauthorized dominion over [Baidu’s information and records] to the exclusion of the plaintiff’s rights.” Berman v. Sugo LLC, 580 F. Supp. 2d 191, 206 (S.D.N.Y. 2008). This failing brings into stark relief one of the fundamental flaws in the Complaint. Register and Baidu were both victims of the Imposter. The assertion that Register somehow exercised “unauthorized dominion” over Baidu’s information is simply nonsensical; it was the Imposter who interfered with Baidu’s rights. And to the extent this claim may be predicated on the allegation that “Baidu was locked out of its account” (Compl. ¶ 4), or that Register “refus[ed] to return [dominion over Baidu’s account and domain name] to Baidu when requested” (id. ¶ 31), again, no claim for conversion is stated against Register. Register did not re-route Internet traffic to a location of Register’s choosing or display alternative Web content to Internet users who pointed their browsers to Baidu’s Web site. It is the Imposter—not Register—who is alleged in Baidu’s own Complaint to have taken those actions. Further, for the short period that Register might have waited before returning access to Baidu while trying to verify authorized access, no claim for conversion may lie. See Restatement (Second) of Torts, § 240 (“[O]ne in possession of a chattel who is in reasonable doubt as to the right of a claimant to its immediate possession does not become a converter by making a qualified refusal to surrender the chattel to the claimant for the purpose of affording a reasonable opportunity to inquire into such right.”). D. No Claims For Aiding And Abetting Conversion Or Trespass Are Stated In Counts Five and Six—alleging aiding and abetting conversion and trespass—Baidu asserts that Register aided and abetted the Imposter through its alleged gross negligence and Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 25 of 32 19 recklessness, which permitted the Imposter to gain access to Baidu’s account and domain name. (See, e.g., Compl. ¶¶ 49–50, 54–55). These claims, too, fail. An aiding and abetting claim requires a plaintiff to plead “(1) the existence of a primary violation; (2) knowledge of this violation on the part of the aider and abettor; and (3) substantial assistance by the aider and abettor in the achievement of the primary violation.” Calcutti v. SBU, Inc., 273 F. Supp. 2d 488, 493 (S.D.N.Y. 2003); Rizer v. Breen, No. 601676/05 (JSC), 2007 WL 4378149, at *7 (Sup. Ct. N.Y. County Jan. 29, 2007). Baidu’s claims fail on all three grounds. First, an aiding and abetting of trespass or conversion claim requires the existence of personal property for there to be a primary violation. See N.Y. Pattern Jury Instr. Civil - 3:9 (trespass involves “intentionally physically interfer[ing] with the use and enjoyment of personal property in the possession of another . . . .”) (emphasis added); Colavito, 8 N.Y.3d at 49–50 (conversion requires unauthorized control over personal property). Because a domain name does not constitute personal property, Wornow, 8 A.D.3d at 59, this cause of action does not allege a primary violation. Where no underlying breach is adequately pled, no claim for aiding and abetting may proceed. See Watts v. Jackson Hewitt Tax Serv., No. 06-CV-6042 (DLI), 2009 WL 3817668, at *5 (E.D.N.Y. Nov. 13, 2009) (dismissing aiding and abetting counterclaim because “[a] prerequisite to an aiding and abetting claim . . . is an adequately pled claim for the underlying breach” of duty). Second, there can be no credible argument that Register had actual knowledge of the criminal activity.17 And there is no allegation that Register acted to further the Imposter’s wrongdoing at any point, much less after it was made aware of it. In fact, the opposite is set out in 17 Actual knowledge by the defendant of an underlying breach is a mandatory element of an aiding and abetting claim. See Dangerfield v. Merrill Lynch, Pierce, Fenner & Smith, Inc., No. 02 Civ. 2561 (KMW), 2006 WL 335357, at *15 (S.D.N.Y. Feb. 15, 2006) (“New York has not adopted a constructive knowledge standard for imposing aiding and abetting liability. Thus, New York law requires actual knowledge of the wrongful conduct.”) (internal quotations and citations omitted). Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 26 of 32 20 Baidu’s own allegations. (See Compl. ¶ 23 (Register “beg[an] restoration work . . . two hours after first being contacted by Baidu.”)). Third, Baidu cannot establish “substantial assistance” because “substantial assistance may only be found where the alleged aider and abettor affirmatively assists, helps conceal or fails to act when required to do so,” In re Sharp Int’l Corp. v. State Street Bank & Trust Co., 403 F.3d 43, 50 (2d Cir. 2005) (internal quotation marks omitted), which is not—and cannot—be pled here. Moreover, the mere conclusions Baidu offers in trying to plead substantial assistance (see Compl. ¶ 55), are patently inadequate. See Abu Dhabi Commercial Bank v. Morgan Stanley & Co. Inc., 651 F. Supp. 2d 155, 173–74 (S.D.N.Y. 2009) (“For claims of aiding and abetting to survive a motion to dismiss, they must be pled with some level of specificity and may not consist solely of a broad, conclusory, repetition of the elements of aiding and abetting.”). Far from establishing substantial assistance, the Complaint’s allegations show that Register affirmatively worked to screen out unauthorized users (see Compl. ¶ 18 (referring to “Defendant’s verification procedure”)), and that Register was working to restore Baidu’s access to the domain within hours of the criminal attack (see id. ¶ 23). Register’s measured response—even as Baidu pleads it—demonstrates its vigilance in ensuring that a sensitive matter was handled effectively and reasonably. E. No Claim For Breach Of The Duty Of Bailment Is Stated Count Seven of the Complaint—alleging breach of duty of bailment—must also be dismissed. A claim for violating a duty of bailment requires the “delivery” or “deposit” of “personal property” in the care of another. Morgan Stanley & Co. v. JP Morgan Chase Bank, N.A., 645 F. Supp. 2d 248, 256 (S.D.N.Y. 2009) (internal quotation marks omitted). As domain names do not constitute personal property, Wornow, 8 A.D.3d at 59, no bailment relationship was created between Baidu and Register. Further, the parties’ Agreement explicitly disavowed the existence of any exclusive right on Baidu’s part to the domain name and made all of Baidu’s rights subject to the terms of the Agreement, including its Contractual Limitations Provisions. (See Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 27 of 32 21 MSA, at Introduction). Without an exclusive right in the first instance, no bailment relationship could have arisen between Baidu and Register, and no claim for breach is therefore pled here. Colangione v. State, 187 A.D.2d 844, 846 (3d Dep’t 1992) (bailment requires “the exclusive possession, control and dominion over the [property]”). III. THE COMPLAINT FAILS TO STATE A CLAIM FOR CONTRIBUTORY TRADEMARK INFRINGEMENT In a desperate effort to find a viable cause of action, Baidu has brought a claim under the Lanham Act. Specifically, Baidu alleges that the Imposter’s improper “use” of Baidu’s trademark, “Baidu,” contained in the domain name baidu.com, “for the purpose of confusing Baidu’s users— and redirecting them to the Imposter’s rogue website—constituted infringement of Baidu’s trademark in violation of the Lanham Act.”18 (Compl. ¶ 28). Baidu alleges that Register’s actions contributed to this infringement. (Id. ¶¶ 29–31). Baidu is attempting to fit a square peg into a round hole. The Lanham Act has no application here. Baidu cannot establish a contributory infringement claim against a domain name registrar like Register, or even a case of direct infringement against the Imposter. This is all the more the case where, as here, Register—far from being complicit in, or even aware of, the Imposter’s criminal conduct—was itself an innocent victim of the Imposter. A. Register Is Statutorily Immune From Baidu’s Lanham Act Claim As an initial matter, Baidu’s Lanham Act claim is expressly prohibited by Register’s statutory immunity. The Lanham Act explicitly exempts domain name registrars such as Register from liability for trademark infringement related to the registration of domain names such as Baidu’s: A domain name registrar, a domain name registry, or other domain name registration authority shall not be liable for damages under this section for the 18 Baidu’s Complaint alleges a violation of 15 U.S.C. § 1114(a)(1), which does not exist. Register assumes that Baidu intended to reference 15 U.S.C. § 1114(1)(a). Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 28 of 32 22 registration or maintenance of a domain name for another absent a showing of bad faith intent to profit from such registration or maintenance of the domain name. 15 U.S.C. § 1114(2)(D)(iii).19 Baidu does not—and cannot—allege any bad faith intent by Register to profit from the Imposter’s illicit activities. Baidu has not pled that Register used Baidu’s trademark to generate revenue improperly. Cf. Philbrick v. eNom, Inc., 593 F. Supp. 2d 352, 366 (D.N.H. 2009) (bad faith intent to profit may exist where registrar “transferred domain names to its own account, ‘parked’ them by associating them with web pages, including links, and earned revenue based on visitors’ clicking on those links”). And Baidu has not pled that Register’s general business practices involved registering infringing domain names. Cf. Transamerica Corp. v. Moniker Online Servs., No. 09-60973-CIV(CMA), 2009 WL 4715853, at *11 (S.D. Fla. Dec. 4, 2009) (bad faith intent to profit adequately pled where registrar alleged to have registered infringing domain names at least eleven times while on notice). Having failed to plead any facts demonstrating bad faith intent by Register to profit from the Imposter’s illicit and criminal acts, Baidu’s contributory infringement claim is expressly precluded by the Lanham Act, and must be dismissed. B. The Complaint Fails To Allege Contributory Trademark Infringement By Register Even if Baidu could escape the effect of the immunity granted by the Lanham Act for domain name registrars, the Complaint fails to state a claim for contributory trademark infringement. Such infringement occurs where “a manufacturer or distributor intentionally induces another to infringe a trademark, or . . . continues to supply its product to one whom it knows or has reason to know is engaging in trademark infringement.” Inwood Labs., Inc. v. Ives Labs., Inc., 456 19 Domain registrar immunity under the Lanham Act was enacted to “promote[] the continued ease and efficiency users of the current registration system enjoy by codifying current case law limiting the secondary liability of domain name registrars and registries for the act of registration of a domain name.” S. Rep. No. 106-140, at 11 (1999) (citing Panavision Int’l v. Toeppen, 141 F.3d 1316, 1319 (9th Cir. 1998); Lockheed Martin Corp. v. Networks Solutions, Inc., 985 F. Supp. 949 (C.D. Cal. 1997); Academy of Motion Picture Arts and Sci. v. Network Solutions, Inc., 989 F. Supp. 1276 (C.D. Cal. 1997)); see also 4 McCarthy on Trademarks and Unfair Competition § 25:73.40 (4th ed. 2010). Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 29 of 32 23 U.S. 844, 854 (1982). Since there is no allegation that Register intentionally induced the Imposter, Baidu’s Lanham Act claim survives only if it can demonstrate that Register continued to supply a product when it knew or had reason to know that the Imposter was engaging in trademark infringement. Baidu does not meet this hurdle, and its Lanham Act claim therefore fails for this additional reason. In the first instance, a service provider like Register can be held liable for contributory infringement only where the provider has “exercised ‘direct control and monitoring’ over those who infringed the plaintiff’s mark.” Tiffany, Inc. v. eBay, Inc., 576 F. Supp. 2d 463, 505 (S.D.N.Y. 2008) (quoting Lockheed Martin Corp. v. Network Solutions, Inc., 194 F.3d 980, 984–85 (9th Cir. 1999)). Here, Register could not have exercised direct control and monitoring of the Imposter’s alleged use of Baidu’s trademark, notwithstanding Plaintiffs’ conclusory allegations to the contrary (see Compl. ¶ 31). Domain name registrars act largely as technical coordinators, putting the name of a domain together with numerical IP addresses. Lockheed Martin, 194 F.3d at 984. A domain name registrar’s “rote translation service does not entail the kind of direct control and monitoring required to justify an extension of the ‘supplies a product’ requirement.” Id. Register cannot be liable for contributory trademark infringement any more than a mailman could be said to have contributed to mail fraud. See Size, Inc. v. Network Solutions, Inc., 255 F. Supp. 2d 568, 573 (E.D. Va. 2003) (“[Domain name registrar’s] function is more equivalent to the passive messenger service provided by the United States Postal Service than to the more interactive role of a flea- market operator who has a significant degree of control over the activities of its clients.”). In any event, Baidu has not satisfied its “high burden” of establishing knowledge by Register of the alleged direct infringement. See Tiffany, 576 F. Supp. 2d at 508, 510 n.37. Baidu cannot plausibly assert that Register had actual knowledge of the Imposter’s criminal activities when Register was itself a victim of this cyber-attacker. Nor can Baidu demonstrate constructive knowledge or willful blindness. As discussed in Part I.B., supra, none of the alleged negligent acts Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 30 of 32 24 or omissions that Baidu cites in its Complaint could be deemed sufficient to have put Register on notice of the Imposter’s criminal intentions. Baidu’s conclusory allegations of “willful blindness” and “constructive knowledge” are just that—unsubstantiated speculation not supported by a single factual allegation and, in fact, contradicted by Baidu’s own allegations about the security measures Register did take. At most, Baidu alleged a mistake on Register’s part. But “willful blindness requires ‘more than mere negligence or mistake,’” and instead requires that “a person [] suspect wrongdoing and deliberately fail to investigate” it. Tiffany, 576 F. Supp. 2d at 513, 515 (quoting Nike, Inc. v. Variety Wholesalers, Inc., 274 F. Supp. 2d 1352, 1370 (S.D. Ga. 2003)). Again, Baidu itself pleads the opposite, thus refuting its own claim.20 C. The Complaint Fails To Allege A Direct Violation Of The Lanham Act By The Imposter Baidu’s Lanham Act claim fails for the additional reason that the Complaint has not established—and indeed cannot establish—a direct infringement of Baidu’s trademark by the Imposter. The Lanham Act requires that the alleged infringer (here, the Imposter) use the trademark “in commerce,” “in connection with the sale or advertising of goods or services,” and in a way that is “likely to cause confusion.” 15 U.S.C. § 1114(1). Nowhere on the Imposter’s Web site was there any mention of Baidu or any of its trademarks. Indeed, the Imposter’s site had nothing to do with Baidu or its trademarks, and no credible argument can be made that the Imposter used Baidu’s trademark to sell or market anything—and Plaintiffs nowhere make such a claim. The Imposter’s Web site displayed a political message and nothing more. Nor can Baidu plausibly argue that the Imposter’s Web site, which proclaimed “This site has been hacked by the Iranian Cyber Army,” could possibly confuse users as to the source or sponsorship of the site. See Bosley Med. Inst., Inc. v. Kremer, 403 F.3d 20 On a fundamental level, Baidu’s Lanham Act claim is not sustainable because it puts forth a novel—and almost nonsensical—argument that a domain name registrar that is itself the victim of a cyber-attack can be held liable for contributory trademark infringement. This argument is not supported by any legal precedent. Indeed, the law (and logic) militate against using the Lanham Act in cases such as this. Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 31 of 32 Case 1:10-cv-00444-DC Document 15 Filed 03/16/10 Page 32 of 32