“Cybersquatting” registrar OpenTLD, part of the Freenom group, has had its accreditation un-suspended by ICANN while the two parties slug it out in arbitration.
Filed three weeks ago by OpenTLD, it’s the first complaint to head to arbitration about under the 2013 Registrar Accreditation Agreement.
ICANN suspended the registrar for 90 days in late June, claiming that it “engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party”.
But OpenTLD filed its arbitration claim day before the suspension was due to come in to effect, demanding a stay.
ICANN — voluntarily, it seems — put the suspension on hold pending the outcome of the case.
The suspension came about due to OpenTLD being found guilty of cybersquatting its competitors in two UDRP cases.
In both cases, the UDRP panel found that the company had cybersquatted the trademarks of rival registrars in an attempt to entice their resellers over to its platform.
But OpenTLD claims that ICANN rushed to suspend it without giving it a chance to put forward its side of the story and without informing it of the breach.
It further claims that the suspension is “disproportionate and unprecedented” and that the public interest would not be served for the suspension to be upheld.
This is not an Independent Review Process proceeding, so things are expected to move forward relatively quickly.
The arbitration panel expects to hear arguments by phone August 14 and rule one way or the other by August 24.
Read the OpenTLD complaint here.
Former Spice Girl Victoria Beckham has used UDRP to take down a porn site bearing her name.
victoria-beckham.biz was owned by a Ukrainian, who had set up a site “at which adult and/or pornographic images and services are offered”, according to the UDRP panelist.
It was pretty much a slam-dunk case.
While not all celebrities own trademarks on their names, Beckham does. The squatter, who registered the name in December 2014, did not even attempt a response.
Based on archived screenshots and Whois records, it looks like victoria-beckham.biz has been around as a rather harmless fan site since about 2006.
It was only after the domain expired late last year and was re-registered did it become a porn site, attracting the attention of Beckham’s lawyers.
If you register a .sucks domain matching a brand, could you survive a subsequent UDRP complaint? Opinion is mixed.
In my view, how UDRP treats .sucks registrants will be a crucial test of Vox Populi Registry’s business model.
Vox Populi Registry clearly envisages — and is actively encouraging with its policies — genuine critics, commentators and consumer advocates to register .sucks domains that match famous trademarks.
I really like this idea. Power to the people and all that.
But will UDRP panelists agree with me and Vox Pop? Cybersquatting case law under UDRP says, very firmly: “It depends.”
Statistics generally favor mark owners
To date, there have been exactly 100 resolved UDRP complaints against domains that end in “sucks.com”.
Of those, 47 cases ended up with a full transfer of the domain to the trademark owner. Only 30 resulted in a the complaint being denied.
Another 19 cases were withdrawn or terminated; the remainder were split decisions.
So it seems, based on historical “sucks” cases, that the odds favor trademark owners.
But each case is, theoretically at least, judged on its merits. So it does not necessarily hold that most .sucks UDRP complaints will be successful.
What does WIPO say?
The World Intellectual Property Association, which administers most UDRP cases, published a set of guidelines for its panelists.
Some guidelines specifically addresses “sucks” sites, but the advice is not always clear-cut.
There are three elements to UDRP. First, the complainant must show that the domain name in question is identical or confusingly similar to its trademark.
According to WIPO, it’s the “consensus view” of UDRP panelists that adding “sucks” to a trademark at the second level does NOT stop a domain being confusiningly similar. WIPO says:
Generally, a domain name consisting of a trademark and a negative or pejorative term (such as [trademark]sucks.com) would be considered confusingly similar to the complainant’s trademark for the purpose of satisfying the standing requirement under the first element of the UDRP (with the merits of such cases typically falling to be decided under subsequent elements). Panels have recognized that inclusion of a subsidiary word to the dominant feature of a mark at issue typically does not serve to obviate confusion for purposes of the UDRP’s first element threshold requirement, and/or that there may be a particular risk of confusion among Internet users whose first language is not the language of the domain name
Some panels have disagreed with this prevailing view, however.
It remains to be seen whether moving the string “sucks” to the right of the dot would affect the outcome, but it’s established UDRP case law that the dot in a domain can be pretty much ignored when testing for similarity.
The TLD a domain uses can be taken into account if it’s relevant or disregarded if it is not, according to precedent.
The second test under UDRP is whether the registrant of the domain has legitimate rights or interests.
Panelists disagree on this point. WIPO says:
The right to criticize does not necessarily extend to registering and using a domain name that is identical or confusingly similar to the complainant’s trademark. That is especially the case if the respondent is using the trademark alone as the domain name (i.e., [trademark.tld]) as that may be understood by Internet users as impersonating the trademark owner.
That view would seem to apply specifically to the use cases Vox Pop has in mind — the registry wants critics to own [trademark].sucks domains in order to criticize the trademark owner.
Respondents’ can very well achieve their objective of criticism by adopting a domain name that is not identical or substantially similar to Complainants’ marks. Given the free nature of the media which is the Internet and the chaotic spamming that has become epidemic, it does not appear that one can be at full liberty to use someone else’s trade name or trademark by simply claiming the right to exercise a right to freedom of expression”.
In other words: you may have a right to free speech on the internet, but you do not have the right to exercise it simply by adding “sucks” to a famous trademark.
But other UDRP panelists have disagreed. WIPO says that some panelists have found:
Irrespective of whether the domain name as such connotes criticism, the respondent has a legitimate interest in using the trademark as part of the domain name of a criticism site if such use is fair and noncommercial.
The third element of UDRP is bad faith. Complainants have to show that the registrant is up to something dodgy.
Some panelists have a pretty low threshold for what constitutes bad faith. Merely having the page parked — even if you did not park it yourself — can point to bad faith, especially in “sucks” cases.
WIPO says that “tarnishment” of a trademark — such as posting porn, which is banned under Vox Pop’s AUP anyway — can be bad faith, but legitimate criticism would not usually:
While it would not normally extend to the mere posting of information about a complainant, or to the posting of genuine, non-commercial criticism regarding the trademark holder, it may extend to commercially motivated criticism by (or likely on behalf of) a competitor of such trademark holder.
So, with all that in mind, here are some tips for improving your odds of surviving a .sucks UDRP.
How to beat a .sucks UDRP
Poring over dozens of “sucks.com” decisions, it quickly becomes clear that there are certain things you should definitely do and not do if you want to keep a hold of your brand-match .sucks domain.
Given the volume of precedent, you’ll have a hard time showing that your domain is not identical or confusingly similar to the trademark in question — strike one — but there are ways to show legitimate interests and rebut claims of bad faith.
To show you lack legitimate interests, the complainant only needs to make a face-value argument that you do not. Then the burden of proof to show rights switches to you.
If you don’t respond to the UDRP, the panel will find you lack rights. Panelists rarely try to fight the corner of a registrant who has not responded.
That’s strike two.
2. Don’t allow your domain to be parked
If a domain is parked, UDRP panelists in “sucks.com” cases invariably find that the registrant lacks legitimate interests and has shown bad faith.
Parking is considered a commercial activity, so you won’t be able to argue convincingly that you’re exercising your right to non-commercial free speech if your domain is splashed with links to the trademark owner’s competitors.
This holds true even if the domain was automatically parked by your registrar.
Dozens (hundreds?) of UDRP cases have been lost because Go Daddy parked the newly registered domain automatically, enabling the complainant to show commercial use.
Panelists are usually happy to overlook the lack of direct bad faith action by the registrant in such cases.
Parking will usually lead to strikes two and three.
In the case of .sucks, parking is actually banned by Vox Populi’s acceptable use policies (pdf).
But the registry will only enforce this policy if it receives a complaint. I don’t know if the Registry-Registrar Agreement, which isn’t public, prohibits registrars auto-parking new domains.
3. Develop a site as soon as possible
In some “sucks.com” cases, respondents have argued that they had intended to put up a criticism site, but could not provide evidence to back up the claims.
If you register a .sucks matching a trademark, you’ll want to put up some kind of site ASAP.
In the case of kohlersucks.com, the registrant had merely framed a Better Business Bureau web page, which was found to show non-commercial criticism use.
4. Don’t offer to sell the domain
It should go without saying that offering to sell the domain to the trademark owner shows bad faith; it looks like extortion.
Panelists regularly also find that registrants give up their legitimate rights to a domain as soon as they make it available to buy.
5. Don’t make any money whatsoever
The second you start making money from a domain that matches a trademark, you’re venturing into the territory of commercial use and are much more likely to fail the WIPO test of “genuine, non-commercial criticism”.
6. Be American
Depressingly, you stand a better chance of fighting off a UDRP on free speech grounds if both the case involves US-based parties and a US-based panelist.
Panelists are more likely to draw on the US Constitution’s First Amendment and associated non-UDRP case law when determining rights or legitimate interests, when the registrant is American.
Merely registering with a US-based registrar is not enough to confer First Amendment rights to a registrant living outside of the US, according to UDRP panels.
Even though freedom of speech is a right in most of the world, in the universe of UDRP it seems the rest of us are second-class citizens compared to the yanks.
It will soon be much harder for cybersquatters to take flight to another registrar when they’re hit with a UDRP complaint.
From July 31 next year, all ICANN-accredited registrars will be contractually obliged to lock domain names that are subject to a UDRP and trademark owners will no longer have to tip off the registrant they’re targeting.
Many major registrars lock domain names under UDRP review already, but there’s no uniformity across the industry, either in terms of what a lock entails or when it is implemented. Under the amended UDRP policy, a “lock” is now defined as:
a set of measures that a registrar applies to a domain name, which prevents at a minimum any modification to the registrant and registrar information by the Respondent, but does not affect the resolution of the domain name or the renewal of the domain name.
Registrars will have two business days from the time they’re notified about the UDRP to put the lock in place.
Before the lock is active, the registrants themselves will not be aware they’ve been targeted by a complaint — registrars are banned from telling them and complainants no longer have to send them a copy of the complaint.
If the complaint is dismissed or withdrawn, registrars have one business day to remove the lock.
Because these change reduce the 20-day response window, registrants will be able to request an additional four calendar days (to account for weekends, I assume) to file their responses and the request will be automatically granted by the UDRP provider.
The new policy was brought in to stop “cyberflight”, a relatively rare tactic whereby cybersquatters transfer their domains to a new registrar to avoid losing their domains.
The policy was approved by the Generic Names Supporting Organization in August last year and approved by the ICANN board a month later. Since then, ICANN staff has been working on implementation.
The time from the first GNSO preliminary issue report (May 27, 2011) to full implementation of the policy (July 31, 2015) will be 1,526 days.
You can read a redlined version of the UDRP rules here (pdf).
Clear-cut cases of cybersquatting seem to be among those .xyz domain names that Network Solutions has registered to its customers without their explicit request.
Some of the domains I’ve found registered in .xyz, via NetSol to the registrants of the matching .com or .net names, include my-twitter.xyz, facebook-liker.xyz and googledia.xyz.
They’re all registered via NetSol’s Whois privacy service, which lists the registrant’s “real” name in the Whois record, but substitutes mailing address, email and phone number with NetSol-operated proxies.
I think the chance of these names being paid for by the registrant is slim. It seems probable that many (if not all) of the squatty-looking names were registered via NetSol’s promotional program for .xyz.
As previously reported, NetSol has been giving away domain names in .xyz to owners of the matching .com names. Tens of thousands of .xyz names seem to have been registered this way in the last week.
The “registrants” did not have to explicitly accept the offer. Instead, NetSol gave them the option to “opt-out” of having the name registered on their behalf and placed into their accounts.
But it’s not clear how much, if any, support NetSol has received from the registry, XYZ.com. CEO Daniel Negari told Rick Schwartz, in a coy interview last week:
The Registry Operator is unable to “give away” free domain names. I never even saw the email that the registrar sent to its customers until I discovered it on the blogs.
The opt-out giveaway has also prompted speculation about NetSol’s right to register domains without the explicit consent of the registrant, both under the law and under ICANN contract.
Under the Registrar Accreditation Agreement, in order to register a domain name, registrars “shall require” the registrant “to enter into an electronic or paper registration agreement”.
That agreement requires the registrant to agree to, among many other things, the transfer or suspension of their domains if (for example) they lose a UDRP or URS case.
But that doesn’t seem to be happening with the opt-out names,
Barry Shein, president of The World, had shein.xyz registered on his behalf by NetSol on Saturday. He already owns shein.com, also registered with NetSol.
NetSol’s email informing him of the registration, which Shein forwarded to DI, reads as follows:
Dear Valued Network Solutions Customer,
Congratulations, your complimentary SHEIN.XYZ domain has arrived!
Your new .XYZ domain is now available in your Network Solutions account and ready to use. To go along with your new .XYZ domain, you have also received complimentary access to Professional Email and Private Registration for your .XYZ domain.
If you choose not to use this domain no action is needed and you will not be charged any fees in the future. Should you decide to keep the domain after your complementary first year, simply renew it like any other domain in your account.
We appreciate your business and look forward to serving you again.
Network Solutions Customer Support
Importantly, a footnote goes on to describe how NetSol will take a refusal to opt out as “continued acceptance” of its registration agreement:
Please note that your use of this .XYZ domain name and/or your refusal to decline the domain shall indicate acceptance of the domain into your account, your continued acceptance of our Service Agreement located online at http://www.networksolutions.com/legal/static-service-agreement.jsp, and its application to the domain.
So, if you’re a NetSol customer who was picked to receive a free .xyz name but for whatever reason you don’t read every marketing email your registrar sends you (who does?) you’ve agreed to the registration agreement without your knowledge or explicit consent, at least according to NetSol.
I am not a lawyer, but I’ve studied enough law to know that this is a dubious way to make a contract. Lawyers I’ve shown this disclaimer to have laughed out loud.
Of course, because each registrant already owns a matching .com, they’ve already accepted NetSol’s registration agreement and terms of service at least once before.
This may allow NetSol to argue that the initial acceptance of the contract also applies to the new .xyz domains.
But there are differences between .com and .xyz.
Chiefly, as a new gTLD, .xyz registrants are subject to policies that do not apply to .com, such as the Uniform Rapid Suspension policy.
URS differs from UDRP in that there’s a “loser pays” model that applies to complaints involving over 15 domains.
So these .xyz registrants have been opted into a policy that could leave them out of pocket, without their explicit consent.
Of course, we’re talking about people who seem to be infringing famous trademarks in their existing .com names, so who gives a damn, right?
But it does raise some interesting questions.
Who’s the registrant here? Is it the person who owns the .com, or is it NetSol? NetSol is the proxy service, but the .com registrant’s name is listed in the Whois.
Who’s liable for cybersquatting here? Who would Twitter file a UDRP or URS against over my-twitter.xyz? Who would it sue, if it decided to opt for the courts instead?