First new gTLD cybersquatting case goes to IBM

IBM has won the first Uniform Rapid Suspension case to be filed against a new gTLD domain name.
National Arbitration Forum panelist Darryl Wilson handed down the perfunctory decision February 12, just seven days after IBM complained about ibm.ventures and ibm.guru.
Both domains have now been suspended, redirecting to a placeholder web site which states:

This Site is Suspended
The Domain Name you’ve entered is not available. It has been taken down as a result of dispute resolution proceedings pursuant to the Uniform Rapid Suspension System (URS) Procedure and Rules.
For more information relating to the URS, please visit: http://newgtlds.icann.org/en/applicants/urs

It was a slam dunk case, as you might imagine — the URS is designed to handle slam-dunk cases.
The registrant, who we estimate spent $2,500 on the two names, did not do himself any favors by redirecting both names to IBM’s .com site.
As we and Wilson both noted, this showed that he’d registered the names with IBM in mind.
IBM’s mark is included in the Trademark Clearinghouse, so the registrant will have been given a warning at the point of registration that he may be about to infringe someone’s IP rights.
Since the names were registered IBM, we’re told, has purchased a Domain Protected Marks List block from the registry, Donuts, which will prevent the names being re-registered when they expire.

ICANN reveals gTLD objections appeals process

Two new gTLD applicants would get the opportunity to formally appeal String Confusion Objection decisions that went against them, under plans laid out by ICANN today.
DERCars and United TLD (Rightside), which lost SCOs for their .cars and .cam applications respectively, would be the only parties able to appeal “inconsistent” objection rulings.
DERCars was told that its .cars was too similar to Google’s .car, forcing the two bids into a contention set. But Google lost similar SCO cases against two other .cars applicants.
Likewise, Rightside’s .cam application was killed off by a Verisign SCO that stated .cam and .com were too similar, despite two other .cam applicants prevailing in virtually identical cases.
Now ICANN plans to give both losing applicants the right to appeal these decisions to a three-person panel of “Last Resort” operated by the International Centre for Dispute Resolution.
ICDR was the body overseeing the original SCO process too.
Notably, ICANN’s new plan would not give Verisign and Google the right to appeal the two .cars/.cam cases they lost.

Only the applicant for the application that was objected to in the underlying SCO and lost (“Losing Applicant”) would have the option of whether to have the Expert Determination from that SCO reviewed.

There seems to be a presumption by ICANN already that what you might call the “minority” decision — ie, the one decision that disagreed with the other two — was the inconsistent one.
I wonder if that’s fair on Verisign.
Verisign lost two .cam SCO cases but won one, and only the one it won is open for appeal. But the two cases it lost were both decided by the same ICDR panelist, Murray Lorne Smith, on the same grounds. The decisions on .cam were really more 50-50 than they look.
According to the ICANN plan, there are two ways an appeal could go: the panel could decide that the original ruling should be reversed, or not. The standard of the review is:

Could the Expert Panel have reasonably come to the decision reached on the underlying SCO through an appropriate application of the standard of review as set forth in the Applicant Guidebook and procedural rules?

The appeals panelists would basically be asked to decide whether the original panelists are competent or not.
If the rulings were not reversed, the inconsistency would remain in place, making the contention sets for .car, .cars and .cam stay rather confusing.
ICANN said it would pay the appeals panel’s costs.
The plan (pdf) is now open for public comment.

EU guns for ICANN’s relationship with US

The European Union has made ICANN’s close relationship with the US one of the targets of a new platform on internet governance.
In a new communication on internet governance (pdf), the European Commission said it will “work with all stakeholders” to:

– identify how to globalise the IANA functions, whilst safeguarding the continued stability and security of the domain-name system;
– establish a clear timeline for the globalisation of ICANN, including its Affirmation of Commitments.

The policy is being characterized as being prompted by former NSA contractor Edward Snowden’s revelations about widespread US spying on internet users.
EC vice president Neelie Kroes issued a press release announcing the policy, saying:

Recent revelations of large-scale surveillance have called into question the stewardship of the US when it comes to Internet Governance. So given the US-centric model of Internet Governance currently in place, it is necessary to broker a smooth transition to a more global model while at the same time protecting the underlying values of open multi-stakeholder governance of the Internet.

Despite this, the document does not contain any allegations that link ICANN to spying, or indeed any justification for the logical leap from Snowden to domain names.
The EU position is not dissimilar to ICANN’s own. Last October CEO Fadi Chehade used Snowden as an excuse to talk about putting ICANN’s relationship with the US back in the spotlight.
As I noted at the time, it all looks very opportunistic.
Internationalizing ICANN is of course a noble objective — and one that has been envisaged since ICANN’s very creation 15 years ago — but what would it look like it practice?
I’d be very surprised if what the Commission has in mind isn’t a scenario in which the Commission always gets what it wants, even if other stakeholders disagree with it.
Right now, the Commission is demanding that ICANN rejects applications for .wine and .vin new gTLDs unless applicants agree to new rights protection mechanisms for geographic indicators such as “Champagne”.
That’s something that ICANN’s Governmental Advisory Committee could not reach consensus on, yet the EU wants ICANN to act based on its unilateral (insofar as the EU could be seen as a single entity) advice.
The new EC policy document makes lots of noise about its support for the “multi-stakeholder process”, but with hints that it might not be the “multi-equal-stakeholder process” championed by Chehade.
For example, it states on the one hand:

Those responsible for an inclusive process must make a reasonable effort to reach out to all parties impacted by a given topic, and offer fair and affordable opportunities to participate and contribute to all key stages of decision making, while avoiding capture of the process by any dominant stakeholder or vested interests.

That sounds fair enough, but the document immediately goes on to state:

the fact that a process is claimed to be multistakeholder does not per se guarantee outcomes that are widely seen to be legitimate
…
it should be recognised that different stages of decision making processes each have their own requirements and may involve different sets of stakeholders.
…
Sound multistakeholder processes remain essential for the future governance of the Internet. At the same time, they should not affect the ability of public authorities, deriving their powers and legitimacy from democratic processes, to fulfil their public policy responsibilities where those are compatible with universal human rights. This includes their right to intervene with regulation where required.

With that in mind, what would an “internationalized” IANA look like, if the European Commission gets its way?
Right now, IANA may be contractually tethered to the US Department of Commerce, but in practice Commerce has never refused to delegate a TLD (even when Kroes asked it to delay .xxx).
Compare that to Kroes statement last September that “under no circumstance can we agree having .wine and .vin on the internet, without sufficient safeguards”.
Today’s policy news from the EC looks fine at a high level, but in light of what the EC actually seems to want to achieve in practical terms, it looks more like an attempt at a power grab.

Conflicting gTLD objection decisions to get appeals process?

ICANN seems to be considering an appeals process for new gTLD applicants that feel they’ve been wronged by dubious String Confusion Objection decisions.
But the process might be limited to applicants for .car, .cars and .cam.
In a resolution this Wednesday, ICANN’s New gTLD Program Committee said:

the NGPC is considering potential paths forward to address the perceived inconsistent Expert Determinations from the New gTLD Program String Confusion Objections process, including implementing a review mechanism. The review will be limited to the String Confusion Objection Expert Determinations for .CAR/.CARS and .CAM/.COM.

Why only those strings? I’m guessing it’s because the conflicting decisions would make for extremely confusing contention sets.
There were three SCOs against .cars applications, filed by Google, which has applied for .car. Google won one case but lost the other two.
That would mean that Google’s .car application would be in contention with one of the applicants but not the other two, hardly a fair outcome.
Similarly, Verisign objected to five .cam applications due to their similarity to .com. It won one and lost the other four.
The NGPC resolution calls for the publication, for comment, of a reviews process designed to untangle this mess. It does not appear to have been published yet.
But it seems that whatever ICANN has come up with will not apply to other applicants who feel they’ve been wronged by odd SCO, or other objection, decisions.

ICANN puts .islam and other gTLD bids in limbo

Or should that be Barzakh?
Rather than making the tricky decision on whether to approve .islam and .halal new gTLD applications, ICANN seems to have place both bids into permanent limbo.
It’s also put off calls on applications for .spa, .amazon, .wine and .vin, due to objections from the Governmental Advisory Committee.
On .islam and .halal, ICANN chair Steve Crocker wrote to Turkish applicant Asia Green IT System to say that the New gTLD Program Committee will not address the bids until AGIT has worked out its differences with the Organization for Islamic Cooperation.
He noted that AGIT has expressed a willingness in the past to work with the OIC, but that the OIC has formally decided to object to the two applications. Crocker wrote:

There seems to be a conflict between the commitments made in your letters and the concerns raised in letters to ICANN urging ICANN not to delegate the strings. Given these circumstances, the NGPC will not address the applications further until such time as the noted conflicts have been resolved.

This is not a formal rejection of the applications, but ICANN seems to have placed them in a limbo that will only be resolved when AGIT withdraws from the program or secures OIC support.
There’s also delaying treatment for .wine and .vin, which have become the subject of a raging row between Europe on the one hand and the US, Canada and Australia on the other.
Europe wants these two wine-related gTLDs to be subject to strict rules on who can register domains containing geographic indicators, such as “Champagne”. The others don’t.
ICANN in response has commissioned a third-party study on GIs, which it expects to be able to consider at its Singapore public meeting next month. Again, a decision has been avoided.
The two applicants for .spa don’t have any closure either.
Spa is the name of a town in Belgium, whereas the two applicants — Donuts and Asia Spa and Wellness Promotion Council — intend to use the string in its English dictionary sense.
There was a bit of a scandal during the Buenos Aires meeting last November when it was suggested that Belgium was using its position on the GAC to shake down the applicants for money.
Belgium denied this, saying the city of Spa didn’t stand to gain financially from the deals that it was trying to make with applicants. Some money would go to “the community served by .spa”, Belgium said, without elaboration.
ICANN has now decided to put .spa on hold, but wants to know more about these talks:

ICANN will not enter into registry agreements with applicants for the identified string at this time. The NGPC notes concern about concluding the discussions with the applicants and will request the GAC to (1) provide a timeline for final consideration of the string, and (2) identify the “interested parties” noted in the GAC advice.

Finally, ICANN has yet again delayed making a call on Amazon’s application for .amazon — until at least Singapore — out of an abundance of legal caution.
The GAC recommended that ICANN should reject .amazon because a few Latin American states claim ownership of the string due to it being the same as the Amazon region they share.
Amazon and others claim that it would be in violation of international law that prevents governments interfering with the use of trademarks for the GAC to block .amazon.
ICANN’s NGPC said:

ICANN has commissioned an independent, third-party expert to provide additional analysis on the specific issues of application of law at issue, which may focus on legal norms or treaty conventions relied on by Amazon or governments. The analysis is expected to be completed in time for the ICANN Singapore meeting so that the NGPC can consider it in Singapore.

In my view, the .amazon issue is the one most likely to bring a lawsuit to ICANN’s doorstep, so the organization clearly wants to get its legal position straight before making a call one way or the other.
All these decisions were made on Wednesday. You can read the NGPC’s resolution here and the important details here.

ICANN approves reworked GAC advice over US concerns

No sooner had we reported on the US government’s complaint about ICANN’s reinterpretation of GAC advice on new gTLDs than it emerged that ICANN has already approved the plan.
The ICANN board’s New gTLD Program Committee on Wednesday approved a resolution on how to implement the so-called Category 1 advice the Governmental Advisory Committee came up with in Beijing last April. The resolution was published today.
The Category 1 advice calls for stronger regulation — stuff like forcing registrants to provide industry credentials at point of sale — in scores of new gTLDs the GAC considers particularly sensitive.
Despite US Department of Commerce assistant secretary Larry Strickling calling for more talks after ICANN substantially diluted some of the GAC’s Beijing communique, the NGPC has now formally approved its watered-down action plan.
Under the plan, registrants in gTLDs such as .lawyer and .doctor will have to “represent” that they are credentialed professionals in those verticals when they register a domain.
That’s as opposed to actually providing those credentials at point of registration, which, as Strickling reiterated in his letter, is what the GAC asked for in its Beijing communique.
The full list of eight approved “safeguards” (as interpreted from GAC advice by ICANN) along with the list of the gTLDs that they will apply to, can be found in this PDF.

US unhappy with ICANN, urges more delay to many new gTLDs

The US government is not pleased with ICANN’s rather liberal interpretation of Governmental Advisory Committee advice on new gTLDs and wants more talks about “safeguards”.
Not only that, but it wants to start talking to ICANN about extending safeguards applicable to new gTLDs to old gTLDs, presumably including the likes of .com, too.
A letter to ICANN from Department of Commerce assistant secretary Larry Strickling, obtained by DI today, calls for more talks before ICANN finalizes its handling of the GAC’s Beijing communique.
Strickling notes, as DI has previously, that ICANN softened the meaning of the advice in order to smooth its implementation.

as can be the case when translating GAC Advice to contractual provisions, the NGPC [the ICANN board’s New gTLD Program Committee] made adjustments to the GAC Advice that the United States believes could cause enforcement problems and as such merits further discussion. The National Telecommunications and Information Administration (NTIA), on behalf of the United States, is planning to raise these concerns for discussion at the March GAC meeting in Singapore and requests that ICANN take this fact into account before moving forward with applications for strings impacted by the relevant portions of GAC advice

The letter (pdf) was sent February 4, just a day before the NGPC held a meeting — the results of which we do not yet know — that had the GAC Advice on its agenda.
The New gTLD Applicants Group had urged the NGPC to finally put the GAC Advice to rest, highlighting the “heavy burden that the delay in the implementation of GAC Category 1 Advice has imposed upon affected applicants” in a letter last week.
The Category 1 advice, you may recall, comprised eight “safeguards” mandating policies such as industry engagement and registrant authentication, applicable to at least 386 gTLD applications.
Back in November, ICANN announced how it planned to handle this advice, but changed its meaning to make it more palatable to ICANN and applicants.
Those changes are what Strickling is not happy with.
He’s particularly unhappy with changes made to the GAC’s demand for many gTLDs to be restricted to only card-carrying members of the industries the strings seem to represent.
The GAC said in Beijing:

At the time of registration, the registry operator must verify and validate the registrants’ authorisations, charters, licenses and/or other related credentials for participation in that sector.

In other words, you’d have to provide your doctor license before you could register a .doctor domain.
But ICANN proposed to implement it like this:

Registry operators will include a provision in their Registry-Registrar Agreements that requires Registrars to include in their Registration Agreements a provision requiring a representation that the Registrant possesses any necessary authorisations, charters, licenses and/or other related credentials for participation in the sector associated with the Registry TLD string.

The doctor under this policy would only require the doctor to check a box confirming she’s a doctor. As Strickling said:

The NGPC has changed the GAC-coveyed concept of “verification and validation” to “representation”

Requirements for registries to mandate adherence to government regulations on the protection of financial and healthcare data are also his targets for further discussion.
What all this boils down to is that, assuming ICANN paid heed to Strickling’s letter, it seems unlikely that NTAG will get closure it so desperately wants until the Singapore meeting in late March — a year after the original Beijing communique — at the earliest.
In other words, lots of new gTLD applicants are probably going to be in limbo for a bit longer yet.
But Strickling also has another bombshell to drop in the final sentence of the letter, writing:

In addition, we will recommend that cross community discussion begin in earnest on how the safeguards that are being applied to new gTLDs can be applied to existing gTLDs.

So it seems the GAC is likely to start pressing to retroactively apply its new gTLDs advice to legacy gTLDs too.
Registrant verification in .com? Stricter Whois checks and enforcement? That conversation has now started, it seems.

Yes, there is cybersquatting in new gTLDs

With new TLDs, comes cybersquatting. It’s inevitable. And it’s also true of the new gTLDs that hit general availability this week.
The question of what is or is not cybersquatting is best left to a judge or UDRP panel, of course, but I’ve already come across plenty of newly registered domains that I do not believe would pass the UDRP test.
Sifting through select Whois records of domains that were registered in Donuts’ first seven gTLDs over the last few days, and without leaving the A’s, I’ve found the likes of: adidas.clothing, americanapparel.clothing, akamai.guru, americanexpress.guru. appleservice.guru and accenture.ventures.
Delving a little deeper into .clothing, I see the likes of kanyewest.clothing, ralphlauren.clothing, kardashiankollection.clothing, lauraashley.clothin, michaeljordan.clothing and more.
One Los Angeles clothing store appears to have registered several .clothing domains matching brands it does not own, possibly unaware that such behavior is frowned upon.
While there could be legitimate uses of the names I’ve highlighted here, possibly, they all appear to me to be registered to people unaffiliated with the referenced brands or celebrities.
I found more that are registered behind Whois privacy services, where it’s not possible to tell whether the domain belongs to the brand or not. Domains such as ibm.guru and ibm.ventures use Whois privacy, yet resolve to the IBM web site.
Cases of obvious UDRP losses seem to be few and far between, however. The vast majority of domains registered in these new gTLDs this week seem to be straightforward generic terms.
While I’m using the UDRP sniff test to highlight domains I feel may be cybersquatting, there’s a new process in town when it comes to disputes: the faster, cheaper Uniform Rapid Suspension policy.
URS has a higher burden of proof — “clear and convincing evidence” of bad faith registration and use — and it’s not yet clear how panelists will handle these cases.
There’s only been one URS case to date, that of facebok.pw, in which the domain was suspended following a complaint by Facebook.
In that case, Facebook was able to show bad faith by presenting the panelist with a list of other typo domains the respondent had registered.

Cartier sues Nominet hoping to set global domain name take-down precedent

Luxury watchmaker Cartier has taken .uk registry Nominet to court, hoping to set a precedent that would enable big brands to have domain names taken down at a whim.
The company sued Nominet in a London court in October, seeking an injunction to force the registry to take down 12 domain names that at the time led to sites allegedly selling counterfeit watches.
We’ve only become aware of the case today after Nominet revealed it has filed its defense documents.
Judging by documents attached to Nominet’s court filings, Cartier sees the suit as a test case that could allow it to bring similar suits against other “less cooperative” registries elsewhere in the world.
In a letter submitted as evidence as part of Nominet’s defense, Richard Graham, head of digital IP at Cartier parent company Richemont International, said that he was:

seeking to develop a range of tools that can be deployed quickly and efficiently to prevent Internet users accessing websites that offer counterfeit goods… [and] looking to establish a precedent that can be used to persuade courts in other jurisdictions where the registries are less cooperative.

It’s worth noting that Richemont has applied for 13 dot-brands under ICANN’s new gTLD program and that Graham is often the face of the applications at conferences and such.
Pretty soon Richemont will also be a domain name registry. We seem to be looking at two prongs of its brand protection strategy here.
According to the company’s suit, the 12 domains in question all had bogus Whois information and were all being used to sell bogus Cartier goods.
None of them used a Cartier trademark in the domain — this is explicitly about the contents of web sites, not their domains names — and Cartier says most appeared to be registered to people in China.
Rather than submitting a Whois inaccuracy complaint with Nominet — which could have led to the domains being suspended for a breach of the terms of service — Cartier decided to sue instead.
Graham actually gave Nominet’s lawyers over a week’s notice that the lawsuit was incoming, writing his letter (pdf) on October 22 and filing the complaint (pdf) with the courts November 4.
Cartier seems to have grown frustrated playing whack-a-mole with bootleggers who cannot be traced and just pop up somewhere else whenever their latest web host is persuaded to cut them off.
Graham’s letter, which comes across almost apologetic in its cordiality when compared to the usual legal threat, reads:

Cartier therefore believes the most cost effective and efficient way to disrupt access to the Counterfeiting Websites operating in the UK is to seek relief from you, as the body operating the registry of .uk domain names.

Armed with the foreknowledge provided by the letter, Nominet reviewed the Whois records of the domains in question, found them lacking, and suspended the lot.
Ten were suspended before Cartier sued, according to Nominet. Another expired before the suit was filed and was re-registered by a third party. A fourth, allegedly registered to a German whose scanned identity card was submitted as evidence by Nominet, was suspended earlier this month.
As such, much of Nominet’s defense (pdf) relies upon what seems to be a new and obscure legal guideline, the “Practice Direction on Pre-Action Conduct”, that encourages people to settle their differences without resorting to the courts.
Nominet’s basically saying that there was no need for Cartier to sue, because it already has procedures in place to deal with counterfeiters using fake Whois data.
Also offered in the defense are the facts that suspending a domain does not remove a web site, that Nominet does not operate web sites, and the following:

Nominet is not at liberty under its Terms and Conditions of Domain Name Registration to suspend .uk domain names summarily upon mere receipt of a demand from someone unconnected with the domain name registrant.

That seems to me to be among the most important parts of the defense.
If Cartier were to win this case, it may well set a precedent giving registries (in the UK at least, at first) good reason to cower when they receive dodgy take-down orders from multibillion-dollar brands.
Indeed, that seems to be what Cartier is going for here.
Unfortunately, Nominet has a track record of at least accelerating the takedown of domains based on nothing more than third-party “suspicion”. Its defense actually admits this fact, stating:

Inaccurate identity and contact information generally leads to the suspension of a domain within three weeks. Where suspicions of criminality are formally confirmed by a recognised law enforcement agency, suspension may be very significantly expedited.

I wonder if this lawsuit would have happened had Nominet not been so accommodating to unilateral third-party take-down notices in the past.
In a statement to members today, a copy of which was sent to DI, Nominet encouraged internet users to report counterfeiting web sites to the police if and when they find them.

DotConnectAfrica files for ICANN independent review

Failed .africa gTLD applicant DotConnectAfrica has filed an Independent Review Process appeal against ICANN, it emerged today.
The nature of the complaint is not entirely clear, but in a press release DCA said it’s related to “ICANN Board decisions and actions taken with regard to DCA Trust’s application for the .africa new gTLD”.
It’s only the third time an IRP has been filed. The first two were related to .xxx; ICM Registry won its pioneering case in 2009 and Manwin Licensing settled its followup case last year.
DCA said that it’s an “amended” complaint. It turns out the first notice of IRP was sent October 23. ICANN published it December 12, but I missed it at the time.
I’d guess that the original needed to be amended due to a lack of detail. The “Nature of Dispute” section of the form, filed with the International Center for Dispute Resolution, is just a sentence long, whereas ICM and Manwin attached 30 to 60-page legal complaints to theirs.
The revised notice, which has not yet been published, was filed January 10, according to DCA.
DCA applied for .africa in the current new gTLD round, but lacked the government support required by the Applicant Guidebook for strings matching the names of important geographic regions.
Its rival applicant, South African ccTLD registry Uniforum, which does have government backing, looks set to wind up delegated, whereas ICANN has designated DCA’s bid as officially “Not Approved”.
DCA has been alleging a conspiracy — often involving DI — at almost every juncture of the process, even before it filed its application. Read more here, here and here.
To win an IRP, it’s going to have to show that it suffered “injury or harm that is directly and causally connected to the Board’s alleged violation of the Bylaws or the Articles of Incorporation”.