Key-Systems sued over brand protection trademark

Israeli domain name registrar Domain The Net Technologies has filed a preemptive lawsuit against German competitor Key-Systems over their respective brand management trademarks.
According to the complaint, Domain The Net filed for a US trademark on the term “BrandShield”, which it uses to market brand protection services at brandshield.com.
Key-Systems, which runs a similar service called BrandShelter, filed an opposition to Domain The Net’s trademark application last October, due to the alleged potential for confusion.
Anticipating a possible lawsuit, Domain The Net has therefore sued first, asking the District Court in Virginia to declare that BrandShield does not infringe the BrandShelter trademark.
The complaint lists several dozen live brand+word trademarks to demonstrate that no one company should have exclusive rights to the word “brand”.
You can view the complaint, which was filed yesterday, in PDF format here.
(Hat tip: @GeorgeKirikos)

ANA’s modest proposal: let us take over the new gTLD program or we’ll sue

The Association of National Advertisers has offered ICANN a risible last-minute “solution” to the outrage it has created over the new generic top-level domains program.
The ANA wants ICANN to create a temporary “Do Not Sell” list to protect trademark owners and intergovernmental organizations during the first application round, which begins Thursday.
While the first round is open, the ANA itself wants to takes over policy development for the program.
This is its “Proposed Way Forward” in full:

1. ICANN will proceed with its plan to begin accepting applications for new TLDs on January 12, as scheduled;
2. Concurrently, all NGOs, IGOs and commercial stakeholders concerned about protecting their brands will be given the opportunity to have those brands registered, without cost, on a temporary “Do Not Sell” list to be maintained by ICANN during the first application round (any interested party which does not want to have its brands on the Do Not Sell list and would rather apply for a TLD would be free to do so).
We will assemble a team from the interested constituencies to work with ICANN leadership during the first application round. If this group achieves consensus with respect to any proposals, those proposals will be voted on by the Board.
At the end of the first application round, should the parties continue to disagree, all parties will be free to pursue their legal and equitable rights without prejudice.

The alternative to adopting this proposal, ANA president Bob Liodice said in a letter to ICANN today, is “destructive and costly litigation”.
ICANN’s response should be provided “IMMEDIATELY”, Liodice wrote.
I can’t see him getting the answer he wants.
First, the ANA still seems to be worried about top-level cybersquatting, which any sane person can see is extremely unlikely to happen under the new gTLD program’s existing policies.
Second, it’s asking for ICANN to give anyone with a trademark the right to block a string matching that trademark at the top-level.
This may appear reasonable if you think a trademark is something like “Coca-Cola” or “Gucci” or “Google”.
But as soon as you realize that pretty much every word – “music”, “blog”, “web”, “London”, “Paris” – is trademarked, the idea of a Do Not Sell list becomes clearly ludicrous.
It would be a recipe for banning all gTLDs from the first application round.
Third, ICANN already has a mechanism for letting interested stakeholders achieve consensus on new trademark protection policies.
It’s called ICANN, and you don’t need to threaten litigation to participate. You just show up.
You can read the entire laughable ANA proposal here.

Trademark Clearinghouse coming in October

ICANN plans to have the Trademark Clearinghouse for new gTLDs up and running by October, according to documents released after this Thursday’s meeting of its board of directors.
The Trademark Clearinghouse is a central repository of trademark information that new gTLD registries will plug their systems into.
When a customer attempts to register a domain name in a new gTLD that matches a trademark in the Clearinghouse, they will receive a warning that they may be cybersquatting.
Nine companies applied for the position of Clearinghouse operator – as a paid service, it’s potentially a money-spinner – and ICANN expects to select one or more from a short-list of five in February.
According to the new ICANN document (pdf), twice-weekly talks between IP lawyers, registries and registrars are expected to finalize the Clearinghouse’s processes by March.
The system could go live by October, giving companies three months to submit their trademarks to the Clearinghouse before the first new gTLDs go live in early 2013, according to ICANN.

Strickling drops last-minute bombshell on new gTLDs

Larry Strickling, the man most responsible for overseeing ICANN in the US administration, has given an unexpected last-minute boost to opponents of the new generic top-level domains program.
In a letter to ICANN chair Steve Crocker tonight, Strickling says governments may intervene this May to impose new trademark protection mechanisms on the new gTLD program
Echoing the words of several Congressmen, Strickling, head of the National Telecommunications and Information Administration, said that after the first-round applications have been filed, ICANN might want to consider a “phased-in” approach.

Once the list of strings is made public, NTIA, soliciting input from stakeholders and working with colleagues in the Governmental Advisory Committee (GAC), will evaluate whether additional protections are warranted at the second level. Having the ability to evaluate the actual situations or conflicts presented by the applied for strings, rather than merely theoretical ones, will certainly assist and focus everyone’s efforts to respond to problems should they arise.

The letter could be seen as a win for the trademark lobby, which has been pressing the NTIA, Department of Commerce and Congress for months to delay or block the program.
However, reading between the lines it appears that Strickling believes the trademark protections already in the program are probably adequate, just woefully misunderstood.
The letter spends more time politely tearing into ICANN’s atrocious outreach campaign, observing that many trademark owners still “are not clear about the new gTLD program”.
Strickling pleads with ICANN’s leadership to raise awareness of the protections that already exist, to calm the nerves of companies apparently convinced by industry scaremongering that they’re being forced to apply for “dot-brand” gTLDs defensively.

…in our recent discussions with stakeholders, it has become clear that many organizations, particularly trademark owners, believe they need to file defensive applications at the top level.
…
We think, and I am sure ICANN and its stakeholders would agree, that it would not be healthy for the expansion program if a large number of companies file defensive top-level applications when they have no interest in operating a registry. I suggest that ICANN consider taking some measures well before the application window closes to mitigate against this possibility.

The themes are repeated throughout the letter: ICANN has not done enough to educate potential applicants about the new gTLD program, and brand owners think they’ve got a gun to their head.

…it has become apparent that some stakeholders in the United States are not clear about the new gTLD program. I urge you to engage immediately and directly with these and other stakeholders to better educate them on the purpose and scope of the program as well as the mechanisms to address their concerns.

I’m sure this is a letter Strickling didn’t want to send.
Recently, he talked openly about how trademark owners pressuring the US government to overrule ICANN’s decision-making risked raising the hackles of repressive regimes around the world and leading to an internet governed by the UN
Letters like this certainly don’t help his cause, but the political pressure in Washington DC has evidently forced his hand.
Will this derail next week’s launch of the program? Probably not.
Does it raise a whole bunch of questions the ICANN community had thought it had put to bed? You bet it does.
Read the letter here (pdf).

Businesses may call for more new gTLD trademark protections

It’s open season on ICANN at the moment, and as the number of letters opposing the new gTLD program flittering between Washington DC and Marina del Rey becomes confusingly voluminous many groups think they’ve found another opportunity to demand last-minute changes.
ICANN’s Business Constituency is now considering making several recommendations for “critical improvements” to protect trademark holders in the new gTLD universe.
While the recommendations are still under discussion, they could include adding the option to transfer a domain name to a brand owner after a successful Uniform Rapid Suspension complaint.
This would prove unpopular among domain investors and others as it would increase the likelihood of the untested URS being used as a replacement for the already controversial UDRP, potentially increasing the risk of reverse domain name hijacking.
The BC is also discussing whether to ask for a “permanent registry block” feature to be added the forthcoming Trademark Clearinghouse, enabling brand owners to block their trademarks from all new gTLDs for a one-time fee in much the same way as ICM Registry enabled in the .xxx sunrise.
The Coalition Against Domain Name Abuse made a similar request to ICANN last week.
The idea is unlikely to find favor because it would essentially grant trademark owners exclusivity over strings, a right not usually given to them by trademark law.
Other BC discussion topics include making the Trademark Clearinghouse permanent (instead of just running for the first 60 days of each new gTLD) and putting a firm date on the opening of the second-round application window, a popular request from brand owners.
Much like 13th-hour requests originating in the At-Large Advisory Committee, the BC’s position is likely to be substantially revised before it is submitted to ICANN officially.
While ICANN chairman Steve Crocker told .nxt this week that there are no plans to delay or rate-limit the new gTLD program, it’s less clear whether the Applicant Guidebook is still open for the kinds of substantial amendments now being discussed by the business community.
But my hunch is that, regardless of the political pressure being brought to bear on ICANN in the US, the new gTLD program is going to launch on January 12 in more or less its current form.

CADNA calls for mandatory .xxx-style sunrises

The Coalition Against Domain Name Abuse has asked ICANN to make one-time trademark blocks, much like those offered by .xxx operator ICM Registry, mandatory in most new top-level domains.
In a letter to ICANN bosses (pdf) sent last week, CADNA president Josh Bourne wrote:

ICANN should consider including a requirement in the Applicant Guidebook that all new gTLD registries that choose to sell second-level domains to registrants adopt a low-cost, one-time block for trademark owners to protect their marks in perpetuity.
…
ICANN should require registries to give brand owners the option to buy low-cost blocks on their trademarks before any registration period (Sunrise or Landrush) opens. This can be offered at a lower cost than sunrise registrations have been priced at in the past – this precedent has been set with the blocks offered in .XXX, where the blocks are made in perpetuity for a single, nonrecurring fee.

The recommendation is one of several. CADNA also reckons ICANN needs to name the date for its second round of new gTLD applications, and that “.brand” applicants should get discounts for multiple gTLD applications.
The letter comes as opposition to the new gTLD program in the US becomes deafening and ICANN’s board of directors have reportedly scheduled an impromptu meeting next week to determine whether the January 12 launch is still a good idea.
CADNA is no longer opposed to the program itself. Fairwinds Partners, the company that runs the lobbyist, recently restyled itself as a new gTLD consultancy.
But there’s a virtually zero chance the letter will come to anything, unless ICANN were to decide to open up the Applicant Guidebook for public comments again.
I also doubt the call for a mandatory ICM-style “block” service would be well-received by anyone other than ICANN’s intellectual property constituency.
The problem with such systems is that trademarks do not grant exclusive rights to strings, despite what some organizations would like to think.
It’s quite possible for ABC the taxi company to live alongside ABC television in the trademark world. Is it a good idea to allow the TV station to perpetually block abc.taxi from registration?
Some would say yes. The Better Business Bureau and Meetup.com, to name two examples, both recently went before Congress to bemoan the fact that they could not block bbb.xxx and meetup.xxx – both of which have meaning in the adult entertainment context and were reserved as premium names – using ICM’s Sunrise B.
With that all said, there’s nothing stopping new gTLD applicants from voluntarily offering .xxx-style blocking services, or indeed any form of novel IP rights protection mechanisms.
Some applicants may have even looked at the recent .xxx sunrise with envious eyes – with something like 80,000 defensive registrations at about $160 a pop, ICM made over $12 million in revenue and profit well into seven figures.

UDRP reform put on hold for four years

ICANN’s cybersquatting rules, including the Uniform Dispute Resolution Policy, will be reviewed and possibly reformed, but probably not until 2016 at the earliest.
The Generic Names Supporting Organization Council voted last Thursday to put the start of UDRP reform on hold until 18 months after the first new top-level domains go live.
The review will also take into account other cybersquatting policies including Uniform Rapid Suspension, which will be binding on all new gTLD registries but has yet to be be tested.
This is the relevant part of the resolution:

the GNSO Council requests a new Issue Report on the current state of all rights protection mechanisms implemented for both existing and new gTLDs, including but not limited to, the UDRP and URS, should be delivered to the GNSO Council by no later than eighteen (18) months following the delegation of the first new gTLD.

An Issue Report is compiled by ICANN staff and often leads to a Policy Development Process that creates policies binding on registries, registrars and ultimately registrants.
Because the first new gTLDs are not expected to be delegated until the first quarter of 2013 at the earliest, the Issue Report would not be delivered until half way through 2014.
After ICANN public comment and analysis, the GNSO Council would be unlikely to kick off a PDP until the first half of 2015. The PDP itself could take months or years to complete.
In short, if UDRP is going to be reformed, we’re unlikely to see the results until 2016.
The Council resolution, which was in line with Governmental Advisory Committee advice, was proposed by the registries, following many months of ICANN public outreach and discussion.
Non-commercial users in the GNSO were most strongly in favor of an accelerated timetable, but a request to reduce the 18-month breather to a year failed to find support.
The Intellectual Property Constituency had proposed an amendment that would have kicked off the process after 100 UDRP and 100 URS cases had been heard in new gTLDs, rather than after a specified time, but the motion was defeated.

Will new gTLDs really increase phishing?

The US Federal Trade Commission has come out swinging against ICANN’s new generic top-level domains program, saying it will increase online fraud and should be scaled back.
In an open letter to ICANN’s top brass yesterday, the FTC’s four commissioners claimed that “the dramatic introduction of new gTLDs poses significant risks to consumers”.
Saying that more gTLDs will make it easier for scammers to acquire domain names confusingly similar to existing brands, the commissioners said the program should be rolled out as a limited pilot.
The FTC commissioners wrote (pdf):

A rapid, exponential expansion of gTLDs has the potential to magnify both the abuse of the domain name system and the corresponding challenges we encounter in tracking down Internet fraudsters. In particular, the proliferation of existing scams, such as phishing, is likely to become a serious challenge given the infinite opportunities that scam artists will now have at their fingertips. Fraudsters will be able to register misspellings of businesses, including financial institutions, in each of the new gTLDs, create copycat websites, and obtain sensitive consumer data with relative ease before shutting down the site and launching a new one.

The letter demands better Whois accuracy enforcement, better ICANN compliance programs, and a cap on approved new gTLDs in the first round perhaps as low as a couple dozen.
The FTC’s claims that new gTLDs will increase phishing may not be supported by reality, however.
The latest data (pdf) from the Anti-Phishing Working Group shows that in the first half of the year only 18% of domain names used in phishing attacks were registered by the attacker.
That was down from 28% in the second half of 2010. Phishers are much more likely to compromise a domain belonging to somebody else – by hacking a web server, for example.
Of the 14,650 maliciously registered domains 10,444 (70%) were used to phish Chinese targets, “overwhelmingly” the e-commerce site Taobao.com, the APWG found.
Furthermore, only 2% of these domains – just 1,816 over six months – were judged to have been registered due to their confusing similarity with the brands they target.
The APWG said (emphasis in the original):

These are the lowest numbers we have observed in the last past four years, and show that using domain names containing brand strings has fallen further out of favor among phishers.
…
the domain name itself usually does not matter to phishers, and a domain name of any meaning, or no meaning at all, in any TLD, will usually do. Instead, phishers almost always place brand names in subdomains or subdirectories

The APWG found only one gTLD that ICANN has introduced – .info, with 4.5% – in its top ten phishing TLDs. The .com space accounts for 48.9% of all phishing domains.
Will the increase in the number of gTLDs reverse these trends? The FTC seems to think so, but the claims in its letter appear to be based largely on guesswork and fear rather than data.
I suspect that the FTC’s letter is more concerned with ICANN’s ongoing bilateral talks with registrars over law enforcement-demanded amendments to the Registrar Accreditation Agreement.
These talks are completely separate and distinct from the new gTLDs program policies, but in the last few weeks we’ve seen them being repeatedly conflated by US lawmakers, and now the FTC.
This may be ignorance, but it could just as well be an attempt to apply political pressure on ICANN to make sure the RAA talks produce the results law enforcement agencies want to see.
ICANN does not want to be forced into an embarrassing retreat on its hard-fought gTLD expansion. By producing a strong RAA, it could deflect some of the concerns about the program.

Typosquatting is huge but not dangerous, study finds

A study of typosquatted domain names has found that the practice is reaching pandemic levels for the largest brands, but that there’s surprisingly little malware distribution going on.
The security company Sophos surveyed 2,249 domains that were one letter different to the .com sites of Facebook, Google, Twitter, Apple and Microsoft, and found that two thirds resolved.
Not all of those 1,502 sites were malicious typosquats; some were legitimate sites that just happened to have similarly spelled names (such as goole.com and witter.com) Sophos noted.
Apple was the most-squatted company, according to this method: resolving Microsoft typos were at 61%, Twitter at 74%, Facebook at 81%, Google at 83% and Apple at 86%.
Sophos concluded that “there is a significant typosquatting ecosystem around high-profile, often-typed domain names.”
But it did not find as much malware as it was expecting, with only one domain leading to a malware site, 0.07% of the total.
However, 2.7% of the URLs “fell into the loose category of cybercrime”, which “means they are, or have been, associated with hacking, phishing, online fraud or spamming”.
The report, which also fingers parking services from Demand Media, Sedo, Oversee and Bodis as the recipients of 37% of the typo traffic, contains much more data and is well worth a read.
Annoyingly, it appears that Sophos only surveyed .com domains, so the data doesn’t really tell us much about the impact of TLDs (such as .co) on the typosquatting problem.

ICM opens can of worms with .xxx domain seizures

ICM Registry has suspended several dozen .xxx domain names registered by cybersquatters.
It’s believed to be unprecedented for a mainstream registry to unilaterally shut down domains purely on the grounds of alleged cybersquatting, as I reported for The Register earlier today.
ICM took down 70 to 80 domains including washingtonpost.xxx, cnbc.xxx and verizonwireless.xxx because it decided that the domains infringed trademarks and were therefore abusive.
Many belonged to the squatter Domain Name Wire first fingered as the registrant of huffingtonpost.xxx, named in Whois as Justin Crews.
Crews had told MSNBC that he planned to sell the domains at profit.
There was no UDRP arbitration, no court order, just a breach of the .xxx registry-registrant agreement, which gives ICM the right to suspend squatted domains at will.
This is the relevant part of the agreement, which all .xxx registrants must agree to:

You acknowledge and agree that the Registry reserves the right to disqualify you or your agents from making or maintaining any Registrations or Reservations in the .XXX TLD if you are found to have repeatedly engaged in abusive registrations, in its sole discretion.

I blogged back in May about why it might not be necessary to spend a fortune on defensive registrations in .xxx, given the existence of this policy and others.
Nevertheless, while it may take a while for the implications to become clear, I think the suspensions represent a very significant development.
Coming so soon after the end of ICM’s sunrise period, which saw many organizations spend thousands on useless non-resolving defensive registrations, I wouldn’t be surprised if many companies feel like they may have wasted their money.
If you’ve just spent $200 defending your brand, I imagine it would be quite annoying to see the likes of verizonwireless.xxx or businessweek.xxx get the same protection for free.
I would also not be surprised if, from now on, trademark attorneys trying to defend their rights in .xxx first contacted ICM, rather than WIPO or the National Arbitration Forum.
Why spend thousands on a UDRP complaint when you can just send a legal nastygram to ICM?
ICM president Stuart Lawley told DI today that this wave of suspensions was done independently, not in response to any legal demands.
Still, the precedent has been set: ICM will suspend domains for free, under certain circumstances.
What those circumstances are is less clear.
Lawley said that ICM will not get involved in complaints about individual domains – but it will shut down cybersquatters with multiple infringements.
But what constitutes cybersquatting? UDRP has a definition, but I’m not sure ICM does. It may be quite subjective.
It’s also not clear what ICM will do with the suspended domains, not all of which necessarily infringe trademarks. Some may be bona fide, but the ICM policy is to take down the registrant’s entire portfolio.
So will those non-infringing domains be released back into the pool? And if so, how will ICM determine which are squats and which are not?
And what about the ones that are squats? Will they be released?
AOL may be content for huffingtonpost.xxx to remain suspended forever. As long as it’s suspended, the company does not have to worry about defensive registration fees.
But consider gayroom.xxx, which was also suspended.
The owner of gayroom.com owns a trademark on the word “gayroom”. Gayroom.com is a porn site, but one that has chosen not to buy its equivalent .xxx domain.
What if it changes its mind? If gayroom.com wants gayroom.xxx in future, is there a way to take it out of suspension, or is the company stuck without its .xxx forever, just because a cybersquatter got there first?
ICM’s policies do not seem to answer this question and the company has not yet revealed its plans for the suspended domains.
As a post-script, I should note that Huffington Post owner AOL is currently listed as the registrant of huffingtonpost.xxx in the Whois record.
It’s not yet clear why this is the case, but Lawley stated unequivocally today that the apparent transfer is completely unrelated to ICM’s own crackdown.
Go Daddy, the registrar of record for the domain, declined to comment, citing its customer privacy policy.
Did the cybersquatter transfer the domain to AOL before the suspension? Did he sell it to AOL? Or did he just update the Whois with phoney data? Either seems possible at this point.