.ai helps UDRP cases rise in 2023, WIPO says
The number of cybersquatting cases filed with the World Intellectual Property Organization increased 7% in 2023, WIPO said this week.
The total UDRP filings, 6,192, includes national ccTLD variations that WIPO handles but not UDRP filings with other providers.
WIPO said that 82% of cases resulted in the domain being transferred to the complainant, with the complaint being denied in just 3% of cases.
The organization does not publish data on Reverse Domain Name Hijacking findings, but RDNH.com, which tracks these things, shows 31 RDNH finding at WIPO in 2023.
.com accounted for 80% of complaints. WIPO said that the most complained-about ccTLDs were .co (Colombia), .cn (China), .mx (Mexico), .au (Australia) and .ai (Anguilla).
Perhaps unsurprisingly, given its rapid growth in registrations, Anguilla’s .ai saw a sharp uptick in UDRP filings last year, up from just four in 2022 to 43 in 2023, according to the WIPO web site.
Meta given 30 days to stop using Threads trademark
A small UK software firm has given Facebook owner Meta, well known in the domain industry for pursuing cybersquatters, 30 days to stop using the brand name “Threads” or face legal action.
Meta launched a Twitter clone called Threads back in July and quickly gathered over 100 million users (since declining to eight million daily active users), but Threads Software of London says its UK trademark dates back to 2012.
“Threads Software Limited and its lawyers have today (30 October) written to Meta’s Instagram giving it 30 days to stop using the name Threads for their service in the UK. If it does not, Threads Software Limited will seek an injunction from the English Courts,” the company said in a press release (pdf).
The company further claimed that Meta’s lawyers have tried to buy the domain threads.app from it four times this year but were turned down each time. Meta is using threads.net, Threads Software uses threads.cloud.
Threads Software says it operates a service that “captures, transcribes, and organises all of a company’s digital messages (emails and phone calls) into one easily searchable database”.
Managing director John Yardley said in the press release: “We recognise that this is a classic ‘David and Goliath’ battle with Meta. And whilst they may think they can use whatever name they want, that does not give them the right to use the Threads brand name.”
“We want them to stop using the Threads name with immediate effect. If they do not, we will seek an injunction from the UK courts,” he added.
The irony here is of course that Meta owns some of the most-cybersquatted brands out there and is one of the most litigious enforcers of its intellectual property.
Government to regulate UK-related domain names
The UK government is to trigger a law that would allow it to take control of .uk, .wales, .cymru, .scot and .london if their registries get thoroughly abused and they fail to do anything about it.
The Department for Science, Innovation and Technology said today it is to activate (or “commence”) the parts of the Digital Economy Act of 2010 that give it the power to appoint a new manager for any “UK-related” TLDs.
DSIT would only be able to exercise these powers if the registry in question had let DNS abuse or cybersquatting run amok and failed to follow government orders to fix it. I don’t believe any of the affected registries are currently in such a state.
The government has now launched a consultation, running until the end of August, to get industry and public feedback on its definitions of abuse and what it called “unfair domain use”, meaning cybersquatting.
Nominet, which runs .uk, .wales and .cymru, said in a statement:
The proposed prescribed requirements are consistent with Nominet’s current voluntary procedures, which Government has made clear it believes Nominet operates in a perfectly satisfactory manner. As the Government has had a reserve power to “step in” ever since the DEA was introduced, the purpose of the new provisions is to give Government a formal mechanism to do so, should it ever be required. Our understanding is that Government is enacting these provisions now to ensure the UK meets international best practice on governance of country code top-level domains in line with key global trading partners and future global trading commitments.
Based on my first read, I expect registries and registrars will think it looks generally pretty palatable. It seems DSIT has followed ICANN and the industry’s lead in terms of what qualifies as abuse, and Nominet said in a statement tonight that all three affected registries have been meeting with DSIT to craft the consultation.
Domain investors may take issue with the precise wording of the cybersquatting definition, however.
The definitions of abuse cover the industry standard five bases: malware, phishing, botnets, pharming and spam (insofar as it facilitates any of the other four) and cybersquatting is defined thus:
the pre-emptive, bad faith registration of trade marks as domain names by third parties who do not possess rights in such names. This includes ‘typosquatting’, when an end user takes advantage of common misspellings made by Internet users who are looking for a particular site or a particular provider of goods or services, in order to obtain some benefit.
Domainers will notice the document talks about “bad faith registration”, whereas UDRP talks about bad faith “registration and use”, which is sometimes an important edge-case distinction in cybersquatting disputes. Nominet’s DRS uses bad faith registration “or” use.
Where the consultation gets vague, and the potential for debate arises, is when it talks in general, high-level terms about how dispute resolution procedures should be designed.
Failure to deal with child sexual abuse material, as defined in the Convention on the Rights of the Child, in an affected TLD could also result in the government appointing a new registry.
The four gTLDs affected by the legislation all are considered geographic under ICANN rules and had to secure local government support when they applied for their strings. ICANN has a contractual right to terminate them if that government says so.
After the consultation is complete, DSIT intends to make its definitions law through secondary legislation.
This post was updated shortly after publication to add Nominet comments.
Facebook sues free domains registry for cybersquatting
Facebook parent Meta has sued Freenom, the registry behind multiple free-to-register ccTLDs including .tk, claiming the company engages in cybersquatting.
Meta alleges that Freenom infringes its Facebook, Instagram and WhatsApp trademarks over 5,000 domain names in the TLDs it operates.
While best-known for Tokelau’s .tk, which had almost 25 million registrations when Verisign stopped counting them a year ago, Freenom also operates .gq for Equatorial Guinea, .cf for the Central African Republic, .ml for Mali, and .ga for Gabon.
Apart from some reserved “premiums”, the company gives domains away for free then monetizes, with parking, residual traffic when the domains expire or, one suspects more commonly, are suspended for engaging in abuse.
Naturally enough, it therefore has registered, to itself, a great many domains previously used for phishing.
Meta lists these names as examples of infringers: faceb00k.ga, fb-lnstagram.cf, facebook-applogin.ga, instagrams-help.cf, instaqram.ml, chat-whatsaap.gq, chat-whatsaap-com.tk, and supportservice-lnstagram.cf, though these do not appear to be monetized right now.
It accuses the registry of cybersquatting, phishing and trademark infringement and seeks over half a billion dollars in damages (at $100,000 domain).
Today, Freenom is not accepting new registrations, but it’s blaming “technical issues” and says it hopes to resume operations “shortly”.
Facebook is one of the most prolific and aggressive enforcers of its trademarks in the domain space, having previously sued OnlineNIC, Namecheap and Web.com. OnlineNIC had to shut up shop due to its lawsuit.
(Via Krebs on Security)
UDRPs up in 2022, firm says
The World Intellectual Property Organization saw an increase in cybersquatting disputes this year, according to WIPO data compiled by VPN maker AtlasVPN.
There were 5,616 UDRP complaints filed with WIPO, up almost 10% from 2021, the company said.
The report does not appear to include data from the several other UDRP providers, so may not reflect the state of the system as a whole.
WIPO has processed 61,284 UDRP cases since the system was founded over two decades ago, the company said.
RDNH loser files second appeal
A big drug company has appealed to ICANN for a second time over a Reverse Domain Name Hijacking ruling against it, claiming ICANN should be responsible for the decisions of the World Intellectual Property Organization.
India-based Zydus Lifesciences, which among other things makes Covid-19 vaccines, lost a UDRP complaint against the owner of zydus.com in June. To add insult to injury, WIPO made a RDNH finding against it.
Rather that go to court, Zydus filed a Request for Reconsideration with ICANN in July, but this was summarily dismissed because the Reconsideration mechanism only applies to the actions or inactions of the ICANN board or staff.
Now Zydus has filed a second RfR, in which its lawyers claim ICANN is responsible for WIPO’s UDRP decisions and failure to address the first RfR amounts to board inaction. The latest claim states:
when a dispute resolution service provider is accredited by ICANN to conduct mandatory administrative policy, as prescribed by the UDRP adopted by ICANN, such service providers are extension of ICANN itself
Zydus claims the WIPO panel erred by relying on what it claims were false and misleading statements by the zydus.com registrant. It wants the decision reversed and the three panelists forever barred.
I doubt the RfR will get anywhere. ICANN’s Board Accountability Mechanisms Committee is not about to make itself the de facto court of appeals for every UDRP party who thinks they got stiffed.
Covid vaccine maker takes RDNH loss to ICANN board
An Indian pharmaceuticals firm with a $2 billion turnover has complained at the highest level of ICANN after it was handed a Reverse Domain Name Hijacking decision over the .com matching its company name.
Zydus Lifesciences, which produces mainly generic drugs but last year earned government approval to manufacture a Covid-19 vaccine, says a UDRP panel “exhibited extreme bias” when it threw out its UDRP complaint against the owner of zydus.com last month.
The company had claimed the anonymous registrant was cybersquatting, but the WIPO panel instead found RDNH.
The panel was not convinced that the registrant should have been aware of Zydus’ existence when he registered the name in 2004, and said his use of the name — which it characterized as a fanciful five-letter generic — to redirect to various affiliate marketing sites was not “bad faith”.
But now Zydus is claiming that the panel ignored evidence that it was already a very large company, with a $110 million turnover, at the time of registration, and says the UDRP decision shows evidence of bias against developing-world companies. The latter card is played pretty hard.
I believe this is only the second time that a UDRP decision has been challenged with a formal Request for Reconsideration with the ICANN board of directors, and there’s a pretty good chance it will be summarily dismissed like the first one.
Zydus will probably have to sue, or pay up.
Another single-TLD brand protection service planned
BestTLD is planning to introduce a trademark-blocking service covering its single new gTLD, .best.
The company has asked ICANN for permission to launch what it calls the Best Protection service, which would provide domain blocks in lieu of defensive registrations in .best.
The service is similar to Donuts’ Domain Protected Marks List and other industry offerings, but is perhaps most comparable to the Trademark Sentry offering .CLUB Domains came up with a few years ago.
While DPML lets brands block their marks as domains across Donuts’ entire stable of almost 300 TLDs, BestTLD’s offering, like .CLUB’s, focuses instead on blocking marks as a substring in a single TLD.
In other words, Facebook could subscribe to the service for the string “facebook” and it would block domains such as “facebook-login.best”.
A good thing about such services from a registry’s perspective is that, unlike domains, the same string can be sold multiple times to different owners of the same trademarked string.
The registry has filed a Registry Services Evaluation Process request with ICANN and said it is ready to launch with back-end provider CentralNic whenever it gets approval.
Pricing was not disclosed, but if .CLUB’s $2,000 tag is any guide one might expect a super-premium fee.
Regular .best domains sell for about $20 a year and over 30,000 have been registered to date.
UDRP comments reveal shocking lack of trust in ICANN process
Is trust in the ICANN community policy-making process on the decline? Submissions to a recent public comment period on UDRP reform certainly seem to suggest so.
Reading through the 41 comments filed, it’s clear that while many community members and constituencies have pet peeves about UDRP as it stands today, there’s a disturbing lack of trust in ICANN’s ability to reform the policy without breaking it, and very little appetite for a full-blown Policy Development Process.
It’s one area where constituencies not traditionally allied or aligned — such as domain investors and intellectual property interests — seem to be on the same page.
Both the Intellectual Property Constituency and the Internet Commerce Association are among those calling for any changes to UDRP to be drafted rapidly by subject-matter experts, rather than being opened to full community discussion.
The IPC called the UDRP “a vital and fundamental tool that has a long and proven track record”, saying it has “generally been consistently and predictably applied over the course of its more than 20-year history”. Its comment added:
it is critically important that future policy work regarding the UDRP not diminish, dilute, or otherwise undermine its effectiveness. Such policy work should be extremely deferential to and reliant on the input of experts who have actual experience working with and within the UDRP system, and resistant to efforts that would weaken the UDRP system; any such work should be based on facts and evidence of problems in need of a systematic policy-level solution, and not merely to address specific edge cases, differences of opinion, or pet issues.
That’s pretty much in line with the ICA’s comments, which state that participants in future UDRP reform talks “should be experts… individuals who have extensive personal and practical knowledge of the UDRP through direct personal involvement”.
That language — in fact several paragraphs of endorsement for an expert-driven effort — appears almost verbatim in the separately filed comments of the Business Constituency, of which the ICA is a member.
The ICA’s reluctance to endorse a full-blown PDP appears to come from the experience of the Review of all Rights Protection Mechanisms in all gTLDs PDP, or “Phase 1”, which ran from 2016 to 2020.
That working group struggled to reach consensus on even basic stuff, and at one point frictions reached a point where allegations of civility rules breaches caused warring parties to lawyer up.
“Phase 1 was lengthy, unproductive, inefficient, and an unpleasant experience for all concerned,” the ICA wrote in its comments.
“Perhaps the biggest problem with Phase 1 was that structurally it was inadvertently set up to encourage disagreements between interest groups rather than to facilitate collaboration, negotiation, and problem solving,” it said.
The BC arguable goes further in its deference to experts, calling on ICANN to invoke section 13.1 of its bylaws and drag the World Intellectual Property Organization — leading UDRP provider and drafter of the original 1999 policy — as an expert consultant.
The BC also wrote:
It is imperative that stakeholders do not unnecessarily open up a can of worms with the UDRP through destabilizing changes; rather, they should take a focused and targeted approach, only entertaining improvements and enhancements which stand a reasonable chance of gaining consensus amongst stakeholders
WIPO itself is thinking along the same lines:
If the choice is made to review the UDRP, the process should be expert-driven and scoped
To avoid undoing the UDRP’s success, ICANN needs to give serious consideration to the weight to be accorded to the various opinions expressed. So-called “community feedback” referred to, for example, in section 4 of the PSR seems to lack specific depth and can seem more ideological or anecdotal
Comments from ICANN’s contracted parties also expressed concerns about a PDP doing more harm than good.
The Registries Stakeholder Group has almost nothing to say about ICANN’s report, but the Registrars Stakeholder Group expressed concerns that “any updates could have unintended consequences resulting in a less effective UDRP”.
It uniquely brought up the issue of volunteer fatigue and ICANN’s cumbersome backlog of work, writing:
Although the RrSG recognizes that there are some minor areas for improvement in the UDRP, it is the position of the RrSG that a full policy development process (PDP) is not necessary. The UDRP was adopted in 1999, and has been utilized for over 60,000 UDRP cases. The RrSG is not aware of any major issues with the UDRP, and is concerned that any updates could have unintended consequences resulting in a less effective UDRP. Additionally, not only is there a backlog of policy recommendations waiting for ICANN Board approval or implementation, but the RrSG is also aware of substantial community volunteer fatigue even for high-priority issues.
These comments were filed in response to a public comment period on an ICANN-prepared policy status report.
Not every comment expressed skepticism about the efficacy of a PDP. Notably, the Non-Commercial Stakeholders Group — the constituency arguably most likely to upset the apple cart if a Phase 2 PDP goes ahead — appears to fully expect that such work will take place.
There were also many comments from individuals, mostly domainers, recounting their own experiences of, and reform wish-lists for, UDRP.
ICANN’s report will be revised in light of these comments and submitted to the GNSO, which will decide what to do with it.
Vox Pop defends its favorite cybersquatter
The .sucks registry, Vox Populi has complained to ICANN about the fact that its biggest customer keeps losing cybersquatting cases.
In its submission to ICANN’s recently closed public comment period on UDRP reform, Vox Pop bemoans the fact that panels keep finding that Honey Salt, a shell company based in a tax haven, isn’t really engaging in non-commercial free speech.
Honey Salt was the registrant of thousands of .sucks domains, all matching famous trademarks, that redirected visitors to a wiki-style gripe site, populated with content scraped from third-parties, at Everything.sucks.
After a long series of lost UDRP cases, Honey Salt started allowing its domains to expire and zone files suggest only a couple hundred or so remain today.
Neither Honey Salt nor Everything.sucks responded to ICANN’s public comment period, which was seeking input on possible changes to UDRP.
But Vox Pop did on their behalf, complaining bitterly that “forum shopping and bias obstruct free speech” and citing mostly Honey Salt’s lost UDRP cases to evidence its arguments:
Despite 4(c)(iii) of the UDRP stating “noncommercial or fair use” is legitimate use of a domain name – numerous UDRP decisions contradict the Policy’s express recognition of fair use and free speech rights in favor of trademark owners. Several recent UDRP decisions have jeopardized free speech rights for all domain name registrants because of the lack of guidance from ICANN and/or a misapplication of free speech rights and/or bias as it relates to criticism sites.
Honey Salt had consistently argued, UDRP decisions show, that Everything.sucks was non-commercial free speech and as such was not cybersquatting under UDRP precedent and WIPO guidance.
But panels repeatedly pointed out that Everything.sucks was in fact commercial.
At first, the site hosted banners linking directly to sales landers for the domains in question — basically asking the brand owners or others to fork out hundreds or thousands of dollars to claim their matching domains.
When panelists got wise to that, the site started instead publishing the transfer authorization codes for the domains in question, so literally anyone could initiate a transfer and take ownership of the name without even asking Honey Salt’s permission — if they were willing to pay the transfer fee.
Everything.sucks and Honey Salt would not have benefited financially from these transfer fees, which often were thousands of dollars, but Vox Pop, and sometimes its registrar sister company Rebel, which sells .sucks names at cost, would.
Everything.sucks has removed the AuthCodes, but in the most-recent .sucks UDRP case Eutelsat v Honey Salt, the panel called the AuthCode scheme “little more than a ruse to generate registration fees in the thousands of dollars range”.
Vox Pop is now complaining to ICANN, I’m guessing with a straight face, that transfer fees are ICANN-mandated and therefore registrants cannot be blamed if registrars charge for transfers:
The panelist, in an unfounded grasp, used the ICANN-mandated transfer fee, charged by the registrar as rationale to find commercial use by the registrant and hence bad faith by the registrant. Other UDRP panels have similarly disingenuously blamed registrants for ICANN-mandated transfer and renewal fees imposed by registrars; panelists argue that the ICANN-mandated transfer is bad faith even though the registrant has no say or participation.
It’s an incredibly ballsy complaint by Vox Pop, given that it is Vox Pop, as the registry, that sets the price for transfers and renewals in .sucks, and that it is Vox Pop, as the Eutelsat panel noted, that has flagged many trademarks as “premium”-tier names that costs thousands of dollars to transfer and renew.
Vox also argues that it is possible for trademark-owners to “forum shop” between the various UDRP providers, in the hope of finding a panel more favorable to intellectual property interests over free speech rights.
It’s certainly not the only ICANN commenter to make this point, but it’s a pretty thin argument in the case of Honey Salt and .sucks.
Vox argues that WIPO repeatedly favors IP rights over free speech rights, and the outcome of Honey Salt’s UDRP cases may indicate why it holds that view.
Of the 20-odd UDRP cases Honey Salt has defended, most were filed with WIPO and all those filed with WIPO resulted in a complainant win. Three were filed with the National Arbitration Forum and three were filed with the Czech Arbitration Court.
The only case Honey Salt won on the merits was Miraplex v Honey Salt, one of the first cases, filed with the Czech Arbitration Court. That panel bought the defense that Everything.sucks was non-commercial free speech.
But one of the panelists in that case later sat on another Czech Arbitration Court case, Cargotec v Honey Salt, which decided in favor of the complaint. The same guy ruling two different ways on almost identical facts does not suggest panelist bias.
While at least one UDRP panel has suggested Honey Salt is just a front for the .sucks registry, Vox Populi has previously denied any connection exists.
Recent Comments