Latest news of the domain name industry

Recent Posts

FSC steps up anti-.xxx campaign

Kevin Murphy, August 16, 2011, Domain Registries

The Free Speech Coalition is trying to rally its supporters into a legal nastygram campaign against ICM Registry ahead of the launch of .xxx next month.
The California-based porn trade group wants webmasters to inform ICM that if it sells their trademarks as .xxx domains, they may sue.
It’s released a template letter (pdf) for members to use. It reads, in part:

ICM is now on notice that the registration of any domain name using the .XXX extension that is identical or confusingly similar to one of the trademarks or domains listed on Exhibit A will violate (COMPANY NAME)’s intellectual property rights and constitute an unfair business practice. ICM must take steps to prevent such activity before it can occur. Failure to take affirmative steps to prevent this conduct will establish ICM’s substantial liability.

The FSC believes that because .xxx is squarely aimed at porn webmasters, it smells like a shakedown a lot more than a more generic-sounding string would.
Its tactics are interesting – encouraging others to issue legal threats instead of doing it itself.
As I’ve previously noted, top-level domain registries based in the US have a pretty good legal defense against cybersquatting suits under the Anticybersquatting Consumer Protection Act.
Whether those defenses extend to claims of trademark infringement is a different matter. As far as I know, a sponsored gTLD manager has never been sued on these grounds.
The .xxx gTLD is of course one of the most cybersquatting-unfriendly namespaces ever, in terms of the number and strength of its trademark protection mechanisms.

Beckstrom strikes back at ANA threat

Kevin Murphy, August 10, 2011, Domain Policy

ICANN president Rod Beckstrom has come out swinging against the latest attack on its new top-levels domains program, promising to “vigorously defend” it.
In his response to a harshly critical missive from the Association of National Advertisers, Beckstrom calls ANA’s claims “either incorrect or problematic in several respects”.
I think “firmly worded” would be an appropriate way to characterize his letter (pdf).
In it, he notes that the new gTLD program has been on the cards since 1998, and has been developed over several years using input from the entire ICANN community, including ANA itself.
He further states that some of the complaints outlined by ANA president Bob Liodice show a lack of research.
As I noted in my interview with Liodice yesterday, ANA seems to think cybersquatting at the top-level will be enabled unless companies defensively apply for their “.brand” gTLDs.
Beckstrom said that these statements “demonstrate a lack of understanding of Program details”.

The letter suggests that companies have no choice but to apply for their own gTLDs. Operating a gTLD means assuming a number of significant responsibilities; this is clearly not for everyone. Indeed, it is hoped that those without an interest in making a contribution to expanded choice or innovation in the DNS will not apply. One clear directive of the consensus policy advice on which the program is built is that TLDs should not infringe the existing legal rights of others. The objection process and other safeguards eliminate the need for “defensive” gTLD applications, because where an infringement of legal rights can be established using these processes, an application will not be approved.

The response goes on to outline some of the mandatory second-level trademark protection mechanisms that have been included in the program’s Applicant Guidebook.
ICANN is arguably on shakier ground here – making use of these mechanisms is still going to cost brand owners time and money, which is the basis of ANA’s objections.
The question now is whether Beckstrom’s responses will be enough to get ANA to call off the dogs.
He has offered to talk to ANA to “to discuss how the ANA might participate more actively in the policy development activities and other ICANN processes going forward”.
That’s specifically not an offer to get into negotiations with ANA about the contents of the Guidebook or to delay the launch of the program.
That was never going to happen, particularly not in response to a thirteenth-hour complaint from an organization that hasn’t commented on the program for the last two years.
Liodice said yesterday that unless ICANN agrees to suspend the program, ANA plans to lobby the US Congress, its Department of Commerce, and may sue.
Reaction from the domain name industry to Beckstrom’s letter has so far been predictably positive.

Advertisers threaten to sue over new gTLDs

Kevin Murphy, August 4, 2011, Domain Policy

The Association of National Advertisers is threatening legal action unless ICANN “abandons” its recently approved new generic top-level domains program.
Its CEO, Robert Liodice, has written to his ICANN counterpart Rod Beckstrom outlining its litany of concerns about new gTLDs.
ANA’s strongly worded arguments will be familiar territory for anyone who has been following development of the program for the last few years.
It’s worried about cybersquatting, typosquatting, phishing, as well as the cost of defensive registrations and post-launch trademark enforcement.
The organization represents 400 companies that collectively spend $250 billion every year on their brands, according to the letter.
It also claims that ICANN shirked its duties by failing to adequately consider the economic impact of the program, and that it failed to develop it in a transparent, bottom-up manner.
Liodice wrote (pdf), with my emphasis:

ICANN must not ignore the legitimate concerns of brand owners and the debilitating effect on consumer protection and healthy markets its unsupervised actions will cause. Should ICANN refuse to reconsider and adopt a program that takes into account the ANA’s concerns expressed in this letter, ICANN and the Program present the ANA and its members no choice but to do whatever is necessary to prevent implementation of the Program and raise the issues in appropriate forums that can consider the wisdom, propriety and legality of the program.

The letter ends with a bunch of legal blah about ANA’s rights and remedies, a pretty obvious indication that it’s considering its legal position.
ICANN should “abandon” the program until ANA’s concerns have been addressed, Liodice wrote.
That’s not going to happen, of course.
There’s no way ICANN can put a halt to the program without basically admitting ANA’s analysis of it has merit.
If ANA wants to stop new gTLDs from going ahead, it’s going to need to do more than send a letter.
The letter is CC’d to the US Department of Commerce and several Congressmen, which suggests that we may see another Congressional hearing into the program before too long.
But will we see a lawsuit as well?
ICANN, at least, has anticipated the likelihood of having to defend itself in court for some time.
About 30% of the the $185,000 application fee – $30 million in a 500-application round – is allocated to various “risks”, of which a legal defense fund is one component.
I’d be surprised if ICANN’s legal team hasn’t war-gamed potential claims and defenses every time the Applicant Guidebook has been updated.
The next five months are going to be very interesting times.

Is 80% of .xxx going to be defensive?

Kevin Murphy, August 4, 2011, Domain Registries

Is the new adults-only top-level domain going to turn out to be just as big of a trademark shakedown as some had feared?
EasySpace, a British domain name registrar, claims that 80% of its .xxx pre-orders are from organizations outside the porn industry.
“Out of the hundreds of businesses that have rushed to pre-register with Easyspace ahead of the opening of the Sunrise phase for .XXX domains on 7 September 2011, only 20% of them are from the adult industry,” the company said in a press release.
EasySpace is just one rather small registrar, of course, and its marketing of .xxx is very much in the “Protect your brand” camp, so its numbers may not necessarily hold up industry-wide.
The company is charging $189.99 ($310) for non-porn defensive registrations, an almost 100% markup on the registry fee.
Still, 80% is a big number, and likely to be used by critics not only of .xxx but of new TLDs in general.

Big Content calls for government new gTLD oversight

Kevin Murphy, August 1, 2011, Domain Policy

The music, movie and advertising industries have backed a US move that could see governments getting more control over the approval of new top-level domains.
They’ve urged the National Telecommunications and Information Administration to keep a proposed rule that would force ICANN to show a new gTLD is in the “global public interest” before giving it the nod.
But they are opposed by many other stakeholders who responded to the NTIA’s Further Notice Of Inquiry on the renewal of ICANN’s IANA contract.
The FNOI resulted in about 35 responses, from companies and organizations on five continents.
The most controversial question posed by the NTIA was whether the IANA contract should include this provision:

For delegation requests for new generic TLDS (gTLDs), the Contractor [ICANN] shall include documentation to demonstrate how the proposed string has received consensus support from relevant stakeholders and is supported by the global public interest.

This was broadly interpreted as a way for governments to have a de facto veto over new gTLD applications, via ICANN’s Governmental Advisory Committee.
The proposed measure has now been supported by the Recording Industry Association of America, the Association of National Advertisers, and the Coalition for Online Accountability, which represents the music and movie industries.
Brand owners want another bite
In his strongly worded response, ANA president Robert Liodice wrote that the new gTLD program “is likely to cause irreparable injury to brand owners”, adding that it supported the NTIA’s proposal.

[It] provides a layer, however thin, of contractual protection that gTLDs will not be deposited to the authoritative root zone without appropriate justification. While the ANA believes that these protections are marginal at best, and that a more secure, safe and permanent solution must be found to prevent the harms to brand owners and consumers described above; nonetheless, “something is better than nothing”

Special interests
The RIAA said in its filing that it “strongly supports” the proposal, on the basis that it thinks .music, if approved as a gTLD, could lead to more online music piracy.

there are no concrete obligations in the latest application guidebook to implement heightened security measures for these types of gTLDs that are focused on particular industries such as record music. Given the the risk that such a gTLD application could pass through the ICANN process without committing to such measures, it should be incumbent on the IANA contractor to document how its entry into the root would meet the “global public interest” standard.

It’s a drum the RIAA, never afraid of making special-interest arguments on matters of internet governance, has been beating for some time.
It stopped short of asking for all existing TLDs (and IP addresses, in the case of peer-to-peer applications) to be banned outright, which would presumably do much more to prevent piracy.
Oh no you ditn’t!
The COA, which includes the RIAA among its members, has the honor of being the first of ICANN’s critics to raise the Peter Dengate Thrush Situation to officially bash the organization.
PDT, as you’ll recall, joined Minds + Machines, likely to be a volume gTLD applicant next year, just a few weeks after he helped push through ICANN’s approval of the gTLD program.
COA counsel Steve Metalitz wrote:

This development tends to confirm COA’s view that “the new gTLD process, like so much of ICANN’s agenda, has been ‘led’ by only a small slice of the private sector, chiefly the registrars and registries who stand to profit from the introduction of new gTLDs.”

If a “check and balance” on addition of these new gTLDs to the root was advisable prior to this announcement, it now appears to be indispensable.

Plenty of ICANN stakeholders on both sides of the new gTLD debate have been calling for a review of ICANN’s ethics policies recently, so the COA is far from alone in highlighting the perception problem PDT’s move, and others, may have created.
It looked dodgy, and people noticed.
But on the other hand…
Many responses to the FNOI take the opposing view – saying that the “global public interest” requirements appear to run contrary to IANA’s technical coordination mandate.
IANA’s statement of work, which mandates IANA staff independence from ICANN policy-making, seems like a very odd place to introduce a vague and highly policy-driven oversight check.
Opposition came from the gTLD registry community and likely applicants, as you might expect, as well as from a number of ccTLD operators, which was perhaps less predictable.
A typical response, from the ccNSO, was:

While recognising and supporting the need for ensuring that new gTLDs have consensus support and are consistent with the global public interest, the ccNSO suggests that the IANA contractor’s role should simply be to verify that ICANN has followed the Guidebook process and that all the evaluation criteria (not just the two referred to) have been met.

A number of responses also call for the strict separation of IANA staff from ICANN’s policy-making functions to be relaxed. The way the NTIA’s proposal is currently worded, it’s not clear if IANA’s experts would be able to provide their input to important work.

FarmVille domain seized from Chinese squatter

Kevin Murphy, July 28, 2011, Domain Policy

Zynga has claimed control of the domain name farmville.co.uk from a Chinese cyberquatter.
The summary decision under Nominet’s Dispute Resolution Service was made July 14, and posted to the Nominet web site today, but the Whois still shows the previous owner.
According to Whois records, the domain was registered July 1, 2009, just a couple of weeks after the popular FarmVille game launched on Facebook.
The domain currently resolves to a Sedo placeholder page.
If this proves anything, it’s that owners of rapidly growing web applications need to keep an eye on their brands in non-core TLDs, because cybersquatters are too.

Bit-squatting – the latest risk to domain name owners

Kevin Murphy, July 26, 2011, Domain Tech

Forget phishing, forget cybersquatting, forget typosquatting, high-value domain name owners may have a whole new threat to worry about – “bit-squatting”.
This appears to be the conclusion of fascinating new research to be presented by Artem Dinaburg at the Black Hat and DEF CON hacker conferences in Las Vegas next week.
Defective internet hardware, it turns out, may be enabling a whole new category of typosquatting that could prove worrying for companies already prone to domain name abuse.
According to a summary of Dinaburg’s research, RAM chips can sometimes malfunction due to heat or radiation, resulting in “flipped bits”, where a 1 turns into a 0 or vice-versa.
Because the DNS uses ASCII encoding, a query containing a single flipped bit could actually send the user to a completely different domain name to the one they intended to visit.
To test the theory, Dinaburg appears to have registered the typo domain name mic2osoft.com. While it’s not visually confusing or a likely typo, in binary it is only one bit different to microsoft.com.
The ASCII binary code for the digit 2 is 00110010, which is only one bit different to the lower-case letter r, 01110010.
The binary for the string “microsoft” is:

011011010110100101100011011100100110111101110011011011110110011001110100

and the binary encoding for “mic2osoft” is (with the single changed bit highlighted):

011011010110100101100011001100100110111101110011011011110110011001110100

Therefore, if that one bit were to be accidentally flipped by a dodgy chip, the user could find themselves sending data to the bit-squatter’s domain rather than Microsoft’s official home.
I would assume that this is statistically only a concern for very high-traffic domains, and only if the bit-flipping malfunction is quite widespread.
But Dinaburg, who works for the defense contractor Raytheon, seems to think that it’s serious enough to pay attention to. He wrote:

To verify the seriousness of the issue, I bit-squatted several popular domains, and logged all HTTP and DNS traffic. The results were shocking and surprising, ranging from misdirected DNS queries to requests for Windows updates.

I hope to convince the audience that bit-squatting and other attacks enabled by bit-flip errors are practical, serious, and should be addressed by software and hardware vendors.

His conference presentations will also discuss possible hardware and software solutions.
For large companies particularly at risk of typosquatting, the research may also present a good reason to conduct a review of their trademark enforcement strategies.
I’m not going to be in Vegas this year, but I’m looking forward to reading more about Dinaburg’s findings.
The annual Black Hat and DEF CON conferences are frequently the venues where some of the most beautifully creative DNS hacks are first revealed, usually by Dan Kaminsky.
Kaminsky is not discussing DNS this year, judging by the agendas.
The conferences were founded by Jeff Moss, aka The Dark Tangent, who joined ICANN as its chief security officer earlier this year.

ICM reveals .xxx launch dates, extends sunrise

Citing demand, ICM Registry has lengthened the .xxx sunrise period, which begins September 8, by three weeks. It will now end October 28, running for 50 days.
The new deadlines apply to all three sunrises, which will run concurrently.
Sunrise A-T – for porn publishers with trademarks.
Sunrise A-D – for porn publishers with matching domains in other TLDs.
Sunrise B – for anyone outside the porn business who wants to “turn off” their trademark in .xxx to prevent cybersquatting.
Successful Sunrise B applicants will see their chosen domains resolve to a standard information page explaining that the domain is not available for registration.
Post-launch, anyone can register a non-resolving domain that returns an NXDOMAIN response, but they’ll have to pay for it annually. Sunrise B applicants pay a one-time fee.
If applicants from Sunrise A and Sunrise B both apply for the same domains, the porn applicant will be given precedence, although they will be warned about possible trademark infringement.
If more than one Sunrise A applicant applies for the same domain, the fight will be taken to an auction, managed by Pool.com. Auction rules will be published at a later date.
The sunsrise is outlined in a policy document (pdf) ICM published on its web site today that sets out the rules for its pre-launch period.
The company has not yet announced details of its Charter Eligibility Dispute Resolution Procedure, nor its Rapid Evaluation Service, though it has said it expects them to cost between $750 and $1,500, depending on what deals it can come to with dispute resolution providers.
The Rapid Evaluation Service, previously referred to as “rapid takedown” will be an interesting one.
It’s expected to be a little like the Uniform Rapid Suspension process ICANN’s new gTLDs will have to implement, except it will only take about 48 hours to take down an obviously cybersquatted domain.
ICM says it expects to publish these policies before the sunrise begins.
Landrush is now expected to run November 8 until November 25. General availability will begin December 6.

Can ICANN make a trademark deal with the GAC?

Kevin Murphy, May 24, 2011, Domain Policy

The ICANN board and its Governmental Advisory Committee have yet to reach agreement on how to protect trademarks in new top-level domains, following their Friday teleconference.
The two parties are still stuck on at least four trademark protect issues, according to sources familiar with the talks, and the GAC is due to provide updated written advice to ICANN tomorrow.
Two of the areas still outstanding were previously marked “1A” in ICANN documents, meaning ICANN’s board believed the GAC’s concerns had already been resolved.
Trademark Claims
Details of the proposed Trademark Clearinghouse database and the related Trademark Claims service are still the subject of debate.
Trademark Claims provides an alert to a trademark holder if somebody tries to register their trademark in a new gTLD. The would-be registrant also gets a warning that they may be infringing rights.
As the Applicant Guidebook stands today, new gTLD managers will have to operate the service for the first 60 days of general availability, but the IP lobby and the GAC believe it should be permanent.
The sticking point for ICANN, as I understand it, is that there’s already a commercial market for brand protection services that have some overlap with Trademark Claims.
Several companies, such as MarkMonitor, CSC and Melbourne IT, offer services that alert customers when somebody appears to infringe their brand in a domain name.
If Trademark Claims ever made it into com and other gTLDs, it could effectively monopolize the brand watch services market. The Clearinghouse(s) will be ICANN contractors, after all.
Remember what happened when VeriSign announced its Wait List Service, which promised to effectively take over the existing domain back-order services market? It wasn’t pleasant.
Proof of Use
ICANN has already dropped its requirement for “substantive review”, but it still requires trademark holders to provide “proof of use” before they can add their marks to the Clearinghouse.
Without proof of use, companies will not be able to file Uniform Rapid Suspension complaints or defensively register their brands during new gTLD Sunrise periods.
The IP lobby and the GAC want this requirement scrapped. Any trademark of national effect should be enforceable using these rights protections mechanisms, they say.
One of the justifications is that some trademarks are obtained before the owner actually launches the product or service they pertain to.
If ICANN were to make these changes, there’s a good chance that bulk-registering bogus trademarks in loose jurisdictions may become an effective strategy for gaming the second level in new TLDs.
This has happened before, such as in .eu, and that wasn’t pleasant either.
Brand+Keyword
The current draft of the Applicant Guidebook only allows exact trademark matches into the Trademark Claims and Sunrise mechanisms.
But the the IP crowd (and, again, the GAC) thinks non-exact matches should be allowed in. In the .com space, the majority of cybersquatting nowadays is of course either a brand+keyword or a typo.
Millions are being needlessly spent on UDRP complaints over typos and brand+keyword domains, and the trademark lobby don’t want to risk having to spend even more.
But there could be implementation problems. Both types of variant could throw up lots of false positives during the Claims service, for example, creating conflicts where there aren’t any.
An automated system designed to scare off typosquatters could catch the generic domain goggles.tld as an infringement of Google’s trademark, to use an obvious example.
If brand+keyword Sunrise claims were allowed, holders of trademarks in generic terms could find themselves with a lucrative payday.
Any company that has a trademark on words such as “free”, “live”, “sexy” or anything that could act as a cool prefix, could have a field day during a Sunrise period.
Uniform Rapid Suspension
I understand a sticking point here continues to be the burden of proof required to make a URS case stick.
It’s currently “clear and convincing evidence”, but the IP lobby and the GAC want it reduced to “preponderance of evidence”, a lower burden.
To non-lawyers, the difference may seem trivial. Both standards are used in civil cases in many countries, but one’s a bit strong than the other.
“Preponderance of evidence” basically means “more likely true than not”, whereas “clear and convincing”… well, it’s a bit stronger than that.
The choice of burdens will have repercussions for years to come. Registrants in new gTLDs will know what they’re getting into, but if URS ever makes it into .com…
The Road to Singapore
It’s less than a month before ICANN’s next major meeting, and only a week until it plans to publish the next version of the Applicant Guidebook.
The ICANN board is due to meet face-to-face (and presumably in public) with the GAC on the first day of the meeting, June 19, but it seems that talks will be ongoing behind the scenes until then.
A great deal of progress has been made, but with complex issues still apparently unsettled (and there are more unresolved issues unrelated to trademarks) it’s little wonder that some are now wondering whether ICANN is as confident as it once was that June 20 is Guidebook Approval Day.

Don’t rush to defensively register .xxx domains

Trademark owners trying to figure out how to protect their brands in the .xxx top-level domain should wait for ICM Registry to reveal its full suite of anti-cybersquatting measures before deciding whether to defensively register a large portfolio of domains.
With registrar prices for sunrise trademark blocks currently hovering around the $300 mark, an especially aggressive enforcement strategy could rack up six-figure bills for large brand holders.
But it may turn out to be more cost-effective to use ICM’s post-launch enforcement mechanisms to fight cybersquatting.
So far, all we’ve seen from ICM is a white paper, prepared by its partner IPRota, that outlines the policies that will be in place during the pre-launch sunrise period.
But the company plans to have some of the most Draconian post-launch IP rights protections mechanisms of any new TLD to date.
If, as a registrant, you think the Uniform Rapid Suspension policy ICANN plans to enforce on new TLDs is tough, you’ll likely have a bigger problem with Rapid Takedown.
Rapid Takedown is expected to be modeled on the Digital Millennium Copyright Act. It will use UDRP experts, but will only take 48 hours to suspend a domain name. ICM has described it like this:

Rapid Takedown
Analysis of UDRP disputes indicates that the majority of UDRP cases involve obvious variants of well-known trademarks. ICM Registry does not believe that the clearest cases of abusive domain registration require the expense and time involved in traditional UDRP filings. Accordingly, ICM Registry will institute a rapid takedown procedure in which a response team of independent experts (qualified UDRP panelists) will be retained to make determinations within 48 hours of receipt of a short and simple statement of a claim involving a well-known or otherwise inherently distinctive mark and a domain name for which no conceivable good faith basis exists. Such determinations will result in an immediate termination of resolution of the domain name, but will not prejudice either party’s election to pursue another dispute mechanism. The claim requirements will be modeled after the Digital Millennium Copyright Act.

It remains to be seen how much this will cost complainants (assuming there is a cost), and there are other unanswered questions such as the duration of the suspension, the ability of the complaint to have the domain transferred and the registrant’s right of appeal.
But it’s clear that trademark holders will very likely have cheaper options than UDRP, which can cost as much as $1,500 for a single domain name.
In addition, ICM plans to permanently ban cybersquatters that are “found to have repeatedly engaged in abusive registration”. Abusers will lose their .xxx portfolios, even their non-infringing domains, and will not be able to register any more.
Combined with Rapid Takedown, and the high price of .xxx domains ($75 a year minimum so far), this will likely make cybersquatting a much less attractive proposition in .xxx than .com.
Trademark holders should wait for their full range of options to be revealed before panicking about high sunrise fees.
It may turn out to be more cost-effective to block just a few primary brands, and leave enforcement of other brands to post-launch mechanisms.