Quantcast
Channel: CircleID: Law
Viewing all 531 articles
Browse latest View live

Enabling Privacy Is Not Harmful

$
0
0

The argument for end-to-end encryption is apparently heating up with the work moving forward on TLSv1.3 currently in progress in the IETF. The naysayers, however, are also out in force, arguing that end-to-end encryption is a net negative. What is the line of argument? According to a recent article in CircleID, it seems to be something like this:

  • Governments have a right to asymmetrical encryption capabilities in order to maintain order. In other words, governments have the right to ensure that all private communication is ultimately readable by the government for any lawful purpose.
  • Standards bodies that enable end-to-end encryption that will prevent this absolute governmental good endanger society. The leaders of such standards bodies may, in fact, be prosecuted for their role in subverting government power.

The idea of end-to-end encryption is recast as a form of extremism, a radical idea that should not be supported by the network engineering community. Is end-to-end encryption really extremist? Is it really a threat to the social order?

Let me begin here: this is not just a technical issue. There are two opposing worldviews in play. Engineers don't often study worldviews or philosophy, so these questions tend to get buried in a lot of heated rhetoric.

In the first, people are infinitely malleable, and will be or should be shaped by someone, with the government being the most logical choice, into a particular moral mold. In this view, the government must always have asymmetry; if any individual citizen, or any group of citizens, can stand against the government, then the government is under direct existential threat. By implication, if government is the founding order of a society, then society itself is at risk.

In the second, the government arises out of the moral order of the people themselves. In this view, the people have the right to subvert the government; this subversion is only a problem if the people are ethically or morally incompetent in a way that causes such undermining to destroy the society. However, the catch in this view is this: as the government grows out of the people, the undermining of the government in this situation is the least of your worries. For if the society is immoral, the government — being made up of people drawn from the society — will be immoral as a matter of course. To believe a moral government can be drawn from an immoral population is, in this view, the height of folly.

What we are doing in our modern culture is trying to have it both ways. We want the government to provide the primary ordering of our society, but we want the people to be sovereign in their rights, as well. Leaving aside the question of who is right, this worldview issue that cannot be solved on technical grounds. How do we want our society ordered? Do we want it grounded in individuals who have self-discipline and constraint, or in government power to control and care for individuals who do not have self-discipline and constraint? The question is truly just that stark.

Now, to the second point: what of the legal basis laid out in the CircleID article? The author points to a settlement around the 3G standard where one participant claimed their business was harmed because a location tracking software was not considered for the standard, primarily because the members of the standards body did not want to enable user tracking in this way. The company stated the members of the standards body acted in a way that was a conspiracy. Hence the actions of the standards body fell under anti-trust laws.

Since there was a settlement, there was no actual ruling, and I'm not a lawyer, but the issues seem different in the case of encryption technology than what was considered in the case pointed to above (TruePosition, Inc. v. LM Ericsson Telephone Co., No. 11-4574 E.D. Pa. Oct. 4, 2012). In the case of encryption technology, it seems, to me, that the case would need to be somewhat different. Assume someone uses a piece of software that implements an encryption standard in the commission of a crime. Turn the software into a car, and the argument would need to look something like this:

Since the car used for the crime depended on tires that were made by a particular company for general commercial use, which depended on the specifications set out by a standards body made up of a number of tire manufacturers in order to allow for interoperability between the various manufacturers in the market, the standards body is responsible for the crime.

I'm just not certain this would be a very compelling argument; you need to take the responsibility from the criminal to the manufacturer, and then from the manufacturer to the standards body. So you would need to prove that the manufacturer created the product primarily for use in a criminal enterprise, and then that the standards body created the standard primarily in order to allow the successful manufacture of (inter-operable) software designed for criminal use. This seems to be a far different line of reasoning than the one used in the case given above.

For the argument against end-to-end encryption to stand, two things must happen. First, we must decide that we want the kind of society where we are essentially wards of an all-knowing state. Second, we must build some sort of legal theory that transfers criminal liability from the criminal to the manufacturer, and to the standards body, the manufacturer participates in through the manufacturer. I am not certain how such a legal theory might work, or am quite certain the unintended consequences of such a theory would be disastrous in many ways we cannot now imagine.

Written by Russ White, Network Architect at LinkedIn


Confusing Similarity of Domain Names is Only a 'Standing Requirement' Under the UDRP

$
0
0

WIPO's newest overview of the Uniform Domain Name Dispute Resolution Policy (UDRP) succinctly states what decisions have made clear through the years: The UDRP's first test is only a "standing requirement."

Standing, under the law, simply means that a person or company is qualified to assert a legal right. It does not mean or imply that one will necessarily prevail on any claims.

The UDRP includes a well-known three-part test that all trademark owners must satisfy to prevail, but the first element has a low threshold. Specifically, that test requires a complainant to establish that the disputed "domain name is identical or confusingly similar to a trademark or service mark in which [it] has rights."

The 'Entirety of a Trademark'

UDRP decisions sometimes contain lengthy discussions about whether the "confusingly similar" test has been satisfied, but WIPO Overview 3.0 indicates that the analysis is really quite simple:

It is well accepted that the first element functions primarily as a standing requirement. The standing (or threshold) test for confusing similarity involves a reasoned but relatively straightforward comparison between the complainant's trademark and the disputed domain name.

This test typically involves a side-by-side comparison of the domain name and the textual components of the relevant trademark to assess whether the mark is recognizable within the disputed domain name....

While each case is judged on its own merits, in cases where a domain name incorporates the entirety of a trademark, or where at least a dominant feature of the relevant mark is recognizable in the domain name, the domain name will normally be considered confusingly similar to that mark for purposes of UDRP standing. [Emphasis added]

This summary doesn't differ dramatically from the previous version of WIPO's overview, which stated that the first test serves "essentially as a standing requirement." But the reference to a domain name containing the "entirety of a trademark" is new.

The WIPO overview "summarize[s] consensus panel views," so it is often seen as an important authority on substantive and procedural issues under the UDRP. Therefore, the references to the "entirety of a trademark" must be taken seriously.

'Subsumed Within' a Phrase

Because the confusing similarity test is only a standing requirement under the UDRP, trademark owners should have little difficulty (in appropriate cases, of course) convincing a panel that this element has been satisfied.

For example, in finding the domain name <richarddunhill.com> confusingly similar to the trademark DUNHILL, the panel rejected the respondent's argument that it "does not use the word DUNHILL standing alone but with the preceding word 'richard'," which "is distinctive and distinguishing." In finding confusing similarity, the panel said that the threshold imposed by the UDRP's first element "is conventionally modest, requiring an objective assessment of whether, for example, the trademark is clearly recognizable in the disputed domain name, even in the presence of additional words or strings."

Interestingly, the new WIPO overview deleted from the previous version a reference to a hypothetical example in which a domain name might not be confusingly similar to a trademark. The old overview said: "While each case must be judged on its own merits, circumstances in which a trademark may not be recognizable as such within a domain name may include where the relied-upon mark corresponds to a common term or phrase, itself contained or subsumed within another common term or phrase in the domain name (e.g., trademark HEAT within domain name theatre.com)."

One reading of this deletion is that a domain name containing a trademark is indeed confusingly similar even if the trademark is "contained or subsumed within another common term or phrase in the domain name" — an indication that the threshold for the first test under the UDRP is quite low.

Of course, a trademark owner's success on the first element of the UDRP does not determine the outcome of the case. Instead, as the WIPO overview makes clear, "Panels view the first element as a threshold test concerning a trademark owner's standing to file a UDRP complaint, i.e., to ascertain whether there is a sufficient nexus to assess the principles captured in the second and third elements."

Written by Doug Isenberg, Attorney & Founder of The GigaLaw Firm

Google Can, at Least for Now, Disregard Canadian Court Order Requiring Deindexing Worldwide

$
0
0

U.S. federal court issues preliminary injunction, holding that enforcement of Canadian order requiring Google to remove search results would run afoul of the Communications Decency Act (at 47 U.S.C. 230)

Canadian company Equustek prevailed in litigation in Canada against rival Datalink on claims relating to trade secret misappropriation and unfair competition. After the litigation, Equustek asked Google to remove Datalink search results worldwide. Google initially refused altogether, but after a Canadian court entered an injunction against Datalink, Google removed Datalink results from google.ca. Then a Canadian court ordered Google to delist worldwide, and Google complied. Google objected to the order requiring worldwide delisting, and took the case all the way up to the Canadian Supreme Court, which affirmed the lower courts' orders requiring worldwide delisting.

So Google filed suit in federal court in the United States, seeking a declaratory judgment that being required to abide by the Canadian order would, among other things, be contrary to the protections afforded to interactive computer service providers under the Communications Decency Act, at 47 U.S.C. 230.

The court entered the preliminary injunction (i.e., it found in favor of Google pending a final trial on the merits), holding that (1) Google would likely succeed on its claim under the Communications Decency Act, (2) it would suffer irreparable harm in the absence of preliminary relief, (3) the balance of equities weighed in its favor, and (4) an injunction was in the public interest.

Section 230 of the Communications Decency Act immunizes providers of interactive computer services against liability arising from content created by third parties. It states that "[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." [More info about Section 230]

The court found that there was no question Google is a "provider" of an "interactive computer service." Also, it found that Datalink — not Google — "provided" the information at issue. And finally, it found that the Canadian order would hold Google liable as the "publisher or speaker" of the information on Datalink's websites. So the Canadian order treated Google as a publisher, and would impose liability for failing to remove third-party content from its search results. For these reasons, Section 230 applied.

Summarizing the holding, the court observed that:

The Canadian order would eliminate Section 230 immunity for service providers that link to third-party websites. By forcing intermediaries to remove links to third-party material, the Canadian order undermines the policy goals of Section 230 and threatens free speech on the global internet.

The case provides key insight into the evolving legal issues around global enforcement and governance.

Google, Inc. v. Equustek Solutions, Inc., 2017 WL 5000834 (N.D. Cal. November 2, 2017)

Written by Evan D. Brown, Attorney

Twitter Worker Who Disabled Trump Account Likely Violated Computer Fraud and Abuse Act, Says Lawyer

$
0
0

A prominent attorney for cybersecurity issues says the unnamed Twitter worker who deactivated President Trump's Twitter account not to say anything and get a lawyer. Joe Uchill reporting in The Hill: "[W]hile the facts of the case are still unclear and the primary law used to prosecute hackers is murky and unevenly applied, there is a reasonable chance the Twitter worker violated the Computer Fraud and Abuse Act. ... The employee could be in a lot of trouble. This was not just unauthorized access, but damage ... noting that causing $5,000 worth of damage could carry a 10-year prison sentence. With the amount of traffic Trump's tweets garner for Twitter's business, that could be fairly easy to prove."

Apple (Not Surprisingly) is Not a Cybersquatter

$
0
0

It's highly unusual for a well-known trademark owner to be accused of cybersquatting, but that's what happened when a Mexican milk producer filed a complaint against Apple Inc. under the Uniform Domain Name Dispute Resolution Policy (UDRP) in an attempt to get the domain name <lala.com>.

Not only did Apple win the case, but the panel issued a finding of "reverse domain name hijacking" (RDNH) against the company that filed the complaint.

The 'LA LA' Story

According to the UDRP decision, Apple obtained the domain name <lala.com> in 2009 when it purchased the online music-streaming company La La Media, Inc. The domain name had been registered in 1996 and was acquired in 2005 by La La Media, which used it in connection with its online music service between 2006 and 2009.

Although Apple stopped operating the La La Music service in 2010, and the corresponding LA LA trademarks were canceled in 2015 and 2017, Apple said that it continues to use the domain name <lala.com> in connection with "residual email services."

Apparently seizing on the cancelled LA LA trademarks, Comercializadora de Lacteos y Derivados filed a UDRP complaint against Apple for the domain name, arguing that it "claims to have used LALA as a trademark before the registration of the Disputed Domain Name, since as early as 1987" — long before Apple acquired <lala.com>.

The complainant further argued that Apple "registered and used the Disputed Domain Name with the bad faith intent to defraud the Complainant's customers" and that "Respondent's passive holding of the Disputed Domain Name constitutes sufficient evidence of its bad faith use and registration."

Apple's 'LA LA' Rights

The UDRP panel rejected these arguments, as well as those related to the UDRP's "rights or legitimate interests" requirement, finding that the complainant had "put these assertions forward without any supporting argumentation or evidence."

Importantly, the panel wrote:

The Panel is of the opinion that, between June 2006 and May 2010, Respondent and its predecessor-in-interest made legitimate use of the Disputed Domain Name to offer bona fide services under its own LA LA mark. These services are unrelated to the Complainant and its LALA mark.

The Panel also wrote:

[T]he fact that the Respondent chose to cease active use of the Disputed Domain Name does not demonstrate in itself that the Respondent has no rights or legitimate interests in the Disputed Domain Name. It is common practice for trademark holders to maintain the registration of a domain name, even if the corresponding trademark was abandoned, e.g., following a rebranding exercise. Apart from the goodwill that might be associated to the trademark, the domain name in question may have intrinsic value. In the case at hand, the Panel notes that the term "la-la" is often used as a nonsense refrain in songs or as a reference to babbling speech, and that there are many concurrent uses of the "LALA" sign as a brand. In such circumstances, a domain name holder has a legitimate interest to maintain the registration of a potentially valuable domain name.

(Interestingly, the panel said nothing about "La La Land," the 2016 movie that won six Academy Awards — and which uses the domain name <lalaland.movie>.)

After its conclusion in favor of Apple, allowing the computer company to keep the domain name, the panel found that the "Complainant was, or should have been aware, of [Apple]'s bona fide acquisition and use of the Disputed Domain Name" and that it "must have been aware, before filing the Complaint, that the Disputed Domain Name has never be[en] used to target the Complainant or trade on its goodwill."

As a result of this finding, the panel said that the Complainant had engaged in RDNH, which is reserved for situations in which a complaint was brought in bad faith and constitutes an abuse of the UDRP process.

Lessons from 'LA LA'

The <lala.com> case is interesting for many reasons, including the panel's findings about the impact of expired trademarks and the multiple uses for some trademarks.

But the case is probably most interesting simply because it was filed against Apple — a 40-year-old company that is ranked No. 1 on Interbrand's list of "best global brands" and has quarterly revenue of $52.6 billion. Companies of this sophistication and stature typically aren't sloppy enough to own problematic domain names, and anyone who files a UDRP complaint against a company of this size should expect a rigorous legal fight.

Plus, not surprisingly, companies like Apple are typically filing (not defending) domain name disputes. Apple has filed at least 37 UDRP complaints through the years, but the <lala.com> case appears to represent the first time that it had to defend itself against a claim of cybersquatting.

This case holds a lesson not only for companies considering filing a domain name complaint against a large and well-known trademark owner (be prepared for an uphill battle), but also for the trademark owners themselves: No one is immune from having a domain name dispute filed against it, so be ready to file a quick and effective response.

Written by Doug Isenberg, Attorney & Founder of The GigaLaw Firm

Court Finds Anti-Malware Provider Immune Under CDA for Calling Competitor's Product Security Threat

$
0
0

Plaintiff anti-malware software provider sued defendant — who also provides software that protects internet users from malware, adware etc. — bringing claims for false advertising under the Section 43(a) of Lanham Act, as well as other business torts [Enigma Software Group v. Malwarebytes Inc., 2017 WL 5153698 (N.D. Cal., November 7, 2017)]. Plaintiff claimed that defendant wrongfully revised its software's criteria to identify plaintiff's software as a security threat when, according to plaintiff, its software is "legitimate" and posed no threat to users' computers.

Defendant moved to dismiss the complaint for failure to state a claim upon which relief may be granted. It argued that the provisions of the Communications Decency Act at Section 230(c)(2) immunized it from plaintiff's claims.

Section 230(c)(2) reads as follows:

No provider or user of an interactive computer service shall be held liable on account of —

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or

(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in [paragraph (A)].

Specifically, defendant argued that the provision of its software using the criteria it selected was an action taken to make available to others the technical means to restrict access to malware, which is objectionable material.

The court agreed with defendant's argument that the facts of this case were "indistinguishable" from the Ninth Circuit's opinion in in Zango, Inc. v. Kaspersky, 568 F.3d 1169 (9th Cir. 2009), in which the court found that Section 230 immunity applied in the anti-malware context.

Here, plaintiff had argued that immunity should not apply because malware is not within the scope of "objectionable" material that it is okay to seek to filter in accordance with 230(c)(2)(B). Under plaintiff's theory, malware is "not remotely related to the content categories enumerated" in Section 230(c)(2)(A), which (B) refers to. In other words, the objectionableness of malware is of a different nature than the objectionableness of material that is obscene, lewd, lascivious, filthy, excessively violent, harassing. The court rejected this argument on the basis that the determination of whether something is objectionable is up to the provider's discretion. Since defendant found plaintiff's software "objectionable" in accordance with its own judgment, the software qualifies as "objectionable" under the statute.

Plaintiff also argued that immunity should not apply because defendant's actions taken to warn of plaintiff's software were not taken in good faith. But the court applied the plain meaning of the statute to reject this argument — the good faith requirement only applies to conduct under Section 230(c)(2)(A), not (c)(2)(B).

Finally, plaintiff had argued that immunity should not apply with respect to its Lanham Act claim because of Section 230(e)(2), which provides that "nothing in [Section 230] shall be construed to limit or expand any law pertaining to intellectual property." The court rejected this argument because although the claim was brought under the Lanham Act, which includes provisions concerning trademark infringement (which clearly relates to intellectual property), the nature of the Lanham Act claim here was for unfair competition, which is not considered to be an intellectual property claim.

Written by Evan D. Brown, Attorney

Domain Name Disputes Deja Vu: Panavision.com and Panavision.org

$
0
0

History, it has been said, repeats itself. The same can be said of domain name disputes, as demonstrated by a pair of cases involving the same trademark ("Panavision") filed more than 20 years apart with remarkably similar facts.

I can't hear the name "Panavision" without thinking about the origins of domain name disputes, so a decision involving <panavision.org> — coming more than two decades after litigation commenced over <panavision.com> — immediately made me nostalgic.

The <panavision.com> case in the mid-1990s pre-dated the creation of the Uniform Domain Name Dispute Resolution Policy (UDRP), the popular legal tool now used by trademark owners — including in the new <panavision.org> case. Indeed, the original Panavision domain name lawsuit probably was partly responsible for the creation of the UDRP, which is a less-expensive and quicker alternative to litigation.

The New Panavision Case (UDRP)

Panavision International, L.P. (a photographic equipment company) won the recent UDRP dispute over <panavision.org>. In the decision, the panel seemed largely influenced by the fact that the registrant of the domain name apparently offered to sell it to Panavision for $5 million. Also, the panel found the registrant's explanation that it obtained the domain name to offer a "view of Panama" was "not credible."

Interestingly, although the UDRP decision does not discuss any history of the <panavision.org> domain name, it appears that it has changed hands through the years since the registrant in the UDRP case registered it only in 2017. But a search of the Internet Archive's Wayback Machine shows that the domain name existed for many years prior to that.

Indeed, a website using the domain name in 2001 contains an email sent by Panavision to the then-current registrant of the domain name, requesting a transfer! Whatever became of that dispute is unclear, but apparently, Panavision decided (correctly) that it could obtain a winning UDRP decision to transfer the domain name 16 years later.

The Original Panavision Case (U.S. Federal Court)

The original <panavision.com> case — litigated in federal courts in California — was incredibly similar to the new <panavision.org> case. In the earlier case, the defendant, Dennis Toeppen, used the domain name to display aerial views of Pana, Illinois and offered to sell it to Panavision for $13,000.

Toeppen also had registered other domain names containing well-known trademarks (many of which resulted in other lawsuits against him), including <deltaairlines.com>, <neiman-marcus.com>, and <yankeestadium.com>.

The <panavision.com> case was unprecedented at the time and paved the way for many domain name disputes that followed. Interestingly, because domain name disputes (and even the Internet) was new, the 1996 district court decision went to great lengths to explain what the Internet was, noting that "businesses have begun to use the Internet to provide information and products to consumers and other businesses."

The <panavision.com> case ultimately reached the U.S. Court of Appeals for the Ninth Circuit, which affirmed a district court decision that Toeppen had violated the new Federal Trademark Dilution Act, writing, "We reject Toeppen's premise that a domain name is nothing more than an address." The court concluded:

Using a company's name or trademark as a domain name is also the easiest way to locate that company's web site. Use of a "search engine" can turn up hundreds of web sites, and there is nothing equivalent to a phone book or directory assistance for the Internet ...

Moreover, potential customers of Panavision will be discouraged if they cannot find its web page by typing in "Panavision.com," but instead are forced to wade through hundreds of web sites. This dilutes the value of Panavision's trademark. We echo the words of Judge Lechner, quoting Judge Wood: "Prospective users of plaintiff's services who mistakenly access defendant's web site may fail to continue to search for plaintiff's own home page, due to anger, frustration or the belief that plaintiff's home page does not exist." ...

Toeppen's use of Panavision.com also puts Panavision's name and reputation at his mercy.

Other Panavision UDRP Cases

The old <panavision.com> case and the new <panavision.org> dispute are not the only domain name disputes that Panavision has pursued. The company has filed at least nine other UDRP complaints through the years, for such domain names as <panavision.net> (which it won); <panavisions.com> (which it also won); and, <pannavision.net> and <pannavision.org> (which it lost).

In the decision that Panavision lost, the panel wrote that it was "satisfied based on the record before it that the Respondent presented credible evidence that the Domain Names were chosen because of their connection to the name of the Respondent's founder [Panna Jaroch] and that while the Respondent was aware of the Complainant's trademark rights, it acted on a good faith belief that its use of the Domain Names in connection with services that are not related to the Complainant's goods and services did not violate the Complainant's rights."

Differences and Similarities

Obviously, much has changed in the two decades since the original <panavision.com> case. For example, Google, which was launched in 1998 while the Panavision case was still active, certainly today could be considered "a phone book or directory assistance for the Internet." Plus, the UDRP has overtaken trademark law as the chosen method for resolving domain name disputes.

But also, as the new <panavision.org> decision illustrates, much has not changed through the years: A domain name registrant can still register a well-established trademark in a popular top-level domain, create a website under a pretext of establishing legitimacy, and offer to sell the domain name to the rightful trademark owner for an exorbitant amount.

Plus ça change, plus c'est la même chose.

Written by Doug Isenberg, Attorney & Founder of The GigaLaw Firm

Internet Regulation in the Age of Hyper-Giants

$
0
0

As we enter the seventh round of the net neutrality fight, advocates continue to make the same argument they've offered since 2002: infrastructure companies will do massive harm to little guys unless restrained by strict regulation.

This idea once made intuitive sense, but it has been bypassed by reality.

Standing up for the Little Guy

When Tim Wu wrote his first net neutrality paper, the largest telecoms were Verizon, AT&T, and SBC; they stood at numbers 11, 15, and 27 respectively in the Fortune 500 list.

Microsoft, Apple, and Amazon ranked 72, 325, and 492; Google was an unranked startup and Facebook wasn't even an idea.

Today these five are America's largest corporations, with combined market caps in excess of three trillion dollars. Smaller tech companies have thrived beyond our wildest dreams.

The Internet as We Knew It

The rise of these powerhouse companies to economic dominance brought massive changes to the organization of the Internet. In the early days of the web, companies housed their websites on single computers located in well-connected hosting centers.

They reached the Internet in essentially the same way consumers do today: companies paid specialized Internet Service Providers who connected to each other over backbones operated by still more specialized companies such as WorldCom and Level 3.

The neutrality concept was limited to the connections between ISPs and backbone companies. Neutrality made sense, even if it was never the only way to run a railroad.

The New Internet

Backbones are disappearing from today's Internet. Small companies use Content Delivery networks such as Akamai to accelerate their pages by connecting directly to ISPs in multiple locations.

The Big Five have their own private CDNs, connecting as the public providers do. Hence, the traditional distinction between scrappy content companies and Big Telecom is much less meaningful.

Relationship Status: It's Complicated

This is a bitter pill for career telecom policy wonks to swallow because the content vs. carriage distinction has been a hallowed principle of telecom policy since the FCC's first "Computer Inquiry" in 1966.

To make things even more complicated, the Big Five are increasingly invested in providing services to competitors. Amazon's industry-leading cloud computing service, AWS, is indispensible to its video streaming rival Netflix.

The End of the Internet

Congress discovered net neutrality in 2005 when advocacy groups insisted offhand remarks by phone company officers were portents of doom. Congressman Ed Markey (D, Mass.) and others offered net neutrality bills touted as indispensible. Chief talking point: "It's the end of the Internet as we know it."

Senator Al Franken (D, Minn.) wants to apply net neutrality to websites, and others want to apply it to new CDNs and protective infrastructure services such as Cloudflare.

Calls for expansion of net neutrality's reach make a curious kind of sense, given new business models and the reorganization of the Internet. Cloudflare claims the power to reduce the speed of individual Internet users, such as FCC chairman Ajit Pai.

Simple Rules for Complex Times

More than anything else, net neutrality is a prediction, holding that deregulated ISPs would destroy the Internet. They're claimed to have unique incentives to harm innovation as well as unparalleled power. While the FCC has paid lip service to its importance from time to time, prior to 2015, the Commission did little of lasting significance to carry it out.

The Internet has thrived in a largely deregulated legal regime regardless. But it's not devoid of problems. Not only does fake news affect elections, the Internet is friendly to crime and has become highly concentrated. The prediction that the Internet's decentralized nature would be the end of intermediaries didn't exactly pan out.

In Praise of Chaos

But we should never expect the Internet to be orderly and well-behaved; it's a human system after all. Disruption is the hallmark of the Internet. While extremes of misbehavior on the Internet are worthy of investigation, policymakers should be reluctant to cave into politically motivated fear campaigns.

If nothing else, the Internet is a dynamic system fully capable of transforming itself in the face of threats to its survival.

The Restoring Internet Freedom order up for vote at the FCC on December 14th certainly is intended to upend the current status quo. While some of its side effects may very well be unsettling, I suspect its overall impact will be positive.

But the impact of the new regime is likely to be very small because it is, in fact, essentially the pre-2015 status quo.

This article was originally published at High Tech Forum.

Written by Richard Bennett, Consultant


2017 Domain Name Year in Review

$
0
0

Given that it's been a few years since my last domain name year in review, I've really enjoyed looking back at this year's biggest domain name stories and seeing how this industry has evolved. This year, in particular, has seen some notable changes which are likely to impact the domain name landscape for years to come. So without further ado, here is my list for 2017:


* * *

10. Mergers and acquisitions continue to shape the domain industry landscape

Earlier this year, Onex Corporation and Baring Private Equity Asia announced their acquisition of MarkMonitor, and Vespa Capital announced their investment in Com Laude and Valideus. In addition, Donuts announced their acquisition of Rightside Group. It appears that more than ever, investors see the value in the domain name industry's recurring revenue models.

9. .Com domains still fetching low seven-figures on the secondary market

According to DNJournal, .com domain names such as fly.com, freedom.com and ETH.com are still commanding low seven-figures on the secondary market. While there may be some softening in the market, those who can afford to wait for the right buyer can still strike it rich.

8. Some .Brands begin actively marketing with their TLDs

While the floodgates haven't exactly opened, there are now a number of well-known .Brands which are actively leveraging their TLDs including Fox, Barclays and AXA with thepredator.fox, home.barclays and fizzy.axa, respectively. Although most notable is Amazon with their highly visible campaign for buildon.aws.

7. New gTLD registrations stand at 23.5 million domain names

Down from a high of 29.4 million registrations in April of this year, new gTLD registrations total 23.5 million domains as of today. According to nTLDstats.com, there are 1223 new gTLDs of which the top 5 TLDs by registration are currently .xyz, .top, .loan, .club and .win. Approximately 61.4% of new gTLD registrations are parked.

6. .Com and .net new domain registration growth slows

The Q2 2017 Verisign Domain Name Industry Brief reported that, ".Com and .net TLDs had a combined total of approximately 144.3 million domain name registrations" representing a 0.8 percent increase year over year. The same report for the previous year stated, that ".com and .net TLDs experienced aggregate growth, reaching a combined total of approximately 143.2 million domain name registrations" representing a 7.3 percent increase year over year.

5. Greater representation of IP interests at ICANN

With the appointment of Sarah Deutsch to the ICANN Board and Heather Forrest to the Chair of the GNSO Council, representation of IP interests at ICANN has never been greater. Sarah is currently Senior Counsel at Winterfeldt IP Group, bringing more than 30 years of experience in intellectual property law. Heather Forrest is an Associate Professor in Law at the University of Tasmania.

4. Expired domain results in critical outage

Always shocking are stories of outages resulting from expired domain names. While not the only outage this year, Sorenson Communications in Utah failed to renew a critical domain which resulted in an outage to critical services such as 911 for those with hearing or speech disabilities. As a result of the outage, Sorenson was required to reimburse the FCC $2.7 million and pay fines of $252,000.

3. Federal officials raid the .Cat registry amidst political turmoil

In September of this year, the Spanish government ordered the .Cat Registry to remove all .cat domains being used to support the Catalan independence referendum. In a raid by federal officials, .Cat's Director of Innovation and Information Systems, Pep Masoliver was arrested and subsequently released after more than 60 hours of detention, accused with charges of embezzlement, prevarication and disobedience.

2. ICANN delays KSK rollover

According to ICANN, "The changing or 'rolling' of the KSK Key was originally scheduled to occur on 11 October, but (was) delayed because some recently obtained data (showed) that a significant number of resolvers used by Internet Service Providers (ISPs) and Network Operators (were) not yet ready for the Key Rollover." Fortunately, the issue was identified in time, as "an estimated one-in-four global Internet users, or 750 million people, could (have been) affected by the KSK rollover."

1. WHOIS takes center stage, again

With GDPR, WHOIS has once again has taken center stage. The new privacy regulation will profoundly impact access to WHOIS. As it stands now, domain name registries and registrars are making preparations to comply with the new regulation, although no standards have been formalized. That said, ICANN has committed to providing feedback via their compliance team to help registries and registrars understand whether their respective approaches comply with ICANN requirements. ICANN has also stated that they will refrain from issuing breach notices related to WHOIS during this interim period.

* * *

So what will 2018 bring?

Certainly lots more discussion around the impact of GDPR, especially as it relates to the needs of brand owners and law enforcement to access the information to address issues of infringement and abuse. I believe that ICANN will also come under greater pressure to a least provide some general guidelines to registries and registrars. Whether they actually do remains to be seen.

I also suspect that we'll continue to see continued M&A activity in the domain market.

And finally, I think we'll see more .Brand registries starting to actively use their TLDs.

Of course, after 15 years, I should know better than to make ANY predictions. As we all know, this industry is really like no other, and I (like many others) will be watching and waiting to see what comes next.

Written by Elisa Cooper, SVP Marketing and Policy at Brandsight, Inc.

Eliminating Access to WHOIS - Bad for All Stakeholders

$
0
0

Steeped deep in discussions around the European Union's General Data Protection Regulation (GDPR) for the past several months, it has occurred to me that I've been answering the same question for over a decade: "What happens if WHOIS data is not accessible?" One of the answers has been and remains the same: People will likely sue and serve a lot of subpoenas.

This may seem extreme, and some will write this off as mere hyperbole, but the truth is that the need for WHOIS data to address domain name matters will not disappear. Without the WHOIS system to reference — including automated access for critical functions — there will be no starting point and nowhere else to turn but to the registries and registrars who would need to address requests on ad-hoc and non-standardized terms. Contracted parties concerned with the cost of doing business should take note!

Today WHOIS data is used to: resolve matters involving domain name use/misuse/ownership; conduct investigations into the myriad of criminal activities involving domain names; carry-out day-to-day business transactions such as the routine tasks associated with managing domain name portfolios; buying and selling domain names; and protecting brands and IP — just to name a few uses.

Creating barriers to WHOIS access for such uses would unnecessarily increase risks and disputes for domain name registrants and create enormous burdens on all stakeholders — not the least of which would include significantly increased registry and registrar compliance burdens with substantial additional expenditure of resources. Simply put, unless an automated system for obtaining or verifying registrant contact information is maintained, we are likely to force a situation where parties need to pursue unprecedented quantities of Doe suits and subpoenas, and enter into motion practice (e.g., motions to compel) to access registrant data.

This is simply unnecessary!

The GDPR offers bases for maintaining a system for obtaining or verifying registrant contact information, including within Art. 6(1)(b) (performance of a contract), Art. (6)(1)(e) (performance of a task carried out in the public interest), and Art. 6((1)f) (legitimate interests). Moreover, having anticipated the GDPR and debated for nearly two decades the privacy aspects and concerns raised by the WHOIS system, the ICANN community has already produced numerous detailed recommendations that go toward addressing many of the concerns under discussion today (e.g., Final Report from the Expert Working Group on gTLD Directory Services: A Next-Generation Registration Directory Service). The existing ICANN community work product should be leveraged to simplify the task of accommodating existing contractual obligations and the GDPR with a model or "Code of Conduct" that reconciles the two. A Code of Conduct (as allowed for and encouraged under Articles 40 and 41 of the GDPR) is an especially attractive and efficient means for associations or other bodies like ICANN representing controllers or processors to demonstrate compliance with the GDPR through binding and enforceable promises that can be developed, approved, and enforced in a uniform manner — reducing risk and creating market efficiencies for all involved through reliance on a uniform "code" that has European Commission approval.

I'm hopeful that before our community heads down a path that could result in a system with fewer benefits for all stakeholders, we recognize that the WHOIS system is an important tool maintained and used to serve the public interest and that we work together to preserve this system in a manner that reconciles existing contractual obligations and the GDPR for the benefit of all involved.

Written by Fabricio Vayra, Partner at Perkins Coie LLP

"Restoring" Internet Freedom for Whom?

$
0
0

Recently, a colleague in the Bellisario College of Communications asked me who gets a freedom boost from the FCC's upcoming dismantling of network neutrality safeguards. He noted that Chairman Pai made sure that the title of the FCC's Notice of Proposed Rulemaking is: Restoring Internet Freedom. My colleague wanted to know whose freedom the FCC previously subverted and how removing consumer safeguards promotes freedom.

With an evaluative template emphasizing employment, innovation and investment, one can see that deregulation benefits enterprises that employ, innovate and invest in the Internet ecosystem. However, the Pai emphasis lies in ventures operating the bit distribution plant reaching broadband subscribers. The Chairman provides anecdotal evidence that some rural wireless Internet Service Providers have curtailed infrastructure investment because of regulatory uncertainty, or the incentive-reducing impact of network neutrality. If the FCC removes the rules, then rural ISPs and more market impactful players like Verizon and Comcast will unleash a torrent of investment, innovation and job creation.

O.K. let us consider that a real possibility. Let's ignore the fact that wireless carriers have expedited investment in next-generation networks during the disincentive tenure of network neutrality requirements.

To answer my colleague's question, I believe one has to consider ISPs as platform intermediaries who have an impact both downstream on end users and upstream on other carriers, content distributors and content creators. My research agenda has pivoted to the law, economics and social impact of platforms.

Using the employment, innovation and investment criteria, the FCC also should have considered the current and prospective freedom quotient for upstream players. Do nearly unfettered price and quality of service discrimination options for ISPs impact upstream ventures' ability to employ, innovate and invest more?

Assume for the sake of discussion that ISPs can block, throttle, drop and prioritize packets. A plausible, worst case scenario has an innovative market entrant with a new content-based business plan less able to achieve the Commission's freedom goals. Regardless whether you call it artificial congestion, the potential exists for an ISP to prevent traffic of the content market entrant from seamless transit. The ISP could create congestion with an eye toward demanding a surcharge payment, even though the market entrant's traffic had no possibility of itself creating congestion. The ISP also might throttle traffic of the innovative newcomer if its market entry might adversely impact the content market share and profitability of the ISP, its affiliates and its upstream content providers that previously agreed to pay a surcharge.

Of course network neutrality opponents would object to this scenario based on the summary conclusion that an ISP would never degrade network performance, or reduce the value proposition of its service. The airlines do this and so would an ISP if it thought it could extract more revenues given the lack of competition and the inability of consumers on both sides of its platform to shift carriers.

ISPs do not operate as charities. The FCC soon will enhance their freedom which translates into higher revenues and possibly more customized service options for consumers willing to pay more.

Before the FCC closes shop and hands off any future dispute resolution to the generalist FTC consider this scenario. Subscribers of Netflix, or the small content market entrant discussed above, suddenly see their video stream turn into slideshows. The FTC lacking savvy as to the manifold ways ISPs can mask artificial congestion and network management chicanery orders an investigation with a "tight" six-month deadline for reported findings.

Just how long after the onset of degraded service will video consumers get angry and cast about for a villain? Might the list of candidates include Congress, the FTC and FCC?

Written by Rob Frieden, Pioneers Chair and Professor of Telecommunications and Law

A Digital 'Red Cross'

$
0
0

A look into the past reveals that continuous developments in weaponry technology have been the reason for arms control conventions and bans. The banning of the crossbow by Pope Urban II in 1096, because it threatened to change warfare in favour of poorer peasants, the banning of poisoned bullets In 1675 by the Strasbourg Agreement, and the Geneva protocol banning the use of biological and chemical weapons in 1925 after world war 1, all prove that significant technological developments have caused the world to agree not to use certain weapons.

Today, another technology, the cyberspace, poses a new and unique threat. Unlike in the past where there was a separate battlefield, free of civilians, the cyberspace is us, everyone using the Internet. We have seen cyber threats evolve from criminals trying out new ways of robbery and extortion to nations states increasing interested and carrying out cyber attacks. Attacks like those on Sony Pictures in 2014, just because they exercised freedom of speech, the Russian attack on the Ukranian power grid in 2015 and even the 2016 cyber attack on the American political system are testaments to this fact.

With 4 billion users and multi-million dollar businesses depending on the Internet ecosystem, policies that preserve the open, stable and secure Internet is important. That is why Microsoft president, Brad Smith called for a digital Geneva Convention earlier this year. If the Microsoft President's claim, that "74 percent of the world's businesses expect to be hacked each year" are indeed true, then the private sector has reason to worry. A digital Geneva convention to protect civilians on the Internet where the private sector is neutral and first responders is necessary. A convention that mandates nations not to cyberattack the private sector nor a nation's critical infrastructure. And just like it was resolved in the 1949 Geneva convention for a neutral and independent organization to ensure humanitarian protection and assistance in times of war and conflict, the digital convention should bring together actors from public and private sectors to create a neutral and independent organization that can investigate and attribute attacks to specific nations. Publicly sharing such information might deter nations from engaging in attacks.

A lot of progress has already been made by companies like Google, Microsoft and Amazon in fighting cyberattacks especially in areas like spam and phishing attacks but more still needs to be done. A collaborative effort from the private sector will achieve a lot more as first responders to nation-states cyberattacks. A commitment of a hundred percent defense and zero offense by the tech industry — as recommended by the Microsoft President, must be collectively made.

Written by Tomslin Samme-Nlar, Technical Delivery Lead

Why UDRP Panelists Must Follow the Policy: A Look at the Devex.org Decision

$
0
0

Observers of the UDRP are aware that ICANN has substantially abrogated responsibility for oversight of the UDRP. ICANN accredits dispute resolution providers (DRPs) without requiring a contract so that the DRPs are held to no enforceable standards. DRPs, in turn, accredit panelists and similarly hold them to no known standards. Once accredited, panelists can largely do what they please as there is no established mechanism for complaint, investigation, remedial action, or de-accreditation based upon non-observance of the Policy and its accepted interpretations. As a result of the absence of oversight, each UDRP panelist is effectively permitted, without fear of consequence, to fashion his or her own unique interpretation of the UDRP which may be completely at odds with established consensus views. Such errant panelists detract from the credibility of the UDRP and undermine the predictability and stability of the dispute resolution system by issuing decisions which are capricious and unreliable. A clear example of this is the recent decision made by a UDRP panelist in a case involving the domain name devex.org.

On November 27, 2017, the National Arbitration Forum (NAF) issued a decision regarding the domain name, devex.org. The Panelist, who is accredited by both NAF and WIPO, ordered that the domain name be transferred away from its registrant and given to a trademark registrant. The Panelist's ruling wildly departed from established precedent and amounted to the Panelist's own personal interpretation of the Policy. The Panelist inexplicably ruled that the disputed domain name was "registered and used in bad faith," notwithstanding that it was registered long before the complainant's trademark even existed. By the complainant's own admission, the complainant did not even adopt DEVEX as a mark until at least 2008, whereas the domain name was registered by the respondent in 2005 — three years earlier. The Panelist, therefore, found what amounts to a chronological 'impossibility'; that the registrant had registered the domain name 'in order to take unfair advantage of a trademark' which did not even exist.
It is well-established that it is generally impossible for a domain name to have been registered in bad faith when it pre-dates a complainant's trademark rights (See, for example, WIPO Consensus View 3.0, at Section 3). Indeed, until recently, the devex.org Panelist himself expressly agreed with this consensus and even went so far as to forcefully expound upon it in an earlier decision from 2010 [1]:

"The undisputed facts in this matter foreclose a finding of bad faith registration and use under Policy 4(a)iii. While Complainant currently has trademark rights in the at-issue mark by virtue of its RIVERON trademark registration, such rights do not magically relate back to the time that Respondent first registered the domain name, a time well prior to Complainant's first use of its mark.

Normally speaking, when a domain name is registered before a trademark right is established, the registration of the domain name was not in bad faith because the registrant could not have contemplated the complainant's non-existent right." [emphasis added]

It was therefore apparently obvious to the Panelist until relatively recently that it would require "magic", as he had put it, for a domain name to be registered in bad faith when there was no corresponding trademark right in existence.

However, in the devex.org decision, the Panelist evidently abandoned his previous rational interpretation of the Policy which is widely acknowledged by UDRP panelists as forming the general consensus view [2]. Instead, the Panelist fashioned his own radical and unsupported approach to 'bad faith registration'. In devex.org, while the Panelist conceded that the established "doctrine recognizes that the registrant/respondent could not have contemplated the complainant's non-existent rights at the time it registered its domain name and thus could not have acted in bad faith", he nevertheless claimed that an "exception" exists that entitled him to find bad faith registration even without a trademark in existence.

The Panelist pointed to the WIPO Consensus View 2.0 [3], claiming that it enabled a finding of bad faith registration when a domain name is registered "to take advantage of the confusion between the domain name and any potential [though not yet created] complainant rights". Indeed there is an exception to the general rule described in the Consensus View 2.0 [4], but as is readily apparent that in order to rely upon the exception, the respondent must be have been "clearly aware of the complainant" and its nascent trademark rights.

Examples of the correct application of the exception are referenced by the Consensus View, and include situations such as: a) where a domain name is registered after a publicized merger between companies but before any new trademark rights in the combined entity have arisen; b) where a domain name is registered as a result of a widely anticipated product launch, but the trademark has not yet been adopted; or c) where the registrant uses inside information about the imminent adoption of a trademark. The key in such exceptional situations is that the registrant is targeting a specific company based on information that a new trademark will shortly be adopted. The exception clearly does not apply where a registrant registers a domain name before the complainant itself is even aware of its mark.

In the devex.org case, there was simply no evidence of any "front running". There was no evidence of "awareness of the complainant" nor was there any evidence of any "nascent" trademark rights. Rather, the undisputed evidence was that the respondent clearly registered the domain name before it was even a twinkle in the complainant's eye.

The essence of the Policy is that bad faith requires targeting of a specific trademark both in the registration and use of the disputed domain. As discussed above, such a finding is an impossibility when the trademark does not exist at the time of the domain's registration. Undeterred, however, the Panelist found that 'the purpose of the domain name registration was to take advantage of an unidentified trademark owner "at some time in the future" in the event that such a trademark ever came into existence'. The Panelist thereby created out of thin air a brand new concept of 'anticipatory' bad faith registration which is totally unsupported by the Policy and consensus views on its interpretation.

According to this Panelist, an innocent person who registers a domain name free of any trademark rights whatsoever by anyone, anywhere, which 13 years later becomes attractive to a company who has on its own volition, decided to launch a product under a corresponding brand even though the domain name is already spoken for, is guilty of "anticipatory" bad faith. In other words, an undeniably good faith registration can be transformed into a bad faith registration simply because the registrant speculatively registered the domain name in the hopes or expectation that one day someone would want to adopt a corresponding brand and would, therefore, be willing to purchase the rights to the corresponding domain name.

There is, however, no such thing as "anticipatory bad faith" in the Policy, nor is any such notion an accepted interpretation of the Policy. In fact, the opposite is true; speculating in un-trademarked, brand-able domain names is well established under the Policy as a "legitimate interest". For example, as held in Alphalogix, Inc. v. DNS Services d/b/a MarketPoints.com – New Media Branding Svcs., NAF Claim Number: FA0506000491557, and as unanimously followed by the three-member Panel in Arrigo Enterprises, Inc. v. PortMedia Domains, NAF Claim Number: FA1304001493536, the business of creating and supplying names for new entities is a "legitimate activity in which there are numerous suppliers in the United States". Indeed, there is a lawful massive, multi-million dollar aftermarket for the trading in un-trademarked, descriptive, or generic domain names which may be attractive to end-users, as demonstrated by, for example, Sedo and Godaddy, both of which operate successful domain name marketplaces. Under the Panelist's view, any registration in the hopes of it becoming valuable to a company who decides to adopt a corresponding brand would render the registration as having been undertaken in "bad faith" and would effectively outlaw domain name speculation, period.

Moreover, the Panelist took the essence of the Policy, namely intent, and flipped it on its head. The Panelist expressly conceded that "[2016] was arguably the first time when Complainant had a claim against Respondent", thereby implicitly admitting that for a period of 13 years, from the date of registration in 2003 onwards to 2016, the registration was in good faith. Nevertheless, the Panelist found the registration in 'bad faith' from the very moment that the registration was made. It was not until the moment that the complainant chose to adopt as a trademark a term which it likely knew had already been registered as a domain name by another party, that the initial registration 13 years prior supposedly "revealed" itself to be a 'bad faith registration'. The absurdity of the Panelist's position is that the only "intent" exercised at that moment, was by the complainant in adopting the trademark, not by the registrant who had registered the domain name many years before. Accordingly, it was, in fact, the complainant itself who instigated and indeed created this supposed bad faith.

So why would the Panelist, who previously subscribed and indeed forcefully supported the consensus view of bad faith registration under the Policy, purport to create his own radical interpretation? What apparently troubled the Panelist was that "the logic underpinning the [general] rule d[id] not square with the instant circumstances", i.e. he was frustrated that the Policy does not permit a remedy when only bad faith use exists, but not bad faith registration. He had found that the disputed domain name had been misused but couldn't find any bad faith registration under the accepted view, so he unilaterally changed the definition of 'bad faith registration' in order to support his desire to transfer the domain name. Instead of acknowledging that the UDRP has its limits, he purported to expand those limits on his own.

Regardless of the Panelist's motivations, what he did was wrong for five fundamental reasons:

First, the Policy was not intended nor designed to be used as an all-encompassing form of trademark protection for every aggrieved trademark owner. The limited scope of the UDRP was discussed by the ICANN staff in its Second Staff Report on Implementation Documents for the UDRP, dated, October 24, 1999, at paragraph 4.1(c). The Report expressly stated that the Policy was intended to apply to "only a small, special class of disputes", not every kind of trademark dispute that involves a domain name. Trademark infringement disputes involving domain names without bad faith registration are left to the courts to decide. Moreover, The Final Report of the WIPO Internet Domain Name Process of April 30, 1999, indicates that the UDRP must be limited in scope "to cases of bad faith, abusive registration of domain names that violate trademark rights" — which implicitly refers to trademark rights which actually exist at the time of domain name registration — not trademark rights which may one day in the future arise. Accordingly, the Panelist improperly invoked the UDRP to apply to a class of case which it clearly wasn't intended to address and indeed which the Policy purposefully excluded.

Second, the Panelist improperly took it upon himself to rewrite the Policy. It is not for panelists to create policy. The UDRP was crafted nearly 20 years ago and is the product of careful balancing between competing rights and interests. It was drafted in the manner which it was for good reason and with input from numerous stakeholders after careful study. If a particular panelist wishes that he or she could provide a remedy which the Policy does not permit, the panelist must nevertheless acknowledge and adhere to the Policy's limits, which are "a feature" and "not a flaw", as expressed in the Second Staff Report [5]. The place for review and any possible reform of the Policy is within an established policy development framework, namely the ICANN Working Group mandated to review Rights Protection Mechanisms [6] (the "RPM Working Group"). The RPM Working Group is where deliberations amongst stakeholders occur, and if changes are to be made to the Policy taking into account all considerations and interests, it is there and not on the initiative of a particular Panelist.

Third, the Panelist improperly sought to conflate bad faith registration with bad faith use. Under the Panelist's misguided approach, 'bad faith registration' would become indistinguishable from bad faith use, since, upon bad faith use, bad faith registration would be imputed to have existed at the time of registration. It is enshrined in the Policy itself that in order to meet the third part of the three-part test under the UDRP both bad faith registration and bad faith use must have occurred, [7] and these are distinct concepts which must be respected and abided by.

Fourth, the Panelist improperly sought to effectively re-introduce the equivalent of 'retroactive bad faith registration' [8], which is an approach that has been unequivocally discredited. [9] The outlier and now discredited theory of so-called retroactive bad faith posited that a good faith registration could be converted into a bad faith registration as a result of the registrant subsequent use of the domain name. That is essentially the same approach in substance as espoused by the Panelist since the Panelist imputed bad faith registration to the respondent as a result of his subsequent use of the domain name. Accordingly, whether framed as 'retroactive bad faith' or as 'anticipatory bad faith' as the Panelist did, both subscribe to the same errant view which has been unequivocally rejected and discredited by the preponderance of UDRP panelists.

Fifth, the Panelist improperly sought to effectively prohibit lawful business practices, which is a decision that is far beyond the ambit of the UDRP, let alone a particular Panelist. Domain names are of business interest to more than trademark owners, who are just one of many stakeholders in the Internet community. Domain name investors who invest considerable sums and expend considerable resources in acquiring and managing valuable domain names have an important interest in domain names as well. For more than 20 years, domain name investors have lawfully complied with the Policy and national laws and have built their respective businesses on the expectation and assurance that they would not be deprived of their property and livelihoods. By fabricating his own radical view which effectively renders it unlawful for a domain name investor to speculate on increasing value of a particular domain name, the Panelist wrongly sought to destroy a vibrant, important, respected industry which had heretofore been considered entirely lawful, merely so that he could provide his own remedy in circumstances which did not permit a remedy under the UDRP.

The devex.org case provides an important lesson in the danger of a lack of ICANN oversight over the UDRP process. Left to their own devices, some panelists will attempt to create their own version of the Policy which is at odds with established interpretive norms and consensus views. Moreover, the dispute resolution providers must also bear responsibility for those whom they accredit as panelists and assign to decide disputes when these panelists undermine the very Policy that the dispute resolution provider is entrusted with implementing. The dispute resolution provider is currently the only body empowered to discipline or de-accredit errant panelists. All panelists must elevate scrupulous adherence to the Policy and consensus views to the utmost of importance, even if they happen to personally feel that they can come up with a better solution themselves. Otherwise, the UDRP's credibility as a trustworthy and relative predictable dispute resolution mechanism will suffer to the detriment of all stakeholders.

The UDRP suffers from the recurring problem of panelists who take it upon themselves to rewrite the Policy. These panelists are predominantly drawn from the ranks of lawyers whose background is in aggressively enforcing alleged trademark rights on behalf of their corporate clients. A panelist who wishes to expand the scope of the Policy to make it a more effective tool for policing asserted trademark rights will find many natural allies among other likeminded panelists. For instance, in the Camilla.com decision from 2015, a group of three panelists, all with backgrounds as IP litigators, collaborated in rewriting the Policy to invent an ongoing duty imposed on domain registrants to monitor new trademark uses worldwide, and an obligation to steer clear of any new trademarked use wherever it may arise. The ICA issued a statement at the time decrying that the panelists in the Camilla.com dispute would so utterly ignore their duty to be faithful to the Policy as written. [10]

The 'Retroactive Bad Faith' theory that the panelists in Camilla.com employed in justifying their transfer order has since been "utterly discredited" by the panelist community, and has been explicitly rejected in the latest version of WIPO's Overview, as the Panelist in devex.org is likely well aware [11]. The rationale in devex.org is yet one more unfortunate variation on the discredited 'Retroactive Bad Faith' theory which the Panelist in devex.org is trying to resurrect with apparently little care for the necessity for a clear and consistent application of the UDRP.

While the community of panelists admirably attempted to police themselves by rejecting the RBF theory in the WIPO Overview 3.0, clearly that is not sufficient. A system developed to benefit trademark interests, operated by groups created to represent trademark interests, conducted in a forum selected by the trademark owner, and where the panelists are largely selected from the trademark bar and given free rein to interpret the Policy as they desire, is not a system designed to produce fair or consistent outcomes. Greater community oversight is needed, and the significant bias built into the current system needs to be removed so that the interests of trademark holders and domain registrants are more fairly balanced.

[1] See, Riveron Consulting, L.P. vs. Stanley Pace, NAF Claim No. FA1002001309793 (April 12, 2010)

[2] See, WIPO Consensus View 3.0, at Section 3.

[3] Version 3.0, in effect at the time of the devex.org decision, superseded Version 2.0 referenced by the Panelist in the devex.org decision.

[4] And also in the 3.0 version.

[5] See, Paragraph 4.1(c) therein.

[6] See, Review of all Rights Protection Mechanisms (RPMs) in all gTLDs PDP Working Group Home.

[7] See, Duction, Inc. v. John Zuccarini, d/b/a The Cupcake Party & Cupcake Movies, WIPO Case No. D2000-1369)

[8] See, Internet Commerce Association, "The Rise and Fall of the UDRP Theory of Retroactive Bad Faith, CircleID, March 8, 2017.

[9] See, Etsy, Inc. v. Domain Administrator / Portmedia Holdings Ltd., Claim Number: FA170001753224 (November 27, 2017) ("Complainant's arguments find no support within any exception of the now largely-discredited Mummy/Octogen line of decisions"); and also see WIPO Consensus View 3.0 at Paragraph 3.2.1, "this so-called retroactive bad faith registration [approach] has not been followed in subsequent cases".

[10] See, "Initial Statement of the Internet Commerce Association Regarding the Camilla.com UDRP Decision”, December 14, 2015.

[11] See Note 9, supra.

So, You Claim to Have an Unregistered Mark! Is there Cybersquatting?

$
0
0

Complainants have standing to proceed with a claim of cybersquatting under the Uniform Domain Name Dispute Resolution Policy (UDRP) if the accused "domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights" (4(a)(i) of the Policy). Quickly within the first full year of the Policy's implementation (2000) Panels construed "rights" to include unregistered as well as registered marks, a construction swiftly adopted by consensus. Only if a complainant has rights may it proceed to the second and third requirements. Excluded from the term "rights" are "intent to use" marks (because their market presence looks to the future) and marks on the supplemental register (for lacking any secondary meaning).

This consensus came with a proviso, however, namely that complainant must prove its unregistered mark predated the registration of the accused domain name. (Predating is not required for registered marks; complainant has standing as long as its registered mark predates the filing of the complaint, but if it does not predate the registration of the domain name, it will have standing but no actionable claim). The current version of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Jurisprudential Overview 3.0 states that

Specific evidence supporting assertions of acquired distinctiveness should be included in the complaint; conclusory allegations of unregistered or common law rights, even if undisputed in the particular UDRP case, would not normally suffice to show secondary meaning. In cases involving unregistered or common law marks that are comprised solely of descriptive terms which are not inherently distinctive, there is a greater onus on the complainant to present evidence of acquired distinctiveness/secondary meaning.

There have been, and continue to be, cases in which complainants show they have registered marks postdating domain name registration but alleging unregistered priority. As the Overview states, marks "comprised solely of descriptive terms ... [have] a greater onus ... to present evidence of acquired distinctiveness/secondary meaning." As a practical matter, what satisfies the requirement?

There are four possible factual patterns: 1) complainant makes a naked claim but lacks sufficient proof to establish an unregistered right [Barnes Crossing Auto LLC v. Jonathon Hewitt, SEO Sport, LLC., D2017-1782 (WIPO December 5, 2017) (<bcauto.com>, <bcchevrolet.com>, <bchyundai.com>, and three more)]; 2) complainant establishes that it does have an unregistered right [Marquette Golf Club v. Al Perkins, FA1706001738263 (Forum July 27, 2017) (<marquettegolfclub.com>)], 3) complainant alleges its mark predates the domain name but satisfies its standing requirement by having a registered mark, however lacks proof to support the the second and third requirements [Weeds, Inc. v. Registration Private, Domains By Proxy, LLC / Innovation HQ, Inc, D2017-1517 (WIPO November 23, 2017) (<weeds.com>)]; 4) complainant has both a registered right postdating registration of the domain name and proof of unregistered right predating the domain name [Biofert Manufacturing Inc. v. Muhammad Adnan / Biofert manufacturing, FA171000 1753132 (Forum November 27, 2017) (<biofert.com>)]. If complainant cannot satisfy the first limb of the Policy the complaint must be dismissed for lack of standing.

Unless complainants can prove their allegations of market presence predating registration of the domain name they will invariably fall short of satisfying their burden of proof. They may also fall short by waking up many years later to allege cybersquatting because the passage of time supports an inference the claim is manufactured for the occasion. Even though Panels generally reject laches as a defense, waiting likely supports respondent under 4(c)(i) of the Policy, particularly if it is conducting a bona fide business which can include investors in the business of buying and selling domain names.

Complainant in Weeds had standing based on its registered mark but it waited too long. Barnes Crossing Auto is not a waiting case. It had a two-fold burden for standing, to prove a common law right to "BC" either separate from or joined with well-known "Manufacturer Marks." The three-member Panel provided no formal answers but it offered some thoughtful guidance on what was missing and would have been required. First, there was no evidence that "bc" alone had (or could have) earned secondary meaning, and (second) there was no evidence Complainant had permission to claim infringement of Manufacturer Marks: "[t]he only thing that is certain from the record is that Complainant is not the owner of the Manufacturer Marks." Neither is there proof it had "'direct authorization' from Chevrolet to file its Complaint, yet the supporting evidence is merely an email (not a declaration) from a Chevrolet 'zone manager' (whose authority with respect to any trademarks is unknown) that 'Chevrolet has no objections to Barnes Crossing Chevrolet' (not the Complainant) 'filing the complaint as you outlined below.'"

Instead of ruling on the standing requirement, the Panel in Barnes Crossing Auto found the claim outside the scope of the Policy and dismissed the complaint. It explained that

Given the number of unresolved factual questions, especially the nature of the relationship between the parties and their intentions concerning the Disputed Domain Names, the Panel finds that this is primarily a contractual dispute between the parties that is not appropriate for resolution in this proceeding.

If one were to look for a mark composed of a "solely ... descriptive term[ ]" none would so fit the portrayal so well as "weeds." In Weeds, Inc. the three-member Panel dismissed the complaint for failure to prove a prima facie case that Respondent (domain investor) lacked rights or legitimate interests in the domain name. The facts are both interesting and confusing: Complainant alleges that its unregistered mark dates from 1966 (although this is undercut by its application that first use in commerce on the trademark application was 2000). (Note: even before the Panel filed its award, complainant commenced an action under the Anticybersquatting Consumer Protection Act (ACPA) so the denouement is yet to come).

The Panel noted that in its registration Complainant disclaimed "weeds" from its earlier (W. WEEDS INC., "No claim is made to the exclusive right to use 'weeds' and 'Inc.' apart from the mark as shown.") but its later application for WEEDS was filed as a 1b and not registered until 2007 (Respondent registered the domain name either in 2001 or 2004). As the Panel noted, disclaimers have consequences:

Complainant contends that it has been using the mark WEEDS at common law since September 28, 1966, the date of incorporation of Complainant Weeds, Inc. However, Complainant fails to submit persuasive evidence that the term "weeds" had acquired secondary meaning at the time of the registration of the disputed domain name. Having in mind that "weed" is a descriptive, dictionary word, such specific evidence is essential for a complainant invoking a common law mark.

That conclusion pretty much explains the Panel's decision. Absent sufficient evidence of secondary meaning the decision essentially echoes the Jurisprudential Overview:

Relevant evidence demonstrating such acquired distinctiveness (also referred to as secondary meaning) includes a range of factors such as (i) the duration and nature of use of the mark, (ii) the amount of sales under the mark, (iii) the nature and extent of advertising using the mark, (iv) the degree of actual public (e.g., consumer, industry, media) recognition, and (v) consumer surveys.

While Panels have not been consistent in checking off each of these factors, they are consistent in insisting that complainant's burden is higher as the mark descends to the generic end of the classification scale. Weeds and BC are probably as far down as it is possible to go. Dictionary words, even when they have acquired secondary meaning, do not shed their primary meaning. Complainant in Fitness People B.V. v. Jes Hvid Mikkelsen, CAC 101587 (ADR.eu July 18, 2017) alleged that <fitnesspeople.com> infringed its common law right to that combination. The Panel disagreed:

[Where the alleged mark] consists of two generic words that could be seen by the public to have very wide meanings ... [the] onus on the Complainant to show a clear secondary meaning of the words, i.e., another meaning in addition to the primary meaning of the words which links them to the complainant and its goods and services [is higher]."

The Panel concluded that "there is no evidence to establish that important element." Rather, the "Complainant in the present case has not proved or even attempted to prove in any understandable or persuasive way that it has such [an unregistered] trademark in FITNESS PEOPLE."

The skill in creating a proper record (whether complainant or respondent) is in laying out the evidence in a persuasive manner. How this is done is illustrated in Marquette Golf Club and Biofert Manufacturing (Respondents did not appear in either case). Complainant in Marquette Golf Club made "intense efforts to advertise and promote its golf club." Complainant in Biofert supported its claim for common law rights by submitting evidence of "substantial sales and extensive advertising and promoting [through which it has] become very well-known [ ] as identifying fertilizers and supplements for agricultural use originating from, sponsored by, or associated with Complainant."

Written by Gerald M. Levine, Intellectual Property, Arbitrator/Mediator at Levine Samuel LLP

Another Registrant Loses UDRP Where Trademark 'Spans the Dot'

$
0
0

Here's another example of a domain name dispute where the top-level domain (TLD) was essential to the outcome of the case — because it formed a part of the complainant's trademark: <mr.green>.

In this decision under the Uniform Domain Name Dispute Resolution Policy (UDRP), the panel joined a short but (slowly) growing list of disputes in which the TLD plays a vital role.

These decisions contravene the longstanding but now outdated rule that a TLD "should" or even "must" be disregard in a domain name dispute, simply because the TLD is only a "technical requirement of registration." That rule has started to fade as new gTLDs appear in UDRP proceedings.

The <mr.green> decision, like some of the others that have considered the TLD to be a relevant factor, notes that the complainant's trademark "spans the dot" — that is, the trademark appears when the the second-level domain ("mr") is combined with the TLD ("green").

The <mr.green> decision even includes an interesting but ultimately irrelevant argument about the role of the dot itself, given that "Mr." is a common abbreviation for "Mister".

In comparing the respondent's domain name <mr.green> to the complainant's trademark MR GREEN (used in connection with online casinos), the panel wrote:

In these circumstances, the Panel will compare the Complainant's trademark MR GREEN to the entirety of the disputed domain name <mr.green> in the assessment of confusing similarity. In so doing, the Panel finds that the Complainant's mark is readily identifiable in the disputed domain name, taken as a whole. It should be noted that the disputed domain name is alphanumerically identical to the trademark with the exception of the addition of the dot which does nothing in the Panel's view to distinguish the mark from the disputed domain name. In the Panel's view, this leads to a finding of confusing similarity.

Other similar decisions involving new gTLDs include those for <swarov.ski>; <tyre.plus> (subject of an earlier blog post); and three involving the WE WORK trademark. Plus, at least two important decisions involving country-code domains (ccTLDs) also include trademarks that span the dot: <tes.co> and <b.mw>.

This concept of a trademark spanning the dot is now recognized in the new WIPO Overview of UDRP decisions (although that phrase is not actually used). The Overview says: "Where the applicable TLD and the second-level portion of the domain name in combination contain the relevant trademark, panels may consider the domain name in its entirety for purposes of assessing confusing similarity."

Trademark owners and domain name registrants should be aware of the growing importance of TLDs in domain name disputes.

Written by Doug Isenberg, Attorney & Founder of The GigaLaw Firm


ISPs in UK Legally Obliged to Provide High-Speed Broadband Upon Request, Starting 2020

$
0
0

UK Government says internet providers will be legally required to meet user requests for speeds of at least 10Mbps starting in 2020. Jessica Elgot reporting in the Guardian: "British homes and businesses will have a legal right to high-speed broadband by 2020 ... dismissing calls from the network provider BT that it should be a voluntary rather than legal obligation on providers. Broadband providers will now have a legal requirement to provide high-speed broadband to anyone who requests it, no matter where they are in the country." It is reported that 4% of UK homes and offices (i.e., about 1.1m properties) cannot access broadband speeds of at least 10Mbps.

The Emergence of Consensus in the UDRP

$
0
0

The modus operandi of the Internet Corporation for Assigned Names and Numbers (ICANN) is achieving consensus. This also holds true for the principal rights protection mechanism that emerged from a two-year round of debates organized by the World Intellectual Property Organization (WIPO) that ICANN implemented in 1999 as the Uniform Domain Name Dispute Resolution Policy (UDRP). Consensus rules; not precedent, although consensus inevitably becomes that. The concept of consensus was highlighted in the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Original Edition (2005): "On most of these issues, consensus or clear majority views have developed." It also pointed out that for certain other questions there had emerged (not surprisingly given the diversity of panelists from different jurisdictions) different views. The word "consensus" appeared 21 times in the Original Overview.

In the Second Edition of the Overview (2011), "consensus" appears 28 times: "This WIPO Overview was originally created and has been updated and expanded in recognition of the need that has been expressed to identify, as much as possible, consensus among UDRP decisions, so as to maximize the consistency of the UDRP system." It continued the practice of the First Edition by identifying where there was divergence, "View 1" and "View 2". The Third Edition (2017) eliminates the word "consensus" as it applies to decisions for the simple reason that there is now more consensus and that for the most part differences have converged to become "precedent" even though only informally acknowledged:

While the UDRP does not operate on a strict doctrine of binding precedent, it is considered important for the overall credibility of the UDRP system that parties can reasonably anticipate the result of their case.

I say "for the most part" because while the diversity of view has been narrowed by a jurisprudence endorsed by consensus, some panelists continue to act as though there was no consensus which has a negative effect on "the overall credibility of the UDRP system." A recent example of a nonconformist decision is the <devex.org> case, Developmentex.com, Incorporated v. Manuel Schraner, FA171000 1755537 (Forum November 27, 2017). This decision has been treated to a blistering attack from the Internet Consumer Association here in CircleID. (I also discussed the decision earlier in a separate essay). When the agreed upon consensus is willfully upset as it is in "devex," it introduces an unacceptable bias into the ICANN process. (Appointed Panels are supposed to be neutral). One of the comments to the ICA essay is that de-accrediting panelists "seems to be a sensible approach [in that it] would provide for some pause to rogue panelists who decide to rewrite policy." I will return to this de-accrediting suggestion in my conclusion, where I will also point out a couple of other possibilities).

A general view formed early in the jurisprudence is that the UDRP should not be a roulette wheel. It "should consist of more than, '[i]t depends [on] what panelist you draw.'" Time Inc. v. Chip Cooper, D2000-1342 (WIPO February 13, 2001) (<lifemagazine.com>). The goal (as stated in many UDRP decisions) is achieved through "a strong body of precedent" which "is strongly persuasive" even if not binding. Pantaloon Retail India Limited v. RareNames, WebReg, D2010-0587 (WIPO June 21, 2010) ("Whether [the consensus in holding that a respondent in the domain name business] is justified may be a matter for debate, but in the opinion of the Panel there is a strong body of precedent which, though not binding, is strongly persuasive.")

Consistency with consensus views (the "strong body of precedent") is officially encouraged by WIPO, and presumably also by the other providers. Although the devex case comes from the Forum, there are some past WIPO decisions in which the reasoning and conclusions are clearly in opposition to the law. A WIPO email I received on December 20 reported that on "October 23 some 100 WIPO Panelists met at WIPO Headquarters in Geneva to discuss recent jurisprudential developments in cases administered by the WIPO Center." The email emphasized that "the meeting provided a venue for presentations and discussions to help maintain jurisprudential consistency” (My emphasis).

Panelists whose rulings are inconsistent with the jurisprudence mainly favor trademark owners whose rights did not exist when the domain names were registered. If the jurisprudence is properly applied, there can be no cybersquatting claim under the UDRP (or for that matter the Anticybersquatting Consumer Protection Act). Priority is one of the Policy's basic principles. De Lage Landen International B.V. v. Steve Thomas, D2017-2045 (WIPO December 7, 2017) (<dll.com>) and Virgin Enterprises Limited v. Domain Admin/This Domain is for Sale, Hugedomains.com., D2017-1961 (WIPO December 11, 2017) are the antithesis of Developmentex.com: "Complainant's registered rights in the letters 'DLL' as a word mark dating from 2007, long after the Disputed Domain Name was registered." In Virgin Enterprises registering "domain names that include generic words for the purposes of selling them ... can be legitimate and are not in themselves a breach of the Policy, so long as they do not encroach on third parties' trademark rights." In both cases, the domain names were registered before the existence of a mark. Potent mark as VIRGIN is, Complainant does not own the word; its exclusive right does not extend to all phrases in which virgin is combined with another word.

In the devex case the Panel willfully misstates the law when it intones that "[t]he fact that Complainant had no rights in DEVEX at the time Respondent registered <devex.org> does not permit Respondent to exploit another's after-acquired rights." Rights acquired after registration of the domain name are not actionable under the UDRP, period.

That such maverick decision-making comes about is due in large measure to the repudiation of consensus in two 2009 sharply reasoned decisions from (surprisingly!) the Panel responsible for the binary view becoming the bedrock principle of the UDRP. When in the first UDRP decision (2000) the Panel announced that "[i]t is clear from the legislative history that ICANN intended that the complainant must establish not only bad faith registration but also bad faith use" he created precedent by interpreting what he believed was the intention agreed upon by the multiple constituencies engaged in birthing the UDRP, World Wrestling Federation Entertainment, Inc. v. Michael Bosman, D1999-0001 (WIPO January 14, 2000). However, in Octogen Pharmacal Company, Inc. v. Domains By Proxy, Inc. / Rich Sanders and Octogen e-Solutions, D2009-0786 (WIPO August 19, 2009) the first Panel took back his interpretation of the UDRP by formulating the so-called "retroactive bad faith" principle: "[I]n this Panel's view bad faith registration can be deemed to have occurred even without regard to the state of mind of the registrant at the time of registration, if the domain name is subsequently used to trade on the goodwill of the mark holder." In Guru Denim Inc. v. Ibrahim Ali Ibrahim abu-Harb, D2013-1324 (WIPO September 27, 2013) (<truereligion.com>) the same Panel (in dissent) explained that "[i]t would be much easier for this panelist to maintain that his original decision [approving the binary concept] was correct, and not recant. But in view of the evidence [of the correctness of the unitary view], I am unable to do so." The majority got it right by following consensus:

In the present case, when the Respondent registered the disputed domain name, the trademark did not exist. Respondent was therefore entitled to continue using the domain name <truereligion.com> as he had been using it, or to use it for any purpose whatsoever, so long as he did not intentionally use it to profit from the goodwill associated with Complainant's later created trademark.

Nevertheless, several panelists agreed with the Octogen e-Solutions analysis (and some continue to agree, as we see in the devex case). In Big 5 Corp. v. EyeAim.com / Roy Fang, FA130800 1513704 (Forum October 11, 2013) (with dissent in favor of consensus. <big5.com>) the majority (hewing to the new construction) held that it "deems Respondent's 2012 renewal of the disputed domain name to be the date on which to measure whether the disputed domain name was registered and used in bad faith for purposes of paragraph 4(a)(iii)." Similarly in Milly LLC v. Domain Admin, Mrs. Jello, LLC, D2014-0377 (WIPO May 25, 2014) (<milly.com>) in which Complainant requested the Panel consider the retroactive bad faith or the unified concept approach which the Panel obligingly did: "[t]he fact Respondent may have registered the Disputed Domain Name prior to Complainant's acquisition of trademark rights does not per se preclude a finding of bad faith under the circumstances of this case for the purposes of paragraph 4(a)(iii)." Ditto Jappy GmbH v. Satoshi Shimoshita, D2010-1001 (WIPO September 28, 2010) and other cases, all of which were enabled by the Octogen e-Solutions decision and all contrary to precedent which holds that paragraph 4(a)(iii) is a unitary concept.

Interestingly, the Octogen e-Solutions Panel appears more recently to have realigned with the consensus view. In Group One Holdings Pte Ltd v. Steven Hafto, D2017-0183 (WIPO March 28, 2017) a three-member panel including the first panel unanimously rejected the retroactive bad faith reasoning thereby essentially declaring it a dead end. The interpretation that the UDRP demands proof of bad faith registration AND (not "OR") bad faith use quickly became the consensus view, and still is (the devex Panel's misapplication of the law is the equivalent to putting a finger on the scale in favor of a party having no actionable claim either under the UDRP or the ACPA. The latest WIPO Overview even repudiates that reasoning).

Since the only legal challenge of erroneous awards (in the U.S. at least) is a lawsuit under the Anticybersquatting Consumer Protection Act (ACPA) few domain name losers have the stomach to afford or endure an expensive lawsuit. But several have. For example, in Camilla Australia Pty Ltd v. Domain Admin, Mrs Jello, LLC., D2015-1593 (WIPO November 30, 2015) the Respondent, a domain investor, challenged the award under the, Mrs. Jello, LLC v. Camilla Australia Pty Ltd. 15-cv-08753 (D. NJ 8/1/2016) and it was vacated by stipulation, a result that should (if Panels like the one in the devex case are paying attention) should clarify the law as it ought to be applied in UDRP disputes. (Telepathy, Inc. has also gone the ACPA route to vindicate its rights with similar results including recovery of attorney's fees). (But, if the facts are not right, investors can also get hammered in ACPA cases. They too should have sought professional advise).

So what can be done about panelists who willfully apply their own law? Is de-accreditation of panelists the right answer? Certainly, panelists should be educated in the jurisprudence; they should know what the law is and apply it consistently. It is a disgrace when they are clearly in error; when they apply wrong law! But, I do not believe there would be consensus for de-accreditation and it certainly would not be approved by providers. Another solution for which there may be consensus is creating an appeals procedure similar to Nominet UK's and a differently phrased version of a rule ICANN introduced in 2013 for the Uniform Rapid Suspension System (URS). One other possibility would be the formation of a corporate entity funded by the domain community to retain counsel to represent investors in challenging decisions inconsistent with UDRP jurisprudence, repaid from recovery under the ACPA of attorney's fees and damages.

Final thought: the reason there is a secondary market in domain names at all (it seems to me) is due to the first Panel's original (and luminously reasoned) construction in World Wrestling. Had he construed the Policy in 2000 as he later did in Octogen there would never have developed a secondary market and we would not be discussing what to do with panelists who rule in favor of complainants whose marks postdate domain name registrations. (In other words, the devex ruling would have emerged as consensus!)

Written by Gerald M. Levine, Intellectual Property, Arbitrator/Mediator at Levine Samuel LLP

The UDRP and Judicial Review

$
0
0

The courts of the United Kingdom have set themselves outside the mainstream of Internet consensus policies on trademark/domain name disputes. A U.K. court decision regarding the UDRP reflects an unfortunate tendency to overlook one of the fundamental principles of the UDRP, namely the opportunity to seek independent resolution of a trademark/domain name dispute by court proceedings.

In YoYo.email Limited and the Royal Bank of Scotland Group PLC (Neutral Citation Number: [2015] EWHC 3509 (Ch) Case No: HC-2015-000379) the High Court of Justice held that "a proper construction of the UDRP clause [providing for independent court resolution of a controversy that is the subject of a UDRP proceeding] does not give rise to a separate cause of action in favour of the [registrant that is the losing party in that proceeding]."

Under the UDRP Policy and Rules, a UDRP panel had found that YoYo.email Limited ("YoYo") registered and was using domain names in bad faith. The panel then transferred the names to Royal Bank of Scotland Group PLC ("Bank"). YoYo filed an action asking the High Court for declaratory relief reversing the UDRP decision. YoYo argued that clause 4(k) of the UDRP Policy required a review:

"k. Availability of Court Proceedings. The mandatory administrative proceeding requirements set forth in Paragraph 4 shall not prevent you or the complainant from submitting the dispute to a court of competent jurisdiction for independent resolution before such mandatory administrative proceeding is commenced or after such proceeding is concluded..."

The Court disagreed. Quoting a previous High Court decision, the Court commented:

"… it is trite law that an agreement cannot confer a jurisdiction on the court which it does not otherwise have. Under the [UDRP] the Registrar will abide by a judicial decision, but the function of this Court is not as a judicial review or appellate body. The claimant must demonstrate some independent right of action justiciable in this Court. Thus if a complaint is dismissed, the complainant may refer the case to the Court for an order that its trade mark has been infringed. If, on the other hand, the complaint is upheld, the burden is not on the complainant to establish infringement. It is for the registrant to plead and prove a cause of action giving him an interest in retaining the domain name. An unsuccessful registrant therefore faces considerable difficulty in identifying a cause of action upon which the Panel's decision can be challenged..."

It is ironic that YoYo would have had its opportunity for judicial review if it had brought an action in the United States, in particular in Arizona, the state where its registrar is located. U.S. courts have routinely reviewed UDRP panel decisions, relying on the UDRP Rules and the Anticybersquatting Consumer Protection Act ("ACPA") that amended the Lanham Act in 1999.

In the YoYo case the Bank had counterclaimed for passing off (alleging that YoYo misrepresented its services as coming from Bank) and infringement of Bank's trademarks. The Court granted summary judgment to Bank on that part of the counterclaim founded on passing off. This could have concluded the matter, but the Court said "Counsel are agreed that if I come to the conclusion that [the Bank is] entitled to succeed on their application for summary judgment on the counterclaim for passing off then [YoYo's] prayer for declaratory relief in the Claim would be rendered otiose, with the possible exception of sub-paragraphs 1(e) and (f), namely that '(e) [YoYo] did not register the domain names in bad faith; and (f) [YoYo] has not used and is not using the domain names in bad faith.'… " The Court also said "… there is no practical utility in granting declaratory relief in this case ... because the UDRP scheme has dealt with the issue between the parties, because any declaration made by this Court could not alter the findings of the Panel and the effect of my conclusions on the application for summary judgment on the counterclaim render the claim otiose." Even if the Court had not granted summary judgment on the Bank's counterclaim, it appears that YoYo still would not have had an opportunity for judicial review of the UDRP panel decision.

The unwillingness of U.K. courts to review UDRP decisions is a serious problem for domain name registrants. They are denied the opportunity for independent resolution by court proceedings as provided in clause 4(k) of the UDRP Policy. A finding of bad faith is an essential element of a decision against a domain name holder, but the U.K. stance makes this finding unreviewable. In the adjudication of trademark/domain name infringement cases, bad faith became one of the deciding factors in 1999 when the UDRP was adopted by ICANN and (in the United States) when the Lanham Act was amended by the ACPA. The element of bad faith was made determinative because traditional tests of infringement were inadequate to deal with the problem of cybersquatters.

In the 1998 White Paper that called for the creation of ICANN, the U.S. Department of Commerce made it clear that a procedure for the protection of trademark rights was an essential element of its plans for the new system of technical administration of the domain name system. The Department called upon the World Intellectual Property Organization (WIPO) to "develop recommendations for a uniform approach to resolving trademark/domain name disputes involving cyberpiracy..."

WIPO, in its Reports on the establishment of the UDRP, recognized that neither ICANN nor WIPO has the power to create law. Conscious of this limitation, the Final Report of the WIPO Internet Domain Name Process included the following recommendations:

"140. It is recommended that any dispute-resolution system, which is alternative to litigation and to which domain name applicants are required to submit, should not deny the parties to the dispute access to court litigation.

...

147. It is recommended that the domain name applicant be required, in the domain name registration agreement, to submit, without prejudice to other potentially applicable jurisdictions, to the jurisdiction of the courts of:

(i) the country of domicile of the domain name applicant; and
(ii) the country where the registrar is located."

Notwithstanding the intent of WIPO, the U.K. Court in the YoYo case treated the UDRP as if it were an arbitration procedure, denying YoYo access to court litigation on the issue of bad faith.

In theory, the UDRP could have been drafted as an arbitration procedure such that panel decisions would normally be binding and non-appealable. If WIPO had developed the UDRP as mandatory arbitration, it would have been tantamount to the creation of a novel and globally applicable cause of action for the determination of trademark/domain name disputes — in other words, the creation of international law. In providing for access to court litigation, WIPO took the correct course of action.

The U.K. Court in the YoYo case ignored the background of the UDRP and ignored its rationale as a non-arbitration procedure. The Court conceded that YoYo faced "considerable difficulty in identifying a cause of action" to review the panel decision. It would advance the cause of a consensus-based globally effective policy to deal with cybersquatters if such a cause of action were to be identified or created.

Written by David Maher, Senior VP, .ORG, The Public Interest Registry

Domain Name Disputes Break Two Records in 2017

$
0
0

The year 2017 turned out to be a record-setting year for domain name disputes, in two ways: The number of complaints filed as well as the total number of domain names in those complaints.

Specifically:

• The number of cases at the World Intellectual Property Organization (WIPO) crept up to 3,073 from 3,036 in 2016 (the previous record), a modest gain of just over 1 percent.

• Those cases included 6,370 domain names, up from 5,354 in 2016 (also a record-setting year), a spike of nearly 19 percent.

The 19 percent increase in the total number of disputed domain names is perhaps the most striking trend and is attributable to a number of large cases that included multiple domain names. As a result, the average number of domain names per case rose to 2.07 in 2017 from 1.76 in 2016. (See "Benefits and Challenges of Multiple Domain Names in a Single UDRP Complaint.")

As always when I write about domain name dispute statistics, these numbers represent filings at WIPO, the only one of the five ICANN-accredited service providers under the Uniform Domain Name Dispute Resolution Policy (UDRP) that publishes real-time and detailed data. Therefore, the total number of UDRP filings and disputed domain names in 2017 was actually much higher (the Forum typically handles nearly as many cases as WIPO) — but, because WIPO is the largest UDRP provider, its statistics are indicative of trends in domain name disputes.

The record-setting year makes clear that domain name disputes are not going away and that the 18-year-old UDRP remains an important tool for trademark owners to fight cybersquatters. (See "How to Resolve a Domain Name Dispute.")

The filings also show that cybersquatting is still a lucrative activity but also that the UDRP is a popular way to combat it.

As a result, comments from WIPO Director General Francis Gurry made in 2017, when reflecting on the previous record-setting year for domain name disputes in 2016, remains true today: "The continuing growth in cybersquatting cases worldwide shows the need for continued vigilance by trademark owners and consumers alike. This is even more important as a considerable number of these disputes involve incidents of online counterfeiting."

While .com remains the most frequently disputed top-level domain (TLD) (followed by .net and .org), the new gTLDs are also partly responsible for an increase in UDRP complaints, with four new gTLDs among the top 10 appearing in disputes in 2017: .store, .site, .online, and .xyz. (See ".site Domain Names Eclipse .xyz in Dispute Proceedings.")

An increase in phishing-related scams (where cybersquatters use domain names to impersonate others as part of an attempt to extract information from unsuspecting victims) also probably contributed to the larger number of domain name disputes. (See "Fighting Phishing with Domain Name Disputes.")

Written by Doug Isenberg, Attorney & Founder of The GigaLaw Firm

CircleID's Top 10 Posts of 2017

$
0
0

It is once again time for our annual review of posts that received the most attention on CircleID during the past year. Congratulations to all the 2017 participants for sharing their thoughts and making a difference in the industry. 2017 marked CircleID's 15th year of operation as a medium dedicated to all critical matters related to the Internet infrastructure and services. We are in the midst of historic times, facing rapid technological developments and there is a lot to look forward to in 2018.


Top 10 Featured Blogs from the community in 2017:

#1Wolfgang KleinwächterInternet Governance Outlook 2017: Nationalistic Hierarchies vs. Multistakeholder Networks?
#2Ondrej JombíkSlovaks Worry About the Future of Their Country's .SK TLD
#3Neil SchwartzmanSorry, Not Sorry: WHOIS Data Must Remain Public
#4John LevineThe Hack Back Bill in Congress is Better Than You'd Expect
#5Steven BellovinPreliminary Thoughts on the Equifax Hack
#6Wolfgang KleinwächterThe Darkening Web: Is there Light at the end of the Tunnel?
#7Anthony RutkowskiLegal Controls on Extreme End-to-End Encryption (ee2ee)
#8Martin UngerThe IoT Needs a Paradigm Shift from Security to Safety of Connected Devices
#9Niel Harper8 Reasons Why Cybersecurity Strategy and Business Operations are Inseparable
#10Michael J. OghiaShedding Light on How Much Energy the Internet and ICTs Consume

Top 10 News in 2017:

#1CircleID ReporterSecurity Researchers are Warning About a New IoT Botnet Storm Brewing
#2CircleID ReporterIBM Launches Quad9, a DNS-based Privacy and Security Service to Protect Users from Malicious Sites
#3CircleID ReporterDomain Registries to Discuss Possibility of ICANN Fee Cuts in Private Meeting This Month
#4CircleID ReporterNew Wave of Ransomware Spreading Rapidly Through Russia, Ukrain and Other Nations
#5CircleID ReporterEquifax Breach Blamed on Open-Source Software Flaw
#6CircleID ReporterEFF Resigns from World Wide Web Consortium (W3C) over EME Decision
#7CircleID ReporterCyberattacks Against Abortion Clinics on the Rise
#8CircleID ReporterChina to Create National Cyberattack Database
#9CircleID ReporterEquifax Hacked, Nearly Half of US Population Affected
#10CircleID ReporterRussian Behind Massive LinkedIn, Dropbox Hack Subject of Extradition Fight Between US and Russia

Top 10 Industry News in 2017 (sponsored posts):

#1Internet Commerce AssociationThe Rise and Fall of the UDRP Theory of 'Retroactive Bad Faith'
#2Internet Commerce AssociationWhy the Record Number of Reverse Domain Name Hijacking UDRP Filings in 2016?
#3Verisign2016 Year in Review: The Trending Keywords in .COM and .NET Domain Registrations
#4VerisignVerisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016
#5RadixA Look at How the New .SPACE TLD Has Performed Over the Past 2 Years
#6VerisignGlobal Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016
#7RadixGoogle Buys Business.Site Domain for 'Google My Business'
#8Afilias5 Afilias Top Level Domains Now Licensed for Sale in China
#9Internet Commerce AssociationUDRP: Better Late than Never - ICA Applauds WIPO for Removing Misguided 'Retroactive Bad Faith'
#10RadixRadix Announces Largest New gTLD Sale with Casino.Online

Written by CircleID Reporter

Viewing all 531 articles
Browse latest View live