The U.S. Department of Justice on Sunday night filed a lawsuit against California over the new net neutrality law after just an hour the bill was signed. According to the lawsuit California's new bill "unlawfully imposes burdens on the Federal Government's deregulatory approach to the Internet." Attorney General Jeff Sessions issued the following statement in support of the lawsuit: "Under the Constitution, states do not regulate interstate commerce — the federal government does. Once again the California legislature has enacted an extreme and illegal state law attempting to frustrate federal policy." California's bill is particularly significant, says Jonathan Schwantes, senior policy counsel for Consumers Union, because as the country's largest state, it has the potential to influence the market across the US. The New York Times notes: "Like California's auto emissions laws that forced automakers to adopt the standards for all production, the state's new net neutrality rules could push broadband providers to apply the same rules to other states."

It is remarkable  —  for all the wrong reasons  —  that only two months remain before the National Telecommunications and Information Administration (NTIA) must make a fateful decision on how it will address its' long-standing Cooperative Agreement with Verisign  —  the private-sector corporation that edits the authoritative address book of the Internet's Domain Name System (DNS), maintains two of the DNS root servers, and operates the .com and .net registries of the Internet, undoubtedly one of the most lucrative concessions ever granted.

Yet, despite representing a unique and singular opportunity to finish the critical task of improving accountability at the root zone of the Internet  —  and in stark contrast to the herculean effort to develop accountability mechanisms for the Internet Corporation for Assigned Names and Numbers (ICANN) prior to the transition of the Internet Assigned Names Authority (IANA) in 2016  —  the much-vaunted global community of stakeholders is deafeningly silent. Whether from fatigue, attention-deficit disorder, or a failure of imagination, the absence of meaningful engagement and public dialogue by AWOL stakeholders is nothing less than dereliction of duty.

To be fair, I've spent nearly a decade thinking about this inflection point  —  perhaps longer and in greater detail than most. By way of introduction, I got my first real taste of the strange world through the looking-glass  —  that is, Internet governance  —  when I was recruited by Verisign in 2009 to help design the company's strategy for renewal of the .net and .com registry agreements in 2011 and 2012, respectively, and with an eye on the horizon for the 2017 — 18 renewal cycle.

Early in 2010, I delivered a multi-year strategic plan that heavily focused on a long-term effort to build trust with the Internet's global community of stakeholders and the U.S. Government  —  an approach that was sorely lacking after years of boorish, heavy-handed and appallingly tone-deaf missteps by the company and its predecessor, Network Solutions. My proposals, which anticipated the possibility that the .com concession was renewed but with constrained pricing, were all but dismissed and I was asked to leave the company not long after, in May 2010.

I was rehired in late 2013, to build a cross-company strategic perspective for the 2017 — 18 renewal cycle, this time including disposition of the Cooperative Agreement. The hallmark of my second stint at the company was the IANA transition and efforts to ensure that appropriate accountability safeguards were in place prior to removal of ICANN's "training wheels": the soft power represented by Uncle Sam's ability to yank the lucrative, yet zero-dollar IANA procurement contract. In April of 2016, I departed Verisign, this time under my own steam, to focus my energy on other business ventures and my family, which was devastated by the sudden, unexpected loss of my father due to cancer the year before.

While pursuing other ventures, I have continued to observe developments in Internet governance from afar with the expectation that, at some point, there would be some indication of activity by some of the many interests vested in the details of any potential disposition of the Cooperative Agreement.

Yet, crickets.

Over the summer, in an effort to help spur discussion on the topic, I submitted comments for a notice of inquiry by NTIA on "International Internet Policy Priorities." To my knowledge, the only other comments on the Cooperative Agreement were submitted by the Internet Commerce Association, an industry group representing domain investors. Additionally, GoDaddy offered some thoughts in testimony provided during a Senate hearing around the same time. The lack of focus on this issue quickly turned into a personal sense of alarm, as Summer is turning into Fall, and the calendar continues to march towards November 30th.

During the IANA transition, NTIA and ICANN were adamant that the Cooperative Agreement with Verisign was outside the scope of work required for completion before the procurement contract with ICANN expired. In hindsight, that was probably a wise decision  —  especially considering that, even without the thorny details of the Cooperative Agreement, the stakeholder community required a temporary extension of the procurement contract in order to complete its work.

To be clear, while a temporary extension may be similarly required here, I do not believe that the same intensity of purpose is necessary to address the disposition of the Cooperative Agreement. Although it is impossible to be certain, due to the mysterious unavailability of the original NSF-Network Solutions Cooperative Agreement, a review of the amendments available on the NTIA website suggests that only this remains relevant: NTIA's unilateral right to review and amend the .com registry agreement between ICANN and Verisign for the stated purposes of promoting consumer choice and competition in the domain name market.

NTIA has gone to great lengths to assert that its authority is very narrow, but let's cut to the chase: the ability to effectively set the wholesale price from which a billion-dollar public company derives more than 90% of its' annual revenue is the very large stick which permits NTIA to speak so modestly. As I stated in my submitted comments, I do not believe it is feasible nor desirable to extend the Cooperative Agreement beyond the time necessary to ensure that a successor mechanism is in place that offers the same or better accountability safeguards for the corporation controlling a vast proportion of the DNS.

In the United States, the regulation of competition is vested in the Antitrust Division of the Department of Justice and the Federal Trade Commission. Both of these agencies are equipped with professionals possessing the experience and expertise to help foster the dynamic competition that best regulates healthy markets. Additionally, both agencies are experienced at negotiating and enforcing consent decrees with private-sector corporations, which is the solution I have previously suggested should be considered as an effective successor to the Cooperative Agreement.

Consider that, in the absence of any meaningful leverage, Verisign need only comply with a small number of technical key performance indicators (KPIs) in order to benefit, in perpetuity, from its' presumptive right of renewal to this lucrative concession. This will only serve to allow the company to retreat further into a fortress shielded by legal provisions with which it can deflect anyone seeking redress or even basic cooperation beyond what is required for contractual compliance. One need only look at the history that includes the Cooperative Agreement to begin imagining a future without it. Or, consider the justification for the current accountability mechanism, as recounted to me in 2017 by a Clinton Administration official who helped insert this provision into the Agreement, "...time was running out and we weren't worried about ICANN. We had to do something to keep them (the registry operator) from running away with the Internet!"

I don't claim to have any monopoly on answers, or even good ideas. However, it is unacceptable to sit idly while one of a very small number of effective accountability safeguards expires. Take issue with me or my views, but I challenge anyone to defend the wisdom of permitting a corporation that controls so much of the core of the Internet to collect their share of Mammon while sitting comfortably behind impenetrable walls constructed from a presumptive right of renewal and a wide moat filled with basic technical KPIs; to argue with a straight face that competition is sufficiently present to regulate the domain name market and its hegemon.

Further complicating matters is the pragmatic reality that, although some have called for it, the .com registry agreement is not likely to ever be put out for open bid. The possibility that a non-US company could win a truly impartial and proper bid process overseen by ICANN is a national security non-starter. And anyone concerned about the global effects that could result from regulating an American company that is subject to U.S. jurisdiction  —  that is, indeed, a proverbial stone's throw from the White House  —  can find ample and recent precedent for regulating entities domestically without being overly concerned about effects in other jurisdictions. Simply look at the EU's implementation of its' General Data Protection Regulation, which has largely had the effect of creating global privacy regulation by local fiat. What's good for the Old World's goose is just as good for the New World's gander.

In the end, if so many economically and otherwise vested interests, including domain investors, copyright and trademark owners, law enforcement, new generic Top-Level Domain operators, and others, allow the path to be chosen for them at this crossroads  —  in effect, to fail to finish the job of ensuring effective accountability safeguards for the last of the two remaining pillars of the original IANA triad  —  then perhaps we really are through the looking-glass and, as the Cheshire Cat would observe, we're all mad here.

Written by Greg Thomas, Managing Director of The Viking Group LLC

Over the course of the last decade, in response to significant pressure from the US government and other governments, service providers have assumed private obligations to regulate online content that have no basis in public law. For US tech companies, a robust regime of "voluntary agreements" to resolve content-related disputes has grown up on the margins of the Digital Millennium Copyright Act (DMCA) and the Communications Decency Act (CDA). For the most part, this regime has been built for the benefit of intellectual property rightholders attempting to control online piracy and counterfeiting beyond the territorial limits of the United States and without recourse to judicial process.

The reach of privately ordered online content regulation is wide and deepening. It is wide in terms of the range of service providers that have already partnered with corporations and trade associations to block sites, terminate accounts, and remove content without court orders. That range now includes payment processors and digital advertising networks in addition to Internet access providers, search engines, and social media platforms. It is deepening with reference to the Internet's protocol stack, migrating downward from the application layer into the network's technical infrastructure, specifically, the Domain Name System (DNS). While enforcement of intellectual property rights is the purpose for which these agreements exist, the site-blocking procedures they institutionalize are readily adaptable for use in censoring all kinds of disfavored content.

Recent private agreements between DNS intermediaries and intellectual property rightholders cross the Rubicon. Such agreements, which are the subject of a draft book chapter I recently posted to SSRN, should be cause for special concern among open Internet advocates, because they transform technical network intermediaries into content regulators in an unprecedented way. They expand the remit of domain name registrars and registry operators beyond their raison d'être, which is the administration of the Internet's addressing system and the maintenance of its operational security and stability. As these private, under-the-radar agreements multiply, they are taking a tangible but hard-to-measure toll on the global environment for freedom of speech and access to information online.

Written by Annemarie Bridy, Allan G. Shepard Professor of Law

When it comes to fighting cybercrime, "being able to easily access ICANN and look up IP addresses is a lot more important than accessing the minutiae of encrypted data communications," says Jacqueline McNamara, head of cybersecurity at Telstra. Stilgherrian reporting in ZDNet: "She'd rather have instant access to data on the ownership of IP addresses through organizations like the Internet Corporation for Assigned Names and Numbers (ICANN), and being able to work more quickly with law enforcement agencies and other authorities. Currently, getting access to this data generally requires a warrant or a subpoena. ... While there are probably cases where getting at encrypted communications would be important, McNamara said her view was: 'I think there are probably bigger fish to fry.'"

Yahoo today announced it has agreed to pay $50 million in damages and will offer two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the massive security breach. Michael Liedtke reporting in The Associated Press: "The restitution hinges on federal court approval of a settlement filed late Monday in a 2-year-old lawsuit seeking to hold Yahoo accountable for digital burglaries that occurred in 2013 and 2014, but weren't disclosed until 2016. ... Verizon will now pay for one half of the settlement cost, with the other half paid by Altaba Inc., a company that was set up to hold Yahoo's investments in Asian companies and other assets after the sale. ... About 3 billion Yahoo accounts were hit by hackers that included some linked to Russia by the FBI ."

This one is for European Law Enforcement Agencies only, and no matter what the GDPR says.

Accessing Whois information and acting on a litigious domain name is becoming a nightmare for law enforcement agencies. Law enforcement agencies must have an access to the information provided by registrants in the Whois database and, in specific cases, have authority to act FAST on a domain name. The EU has a solution for this and it's coming in 2020. Is this mechanism welcomed now that the GDPR is causing problems for law enforcement agencies trying to do their job? I'd say… yes it is.

What it is

The Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004. It is directly applicable in all Member States.

What it does say

A few things that I extracted from the regulation:

1. Competent authorities should be able to request any relevant information from any public authority, body or agency within their Member State, or from any natural person or legal person, including, for example, payment service providers, internet service providers, telecommunication operators, domain registries and registrars, and hosting service providers, for the purpose of establishing whether an infringement covered by this Regulation has occurred or is occurring.
2. Where no other effective means are available to bring about the cessation or the prohibition of the infringement covered by this Regulation and in order to avoid the risk of serious harm to the collective interests of consumers: where appropriate, the power to order domain registries or registrars to delete a fully qualified domain name and to allow the competent authority concerned to register it.

Coming in 2020

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. It shall apply from 17 January 2020.

The regulation is available here.

Written by Jean Guillon, New gTLDs "only".

The Librarian of Congress and US Copyright Office has updated the Digital Millennium Copyright Act extending some essential exemptions ensuring that computer security researchers won't be treated like nefarious criminals for their contributions to society. Karl Bode reporting in Motherboard writes: "We've long noted how security researchers are frequently treated like criminals by companies that don't appreciate having security flaws and vulnerabilities in their products exposed or discussed. That's often not helped by the vague language of the DMCA, which critics argue has been an overreaching mess with near-endless potential for collateral damage." Some caveats: According to Blake Reid, Associate Clinical Professor at Colorado Law, new ruling only applies to "use exemptions," not "tools exemptions" and security researchers still can't release things like pen-testing tools that bypass DRM, or even publish technical papers.

Last week during the ICANN meeting in Barcelona I attended a short presentation from the Internet Watch Foundation (IWF).

Their mission is pretty simple:

...eliminate child sexual abuse imagery online (source)

Fortunately, the presentation I was at did not include any of the actual material (which would have been illegal anyway) but even without seeing any of it the topic is one that I think most people find deeply disturbing.

You can dig into some of the data on their interactive annual report, which includes some truly disturbing numbers including the one that I find most disturbing:

2% involve children aged 2 or under.

One of the tools they've made available to 3rd parties is a system which recognises images based on a hash. Here's a video they've created to explain how it works:

Several content networks are using this and similar technologies to help keep their platforms free of this kind of content.

If you come across CSAM (Child sexual abuse material) then you should report it to your local hotline. The Irish one is here, while the international organisation that co-ordinates hotlines is here.

Written by Michele Neylon, MD of Blacknight Solutions

U.S. Democratic Senator Ron Wyden released an early draft of a bill today that would subject company CEOs and senior executives to tough penalties including 10 to 20 years of imprisonment for failing to protect consumer data. Colin Lecher reporting in The Verge: "Wyden's draft proposal, called the Consumer Data Protection Act, would give the FTC more authority and resources to police the use of data by adding a total of 175 new staff. Under the proposal, the FTC would also be allowed to fine companies up to 4 percent of revenue for a first offense."

In summary, the bill empowers the Federal Trade Commission to:

1. Establish minimum privacy and cybersecurity standards.
2. Issue steep fines (up to 4% of annual revenue), on the first offense for companies and 10-20 year criminal penalties for senior executives.
3. Create a national Do Not Track system that lets consumers stop third-party companies from tracking them on the web by sharing data, selling data, or targeting advertisements based on their personal information. It permits companies to charge consumers who want to use their products and services, but don't want their information monetized.
4. Give consumers a way to review what personal information a company has about them, learn with whom it has been shared or sold, and to challenge inaccuracies in it.
5. Hire 175 more staff to police the largely unregulated market for private data.
6. Require companies to assess the algorithms that process consumer data to examine their impact on accuracy, fairness, bias, discrimination, privacy, and security.

The big picture: "If voters flip the House or, less likely, the Senate on Tuesday [US midterm election], it could supercharge the debate over privacy," says David McCable of Axios. "Lawmakers are trying to get federal legislation in place before California’s new rules go into effect in 2020."

Today, President Macron threw down the gauntlet to President Trump and the US administration on Multistakeholderism.

In his welcome address to IGF 2018 Paris a few hours ago, President Macron challenged IGF to become more relevant by reinventing itself in factoring in multilateralism into IGF's non-decision-making body and to move beyond the mere talk-ship lip service it has been for the last 13 years.

Macron stated that he (and France) will support a new direction by IGF under the direction of the UN Secretary General, if it decides to factor in multilateralism. He argued that with the new global cyber threat landscape requiring regulation and legislation, such a step is inevitable if IGF is to remain relevant.

Was Macron reminding his "ami" in the White House that his nationalistic divisive stance towards the world and Europe and the actions of previous administrations have not been forgotten, and that they carry a very high price?

Today was the 2nd time US domination of the Internet through Multistakeholderism has been challenged by Europe. Only a few months ago, the 1st challenge came in the form of the EU's GDPR, when it became law on May 25, 2018. The GDPR has been a serious challenge to ICANN and its core role and mission, on many fronts.

What effect will the Macron speech have on the new religion of Multistakeholderism? It remains to be seen how this doctrine, created by the US back during the UN WSIS days (2001-2005), will fare.

Multistakeholderism's goal, for the record, has always been to promote internet self-regulation, and to keep all barriers to the internet around the world very low. This all under the banner of "openness" and "freedom of speech". Governments who legislated (or even considered) the blocking or monitoring content deemed inappropriate, including porn or worse, were often criticized and labelled as oppressors of freedom and democracy. This happened while American tech giants continued to grow at an unprecedented pace, and dominate the Internet. Just recently the world saw its two 1st ever trillion-dollar companies which happen to be American: Amazon and Apple. Meanwhile, no European company is in the top 10 world ranking.

Was Macron paying the US back for PRISM and the Snowden revelations that exposed to the world the unprecedented and illegal mass surveillance by the US security agencies? Not to mention similar abuses by UK's GCHQ, in snooping on Americans and the world under the banner of fighting terrorism?

Macron did state in his speech that France and Germany (who is next year's IGF host) are on the same page. So was he stepping up to support the German leader Merkel, herself one of the targets of PRISM when the U.S. snooped on their friends, allies and enemies alike?

It will be interesting to start reading and observing the usual devout voices of Multistakeholderism when they begin calling on IGF to resist Macron's sacrilegious call and to keep IGF a talk-shop that cannot conclude or make decisions.

Yes, we do live in interesting and unprecedented times. It is entertaining to watch smart politicians fire at each other, with different ammunition at different targets and on different battlegrounds while continuing to sound like collegial, friendly and cooperative.

Seems to me like Macron just hit back at Trump on his disparagement of the NATO Budget, the Iran Nuclear deal, and the Paris climate change accord. Now, this is making IGF more interesting.

Let's see if Trump is smart enough to realize by himself that his 'ami' Macron just fired a shot across his bow that ruffled his hair.

Written by Khaled Fattal, Group Chairman, Multilingual Internet Group & Producer "Era of the Unprecedented

The Motion Picture Association of America (MPAA) in its recent submission to the National Telecommunications and Information Administration (NTIA) has raised a stern objection regarding ICANN's attempt to adhere to the EU's General Data Protection Regulation (GDPR), stating that the temporary specification had gone "well beyond what the GDPR mandates." From the submission: "The European Union should not be setting U.S. WHOIS and privacy policy. Moreover, with growing concerns over illicit behavior on the internet, now is the time to increase online transparency, accountability, and trust — not diminish it. The MPAA, therefore, asks that the federal privacy approach prioritize efforts to ensure that certain basic WHOIS information remains publicly available and that any information that the GDPR does require to be removed from public access still be available to third parties with legitimate interests through a reasonable, timely, and effective process. Such efforts should include Administration support for solutions through the multistakeholder process, for ICANN assumption of WHOIS under a unified access model, for WHOIS access requirements in trade agreements, and for federal legislation requiring registrars and registry operators to continue providing lawful access."

But ICANN cannot be faulted for being overly conservative to avoid violating GDPR, which can lead to fines of up to four percent of an entity’s annual global revenue, says Alan Behr, a partner at Phillips Nizer. (via IPPRo)

The FCC has unveiled two proposals as part of its plan to help reduce unwanted phone and text spam however the move is challenged by consumer advocacy groups. In a statement issued on Tuesday, Harold Feld, Senior Vice President at Public Knowledge, said:

— "Chairman Pai proposes to grant the wireless industry's request to classify text messages as Title I 'information services,' stripping away vital consumer protections. Worse, Chairman Pai's action would give carriers unlimited freedom to censor any speech they consider 'controversial,' as Verizon did in 2007 when it blocked NARAL and prompted the Public Knowledge 2007 Petition."

— "Chairman Pai supports this outrageous action by claiming the Title II ‘telecommunications service’ classification undermines spam filtering. As the FCC made clear in 2016 (over then-Commissioner Pai’s dissent), text messages and robocalls are both ‘calls’ under the anti-robocall statute, and this Title II designation does not prevent filtering or other technological means to block unwanted robocalls or spam texts."

Pai asserts robocalls and robotexts are limited by the Telephone Consumer Protection Act.

Abusive conduct or cybersquatting is the essence of disputes under the Uniform Domain Name Dispute Resolution Policy (UDRP), usually by domain name registrants violating their warranties of registration but also (in appreciable numbers) by trademark holders overreaching their statutory rights. The UDRP remedies are asynchronous: there is forfeiture of offending domain names; for abusive use of the process — "attempt[ing] to deprive a registered domain name holder of a domain name" (Rule 15(e)) — there is reverse domain name hijacking (RDNH), essentially a shaming remedy that substitutes for a monetary penalty. It is crafted for a purpose, as solace which I will explain in a moment.

On the statutory side, though, under the Anticybersquatting Consumer Protection Act (ACPA), the penalties for abusive conduct are synchronous. Both parties are liable for statutory damages, up to $100,000 per domain name and attorney's fees. That unhappy result has been visited equally on mark owners (where there is personal jurisdiction, the Beautiful People case) and on domain name registrants (the Vericheck and Trump cases are examples).

In the early history of the UDRP, some Panels began holding that RDNH is discretionary, as though by edict which it is not. The three-member Panel in The Chancellor, Masters and Scholars of the University of Cambridge v. Kirkland Holdings LLC, D2015-1278 (WIPO October 5, 2015) (), for example, citing earlier cases, held that "[while] [s]ufficient grounds for a finding of abuse plainly exist ... [a] finding of abuse ... is always discretionary with the Panel." Is that really so? Can a complainant be excused even though the conduct is abusive?

It is obvious from Panel's language in The Chancellor that there were "sufficient grounds" for RDNH but it declined to declare as such even though it also stated 1) "[the bringing of the complaint] raise[s] an unhealthy aroma that the Complainant brought this proceeding with an ulterior motive — either to bolster its case before the TTAB or to use the UDRP as a second front in a broader campaign", and 2) "cautioning the Complainant (or perhaps more accurately, its advocate) in future to limit its invocation of the Policy to proper cases fully and fairly presented." When "discretion" is exercised in this manner, where there is misplaced deference as I think is the case here, ignoring a complainant's abusive conduct is unfair to respondents who are denied solace for defending indefensible claims.

It is as though by repeating a mantra it becomes the law. The Policy does not use the word "discretion" in connection with RDNH. It is no more than a Panel created carbuncle. If ICANN intended RDNH to be discretionary it would have said so, as it did for 1) consolidation of claims (Policy 4(f)), 2) further statements (Rule 12), 3) in-person hearings (Rule 13), and 4) effect of court proceedings (Rules 18). Other than in those four instances, no mention is made of Panels having discretion for RDNH. Rule 15(e) is clear: if the facts support RDNH Panels have no discretion to give complainant a pass, except for some specific reason.

Read correctly, Rule 15(e) is not "discretionary" at all but "peremptory." It is peremptory because it authorizes a Panel "to declare in its decision that the complaint was brought in bad faith and constitutes an abuse of the administrative proceeding . . . [i]f after considering the submissions the Panel finds that the complaint was brought in bad faith." Certainly, this pronouncement implies a scaling of conduct that suggests a standard beyond a simple failure of judgment and more in the nature of a deliberate act, but it does not instruct Panels to deny RDNH if "sufficient ground[s] for a finding of abuse plainly exist" (The Chancellor).

While a number of complaints were dismissed as the UDRP got underway in 2000 it was not until the fourth quarter that RDNH was first applied. The Panel in Smart Design LLC v. Carolyn Hughes, D2000-0993 (WIPO October 18, 2000) (no fan of "discretionary) is a general warning to complainants their claims must be genuine. Had Smart Design LLC "sat back and reflected upon what it was proposing to argue, it would have seen that its claims could not conceivably succeed." Hence, a good start in measuring a rights holder's abusive conduct is to ask whether "a claim[ ] could conceivably succeed"?

More discriminating Panels have accepted the peremptory view. The "ought to have known" test is reflected in a line of cases stretching back to Smart Design and forward to current decisions. In Clearly Agile, Inc. v. Jonathan Jenkins, Clearly Agile, Corp, D2018-2087 (WIPO November 13, 2018) (<clearlyagile.com>) the Panel noted that the "Domain Name was registered before the Complainant business was even formed" which would have been proof that Complainant could not have proved registration in bad faith. Worse, Complainant was represented by competent counsel, presumptively knowledgeable of the law. Pressing forward with a case knowing it could not succeed is a factor in determining RDNH. Pet Life LLC v. ROBERT RIESS / blue streak marketing llc, FA1810001810870 (Forum November 11, 2018) (<petlife.com>).

Although the Panel in Clearly Agile did not invoke the "ought to have known" language (the Panel in Pet life did), it is nevertheless implicit in the decision. Although not the earliest panelist to criticize rights holders and representatives, the Panel in Pick Enterprises, Inc. v. Domains by Proxy, LLC, DomainsByProxy.com / Woman to Woman Healthcare / Just Us Women Health Center f/k/a Woman to Woman Health Center, D2012‑1555 (WIPO September 22, 2012) noted

The fact that Complainant is represented by counsel makes the filing of this Complaint all the more inexcusable. The matters identified in the preceding paragraph are not Policy arcana; each is a precedent of long standing and derived from scores of cases, and each addresses a fundamental Policy requirement.

Other recent decisions expressing this view include: Voys B.V., Voys United B.V. v. Thomas Zou, Case No. D2017-2136 (WIPO January 9, 2018) (<voys.com>. ("With the benefit of experienced intellectual property advisors, the Complainant should have been aware that, in these circumstances, its Complaint could not succeed. However and presumably in an effort to acquire the disputed domain name with minimal cost, it proceeded with the claim regardless. This is an abuse of the Policy and the Panel, therefore, finds this to be a case of reverse domain name hijacking." Even more recently, DIGITI limited liability company v. Privacy Administrator, Anonymize, Inc / Michele Dinoia, Macrosten LTD, D2018-2148 (WIPO November 15, 2018) (<digiti.com>. "[t]he Complaint in the form presented had no realistic prospect of success and should not have been filed.")

"Ought to have known" is arguably either intentional overreaching or studied obliviousness of the law, but more likely the latter rather than the former. Using the UDRP as leverage to gain control of the domain name includes the Plan B and other stratagems deliberately attempting to mislead decision makers. In Patricks Universal Export Pty Ltd. v. David Greenblatt, D2016-0653 (WIPO June 21, 2016) (<patricks.com>) the Panel found that "Complainant's only real gripe is the price Respondent demanded for the Domain Name, making this a classic 'Plan B' case." These kinds of cases are regularly on the docket. Pilot Fitness, LLC v. Max Wettstein / Max Wettstein Fitness, FA1808001799942 (Forum August 30, 2018) (<pilotfitness.com>) is an example: "[Complainant] offered trifling sums to buy the domain name. Having failed, it then moved to Plan B to try to enforce a transfer.").

Omitting facts is as willful as misstating them. The three-member Panel in Airpet Animal Transport, Inc. v. Marchex Sales, Inc / Brendhan Hight, FA121100 1470056 (Forum January 2, 2013) (alleged common law trademark) was unanimous is finding RDNH:

Complainant applied for a trademark after knowing about Respondent's domain name and did not disclose that fact to . . . the Panel. Once again, the question is why not? Presumably, Complainant wanted to improve its chances in registering its mark and this proceeding."

The several indicia of overreaching statutory rights are set out as consensus views in WIPO Overview 3.0, section 4.16. In one way or another, each of these overreaching offenses are violations of the certification requirement in the Policy, Rule 3(b)(xiii) in which the signatory certifies that "this Complaint is not being presented for any improper purpose."

This test has been extended to include false and deceptive statements. Credibility can be a major factor in determining parties' rights. While the Panel in Compañía Logística de Hidrocarburos CLH, S.A. v. DropCatcher.Info / Badminton, Inc., D2018-0973 (WIPO June 25, 2018) (<clh.com>) denied RDNH it identified the reasons for its decision: while the "Complaint was weak" there were

a number of the indicia of a complainant's conduct which are sometimes associated with RDNH, such as untrue assertions of fact, inappropriate personal attacks on the integrity of a respondent or heavy-handed conduct [that were] not present.

In other words, taking into account the totality of factual circumstances, RDNH is not warranted, even as in this case it was a close call — "declines, by a very narrow margin." But, the sanction is inappropriate where the facts do not add up to abusive conduct.

The failure of the discretionary view is that it excuses a pervasive reluctance by some panelists to grant RDNH which brings us to the present. The three-member Panel in Hims, Inc. v. Sharad Patel, FA181000 1810653 (Forum November 16,2018) (<hims.com> rejected RDNH because (it held) "Complainant had a colorable claim based on arguments of bad faith renewal of the disputed domain name, and therefore declines to find reverse hijacking."

The HIMS decision is not in harmony with the jurisprudence. There are three reasons why this is so: 1) Respondent had lengthy priority over use of the string "hims."; 2) Complaint had made a number of attempts to purchase the domain (which it did not disclose in the complaint) to which it was rebuffed; this suggests a classic Plan B filing; and 3) renewal of a domain name purchased many years prior to any commercial use of the mark cannot possibly be a legal basis for any claim of cybersquatting either under the UDRP or Anticybersquatting Consumer Protection Act (ACPA).

The reluctance to sanction is illustrated in WEDIA SA v. Office Yui Asia Limited, D2018-2083 (WIPO November 8, 2018) (<wedia.com>) the Panel held that

Without evidence that the disputed domain name was registered in bad faith in 1997 (or that there had been a subsequent transfer in bad faith), the Complainant should have known that the proceedings were bound to fail.

However, the abuse is excusable because

Complainant [as a pro se party] had sought to contact the Respondent prior to filing the complaint and made a reasonable offer of USD 3,000 to purchase the domain name but did not receive any reply from the Respondent. The Complainant appears to have prepared the complaint itself without taking external legal advice and does not appear to have been previously involved in UDRP proceedings. The Panel is, therefore, willing to give the Complainant the benefit of the doubt that it was not aware of the possibility of an RDNH finding. In the particular circumstances of this case, the Panel therefore determines that it is not necessary to make a declaration of Reverse Domain Name Hijacking.

Presumably, Complainant received a "get out of jail" because it represented itself, although it is one thing to be a small commercial actor and another to be a significant one as Wedia SA is!

The peremptory approach treats complainants and respondents alike: if there is abusive conduct, it is called out. For example, the Panel in Timbermate Products Pty Ltd v. Domains by Proxy, LLC/Barry Gork, D2013-1603 (WIPO November 3, 2013), held that Panels are "under an obligation to so declare" even if the respondent does not request RDNH. This view is in stark opposition to the discretionary view. Later decisions have extended this dictum to even include cases in which respondents have defaulted in appearance but who could not possibly have registered the disputed domain names in bad faith since they had priority of right over complainants.

What is often overlooked, but deserves more attention, is the meaning RDNH has to prevailing respondents. Winning (where respondents appear and defend) also entails a loss; a monetary and emotional penalty for defending their lawful registrations. Simply prevailing is less satisfying than prevailing with an RDNH sanction. That is what I mean by solace. Where the facts support complainant overreaching of its statutory rights there must be a penalty. In this respect, RDNH arguably serves two purposes: the sanction (the official reason) for "attempt[ing] to deprive a registered domain-name hold of a domain name" (Rule Definitions) and the unofficial reason, providing psychological closure for respondents in having complainants sanctioned for their abusive conduct. To have that satisfaction is respondent's only coin in offsetting the emotional turmoil and expense of defending a dishonest claim; call it a psychological payment for having to defend itself!

Written by Gerald M. Levine, Intellectual Property, Arbitrator/Mediator at Levine Samuel LLP

U.K. Parliament today released 250 pages of internal emails between Facebook and other tech companies regarding accessing user data through the social network's system. The documents were seized by British lawmakers last month as part of UK Parliament's inquiry into "fake news."

The documents released today, indicate that Facebook's VPN app, Onavo, was much more invasive than previously reported. "Facebook used Onavo to conduct global surveys of the usage of mobile apps by customers, and apparently without their knowledge," says Damian Collins, chairman of the committee tasked with investigating disinformation. "They used this data to assess not just how many people had downloaded apps, but how often they used them. This knowledge helped them to decide which companies to acquire, and which to treat as a threat."

"To be fair, Facebook does actually disclose that it is monitoring the data that Onavo collects, except in a fluffier way," writes Evan Niu from Motley Fool. It says: "Because we're part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences."

Facebook in its response today argues that websites and apps have used tools like Onavo for market research services for years. "We use Onavo, App Annie, comScore, and publicly available tools to help us understand the market and improve all our services."

When properly used, the UDRP enables trademark owners to take control of abusive domain names. Yet sometimes the UDRP itself is misused by trademark owners to try to seize desirable domain names to which they have no legal entitlement. Is there a downside to misusing the UDRP to attempt a domain name hijacking?

Abuse of the UDRP

Unscrupulous companies at times misuse the UDRP by improperly invoking its power to compel a transfer of ownership in order to seize inherently valuable, non-infringing domain names that the companies desire for their own use. Many trademarks are comprised of common words, phrases or acronyms. The registration of common word, phrase or acronym domain names that may be similar to an existing trademark does not necessarily mean, therefore, that the registration was in bad faith, or targeted at that trademark, as there are many possible uses for such a domain name distinct from the use of any particular mark owner. Nevertheless, some mark owners will in effect claim exclusive commercial rights to such everyday terms by launching a complaint against a matching domain name, even in the absence of evidence that the domain name was used to target the complainant's mark.^[1] Examples of such domain names that have recently been targeted by complainants in a UDRP dispute include babyboom.com, cassandra.com, pinksheet.com, cwj.com, fairmarkets.com and weeds.com, amongst many others.^[2]

Would-be domain name hijackers in such cases often use the similarity between their brand and the domain name as the basis for their complaint while concocting the more crucial UDRP allegations, namely that the domain name owner lacks a legitimate interest and that the domain name owner's registration and use of the domain name was in bad faith. These complaints fail to acknowledge that descriptive and generic domain names have inherent value and can be lawfully used in a non-infringing manner.

The hijacking attempts targeting fairmarkets.com and cwj.com, for example, are typical of many similar attempted hijackings. In the fairmarkets.com dispute, a recently formed Australian company filed a UDRP complaint in an attempt to seize the domain name despite having no enforceable trademark rights, despite the domain name registration predating the formation of the company, and despite no evidence that the domain name was targeting the complainant. The panelist in the case found:

The Panel is in agreement with Respondent and finds, on any construction of the facts, that Complainant knew or should have known that it was unable to prove trademark rights. Having regard to the evidence, the Panel also finds that there was material in the public domain to show Respondent's legitimate interest in the domain name and its bona fides more generally. Moreover, even if Complainant had not made those enquiries, the course of correspondence with Respondent made that plain. The fact alone that the Complaint was later filed in that knowledge is in the Panel's assessment evidence of the Complaint being brought in bad faith. Finally, the explicit claims to bad faith registration and use made in the Complaint are groundless and overstated in nature.^[3]

In the cwj.com dispute, the complainant, Crypto World Journal, acknowledged that the domain name registration predated the existence of the company, but asserted that it was nevertheless bad faith to register a desirable domain with the aim of later reselling it:

The very nature of Respondent's registration evidences bad faith. Respondent has owned the Domain Name since 1999 and has never once had a functional page running. This leads to the conclusion that the Respondent registered the name to sell it one day to a company like that of the Complainant who has a real and legitimate use for the name, or just to prevent the owner of a trade mark or service mark from reflecting the mark in a corresponding domain name.^[4]

The proper purpose of the UDRP, however, is to remedy instances where a domain name is registered to target a particular trademark, not to enable a junior mark owner to seize an inherently valuable three-letter dot-com acronym domain name that was registered by the senior registrant, prior to the mark owner acquiring any rights to its mark, or even existing. Crypto World Journal's complaint was found to be an abuse of the Policy compounded by its failure to disclose that it had attempted to purchase the domain name prior to bringing the dispute:

In light of the above, the Panel agrees with the Respondent that the Complainant has filed the Complaint after an unsuccessful attempt to acquire the disputed domain name from the Respondent, and where the legally represented Complainant filed the Complaint without having any plausible basis for establishing, in particular, bad faith registration and use. In all the circumstances, the Panel makes a finding of reverse domain name hijacking against the Complainant.^[5]

The complaints in the fairmarkets.com and cwj.com UDRP disputes were clear attempts to misuse the UDRP to hijack inherently valuable domain names to which the complainants had no legal entitlement and as a consequence they were found by the panelists to be abusive. Yet what penalty do the complainants in the fairmarkets.com and cwj.com disputes, and in other attempted hijackings, face when they are found guilty by the UDRP panel of abusing the process?

Reverse Domain Name Hijacking

The risk to the complainant of attempting a hijacking is that the UDRP panel may find it guilty of Reverse Domain Name Hijacking.^[6] According to the UDRP Rules, "Reverse Domain Name Hijacking means using the Policy in bad faith to attempt to deprive a registered domain-name holder of a domain name".^[7]

RDNH is a sanction that has no obvious consequence beyond the censure itself, although it nevertheless does indeed have consequences, as explained herein. It has no financial penalty, nor does it bar a complainant or his or her attorney from making future UDRP filings. Some trademark owners and their attorneys therefore see little to fear from being found guilty of RDNH.^[8] With relatively "much to gain" and "little to lose", companies at times succumb to the temptation to file meritless complaints in the hopes of gaining a windfall transfer of a desirable domain name for free.

RDNH Findings on the Rise

Certain panelists who are concerned about misuse of the UDRP appear to be increasingly recognizing the importance of calling out such abuse where appropriate. These panelists are not tolerant of ill-founded complaints relying on a mark that was adopted long after the domain name was registered,^[9] or where a complainant has "unreasonably ignored established Policy precedent" or where a complainant bases "a complaint on only the barest of allegations without any supporting evidence."^[10]

While only five RDNH findings were issued in 2003, by 2016, the number of RDNH findings had increased to 37, and increased again in 2017 to 45. 2018 is on pace to see a similar or higher number of RDNH findings.^[11]

Source: RDNH.com, actual through November 2018, projected through year-end 2018.

Although RDNH decisions represent a relatively small portion of the number of UDRP cases filed, the domain names targeted for hijacking are often significantly more valuable than the typically cybersquatted domains that are the subjects of most complaints.

The Ramifications of an RDNH Finding

Although the UDRP does not impose any actual penalty on those found guilty of attempted Reverse Domain Name Hijacking beyond censure, an RDNH finding may nevertheless have significant consequences that result in reputational damage to the complainant and the complainant's counsel, and at times even financial costs to the complainant. A finding of RDNH therefore may indeed play a role in deterring frivolous filings.

An RDNH finding may inflict reputational damage due to the public reprimand delivered in a published decision, for example:

• "[Complainant] took on the guise of a third rate barrack room lawyer and advanced arguments that were tortuously artificial in the extreme"^[12]
• "the Complainant has failed miserably...the Complainant's filing [is] frivolous, abusive"^[13]
• "the Panel deplores the fact that a baseless Complaint of this nature was filed."^[14]
• "The Complainant's blatant and intentional misrepresentation as described above constitutes a clear violation of [its certification of completeness and accuracy]."^[15]
• "a brash and totally unjustifiable attempt to pressure a domain name owner into releasing a legitimately held domain name"^[16]
• "We owe it to this Respondent to chastise the Complainant and its representative for their irresponsible conduct. We owe it to the integrity of the UDRP process to call out patent abuses such as I believe this case to be."^[17]
• "a finding of abuse of the administrative proceeding is beyond obvious...the Complainant's empty rhetoric, mudslinging, and unsupported factual allegations require this Panel to impose the only sanction available to it."^[18]
• "the Panel does not need to make a finding as to whether or not the conduct of the Complainant and/or its representatives was deliberately dishonest, although it is of the view that the nature of the Complaint and the allegations it contains is, at the very least, extremely unsatisfactory."^[19]
• "The Complainant attempted to mislead the Panel on several occasions by presenting information as fact, which at closer examination was misleading or untrue."^[20]
• "The Panel notes that the Complainant, The Procter & Gamble Company, is a premier marketer and advertiser of consumer products in the United States of America and in many other countries… To have filed the Complaint at this relatively late date — more than eleven years after the registration of the disputed domain name and several years after its acquisition by the Respondent — seems a grotesquely unfair attempt to wrest ownership of the disputed domain name from the owner… This Complaint fell very far short of what the Panel was entitled to expect from a Complainant of this stature."^[21]

Decisions finding RDNH are newsworthy, so the complainant and its counsel may find themselves portrayed in a widely read article in an unflattering light, as in the article headlined "Panelist Blasts Credit Europe Bank for 'Flagrant Abuse' of UDRP".^[22] The article titled "WIPO Panel Censures Law Firm for Misleading Panel" cited at length a panel decision critical of the law firm Novagraaf Nederland:

It is lamentable that the Complainant's representative appears to have failed to address these concerns and thus has brought two cases under the Policy within a year in which there is a real prospect that it has either deliberately sought to mislead the panel or has been inexcusably careless in the manner in which it has pled its client's case. The Panel is unanimous that this deserves censure.^[23]

Novagraaf Nederland subsequently filed another complaint that was found guilty of RDNH, bringing it increased notoriety.^[24] This raises the possibility that its future UDRP complaints would be viewed as suspect, such that it would be an ineffective advocate for its clients.

Besides Novagraaf Nederland, other firms and attorneys have brought cases on more than one occasion which resulted in an RDNH finding, including Anand & Anand^[25] (whose managing partner is a WIPO panelist),^[26] Ballard Spahr,^[27] and Stobbs IP,^[28] and attorneys J. Dustin Howell of Workman Nydegger^[29] and Steven Rinehart.^[30] Since UDRP decisions do not always adequately explain each side's position, it may be that these firms and attorneys have a good explanation as to how the RDNH findings came about. Yet as a result of RDNH findings and any publicity related to them, potential clients researching an attorney or a firm prior to entering into an engagement may learn of an attorney's or a firm's involvement in an abusive filing and may choose not to move forward with the engagement.

Domain name owners on the receiving end of abusive complaints have at times publicized the bad behavior of those bringing the complaints. The website at HallofShame.com highlights many well-known complainants, including Land Rover and Procter & Gamble, that have been found guilty of RDNH, as well as the law firms that brought the RDNH complaints. A few domain names targeted by complainants now alert visitors to the complainants' attempted hijacking attempts as with Queen.com, QLP.com and Xpand.com. Such negative references can appear in search results for a complainant or its counsel and may supplant good news such that the company and its counsel appear in an unfavorable light.

Reverse Domain Name Hijacking is a Violation of ACPA

Many complainants, and even some intellectual property attorneys, are not aware that attempted Reverse Domain Name Hijacking is also a violation of the U.S. Anti-Cybersquatting Consumer Protection Act (ACPA).^[31] The ACPA provides recourse for domain registrants improperly accused of cybersquatting in the form of two distinct claims: (1) relief for registrants based a finding of "no bad faith intent"; and (2) relief based on a finding of RDNH.^[32] An aggrieved domain owner can request a judgment from a U.S. federal court for a declaration of no cybersquatting as well as payment of damages and attorney's fees. At least one federal court has found that the ACPA's statutory damages penalty of $100,000 may be assessed against parties who have engaged in RDNH, and numerous courts have awarded actual damages and attorney's fees for RDNH.^[33]

Companies that have filed misleading UDRP complaints have been surprised to find themselves sued in U.S. federal court and forced to defend RDNH claims, including demands for significant monetary payments and attorney's fees. A UDRP complaint filed against airzone.com, for example, resulted in the Spanish complainant being sued in U.S. federal court on multiple claims, including that it violated the RDNH provision of ACPA. The lawsuit concluded with a $40,000 judgment against the UDRP complainant and a court determination that the UDRP respondent would retain the domain name.^[34] Similarly, a UDRP complaint filed against sdt.com led to a federal lawsuit that concluded with a judgment against the Belgian UDRP complainant for $50,000 and a determination that the UDRP respondent would retain the domain name.^[35]

Even if a Complainant gets "lucky" and appears to succeed with its hijacking attempt when it is awarded a domain by a UDRP panel based upon a meritless complaint, the respondent may still file a suit in federal court claiming damages for RDNH as defined under the ACPA. In the AustinPain.com dispute, the complainant obtained a transfer order from the UDRP panel, yet the respondent challenged the transfer in federal court, and counter-claimed against the complainant by alleging RDNH under ACPA. The complainant paid $25,000 to settle the lawsuit despite prevailing in the UDRP.^[36]

Similarly, despite the complainant in the ado.com UDRP dispute prevailing and being awarded the domain name by the UDRP panel in a heavily criticized decision,^[37] the complainant must now defend itself in a federal lawsuit alleging violation of the ACPA that cites RDNH among other claims and includes a request for significant damages and attorney's fees.^[38] The case is still pending as of the date of this article.

Complainant Counsel's Role

The complainant's attorney generally bears responsibility for filing a complaint that results in RDNH, as the client relies on his or her legal advice and agreement to file on a client's behalf. When an attorney recognizes it is possible to make a "colorable" claim under the UDRP to demand the transfer of a desirable domain even in the absence of adequate evidence to support the claim, the temptation to misuse the UDRP can be great.

An attorney who recommends or acquiesces to an ill-advised UDRP complaint may put at risk his or her relationship with the client. An executive from a complainant that was sued in federal court for bringing a misleading UDRP complaint shared: "we were until now very badly advised in this matter by [the law firm]. I fired them and have now to find new advisers to defend our position."^[39] An executive at a different complainant that was sued for RDNH under ACPA stated:

we both are aware of the attorney´s professional interests do not always match our business targets… The truth is, all this mixture of unfortunate events is a nightmare for me and my company and all I want is to close it as soon as possible with minimum damage to our business.^[40]

The complainant's attorney is an important gatekeeper who should remain vigilant in avoiding an embarrassing RDNH ruling which may risk the wrath of his or her client and may result in the loss of the client. A prudent attorney therefore will decline to file a complaint that lacks merit or misrepresents facts to spare the client the risk of reputational damage and potential exposure to substantial legal fees and financial penalties.^[41]

The Importance of the RDNH Finding

RDNH findings play a key role in maintaining the integrity of the UDRP. The RDNH provisions of the UDRP, as well as the possibility of an RDNH finding under the ACPA, should be seen as a disincentive to bring meritless complaints and thereby abuse an otherwise respected procedure. Making RDNH findings, where warranted, is therefore critical to supporting the integrity of the Policy.

It is therefore unfortunate that many panelists decline to even consider RDNH, despite circumstances that call for such a finding and despite the Rules requiring them to consider it.^[42] The excuses some panelists offer for not making a finding of RDNH include:

1. Some panels avoid finding RDNH "in their discretion", when the correct reading of Rule 15(e) establishes that it is not in fact "discretionary" but rather is "peremptory";^[43]
2. Some panelists will refuse to make an RDNH finding "because the complainant has a valid trademark",^[44] when it is precisely the fact that the complainant misused its valid trademark in an abusive complaint which ought to lead to a RDNH finding;^[45]
3. Some panels will fail to consider RDNH at all;^[46]
4. Some panelists will too readily excuse blatant hijacking attempts as merely "misconceived" or the result of "misapprehension" on the part of the "misguided" complainant,^[47] or because the complainant was self-represented and had first "made a reasonable offer of USD 3,000 to purchase the domain name".^[48]

While calling out abuse of the Policy is an important responsibility of a UDRP panelist, making and supporting an RDNH finding requires extra time and effort for which the panelist receives no additional compensation. An RDNH finding may also come at a social cost to the panelist, for the complainant's counsel may be an acquaintance of the panelist, or at other times a fellow UDRP panelist.^[49]

Those UDRP panelists who nevertheless admirably fulfill their duty to consider and to make, when appropriate, an RDNH finding, deserve particular commendation. The integrity of the UDRP depends on calling out abuse both of the cybersquatting variety and of the RDNH variety. Those panelists who make RDNH findings when deserved help bolster the UDRP's reputation as a generally effective dispenser of justice. Even when an RDNH finding appears relatively inconsequential, it may lead to serious repercussions, and may perhaps even serve as a deterrent to further abuse of the UDRP.

This article is the product of collaboration between ICA Board Member, Nat Cohen and Zak Muscovitch.

[1] See http://iplegalcorner.com/overreaching-trademark-owners...
[2] See https://www.rdnh.com/
[3] http://www.adrforum.com/domaindecisions/1790689.htm
[4] https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2018-1207
[5] Ibid
[6] Pursuant to Rule 15(e) of the Rules, "if after considering the submissions the Panel finds that the complaint was brought in bad faith, for example in an attempt at Reverse Domain Name Hijacking or was brought primarily to harass the domain-name holder, the Panel shall declare in its decision that the complaint was brought in bad faith and constitutes an abuse of the administrative proceeding"
[7] Ibid
[8] "Section 15(e) [the RDNH provision] of the UDRP has no deterrence value.", Froomkin, ICANN's 'Uniform Dispute Resolution Policy' — Causes and (Partial) Cures (2002). Brooklyn Law Review, Vol. 67, No. 605, 2002, page 667
[9] See for example; TOBAM v. M. Thestrup / Best Identity, WIPO Case No. D2016-1990
[10] See WIPO Jurisprudential Overview 3.0 (https://www.wipo.int/amc/en/domains/search/overview3.0/#item416). WIPO's updated overview released in 2017 provides a more robust treatment of RDNH than previous versions.
[11] As identified at RDNH.com.
[12] http://www.wipo.int/amc/en/domains/decisions/html/2000/d2000-0993.html
[13] http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2014-0594
[14] http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2016-0534
[15] http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2018-1683
[16] http://www.wipo.int/amc/en/domains/decisions/html/2006/d2006-0905.html
[17] http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2013-1691
[18] http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2016-0653
[19] http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2017-2549
[20] http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2017-1961
[21] http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2012-2179
[22] https://domainnamewire.com/2010/08/02/panelist-blasts-credit-europe...
[23] See: https://domainnamewire.com/2011/07/14/wipo-panel-censures-law-firm...
[24] See: https://domainnamewire.com/2018/08/03/fertilizer-company-tries...; and also see: http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2017-2045, http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2011-0636, and http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2018-1112
[25] See https://domainnamewire.com/2014/01/13/rpg-life-sciences-ltd-guilty... and https://domainnamewire.com/2013/09/12/indian-electronics-retailer-croma...
[26] See https://www.wipo.int/export/sites/www/amc/en/domains/panel/profiles/anand-pravin.pdf and http://www.anandandanand.com/pravin-anand.html
[27] See https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2017-0777 and https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2017-1930
[28] https://domainnamewire.com/2017/12/21/stobbs-ip-gets-two-reverse...
[29] See http://www.adrforum.com/domaindecisions/1784459.htm and http://www.adrforum.com/domaindecisions/1784458.htm
[30] See http://www.adrforum.com/domaindecisions/1447322.htm and http://www.adrforum.com/domaindecisions/1759845.htm
[31] The criteria for RDNH under ACPA are different than the guidelines for finding RDNH under the UDRP. For instance, intentional misrepresentation is an element of an RDNH finding under ACPA, but is not required for an RDNH finding under the UDRP.
[32] 15 U.S.C. § 1114(2)(D)(iv) and (v); see https://www.law.cornell.edu/uscode/text/15/1114
[33] Walter v. Ville de Paris, 09-cv-3939 [Doc. 31] (S.D. Tex. Sept. 14, 2012) (awarding $100,000 in statutory damages for RDNH after the filing of a baseless UDRP complaint); AIRFX.com v. AirFX LLC, 2:11-cv-01064 [Doc. 121] (D. Ariz. Mar. 7, 2013) (awarding $103,972.50 in attorney's fees for RDNH); GoForIt Ent. LLC v. Digimedia.com, 3:08-cv-02011 [Doc. 147] (N.D. Tex. Mar. 22, 2011) (awarding $55,000 in damages and $48,000 in attorney's fees for reverse domain name hijacking).
[34] Telepathy, Inc. v. Corporacion Empresarial Altra S.L., No. 1:17-cv-1030 [Dkt. No. 10] (D.D.C. Nov. 28, 2017).
[35] See Telepathy, Inc. v. SDT Int'l SA-NV, No. 1:14-cv-1912 [Dkt. No. 12] (D.D.C. July 9, 2015).
[36] HugeDomains.com, LLC v. Robert P. Wills, M.D., P.A., 14-cv-00946-BNB [Doc. 23] (D. Colo. July 21, 2014).
[37] See http://www.circleid.com/posts/20180301_ica_statement_on_adocom_udrp_decision... and http://iplegalcorner.com/whats-so-outrageous-asking...
[38] http://www.ipsectioncolorado.org/wp-content/uploads/2018/03/here-2.pdf
[39] Private correspondence, not publicly available.
[40] Private correspondence, not publicly available.
[41] https://www.domainsherpa.com/john-berryhill-udrp-interview/
[42] See: https://domainnamewire.com/2016/05/26/udrp-reverse-domain-name-hijacking/, https://domainnamewire.com/2017/06/12/cant-believe-not-rdnh-gloo-com/, https://domainnamewire.com/2017/06/02/cant-believe-not-rdnh-2/, https://domainnamewire.com/2017/04/27/cant-believe-not-rdnh/, https://domainnamewire.com/2015/11/11/movius/, https://domainnamewire.com/2014/11/14/bespoke-udrp/, https://domainnamewire.com/2008/08/21/arbitrator-firedcom-complainant-sorely-misguided/, https://domainnamewire.com/2015/05/12/major-com-udrp-denied-but-no-rdnh/, https://domainnamewire.com/2018/11/13/wipo-panelist-not-necessary-to-make....
[43] See http://www.circleid.com/posts/20181125_abusive_conduct_domain_name_registrants...
[44] See Shoeland.com - http://www.adrforum.com/domaindecisions/1255365.htm, "The Panel is of the opinion that Complainant has satisfied Policy ¶ 4(a)(i). Therefore, the Panel finds that Complainant has not engaged in reverse domain name hijacking." and see Panelist Neil Brown's dissent.
[45] See https://www.domainarts.com/2013/11/25/naf-embarrassment-with-sloppy-and...
[46] For one instance, see https://domainnamewire.com/2014/06/12/egton-loses-patient-com-udrp...
[47] See soti.com - https://domainnamewire.com/2017/06/02/cant-believe-not-rdnh-2/, inw.com - http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2012-0454, america.com - http://www.adrforum.com/domaindecisions/96784.htm, zija.com - http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2013-0107, cqc.com - http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2017-0129, lightsout.com - http://www.adrforum.com/domaindecisions/1795430.htm
[48] See for example, WEDIA SA v. Office Yui Asia Limited, WIPO Case No. D2018-2083
[49] See https://domainnamewire.com/2018/04/04/guess-what-clothing-company-guess... and https://www.domainarts.com/2011/10/21/my-personal-trainer-registers-sofitdc-com...

Written by Zak Muscovitch, General Counsel, Internet Commerce Association

Leading American tech firm Cloudflare has been accused of providing cybersecurity services to at least seven designated foreign terrorist organizations and militant groups including Taliban, al-Shabab and Hamas. Jesselyn Cook of the Huffington Post reporting: "The San Francisco-based web giant is one of the world's largest content delivery networks ... Among Cloudflare's millions of customers are several groups that are on the State Department's list of foreign terrorist organizations… These organizations own and operate active websites that are protected by Cloudflare, according to four national security and counterextremism experts who reviewed the sites at HuffPost's request."

Cloudflare has declined to comment on the specific websites but stated: "We know we have obligations, when we become aware of a claim that someone is in our service despite being a sanctioned entity then we have a policy in place to address that."

Well, it's that time of year again. The time of year when I look back at all of the biggest domain news stories from the last twelve months, and also reflect on my predictions from last year. As expected, GDPR has had a major impact on the ability to access domain ownership information. And we did indeed see a number of M&A transactions over this last year. However, there wasn't a lot of new .Brand activity. This is one prediction where I may have missed the mark — but hey, 2 out 3 ain't bad. So with that, let's take a look at some of the biggest domain news stories from 2018.

10. One Million Domain Names Seized

According to the US Department of Homeland Security, more than 1 million copyright-infringing website domain names selling counterfeit automotive parts, electrical components, personal care items and other fake goods were criminally and civilly seized in the past year through the combined efforts of law-enforcement agencies across the world, high-profile industry representatives and anti-counterfeiting associations.

9. UDRP Filings at WIPO Reach Record High

As of December 20th, 3393 UDRPs were filed in 2018 compared to a total of 3074 for all of 2017. This represents a 10% year-over-year increase. There was some discussion as to whether limited access to Whois data would impact UDRP filings, but that clearly does not seem to be the case given the increase seen in 2018.

8. New gTLD Sells for Record-Breaking $510,000

Six and even seven-figure deals are to be expected for .COMs, but online.casino sold for more than a half million dollars in 2018. Though it's worth noting that Donuts also reported the sale of home.loans for $500,000 and vacation.rentals for $500,300. These high profile, generic domain name sales are music to the ears of gTLD registry operators and a sign that there is new value being built in the ecosystem.

7. ICANN Staff Changes Raise Eyebrows

In early October, it was announced that Akram Atallah, ICANN's Global Domains Division President would be leaving to join Donuts as their CEO. The move was not terribly surprising given Donuts' acquisition by Abry Partners where Fadi Chehade (former ICANN CEO and Akram's former boss and friend) now serves as a Partner. Later that same month, ICANN CEO Goran Marby announced the appointment of his new deputies, John Jeffrey, General Counsel and Secretary, and Theresa Swinehart, Senior Vice President, Multistakeholder Strategy and Strategic Initiatives. According to Goran's blog, his new deputies are now able to stand-in when needed.

6. Renewed Interest in Homograph Domains

Likely due to a report issued by Farsight Security which examined 100 million resolutions across 450 top global brands, many corporate domain professionals are once again defensively registering homograph domains. Using non-Latin characters to create lookalike domains such as ƀrandsight.com, homograph domains are often difficult to detect and can be used to perpetrate phishing scams.

5. Private Equity Interest in Domain Industry Reaches New High

Whether it's the acquisition of Donuts by Abry Partners, the sale of Web.com to Siris Capital Group, or Cinven's announcement that they intend to buy One.com — there can be no doubt that private equity seems to be enamored with the domain name industry. Is it the healthy margins, the renewal rates, opportunity for further consolidation, or just the overall growth potential that makes this market so enticing? Hard to say — but it's likely all of those things.

4. .COM Primed for Price Hike

In November, the Department of Commerce under the Cooperative Agreement agreed to grant pricing flexibility to Verisign. Assuming that ICANN agrees, Verisign would be permitted to increase domain registration and renewal pricing by 7% in each of the last four years of every six-year period starting in 2020. As an aside, wholesale costs for .COM registrations have been frozen since 2012. While ICANN still needs to approve this increase, its seems as though the Street believed that they will, as Verisign's stock jumped 17% on the day of the announcement.

3. .AMAZON TLD Allowed to Proceed – Or Is it?

At ICANN63 in Barcelona it finally seemed like Amazon's patience and perseverance would be rewarded as the ICANN Board directed ICANN to resume processing their applications for .AMAZON. There was an assumption that member countries of the Amazon Cooperation Treaty Organization (ACTO) had come to an agreement, facilitated by ICANN. However in early December of 2018, in a letter to the ICANN Board, ACTO very clearly stated that they had been ready to initiate a dialogue, but that there were never any discussions with all concerned parties. ACTO has now submitted a reconsideration request to the ICANN Board regarding their decision to remove the "will not proceed' status for the .AMAZON applications.

2. ICANN Implements First-Ever Expedited Policy Development Process (EPDP)

The standard Policy Development Process (PDP) utilized by ICANN can take well over a year to complete and much longer when the policy being developed in contentious or controversial. So when faced with the task of creating new policy to replace the Temporary Specification for gTLD Registration Data which expires in May of 2019, an expedited process was necessary. Unlike the standard PDP, this new expedited process does not include an initial evaluation of the issues.

1. Impact of GDPR Felt Across the Domain Name Ecosystem

With access to personally identifiable domain ownership information no longer readily available as a result of GDPR, uncovering the owner of a domain name has become cumbersome in the best cases, and impossible in the worst cases. For brand owners researching infringement, the process of requesting contact information has become time-consuming, and uncovering associated domains is now becoming more difficult as reverse Whois databases are beginning to degrade. For those Internet users who rely upon Whois to understand domain name ownership, in many cases, the information is simply not there. And of course, registries and registrars were impacted, as they were required to make substantial changes to their systems, impacting many internal processes.

So what's to come in 2019? I feel confident that the EPDP team will complete their final report prior to ICANN64 in Kobe, although I am certain that there will be areas where consensus is not achieved. I also believe that once the EPDP team finishes their work to replace the Temporary Spec, that they will turn their focus towards creating policy to support automated access to non-public Whois data, but that this solution will not happen next year. I also think we'll again see continued M&A;activity, but with greater emphasis on consolidations in 2019.

So that's it from me until next year. From everyone here at Brandsight, we wish you a happy, healthy and prosperous 2019.

Written by Elisa Cooper, SVP Marketing and Policy at Brandsight, Inc.

The quintessence of typosquatting is syntactical variation: adding, omitting, replacing, substituting, and transposing words and letters. Recent examples include <citizens1loans> (numeral for word), <shiippco.com> (double vowels), <airfrances.com> (pluralizing/possessive), and (reversing letters), and <amazøn.com> (look carefully at the letter following "z"). Since these minor variations are mostly indefensible, respondents rarely respond to complaints, although as I will explain in a moment there can also be innocent and good faith syntactical variations which are not typosquatting. It follows that if there are defenses, respondents should prudently respond and explain their choices because default generally favors complainants. It is not out of the realm of possibility, for example, that singularizing or pluralizing dictionary words or common phrases creates names that could be used by others with distinctive noninfringing associations.</amazøn.com>

With some shading of one purpose merging into the other, typosquatting runs the gamut from malicious to mischievous. The Panel in Amazon Technologies, Inc. v. Carolina Rodrigues / Fundacion Comercio Electronico, FA1811001819070 (Forum December 27, 2018) describes typosquatting as "a practice whereby a domain name registrant deliberately introduces typographical errors or misspellings into a trademark and then uses the resulting string in a domain name hoping that internet users will either: 1) inadvertently type the malformed string when searching for products or services related to the domain name's target trademark; and/or 2) in viewing the domain name will confuse the domain name with its target trademark" (emphasis added).

The Amazon Panel could also have said it is not just "internet users" who are deceived, since typosquatting domain names are also used to conceal abusive conduct through emails, for a malicious or criminal purpose. In one respect typosquatting is more devious than plain vanilla cybersquatting (which openly mimics marks) because registrants are using variations to deceive those who accept their authenticity; although to the alerted, these kinds of variations also raise suspicion of actual knowledge of the targeted mark. When respondents default the inference of actual knowledge is heightened to a finding of abusive registration, regardless whether the domain name is passively held or resolves to an active website.

Spoofing and phishing typographic registrations are illustrated in Shipco Transport Inc. v. WhoIsGuard, Inc. / Joel Kelvin, D2018-2374 (WIPO December 13, 2018) (<shiippco.com> (double "i") and Robert Half International Inc. v. Dean Sapp, FA1811001816127 (Forum December 20, 2018) (<roberthaflegal.com> (omit "t").

In Shipco, the Complainant "provided unchallenged evidence" the domain name was created to be deceptive with criminal intent. Crafted to spoof. It involved intercepting

an exchange of email correspondence between a member of the Complainant's group of companies, Shipco Transport Vietnam Limited, and one of its customers in São Paulo, Brazil. The third party then, using the above email addresses, sent emails to the customer, impersonating Shipco Transport Vietnam Limited and managed to divert payment to the third party's bank account.

In Robert Half it was phishing rather than spoofing:

Complainant alleges Respondent attempts to impersonate Complainant as part of an email phishing scheme, presumably for commercial gain" and "provide[d] a copy of the phishing email that was sent out by Respondent. The Panel finds this is evidence that Respondent registered and uses the disputed domain name in bad faith.

The ploy is simple. Respondents rely on email recipients' inattention to the typo mistakes in the domain name addresses and respond as though the imposters were the mark owners. A variant of the typographic change, in the malicious bucket, is illustrated in Teleflex Incorporated v. Carolina Rodrigues / Fundacion Comercio Electronico, FA1811001818748 (Forum December 28, 2018) (<teleflexbenefit.com>. The challenged domain name incorporates Complainant's mark but instead of the typographic change being in the mark it appears in the domain name. Complainant's official domain name in <teleflexbenefits.com>. Although the domain name resolves to a website (rather than passively held) it can as easily be used as an email to deceive employees to disclose private information.

In two recent other cases, registrants introduced an unexpected variation to the typosquatting pallet, combining letters on the left and right hand sides of the Qwerty keyboard, A Medium Corporation v. Marat Mukhamet, D2018-1860 (WIPO October 8, 2018) (<mediurn.com> and Merial v. VisaPrint Technologies c/o Vistaprint North American Services Corp., D2018-2157 (WIPO November 11, 2018) (<rnerial.com>). Respondents combined "r" and "n" to create the impression of the final "m" in the first and the initial "m" in the second.

In Merial, the Panel held

Although it would be "most improbable that anyone would type 'r' followed by 'n' when intending to type 'm', given the positions of these letters on a keyboard" nevertheless "a URL or Internet domain name containing the disputed domain name 'rnerial.com' would be easily confused for the letters <merial.com>."

The more usual typographic variation, though, and the majority of typosquatting disputes involve doubling or omitting letters and transposing vowels and consonants. If we were to ask for what purpose the variations are registered, we would have to say they are exploitative in intent. Even if not malicious or passively held they are injurious for simply having the potential of deception.

The majority of those I'm calling mischievous (this is also true of plain vanilla cybersquatters) are doing nothing but occupying locations in cyberspace (literally, squatters). Even if not overtly exploitative they are nevertheless intentionally infringing third party rights. In the Amazon case, "Respondent uses the at-issue domain name to address a website displaying competing click-through links." That factor alone is sufficient for forfeiture. (The Panel noted that Complainant did not specifically argue typosquatting. Respondent swapped the "o" in AMAZON for the Unicharacter "ø").

But the consensus is clear that typosquatting as the primary factor is sufficient where respondents passively hold domain names, unless proved otherwise. In Solar Turbines Incorporated v. Records Docs, FA1811001815222 (Forum December 7, 2018) (, omitting an "r" of Solar) the Panel held that "[a]ctual knowledge by a respondent of a complainant's mark is evidence of bad faith per Policy ¶ 4(a)(iii)." Inference of actual knowledge (as I noted above) is drawn from the factual circumstances which includes the strength of the mark and the likelihood of confusion. Here, the Panel continued:

[T]he close and obvious misspelling of Complainant's SOLAR TURBINES mark in the <solaturbines.com> domain name as well as Complainant's long-term prior use of the mark shows that Respondent had actual knowledge of Complainant's rights in the mark.

Other factors contributing to or supporting inferences of bad faith include multiple, adjudicated infringements. In <citizens1loans.com> Complainant alleged that respondent "has been involved in at least eighty-six (86) prior UDRP cases which have resulted in the transfer of domain names to named complainants." Citizens Financial Group, Inc. v. ZHICHAO YANG, FA181100 1817275 (Forum January 1, 2019) (<citizens1loans.com>).

While adding, omitting, transposing, and substituting letters and words are the obvious examples of bad faith, a variant less obvious is replacing one dictionary word for another. In TD Ameritrade IP Company, Inc. v. Domain Admin / Whois Privacy Corp., FA181000 1814302 (Forum November 28, 2018) the difference is between "advisor" (as in ADVISOR CLIENT} and "adviser" (as in <adviser client.com>). Depending on the facts and explanations for close proximity of meaning, it could be argued that "adviser client" (registered in 2004 and renewed in 2018) is no less distinctive than ADVISOR CLIENT and could have been lawfully registered and used.

However, Respondent did not appear. This triggers the inference of abusive registration. Although in this case, the Panel did not rely simply on the difference between an "e" and an "o" but invoked bad faith use (the content factor) for the final nail:

Respondent's bad faith is further indicated by its use of the domain to link to third-party, competing websites in an attempt to gain commercially by creating a likelihood of confusion with Complainant's marks as to the source, sponsorship, affiliation, or endorsement of Respondent's website.

Nevertheless, this case and its outcome highlights the penalty of default and raises the intriguing possibility that there could have been an explanation that would have rebutted the claim of abusive registration. (A similar possibility for an explanation of good faith arose in the forfeiture of <imi.com>, an award which is presently being challenged in federal court under the Anticybersquatting Consumer Protection Act).

Not all typographic mistakes that rights holders claim as abusive registrations are what they believe them to be. Some domain name holders specialize in misspelling dictionary words. Two examples are <natiional.com>, Vanguard Trademark Holdings USA LLC v. Administrator, Domain / Vertical Axis, Inc., FA110400 1383694 (Forum May 31, 2011) and <cedit.com> (intended misspelling of "credit", Florim Ceramiche S.p.A. v. Domain Hostmaster, Customer ID: 24391572426632, Whois Privacy Services Pty LTD / Domain Administrato, Vertical Axis Inc., D2015-2085 (WIPO February 11, 2016).

In Vanguard Trademark Holdings, Complainant alleges that <natiional.com> is cybersquatting NATIONAL CAR RENTAL. The Panel disagreed: "[A] respondent is free to register a domain name consisting of misspelling of common terms where there is little or no other evidence of the elements of 'bad faith.'" The Panel held:

The word "national" is common and generic, and therefore, Complainant does not have an exclusive monopoly on the term on the Internet. It, therefore, has no exclusive right to a misspelling, "natiional."

In Florim Ceramiche, the Panel held that

The Respondent indeed appears to have registered hundreds of generic dictionary term domain names and numerous domain names incorporating typographical variations of English dictionary words. To substantiate its claim, the Respondent has listed in its Response 20 domain names incorporating the term "credit" and 10 domain names incorporating typographical variations of dictionary words.

In all cybersquatting disputes, the appearance of bad faith must be tested against facts that establish the actuality of abusive registration. If there is no persuasive targeting of complainant's mark the claim must fail. Credibility is more obviously a factor for respondent; it must explain its choice. In Florim Ceramiche, for example, Respondent showed that it held numerous misspellings in its portfolio; in Medium, Respondent failed to explain its misspelling. As a general rule, the stronger the mark the likelier the domain name is intentionally targeting it even if knowledge of the mark is denied. As marks descend the classification scale, the likelier the registration is lawful, with this proviso that even with weak marks it cannot be ruled out that allegations of typosquatting come with a strong tailwind of plausibility and are likely to favor complainant. This is because seemingly miss-typed words suggest actual knowledge of the mark and unless persuasively rebutted the domain names will be canceled or transferred to the complainant. As with cybersquatting, where there is no persuasive use for the domain name that would not be infringing then the ineluctable conclusion is the registrant's purpose is to deceive.

Written by Gerald M. Levine, Intellectual Property, Arbitrator/Mediator at Levine Samuel LLP

It is once again time for our annual review of posts that received the most attention on CircleID during the past year. Congratulations to all the 2018 participants for sharing their thoughts and making a difference in the industry.

Top 10 Featured Blogs from the community in 2018:

#1		ICANN Proposed Interim GDPR Compliance Model Would Kill Operational Transparency of the InternetBrian Winterfeldt – Mar 06, 2018 Viewed 22,261 times
#2		Humming an Open Internet Demise in London?Anthony Rutkowski – Feb 25, 2018 Viewed 20,793 times
#3		Why Is It So Hard to Run a Bitcoin Exchange?John Levine – Feb 13, 2018 Viewed 17,453 times
#4		Why Are the EU Data Protection Authorities Taking Away Our Fundamental Right to be Safe?Hemanshu Nigam – Apr 21, 2018 Viewed 15,338 times
#5		Why You Must Learn to Love DNSSECMark Jeftovic – Jun 19, 2018 Viewed 14,451 times
#6		Blockchain's Two-Flavored AppealJohn Levine – May 07, 2018 Viewed 14,189 times
#7		Changes to the Domain Name MarketplaceKurt Pritz – Mar 12, 2018 Viewed 13,211 times
#8		Internet Governance Outlook 2018: Preparing for Cyberwar or Promoting Cyber Détente?Wolfgang Kleinwächter – Jan 06, 2018 Viewed 12,966 times
#9		Holocaust Remembrance DayKathy Kleiman – Apr 12, 2018 Viewed 12,452 times
#10		Security, Standards, and IoT: Will Connected Devices Flourish Under Prescriptive Regimes?Megan L. Brown – Mar 29, 2018 Viewed 12,142 times

Top 10 News in 2018:

#1		Microsoft, Facebook and Others Demand ICANN Take a Closer Look at Questionable RegistrarsMar 07, 2018 Viewed 20,058 times
#2		Report Estimates Cybercrime Taking $600 Billion Toll on Global EconomyFeb 21, 2018 Viewed 15,854 times
#3		SEC Reinforces and Expands Its Cybersecurity Guidance for Public CompaniesFeb 22, 2018 Viewed 15,421 times
#4		IPv6, 5G and Mesh Networks Heightening Law Enforcement Challenges, Says Australian GovernmentFeb 28, 2018 Viewed 15,279 times
#5		Gold Dragon Helps Olympics Malware Attacks Gain Permanent Presence on Systems, Reports McAfeeFeb 05, 2018 Viewed 14,295 times
#6		Access Logs Reveal 12M Visits to .CM Typosquatted Sites Just in 2018 So FarApr 05, 2018 Viewed 13,870 times
#7		Botnets Shift Focus to Credential Abuse, Says Latest Akamai ReportFeb 20, 2018 Viewed 12,930 times
#8		UK's Government Websites Infected by Cryptocurrency Mining MalwareFeb 12, 2018 Viewed 12,686 times
#9		2.6 Billion Records Were Stolen, Lost or Exposed Worldwide in 2017, an 88% Increase From 2016Apr 12, 2018 Viewed 12,341 times
#10		Teen Hacker Who Targeted High Ranking US Government Officials Sentenced to 2 Years in PrisonApr 20, 2018 Viewed 11,781 times

Top 10 Industry News in 2018 (sponsored posts):

#1		DNS-Based Threats: DNS Reflection and Amplification AttacksVerisign – Jan 29, 2018 Viewed 12,857 times
#2		Q4 2017 DDoS Trends Report: Financial Sector Experienced 40 Percent of AttacksVerisign – Mar 20, 2018 Viewed 11,791 times
#3		DNS-Based Threats: Cache PoisoningVerisign – Apr 18, 2018 Viewed 8,932 times
#4		ICA Statement on ADO.com UDRP Decision: Overreaching Panelists and Interference With Domain MarketInternet Commerce Association – Mar 01, 2018 Viewed 6,682 times
#5		A Re-Examination of the Defense of Laches After 18 Years of the UDRPInternet Commerce Association – Jan 15, 2018 Viewed 6,144 times
#6		Verisign Domain Name Industry Brief: Internet Grows to 332.4 Million Domain Registrations in Q4 2017Verisign – Feb 16, 2018 Viewed 5,967 times
#7		Afilias to Buy Entire TLDs at NamesConAfilias – Jan 27, 2018 Viewed 5,093 times
#8		Startups on Radix Domains Rake in $436M in VC FundingRadix – Jan 29, 2018 Viewed 4,751 times
#9		Paving the Path to the Brandsight Beta: Development and Release of Our Domain Management ProductBrandsight – Jan 18, 2018 Viewed 4,369 times
#10		Radix's Premium Domains for 2017 Renew at 71%Radix – Mar 22, 2018 Viewed 4,352 times

Written by CircleID Reporter

Given the number of awards endlessly arriving from Panels appointed to decide cybersquatting disputes under the Uniform Domain Name Dispute Resolution Policy (UDRP) (ten to fifteen published daily), the sum total of grievants filing de novo challenges under the Anticybersquatting Consumer Protect Act (ACPA) is remarkably small — one or two at most in any single year; and those rarely proceeding to summary judgment or trial. The number of direct actions under the ACPA on an annual basis (not including claims of fraudulent transfers and counterfeiting) is not significantly higher. There are two good reasons for settling plain vanilla claims, namely lack of merit is quickly sniffed out and separate and apart from the expense of litigation, the ACPA itself is crafted to encourage settlement, or be exposed to statutory damages and attorney's fees, §§1114(D)(iv) and 1117(d) of the Lanham Act of which the ACPA is a part (15. U.S.C. § 1125(d)) that if applied could at worst nullify the value of the prize and at the least be painful.

Parties settle disputes for a variety of reasons including business decisions based on the cost, time, and effort litigating the merits of their claims and defenses. While settlements in no way advance the jurisprudence of domain names, they can nevertheless play an instructive role. This is particularly the case when settlements memorialized in judgments or orders advertently reveal a recognition of what the parties agree their rights actually are. These memorialized settlements are like postmortems: they identify what the parties themselves conclude are the metes and bounds of their respective rights. They do not declare the law but they reinforce what it is.

More so than in commercial disputes that present complex matrices of facts, cybersquatting and reverse domain name hijacking claims are minimally faceted, thus highly predictable. This follows because the factors (expressed as circumstances in the UDRP) that go into determining merit are more likely than not dispositive of the outcome. The UDRP mentions seven circumstances, the ACPA nine; although the palette of factors is larger than those few.

Thus, for example, uncurated websites that contain links to rights holders' competitors or domain names incorporating well-known marks plus dictionary words that reinforce association with marks are patently infringing; while domain names composed of generic and descriptive terms and random letters are patently not, absent other factors that would make them so.

In a very early challenge to a UDRP award transferring the domain name to Complainant that went all the way up to the Fourth Circuit, Barcelona.com, Inc. v. Excelentisimo Ayuntamiento De Barcelona, 330 F.3d 617, 624 (4th Cir. 2003) the court isolated the controlling factor as the registrability of a generic term. Although Excelentisimo Ayuntamiento De Barcelona held marks that included "Barcelona" it did not (in fact could not) own the geographic term itself. The Court also memorably held that the UDRP is "adjudication lite" and Panels' decisions are "not even entitled to deference on the merits." While the court is the ultimate judge of merit at the same time it discloses (as do prudential settlements) the key to its assessment.

Recognizing that after a judicial decision is made the result often appears inevitable, and for this reason, one should resist the temptation of claiming inevitability, it is nevertheless true that once the court identifies the controlling factor(s) all future disputes with like facts must be similarly decided. When judicial outcomes are predictable, it makes little sense to pretend otherwise.

A reasonable segue into prudential settlements is to briefly review three cases in which the parties failed to analyze the factors that inform outcome. They illustrate the cost of being wrong in federal court, two by UDRP losing rights holders and one by a losing domain name holder. Briefly, the operative factors in each of these cases were predictably dispositive of the outcome: demonstrable preparations of use, priority of acquisition, and poor website curation.

1) Airfx.com v. Airfx LLC, CV 11-01064 (D.Ariz. 10/20/2011) (from a UDRP award in favor of Complainant in Airfx, LLC v. Attn Airfx.com, FA1104001384655 (Forum May 16, 2011)).

In this case, the Court held the registration and renewal of the domain name was not unlawful absent proof of Respondent having taken advantage of the rights holder's mark. It not only entered judgment with substantial attorney's fees for two sets of counsel it also on a subsequent motion blocked the rights holder from appealing the judgment for failure to post a supersedeas bond to cover attorney's fees of $103,972.50. The determinative factor (predictable from case law) was the domain holder's use of the domain name in association with an emergent business.

2) Joshua Domond and Harold Hunter, Jr v. PeopleNetwork APS d/b/a Beautifulpeople.Com, Beautiful People, LLC, Greg Hodge, and Genevieve Maylam, 16-24026-civ (S.D. FL. Miami Div. 11/9/2017) (from a UDRP award in favor of Respondent in Beautiful People Magazine, Inc. v. Domain Manager / PeopleNetwork ApS / Kofod Nicolai / People Network Aps / Nicolai Kofod / People Network, FA1502001606976 (Forum May 4, 2015).

In this case Respondent's registration of <beautifulpeople.com> predated Complainant's mark. Under the ACPA, rights holders have no actionable club for cybersquatting for marks postdating the registration of the domain name. Since "Plaintiffs' allegations in the Second Amended Complaint establish that Defendants have priority of use" plaintiff rights holder "simply cannot state claims" for either cybersquatting or trademark infringement. Judgment included attorney's fees in the amount of $62,434.25.

3) Lahoti v. VeriCheck, Inc., 708 F.Supp.2d 1150 (WDWA, 2007), aff'd 586 F.3d 1190, 1203 (9th Cir. 2009) and 636 F.3rd 501 (9th Cir. 2011) (from a UDRP award in favor of Complainant in Vericheck, Inc. v. Admin Manager, FA0606000 734799 (Forum August 2, 2006).

In this case, the Circuit Court affirmed the judgment dismissing the complaint with damages and attorney's fees exceeding $70,000. While "veri" and "check" are generic, combined as VERICHECK it is distinctive. The Court concluded that "[a] reasonable person in Lahoti's position — that is, a reasonable person who had previously been declared a cybersquatter in a judicial proceeding-should have known that his actions might be unlawful."

Since outcomes are predictable in 99.99% of cybersquatting/reverse domain name hijacking claims it follows that the first step to consider is who got it wrong, the UDRP Panel or the challenging party? The following postmortems illuminate the answer.

1) Francois Carrillo v. Autobuses De Oriente ADO, S.A. DE C. V, 18-cv-00347 (D. Colorado December 21, 2018) from the UDRP award in Autobuses de Oriente ADO, S.A. de C.V. v. Private Registration / Francois Carrillo, D2017-1661 (WIPO February 1, 2018) (hereafter "ADO").

A number of commentators pounced on the UDRP decision as wrongly decided (correctly pounced I think), and I discussed what I regarded as the Panel's errors in an earlier essay, What's So Outrageous about Asking High Prices for Domain Names. In their settlement in ADO, the parties agreed as follows:

(i) Plaintiff's interests in respect of the ado.com domain name are legitimate; (ii) Plaintiff did not register or use the ado.com domain name in bad faith; (iii) Plaintiff's registration and current use of the ado.com domain name do not violate Defendant's rights under the Anticybersquatting Consumer Protection Act, 15 U.S.C. §§ 1114, 1125(a) and 1125(d).

The settlement terms were preceded by the following statement: "the Motion is well taken and is GRANTED” (Court's emphasis for "granted"; my emphasis for "well taken"). Even though counsel drafted the Order, I interpret the combined emphases to mean the Court (since it did not strike the "well taken") was as unimpressed with the UDRP award as the commentators. There is no established procedure for providers acknowledging annulment of UDRP awards but once counsel forwards the order or judgment to provider and registrar the award is judicially vacated and no longer enforceable.

2) Corporacion Empresarial Altra S.L. v. Development Services, Telepathy, Inc., D2017-0178 (WIPO May 15, 2017) (<airzone.com>). In this dispute, the Panel denied the complaint, concluded it should never have been brought, and sanctioned the Complainant for reverse domain name hijacking. The Panel called each limb correctly. However, instead of celebrating the trifecta, the Respondent commenced an ACPA action for reverse domain name hijacking damages, Telepathy, Inc, Development Services v. Corporacion Empresarial Altra S.L., 1:17-cv-01030 (D. District of Columbia, November 28, 2017).

Unusual though this tack was, to have the court put ACPA damages flesh on UDRP bones it must have been apparent to the defendant that this first impression claim carried an unusual risk of sufficient concern to strategically pay its way out of the lawsuit. It agreed to pay plaintiff $40,000 dollars.

Other cases include:

• In an earlier Telepathy case, Telepathy, Inc. v. SDT International SA-NV, 14-cv-01912 (D. Columbia July 9, 2015), Telepathy as Respondent in SDT International SA-NV v. Telepathy, Inc., D2014-1870 (WIPO January 13, 2015) invoked Paragraph 4(k) and moved to terminate or suspend the UDRP proceedings. The majority ruled for termination; the dissent denied Respondent’s motion to terminate the proceedings on the grounds that the Panel should have considered the complaint and denied it with sanctions for reverse domain name hijacking. In the ACPA action, the parties entered into a Consent Judgement and Permanent Injunction that included judgment against defendant for $50,000.
• Hugedomains.com, LLC. v. Wills, 14-cv-00946 (D. Colorado July 21, 2015) (Respondent in Austin Pain Associates v. Jeffrey Reberry, FA1312001536356 (Forum March 18, 2014). In this case, the consent judgment reads that "Plaintiff did not register or use <austinpain.com> domain name in bad faith and had no bad faith intent to profit from the domain name." Defendant agreed to pay plaintiff $25,000.
• Jello, LLC v. Camilla Australia Pty Ltd. 15-cv-08753 (D. NJ 8/1/2016) (Respondent in Camilla Australia Pty Ltd v. Domain Admin, Mrs Jello, LLC., D2015-1593 (WIPO November 30, 2015) involving <Camilla.com>. The defendant rights holder agreed to a discontinuance with prejudice with the domain remaining with Plaintiff.

  And finally,

• Domain Asset Holdings, LLC. v. Blue Ridge Fiberboard, Inc., 2:16-cv-00520 (W.D. Washington July 15, 2016) (Respondent in Blue Ridge Fiberboard, Inc. v. Domain Administrator / Domain Asset Holdings, LLC, FA1602001661150 (Forum March 29, 2016) (<soundstop>). In this case, the rights holder agreed that plaintiff retain control of the domain name.

In each of these UDRP disputes (excluding <airzone.com> in which the Panel got it right), it might be said that Panels misidentified the operative factors that supported Respondents' claims of lawful registration. The important lesson from these cases is that once rights holders are challenged in federal court and compelled to recognize the operative factors, they prudently retreat.

Prudential settlement can also be seen in direct actions under the ACPA. The Estate of Prince Rogers Nelson (known to the world as "Prince") commenced an action against Domain Capital, LLC for cybersquatting and the defendant counterclaimed for reverse domain name hijacking. Result: settlement (terms redacted) reported by Andrew Allemann on Domain Name Wire. However, it is clear from the redaction, reading as it were between the lines, no less than in the UDRP challenges discussed above, that the Estate came to recognize that it had no actionable claim for a generic term, and no choice if it wanted the domain name, except to pay for it.

As with history, settlement terms are dictated by the winners and when the winners are domain name holders, they want the world to know (as a warning to future overreaching rights holders) their registrations were lawful. Whether the settlement terms are expressly stated as in <ado.com> or implied by redaction as in <prince.com> they are compacted versions of the predictable outcome a court would have arrived at should the matters have progressed to judgment. There is wisdom in knowing when to step away!

Written by Gerald M. Levine, Intellectual Property, Arbitrator/Mediator at Levine Samuel LLP