Strategies for IP Protection in Online Platforms

Transcription

Strategies for IP Protection in Online Platforms
Abusive Domain Names:
Enforcement Options
&
ICANN Policy Update
by
Mike Rodenbaugh
BrightTalk -- IP Litigation Summit
October 8, 2009
Mike Rodenbaugh
•
Principal attorney at Rodenbaugh Law, representing
businesses in all matters of trademark and copyright
protection and enforcement, and advising online
companies in strategy, business transactions and
dispute resolution.
•
Mike represents the Business Constituency at ICANN
(bizconst.org), as an elected Councilor to the Generic
Names Supporting Organization (GNSO). The GNSO
Council develops ICANN policy with respect to
generic TLDs such as .com, .mobi, .museum, .travel,
.jobs and many hundreds more coming in 2010 and
beyond.
•
Mike is also active in the Anti-Phishing Working Group
(APWG) Internet Policy Committee, the International
Trademark Association (INTA) and the California State
Bar, Trademark Committee.
Scope of Cybersquatting
Problem
• Q1 2008 – 30 brands victim of 400,000
cybersquatted domains – 40% more than ’07
– Source: MarkMonitor Brandjacking Index, Spring 2008
• Q2 2009 – 6 pharma brands victim of 20,000
cybersquatted domains – 9% more than ’08
– Also listed in 2,930 online pharmacies
• only 4 of them certified by the US governing body (VIPPS)
• Averaging 42,000 daily visitors
• earning $11 BILLION in estimated revenue per year
– Source: MarkMonitor Brandjacking Index, Summer 2009
TM Office Comes to CA. - 2008
5
Domain Name “Tasting”
•
•
•
•
•
Register and “taste” name for 5 days
Measure traffic & revenue via PPC ads
Return 98% of domains for full refund
Keep and pay for profitable domain names
Monetize domain names via PPC ads,
popups, redirection
– Get paid by Google or Yahoo!
– Wait for C&D, UDRP or ACPA complaint
– Ignore notice, continue to profit…
6
Domain Name Tasting –
Nearly Dead
• Smaller payouts from Google and Yahoo!, so
less PPC profit for commercial tasters
• Massive cybersquatting judgments and
settlements to large brandowners
• ICANN Consensus Policy adopted!
– Registrars now must pay full price if they delete more
than 10% of the names they register in any month
– 98% drop in deletes
– Still a few bad actors, and ccTLDs where tasting is
encouraged
8
New IDN and gTLDs are coming!
They’re already here, many more
yet to come.
• Unauthorized (by ICANN) in China
and Israel
• “Public TLDs”: http://tld.name/
• Many more to come through ICANN
in 2010:
– .web, .blog, .sex, .eco, .radio, .music
– .lat, .africa, .berlin, .nyc, .paris …
• Anywhere from 500 to 60 million new
gTLD extensions
New Top Level Domains: Projected
Implementation Timeline
• IDN ccTLDs on independent schedule, launching
early 2010 in China, Russia and elsewhere
• gTLD Draft Applicant Guidebook, v.3 posted for
public comment on Oct. 4, 2009
• Final DAG Approved – est. Dec. 2009
• gTLD Applications Accepted – est. March 2010
• Successful gTLD (incl. IDN gTLD) Applications
Approved – est. Q3 2010, live 3 mos. later
11
newTLD Risks to TM Owners
• Increased need for defensive registrations
and anti-cybersquatting budget
• Increased space for phishers and other
criminal actors to exploit
• Increased consumer confusion and
reliance on search engines
• Potentially “blocked” from newTLD, and/or
newTLD edge to your competition?
– See http://rodenbaugh.com/downloads/pdf/websitemag_expansion.pdf
“.brand” Opportunity
• Security – you own and control the TLD,
can register to anyone you choose
– No domainers, squatters OR phishers?!
– More secure email, intranet, etc.?
• Marketing – create a global community
centered on your branded TLD
– Be one of the first in your industry?
– Develop new products?
“.brand” Risks and Costs
• Switching from .com and .country marketing and user
mindset developed over ten years
• ICANN process:
– First-come, first-served with hefty application fee
– Potential objections and increased cost
• Operating a TLD:
– regular ICANN compliance reporting; policy work
– security against hacking, DDOS, etc.
– legal exposure to registrants?
– must use ICANN-accredited registrars?
– ongoing cost to ICANN and to operational support
Enforcement Options
• Notices to everyone involved:
–
–
–
–
–
–
•
•
•
•
•
Domain Registrant?
Webmaster & Abuse@
WHOIS Privacy Service
Web Host
NameServer
Domain Registrar
-- IP Block Owner
-- Search Engines
-- Mail Providers
-- Domain Registry? (Phishing)
-- ICANN? (False WHOIS)
-- Law enforcement agency?
Notify of breach of Terms of Service
Notify under DMCA (in USA) or European parallel
Notify of Contributory TM Infringement (Akanoc verdict)
Send follow-up notices every 48 hours
Escalate from in-house to outside counsel?
Domain Name Remedies - USA
• Uniform Dispute Resolution Policy (UDRP)
– Arbitration procedure mandated by ICANN via
domain name registration agreement
– Available in 16 gTLDs and >50 ccTLDs
– Months for decision – No Monetary Damages
• Anti-Cybersquatting Consumer Protection
Act (ACPA) – 15 USC 1125(d)
– in personam (vs. squatters and enablers)
– in rem (vs. domain names only)
16
UDRP Elements
• Domain Name is identical or confusingly similar to
a trademark in which Complainant has rights
• Respondent has no legitimate rights in the Domain
Name
– bona fide use or preparation to use prior to
notice of a dispute
• Domain Name is registered and used in bad faith
– demonstrated specific intent
17
UDRP Practice Pointers
• Be careful with choice of mutually agreed
jurisdiction – you could end up in court in India…
• Always request transfer; never cancel
• Treat the Complaint like a motion for summary
judgment; reply may not be allowed
• Follow up to make sure the name is transferred
and that it doesn’t resolve to the old website
– Your registrar is responsible for transferring the
domain name
– You are responsible to make sure it is used smartly
18
UDRP Stats
• National Arbitration Forum (NAF): 1770
cases in 2008; 10,600 total cases
• World IP Organization (WIPO): 2329
cases in 2008; 14,000 total cases, 25,000
domains
• 57 ccTLDs use WIPO to administer UDRP
or modified version of UDRP
• Filing fees: NAF = $1300 (1-2 domains);
WIPO = $1500 (1-5 domains)
• CIETAC (HK) and Czech providers also
Victories by Brandowners
• Verizon v. Navigation Catalysts,
preliminary injunction granted, all standard
tasting defenses rejected
• Verizon v. OnlineNIC, $33 million judgment
• Verizon, Microsoft, Dell and Yahoo! have
sued ICANN-accredited registrars,
avoiding ACPA immunity provision by
arguing registrars’ “bad faith”
Phishing Attacks Multiply
• Number of incidents and of targeted brands
continues to rise
• Sophistication and efficiency of attacks
continues to rise – esp. “fast flux” abuses
• Social networks frequently targeted
• Registrar account takeovers occurring
• Phone, VOIP and IM phishing is common
• IDNs becoming more widespread
Source: Microsoft Online Safety, http://www.microsoft.com/protect/fraud/phishing/symptoms.aspx
Source: MarkMonitor Brandjacking Index
Source: MarkMonitor Brandjacking Index
Source: APWG Phishing Activity Trends Report, 1st half 2009
APWG Phishing Stats
● Banking trojan/password‐stealing crimeware infections
increased more than 186% between Q4, 2008 and Q2, 2009.
● The total number of infected computers rose more than 66%
between Q4 2008 and Q2 2009 to 11,937,944, representing more
than 54% of the total sample of scanned computers.
● 46% of phish attacks hosted in Sweden in June, 2009; 45% in
North America (per APWG Phishing Activity Trends Report, 1st half
2009)
● 63% of phish attacks hosted in North America (per MarkMonitor
Brandjacking Index – Summer 2009)
Number of targeted brands constantly increasing
Source: MarkMonitor Brandjacking Index, Spring 2009
Social network phish attacks rapidly increasing.
Source: MarkMonitor Brandjacking Index, Spring 2009
Malware proliferation
• Change in emphasis - now Crimeware
• Organized crime with specialists creating
sophisticated attacks
• Open up computers to become zombies
• Install keyloggers and scan for user/pass
• Capturing and using address books
– Direct targets for sophisticated social
engineering
– Going after “whales” - people with high-value
assets
Rogue Anti-Malware Programs Growing at
Unprecedented Pace Through H1 of 2009
Source: APWG Phishing Activity Trends Report, 1st half 2009
Process Flow: Registry
Suspension of Phish Domains
Registration Abuse Policies WG
•
Define domain name registration abuse, as distinct from abuse arising
solely from use of a domain name while it is registered (!?)
•
Illustrative categorization of known abuses
•
Identify which aspects of the subject of registration abuse are within
ICANN's mission to address
•
Understand if registration abuses might be curtailed or better
addressed if consistent registration abuse policies were established
•
•
•
Abuse queue, routinely monitored?
Minimum standards for abuse complaint handling?
Identify and recommend specific policy issues and processes for
further consideration by the GNSO Council
Registrar Accreditation Agreement
(RAA)
•
•
•
Review of RAA which has been in force since May 2001, as a result of
RegisterFly fiasco in early 2007
Six amendments were adopted, via consultation between ICANN Staff and the
Registrars’ Constituency:
– additional, graduated contract enforcement tools for contract compliance
– terms by which registrar can be sold yet retain its ICANN accreditation
– responsibilities of a parent owner/manager when one or more of a "family"
of registrars fails to comply with ICANN requirements
– “require” registrars to escrow contact information for customers who
register domain names using Whois privacy and Whois proxy services
– augment the responsibilities of registrars re their resellers
– require operator skills training and testing of all accredited Registrars
New GNSO Working Group to suggest additional amendments to
RAA
– Findings from Registration Abuse Policies WG could be implemented?
– Proxy WHOIS services could be better regulated?
Rights Protection Mechanisms
(RPMs)
• Cybersquatting and Phishing is too quick and
easy, and remedies are too expensive and slow
• ICANN Policy Development is needed to fix this
• Potential options:
– Standardized Sunrise Registration Process, including
“Clearinghouse” for registration of IP rights
– Faster and cheaper pre-UDRP process, with rapid
DNS suspension upon default
– Rapid DNS suspension upon evidence of phishing or
malware (to be tested in dotAsia and other TLDs)
IRT Draft Recommendations
• IP Clearinghouse, Globally Protected Marks List
and other top and second-level RPMs
• Uniform Rapid Suspension (URS) Procedure
• Post-delegation dispute resolution mechanisms at
the top level
• “Thick WHOIS” required for new TLDs
Uniform Rapid Suspension
• To solve the most clear-cut cases of trademark
abuse, while balancing against the potential for
an abuse of the process
• Same substantive UDRP standards apply, but
burden of proof on the complainant is higher
• Complaint filed; domain locked but operating
• Email, certified letter and 2nd email to registrant
• Registrant has 14 days from first email to
answer
• Default = Domain Suspension
Anti-Abuse Policies in newTLDs
• Every gTLD registry operator, in application to ICANN,
must specify their intended methods to deal with
abusive registrations.
• DNSSEC required -- implementation plan must be
included in every new gTLD application
• Zone file access centralized, for universal access by
law enforcement and reliant industries
• “High Security Zones Designation Program”
– “enhanced user trust in ‘designated’ TLDs”
– voluntary program, ‘opt in’… for additional fee
– Registries and registrars would “showcase their commitment to security via
documented internal controls” to ensure security of Personally Identifiable
Information, and of critical business functions
– Registries and registrars must “authenticate the identity of registrars and
registrants.”
Help!!
• Please join the Business Constituency!
– 1000 euro/year for large enterprises
– 160 euro/year for small enterprises
– Active mailing list & periodic teleconferences
– Influencing ICANN policy development on
behalf of all businesses
• www.bizconst.org
• mike@rodenbaugh.com