Abusive Domain Names:

Enforcement Options

&

ICANN Policy Update

by

Mike Rodenbaugh

BrightTalk -- IP Litigation Summit

October 8, 2009

Mike Rodenbaugh• Principal attorney at Rodenbaugh Law, representing

businesses in all matters of trademark and copyright protection and enforcement, and advising online companies in strategy, business transactions and dispute resolution.

• Mike represents the Business Constituency at ICANN (bizconst.org), as an elected Councilor to the Generic Names Supporting Organization (GNSO). The GNSO Council develops ICANN policy with respect to generic TLDs such as .com, .mobi, .museum, .travel, .jobs and many hundreds more coming in 2010 and beyond.

• Mike is also active in the Anti-Phishing Working Group (APWG) Internet Policy Committee, the International Trademark Association (INTA) and the California State Bar, Trademark Committee.

Scope of Cybersquatting Problem

• Q1 2008 – 30 brands victim of 400,000 cybersquatted domains – 40% more than ’07– Source: MarkMonitor Brandjacking Index, Spring 2008

• Q2 2009 – 6 pharma brands victim of 20,000 cybersquatted domains – 9% more than ’08– Also listed in 2,930 online pharmacies

• only 4 of them certified by the US governing body (VIPPS)• Averaging 42,000 daily visitors• earning $11 BILLION in estimated revenue per year

– Source: MarkMonitor Brandjacking Index, Summer 2009

TM Office Comes to CA. - 2008 5

6

Domain Name “Tasting”• Register and “taste” name for 5 days• Measure traffic & revenue via PPC ads• Return 98% of domains for full refund• Keep and pay for profitable domain names• Monetize domain names via PPC ads,

popups, redirection– Get paid by Google or Yahoo!– Wait for C&D, UDRP or ACPA complaint– Ignore notice, continue to profit…

8

Domain Name Tasting –Nearly Dead

• Smaller payouts from Google and Yahoo!, so less PPC profit for commercial tasters

• Massive cybersquatting judgments and settlements to large brandowners

• ICANN Consensus Policy adopted!– Registrars now must pay full price if they delete more

than 10% of the names they register in any month– 98% drop in deletes– Still a few bad actors, and ccTLDs where tasting is

encouraged

New IDN and gTLDs are coming!

They’re already here, many more yet to come.

• Unauthorized (by ICANN) in China and Israel

• “Public TLDs”: http://tld.name/

• Many more to come through ICANN in 2010:– .web, .blog, .sex, .eco, .radio, .music– .lat, .africa, .berlin, .nyc, .paris …

• Anywhere from 500 to 60 million new gTLD extensions

11

New Top Level Domains: ProjectedImplementation Timeline

• IDN ccTLDs on independent schedule, launching early 2010 in China, Russia and elsewhere

• gTLD Draft Applicant Guidebook, v.3 posted for public comment on Oct. 4, 2009

• Final DAG Approved – est. Dec. 2009

• gTLD Applications Accepted – est. March 2010

• Successful gTLD (incl. IDN gTLD) Applications Approved – est. Q3 2010, live 3 mos. later

newTLD Risks to TM Owners• Increased need for defensive registrations

and anti-cybersquatting budget• Increased space for phishers and other

criminal actors to exploit• Increased consumer confusion and

reliance on search engines• Potentially “blocked” from newTLD, and/or

newTLD edge to your competition?– See http://rodenbaugh.com/downloads/pdf/websitemag_expansion.pdf

“.brand” Opportunity• Security – you own and control the TLD,

can register to anyone you choose– No domainers, squatters OR phishers?!– More secure email, intranet, etc.?

• Marketing – create a global community centered on your branded TLD– Be one of the first in your industry?– Develop new products?

“.brand” Risks and Costs• Switching from .com and .country marketing and user

mindset developed over ten years

• ICANN process:– First-come, first-served with hefty application fee– Potential objections and increased cost

• Operating a TLD:– regular ICANN compliance reporting; policy work– security against hacking, DDOS, etc.– legal exposure to registrants?– must use ICANN-accredited registrars?– ongoing cost to ICANN and to operational support

Enforcement Options• Notices to everyone involved:

– Domain Registrant?– Webmaster & Abuse@– WHOIS Privacy Service– Web Host– NameServer– Domain Registrar

-- IP Block Owner-- Search Engines-- Mail Providers -- Domain Registry? (Phishing)-- ICANN? (False WHOIS)-- Law enforcement agency?

• Notify of breach of Terms of Service• Notify under DMCA (in USA) or European parallel• Notify of Contributory TM Infringement (Akanoc verdict)• Send follow-up notices every 48 hours• Escalate from in-house to outside counsel?

16

Domain Name Remedies - USA

• Uniform Dispute Resolution Policy (UDRP)– Arbitration procedure mandated by ICANN via

domain name registration agreement– Available in 16 gTLDs and >50 ccTLDs– Months for decision – No Monetary Damages

• Anti-Cybersquatting Consumer Protection Act (ACPA) – 15 USC 1125(d)– in personam (vs. squatters and enablers)– in rem (vs. domain names only)

17

UDRP Elements

• Domain Name is identical or confusingly similar to a trademark in which Complainant has rights

• Respondent has no legitimate rights in the Domain Name– bona fide use or preparation to use prior to

notice of a dispute• Domain Name is registered and used in bad faith

– demonstrated specific intent

18

UDRP Practice Pointers

• Be careful with choice of mutually agreed jurisdiction – you could end up in court in India…

• Always request transfer; never cancel• Treat the Complaint like a motion for summary

judgment; reply may not be allowed• Follow up to make sure the name is transferred

and that it doesn’t resolve to the old website– Your registrar is responsible for transferring the

domain name– You are responsible to make sure it is used smartly

UDRP Stats• National Arbitration Forum (NAF): 1770

cases in 2008; 10,600 total cases• World IP Organization (WIPO): 2329

cases in 2008; 14,000 total cases, 25,000 domains

• 57 ccTLDs use WIPO to administer UDRP or modified version of UDRP

• Filing fees: NAF = $1300 (1-2 domains); WIPO = $1500 (1-5 domains)

• CIETAC (HK) and Czech providers also

Victories by Brandowners

• Verizon v. Navigation Catalysts, preliminary injunction granted, all standard tasting defenses rejected

• Verizon v. OnlineNIC, $33 million judgment• Verizon, Microsoft, Dell and Yahoo! have

sued ICANN-accredited registrars, avoiding ACPA immunity provision by arguing registrars’ “bad faith”

Phishing Attacks Multiply• Number of incidents and of targeted brands

continues to rise• Sophistication and efficiency of attacks

continues to rise – esp. “fast flux” abuses• Social networks frequently targeted• Registrar account takeovers occurring• Phone, VOIP and IM phishing is common• IDNs becoming more widespread

Source: Microsoft Online Safety, http://www.microsoft.com/protect/fraud/phishing/symptoms.aspx

Source: MarkMonitor Brandjacking Index

Source: MarkMonitor Brandjacking Index

Source: APWG Phishing Activity Trends Report, 1st half 2009

● Banking trojan/password‐stealing crimeware infections increased more than 186% between Q4, 2008 and Q2, 2009.

● The total number of infected computers rose more than 66% between Q4 2008 and Q2 2009 to 11,937,944, representing more than 54% of the total sample of scanned computers.

● 46% of phish attacks hosted in Sweden in June, 2009; 45% in North America (per APWG Phishing Activity Trends Report, 1st half 2009)

● 63% of phish attacks hosted in North America (per MarkMonitor Brandjacking Index – Summer 2009)

APWG Phishing Stats

Source: MarkMonitor Brandjacking Index, Spring 2009

Number of targeted brands constantly increasing

Source: MarkMonitor Brandjacking Index, Spring 2009

Social network phish attacks rapidly increasing.

Malware proliferation• Change in emphasis - now Crimeware• Organized crime with specialists creating

sophisticated attacks• Open up computers to become zombies• Install keyloggers and scan for user/pass• Capturing and using address books

– Direct targets for sophisticated social engineering

– Going after “whales” - people with high-value assets

Rogue Anti-Malware Programs Growing atUnprecedented Pace Through H1 of 2009

Source: APWG Phishing Activity Trends Report, 1st half 2009

Process Flow: Registry Suspension of Phish Domains

Registration Abuse Policies WG• Define domain name registration abuse, as distinct from abuse arising

solely from use of a domain name while it is registered (!?)• Illustrative categorization of known abuses

• Identify which aspects of the subject of registration abuse are within ICANN's mission to address

• Understand if registration abuses might be curtailed or better addressed if consistent registration abuse policies were established

• Abuse queue, routinely monitored?• Minimum standards for abuse complaint handling?

• Identify and recommend specific policy issues and processes for further consideration by the GNSO Council

Registrar Accreditation Agreement (RAA)

• Review of RAA which has been in force since May 2001, as a result of RegisterFly fiasco in early 2007

• Six amendments were adopted, via consultation between ICANN Staff and the Registrars’ Constituency:– additional, graduated contract enforcement tools for contract compliance – terms by which registrar can be sold yet retain its ICANN accreditation– responsibilities of a parent owner/manager when one or more of a "family"

of registrars fails to comply with ICANN requirements– “require” registrars to escrow contact information for customers who

register domain names using Whois privacy and Whois proxy services– augment the responsibilities of registrars re their resellers– require operator skills training and testing of all accredited Registrars

• New GNSO Working Group to suggest additional amendments to RAA

– Findings from Registration Abuse Policies WG could be implemented?– Proxy WHOIS services could be better regulated?

Rights Protection Mechanisms (RPMs)

• Cybersquatting and Phishing is too quick and easy, and remedies are too expensive and slow

• ICANN Policy Development is needed to fix this• Potential options:

– Standardized Sunrise Registration Process, including “Clearinghouse” for registration of IP rights

– Faster and cheaper pre-UDRP process, with rapid DNS suspension upon default

– Rapid DNS suspension upon evidence of phishing or malware (to be tested in dotAsia and other TLDs)

IRT Draft Recommendations• IP Clearinghouse, Globally Protected Marks List

and other top and second-level RPMs

• Uniform Rapid Suspension (URS) Procedure

• Post-delegation dispute resolution mechanisms at the top level

• “Thick WHOIS” required for new TLDs

Uniform Rapid Suspension• To solve the most clear-cut cases of trademark

abuse, while balancing against the potential for an abuse of the process

• Same substantive UDRP standards apply, but burden of proof on the complainant is higher

• Complaint filed; domain locked but operating• Email, certified letter and 2nd email to registrant• Registrant has 14 days from first email to

answer• Default = Domain Suspension

Anti-Abuse Policies in newTLDs• Every gTLD registry operator, in application to ICANN,

must specify their intended methods to deal with abusive registrations.

• DNSSEC required -- implementation plan must be included in every new gTLD application

• Zone file access centralized, for universal access by law enforcement and reliant industries

• “High Security Zones Designation Program”– “enhanced user trust in ‘designated’ TLDs”– voluntary program, ‘opt in’… for additional fee– Registries and registrars would “showcase their commitment to security via

documented internal controls” to ensure security of Personally Identifiable Information, and of critical business functions

– Registries and registrars must “authenticate the identity of registrars and registrants.”

Help!!• Please join the Business Constituency!

– 1000 euro/year for large enterprises– 160 euro/year for small enterprises– Active mailing list & periodic teleconferences– Influencing ICANN policy development on

behalf of all businesses• www.bizconst.org• mike@rodenbaugh.com