abusive domain names: enforcement options icann policy update · 2019-08-26 · less ppc profit for...
TRANSCRIPT
![Page 1: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/1.jpg)
Abusive Domain Names:
Enforcement Options
&
ICANN Policy Update
by
Mike Rodenbaugh
BrightTalk -- IP Litigation Summit
October 8, 2009
![Page 2: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/2.jpg)
Mike Rodenbaugh• Principal attorney at Rodenbaugh Law, representing
businesses in all matters of trademark and copyright protection and enforcement, and advising online companies in strategy, business transactions and dispute resolution.
• Mike represents the Business Constituency at ICANN (bizconst.org), as an elected Councilor to the Generic Names Supporting Organization (GNSO). The GNSO Council develops ICANN policy with respect to generic TLDs such as .com, .mobi, .museum, .travel, .jobs and many hundreds more coming in 2010 and beyond.
• Mike is also active in the Anti-Phishing Working Group (APWG) Internet Policy Committee, the International Trademark Association (INTA) and the California State Bar, Trademark Committee.
![Page 3: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/3.jpg)
Scope of Cybersquatting Problem
• Q1 2008 – 30 brands victim of 400,000 cybersquatted domains – 40% more than ’07– Source: MarkMonitor Brandjacking Index, Spring 2008
• Q2 2009 – 6 pharma brands victim of 20,000 cybersquatted domains – 9% more than ’08– Also listed in 2,930 online pharmacies
• only 4 of them certified by the US governing body (VIPPS)• Averaging 42,000 daily visitors• earning $11 BILLION in estimated revenue per year
– Source: MarkMonitor Brandjacking Index, Summer 2009
![Page 4: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/4.jpg)
![Page 5: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/5.jpg)
TM Office Comes to CA. - 2008 5
![Page 6: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/6.jpg)
6
Domain Name “Tasting”• Register and “taste” name for 5 days• Measure traffic & revenue via PPC ads• Return 98% of domains for full refund• Keep and pay for profitable domain names• Monetize domain names via PPC ads,
popups, redirection– Get paid by Google or Yahoo!– Wait for C&D, UDRP or ACPA complaint– Ignore notice, continue to profit…
![Page 7: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/7.jpg)
![Page 8: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/8.jpg)
8
Domain Name Tasting –Nearly Dead
• Smaller payouts from Google and Yahoo!, so less PPC profit for commercial tasters
• Massive cybersquatting judgments and settlements to large brandowners
• ICANN Consensus Policy adopted!– Registrars now must pay full price if they delete more
than 10% of the names they register in any month– 98% drop in deletes– Still a few bad actors, and ccTLDs where tasting is
encouraged
![Page 9: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/9.jpg)
New IDN and gTLDs are coming!
![Page 10: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/10.jpg)
They’re already here, many more yet to come.
• Unauthorized (by ICANN) in China and Israel
• “Public TLDs”: http://tld.name/
• Many more to come through ICANN in 2010:– .web, .blog, .sex, .eco, .radio, .music– .lat, .africa, .berlin, .nyc, .paris …
• Anywhere from 500 to 60 million new gTLD extensions
![Page 11: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/11.jpg)
11
New Top Level Domains: ProjectedImplementation Timeline
• IDN ccTLDs on independent schedule, launching early 2010 in China, Russia and elsewhere
• gTLD Draft Applicant Guidebook, v.3 posted for public comment on Oct. 4, 2009
• Final DAG Approved – est. Dec. 2009
• gTLD Applications Accepted – est. March 2010
• Successful gTLD (incl. IDN gTLD) Applications Approved – est. Q3 2010, live 3 mos. later
![Page 12: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/12.jpg)
newTLD Risks to TM Owners• Increased need for defensive registrations
and anti-cybersquatting budget• Increased space for phishers and other
criminal actors to exploit• Increased consumer confusion and
reliance on search engines• Potentially “blocked” from newTLD, and/or
newTLD edge to your competition?– See http://rodenbaugh.com/downloads/pdf/websitemag_expansion.pdf
![Page 13: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/13.jpg)
“.brand” Opportunity• Security – you own and control the TLD,
can register to anyone you choose– No domainers, squatters OR phishers?!– More secure email, intranet, etc.?
• Marketing – create a global community centered on your branded TLD– Be one of the first in your industry?– Develop new products?
![Page 14: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/14.jpg)
“.brand” Risks and Costs• Switching from .com and .country marketing and user
mindset developed over ten years
• ICANN process:– First-come, first-served with hefty application fee– Potential objections and increased cost
• Operating a TLD:– regular ICANN compliance reporting; policy work– security against hacking, DDOS, etc.– legal exposure to registrants?– must use ICANN-accredited registrars?– ongoing cost to ICANN and to operational support
![Page 15: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/15.jpg)
Enforcement Options• Notices to everyone involved:
– Domain Registrant?– Webmaster & Abuse@– WHOIS Privacy Service– Web Host– NameServer– Domain Registrar
-- IP Block Owner-- Search Engines-- Mail Providers -- Domain Registry? (Phishing)-- ICANN? (False WHOIS)-- Law enforcement agency?
• Notify of breach of Terms of Service• Notify under DMCA (in USA) or European parallel• Notify of Contributory TM Infringement (Akanoc verdict)• Send follow-up notices every 48 hours• Escalate from in-house to outside counsel?
![Page 16: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/16.jpg)
16
Domain Name Remedies - USA
• Uniform Dispute Resolution Policy (UDRP)– Arbitration procedure mandated by ICANN via
domain name registration agreement– Available in 16 gTLDs and >50 ccTLDs– Months for decision – No Monetary Damages
• Anti-Cybersquatting Consumer Protection Act (ACPA) – 15 USC 1125(d)– in personam (vs. squatters and enablers)– in rem (vs. domain names only)
![Page 17: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/17.jpg)
17
UDRP Elements
• Domain Name is identical or confusingly similar to a trademark in which Complainant has rights
• Respondent has no legitimate rights in the Domain Name– bona fide use or preparation to use prior to
notice of a dispute• Domain Name is registered and used in bad faith
– demonstrated specific intent
![Page 18: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/18.jpg)
18
UDRP Practice Pointers
• Be careful with choice of mutually agreed jurisdiction – you could end up in court in India…
• Always request transfer; never cancel• Treat the Complaint like a motion for summary
judgment; reply may not be allowed• Follow up to make sure the name is transferred
and that it doesn’t resolve to the old website– Your registrar is responsible for transferring the
domain name– You are responsible to make sure it is used smartly
![Page 19: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/19.jpg)
UDRP Stats• National Arbitration Forum (NAF): 1770
cases in 2008; 10,600 total cases• World IP Organization (WIPO): 2329
cases in 2008; 14,000 total cases, 25,000 domains
• 57 ccTLDs use WIPO to administer UDRP or modified version of UDRP
• Filing fees: NAF = $1300 (1-2 domains); WIPO = $1500 (1-5 domains)
• CIETAC (HK) and Czech providers also
![Page 20: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/20.jpg)
Victories by Brandowners
• Verizon v. Navigation Catalysts, preliminary injunction granted, all standard tasting defenses rejected
• Verizon v. OnlineNIC, $33 million judgment• Verizon, Microsoft, Dell and Yahoo! have
sued ICANN-accredited registrars, avoiding ACPA immunity provision by arguing registrars’ “bad faith”
![Page 21: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/21.jpg)
Phishing Attacks Multiply• Number of incidents and of targeted brands
continues to rise• Sophistication and efficiency of attacks
continues to rise – esp. “fast flux” abuses• Social networks frequently targeted• Registrar account takeovers occurring• Phone, VOIP and IM phishing is common• IDNs becoming more widespread
![Page 22: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/22.jpg)
Source: Microsoft Online Safety, http://www.microsoft.com/protect/fraud/phishing/symptoms.aspx
![Page 23: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/23.jpg)
Source: MarkMonitor Brandjacking Index
![Page 24: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/24.jpg)
Source: MarkMonitor Brandjacking Index
![Page 25: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/25.jpg)
Source: APWG Phishing Activity Trends Report, 1st half 2009
![Page 26: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/26.jpg)
● Banking trojan/password‐stealing crimeware infections increased more than 186% between Q4, 2008 and Q2, 2009.
● The total number of infected computers rose more than 66% between Q4 2008 and Q2 2009 to 11,937,944, representing more than 54% of the total sample of scanned computers.
● 46% of phish attacks hosted in Sweden in June, 2009; 45% in North America (per APWG Phishing Activity Trends Report, 1st half 2009)
● 63% of phish attacks hosted in North America (per MarkMonitor Brandjacking Index – Summer 2009)
APWG Phishing Stats
![Page 27: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/27.jpg)
Source: MarkMonitor Brandjacking Index, Spring 2009
Number of targeted brands constantly increasing
![Page 28: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/28.jpg)
Source: MarkMonitor Brandjacking Index, Spring 2009
Social network phish attacks rapidly increasing.
![Page 29: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/29.jpg)
Malware proliferation• Change in emphasis - now Crimeware• Organized crime with specialists creating
sophisticated attacks• Open up computers to become zombies• Install keyloggers and scan for user/pass• Capturing and using address books
– Direct targets for sophisticated social engineering
– Going after “whales” - people with high-value assets
![Page 30: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/30.jpg)
Rogue Anti-Malware Programs Growing atUnprecedented Pace Through H1 of 2009
Source: APWG Phishing Activity Trends Report, 1st half 2009
![Page 31: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/31.jpg)
Process Flow: Registry Suspension of Phish Domains
![Page 32: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/32.jpg)
Registration Abuse Policies WG• Define domain name registration abuse, as distinct from abuse arising
solely from use of a domain name while it is registered (!?)• Illustrative categorization of known abuses
• Identify which aspects of the subject of registration abuse are within ICANN's mission to address
• Understand if registration abuses might be curtailed or better addressed if consistent registration abuse policies were established
• Abuse queue, routinely monitored?• Minimum standards for abuse complaint handling?
• Identify and recommend specific policy issues and processes for further consideration by the GNSO Council
![Page 33: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/33.jpg)
Registrar Accreditation Agreement (RAA)
• Review of RAA which has been in force since May 2001, as a result of RegisterFly fiasco in early 2007
• Six amendments were adopted, via consultation between ICANN Staff and the Registrars’ Constituency:– additional, graduated contract enforcement tools for contract compliance – terms by which registrar can be sold yet retain its ICANN accreditation– responsibilities of a parent owner/manager when one or more of a "family"
of registrars fails to comply with ICANN requirements– “require” registrars to escrow contact information for customers who
register domain names using Whois privacy and Whois proxy services– augment the responsibilities of registrars re their resellers– require operator skills training and testing of all accredited Registrars
• New GNSO Working Group to suggest additional amendments to RAA
– Findings from Registration Abuse Policies WG could be implemented?– Proxy WHOIS services could be better regulated?
![Page 34: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/34.jpg)
Rights Protection Mechanisms (RPMs)
• Cybersquatting and Phishing is too quick and easy, and remedies are too expensive and slow
• ICANN Policy Development is needed to fix this• Potential options:
– Standardized Sunrise Registration Process, including “Clearinghouse” for registration of IP rights
– Faster and cheaper pre-UDRP process, with rapid DNS suspension upon default
– Rapid DNS suspension upon evidence of phishing or malware (to be tested in dotAsia and other TLDs)
![Page 35: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/35.jpg)
IRT Draft Recommendations• IP Clearinghouse, Globally Protected Marks List
and other top and second-level RPMs
• Uniform Rapid Suspension (URS) Procedure
• Post-delegation dispute resolution mechanisms at the top level
• “Thick WHOIS” required for new TLDs
![Page 36: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/36.jpg)
Uniform Rapid Suspension• To solve the most clear-cut cases of trademark
abuse, while balancing against the potential for an abuse of the process
• Same substantive UDRP standards apply, but burden of proof on the complainant is higher
• Complaint filed; domain locked but operating• Email, certified letter and 2nd email to registrant• Registrant has 14 days from first email to
answer• Default = Domain Suspension
![Page 37: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/37.jpg)
Anti-Abuse Policies in newTLDs• Every gTLD registry operator, in application to ICANN,
must specify their intended methods to deal with abusive registrations.
• DNSSEC required -- implementation plan must be included in every new gTLD application
• Zone file access centralized, for universal access by law enforcement and reliant industries
• “High Security Zones Designation Program”– “enhanced user trust in ‘designated’ TLDs”– voluntary program, ‘opt in’… for additional fee– Registries and registrars would “showcase their commitment to security via
documented internal controls” to ensure security of Personally Identifiable Information, and of critical business functions
– Registries and registrars must “authenticate the identity of registrars and registrants.”
![Page 38: Abusive Domain Names: Enforcement Options ICANN Policy Update · 2019-08-26 · less PPC profit for commercial tasters • Massive cybersquatting judgments and settlements to large](https://reader034.vdocuments.us/reader034/viewer/2022042420/5f37754c07cf4779f315e675/html5/thumbnails/38.jpg)
Help!!• Please join the Business Constituency!
– 1000 euro/year for large enterprises– 160 euro/year for small enterprises– Active mailing list & periodic teleconferences– Influencing ICANN policy development on
behalf of all businesses• www.bizconst.org• [email protected]