The Internet has radically transformed IP strategies. Today, a company trading without an impressive online presence is analogous to a writer without a word processor. According to the figures released by the Internet Advertising Bureau (IAB) in May 2007, there are now 30.9m people online in the UK alone (66% of the population). The percentage is even higher in the US with 69.5% of the population (210.5m) registered as regular Internet users, according to Internet World Stats (IWS).
This may seem obvious, but in the early twenty-first century, the way in which businesses market their brands and manage their presence on the Internet is continuing to evolve. Arguably, nowhere else in the commercial world are cutting-edge legal solutions more relevant. This paper brings together thoughts and opinions from key figures in the legal profession to set out expert advice on how to manage and monitor rapidly-developing digital content.
By Dominic Speller
White Paper Contents
In the Web 2.0 generation, many of today's biggest names rely almost entirely on the Internet for exposure. YouTube and Myspace are excellent examples of sites that have capitalised on the reach of the Internet, while companies such as Amazon, lastminute and Google are all successful, revenue-generating businesses that trade solely online. Where a company's entire brand survival is indelibly linked to the Internet, it's important that this brand be well constructed - and properly protected.
According to US Internet media company iXL, successful online brands need to be 'memorable and distinctive, relevant to their customers, useful and useable, efficient, and consistent with their implied service promise.' But in order to maintain success online, brands need to be protected from both a technical and legal perspective. Without the combination of these, any business reliant on the Internet could easily be subjected to difficulties.
Certainly, once the creative and technical teams have designed an online brand commensurate with iXL's criteria, legal advice is essential to ensure that a business manages its online presence for best effect. It's also advisable to research what websites and domain names are already in operation, pre-brand development. Carrying out some relatively easy and inexpensive domain name checks often saves time and may even avoid disappointment at a later stage of a business's development. But where should a company start?
Glossary of Common Terms
gTLDs
(generic Top Level Domains): a top-level domain used (at least in theory) by a particular class of organisation; for example .com for commercial organisations.
ccTLDs
(country code Top Level Domains): A standard two-letter abbreviation for the name of a country. It is used with domain names with locations outside the US. For example, ".bz" refers to the Belize.
net (.net)
The top level domain designated for entities and computers that represent part of the Internet's infrastructure. Originally intended for use by Network Information Centers (NICs), Network Operations Centers (NOCs), administrative computers (such as a name server) and network node computers.
org (.org)
The top level domain designated for miscellaneous entities that do not fit under any of the other top level domains. Typically used for non-profit organisations.
Registry
A registry is responsible for delegating Internet addresses such as Internet Protocol (IP) numbers and domain names, and keeping a record of those addresses and the information associated with their delegation.
The Domain Name
Google's technical definition of a domain name - 'the word sequences users enter in their address bar of an Internet navigator to visit a specific website' - somewhat belies its core importance. Without a domain name, there is no online brand. Many international companies know this much; Nominet, the UK registry for .uk domain names, currently manages over six million .uk domain names alone, and while top-level domains such as .com, .org and .net have never struggled for popularity, there has also been a marked rise in the number of registrations of so-called 'country code' domains, such as .IE (Ireland), .MX (Mexico) and .BZ (Belize).
In the UK, two of the seven available second-level domains operated by Nominet are restricted to registered companies. Prospective registrants are restricted to one name per applicant, with the name allowed determined by a set of rules that replicates that used by Companies House. Nichola Evans, a partner specialising in commercial litigation with nationwide law firm Ricksons, explains the system: 'There are two principal tests for .ltd.uk and plc.uk second-level domain names. The registrant for a .ltd.uk domain name must be a limited company properly incorporated under the Companies Act 1985; likewise, a public limited company applying for a .plc.uk domain name. The name chosen must relate to the company name, and, if available, a company appoints an agent - usually a specialist web hosting service - to register the domain name.' Similarly, in the US, the plc.com domain name is limited to public companies, following rules laid out by ICANN. By way of contrast, the .co.uk and .com domain is in practice available to all.
In addition, as of 7 December 2005, .eu domain names became available. To qualify for .eu registration, applicants must be able to demonstrate a valid connection with a country in the European Community. This can be shown in circumstances where the organisation has a registered office, central administration or principal place of business within the EU, or, so far as an individual is concerned, if that person is a resident within the EU.
More recently, a new domain name for the asia region (.asia) has been established, with the first registrations due to start in October 2007. The first 'sunrise' period of registration will be available to legal entities in the DotAsia community (for example, natural persons, corporations or companies, government bodies and so on) and to trademark owners with rights in the territory. Such a domain name provides corporations with one easy means for blanket coverage across the entire Pan-Asia and Asia Pacific region. But if the acquisition of domains of various kinds shows no sign of abating, what do we know of the best practice underlying the process?
'The first step is to check the availability of a domain name,' says Evans. 'How this is determined depends on the choice of domain name itself. A useful starting point is to visit the CORE website, www.corenic.net. CORE, an international association of registrars, was set up in 1997 and offers members a way of checking the availability of domains and then, if possible, registering them.' Evans explains that the CORE site searches the following domains: .com, .net, .org, .info, .us, .cn, .tw, .coop, .biz and .name. As Evans puts it: 'CORE enables the creation of domains with the preceding suffixes, as well as their modification, transfer and renewal.' Third-party domain specialists, such as CPA, also provide availability searches across all gTLDs and ccTLDs. via online extranets.
Should I Register Generic or Country-Code Domains?
A company needs to decide whether to adopt a top-level domain or a second-level domain. Albeit that top-level, generic (i.e. non-country code) top-level domains (known as gTLDs) have largely proved more popular, there is a compelling case for country-code domain names (known as ccTLDs), as David Engel, a specialist in media and Internet litigation with Addleshaw Goddard, explains: 'A gTLD may have been taken by legitimate third-party registrant, in which case a business owner or company may be confronted simply by the unavailability of its equivalent gTLD. That being the case, there is a basic logistical reason for seeking a ccTLD, but marketing issues might also make a ccTLD more appealing. For example, a large multinational may have distinct national franchises. It may wish its online brand to be targeted to the relevant local market, so in Germany it will be Globalbrand.de, in Spain Globalbrand.es, and so on. Or a company may be associated predominantly with one country, in which case it may be sensible for the branding as a whole, including the domain name, to focus on the country of origin.' ccTLDs are also widely used for specific language websites.
Ultimately, the decision should be made according to the company's wider business strategy, but it's important for the corporate marketing and legal teams to work together from the onset. After all, it makes little sense to invest in branding, if that impact is going to be diluted by complications with domain registrations.
Even at the outset, when a domain name is being chosen, the question of enforcement needs to be considered. It is vital that rights holders can adequately protect their brands, whether from cybersquatters, cybersmearing, piracy or phishing, all of which are increasingly embedded in the lawyers' lexicon. As Geoff Steward, IP partner with law firm Macfarlanes, says: 'A rights owner may not feel that the gTLD dispute resolution procedures are adequate, and may consider that litigation in a chosen ccTLD jurisdiction will be more effective.' However, litigation is not the only solution in cases of piracy, and companies need to become increasingly clever in the way in which they select and retain their chosen domain names.
Part of this is driven by the fast-moving nature of the Internet. Only a few years ago, 'cybersquatter,' was a relatively new term to the law. Now the courts are fully aware of the dubious methodology of the cybersquatter - the cynical and opportunistic registrant of a domain name whose sole intention is to extort money from its rightful owner for its transfer. In its early form, the cybersquatter will offer to sell the name at an inflated price, or will threaten to divert users to a damaging 'alternative' site, either one that is offensive such as a pornographic site or to sites that compete with the legitimate rights holder. These days, cybersquatting has become a far more complicated and challenging threat to domain names; the rise of domain tasting provides a pertinent example. Exploiting a loophole in the process of registering a domain name, cybersquatters are able to 'sit' on a domain name for three days to test traffic to a site before they register it, or release it.
New threats have also emerged, bringing with them new challenges. The practice of domaining, once considered to be a form of cyber piracy, is now being recognised as a legitimate business model that brand owners can themselves learn from. Domainers are individuals whose profession is the accumulation and dealing of generic internet domain names. Although controversially compared to cybersquatters, domainers claim to differentiate and legitimise themselves by avoiding trademarked names and potentially contentious domain names, and refraining from typosquatting. They consider their conduct in buying, selling, and developing domain names to be in the same spirit as real estate investing. Domainers generate revenue via domain parking, through the resale of domain names and by developing domain names into fully functioning websites. The question for brand owners is therefore: if a domainer has registered a generic name in your field and is receiving enough hits to justify its up keep or sale, why haven't you registered that name to direct traffic to your own website? By understanding the approach of domainers, brand owners should be able to assess their own domain name registration and SEO strategies.
Which DRP Should I Use?
ICANN's Uniform Domain-Name Dispute-Resolution Policy (UDRP) protects registrations in .biz, .com, .info, .name, .net and .org top-level domains; however, many territories have their own DRPs, for example, Nominet's DRP in the UK (.uk) and EURid's Alternative Dispute Resolution Policy (ADR) in Europe (.eu). US domain name dispute resolutions are overseen by the National Arbitration Forum (NAF), which in turn is governed by the ICANN's UDRP. In those territories that do not have a DRP in place, however, companies have no choice but to pursue the alleged infringer in the courts. For more information, visit www.cpaglobal.com/domains or email domainnames@cpaglobal.com
Prevention Better than Cure
In cases where a cybersquatter has infringed your trademark rights by registering a domain name in bad faith (or, simply, without being aware that the domain name infringes an existing trademark), domestic courts provide the opportunity for claims to be heard. However, well-informed brand owners can avoid the expense necessary in cases of litigation. CPA recommends a fourpronged approach to fighting online infringement: investigate, action cease and desist, attempt recovery and, if all else fails, via a Domain Name Resolution Policy (DRP).
In order to fight infringement, it's imperative for a company to track its brands online and record any history of violation. Monitoring domain name registrations across all generic Top-level Domains (gTLDs) and available countrycode Top-level Domains (ccTLDs) will allow you to highlight any registrations that are identical or confusingly similar to your trademark-protected brands and services, providing you with the information needed to pursue infringement action quickly and effectively. Building an in-depth report about the registrant will also help inform and support your retrieval strategy. Companies, such as CPA, offer this service, as it's important to collect evidence before sending a C&D, as the infringer could quite simply remove their page.
Issuing a cease and desist letter is important for two reasons. Firstly, it provides the alleged infringer with the opportunity to back down without unnecessary work and expense. If the infringing company has mistakenly registered the name or is appropriately scared by the threatof litigation, it will often return the rights on receipt of the letter. Secondly, if the company registered the name in bad faith, it will often demand a hefty fee for its return. Such a response indicates that the registration was made in bad faith and will support your claim should you be forced to pursue the infringer to the DRP stage.
The next step is to attempt recovery: 'Of course, cease and desist letters don't always provoke a timely response; however, before spending the $5,000 involved in the DRP process, companies should first consider organising an anonymous recovery instead. In such attempts at recovery, domain name specialists can 'anonymously' approach the registrant on your behalf and negotiate a fee for the return of the URL. This route guarantees the return of the domain name and is particularly useful for companies who don't yet have trademark rights in place to support their claims for ownership in the DRP process.
If all else fails, the Internet Corporation of Assigned Names and Numbers (ICANN) provides what can often be a cheap and effective means of redress - and one that is all the more likely to be successful with a history of infringement watching and cease and desist attempts in place.
Ultimately, however, the best way to resolve a dispute is to avoid it in the first place. Those with a proactive approach to registering domains benefit from the best chance of protecting their valuable brands from infringement. However, to do this successfully, brand owners need to be aware of restrictions on domain name registrations and to keep on top of rule changes in the countries where they register their brands. Many domains experts recommend that companies should buy all domain names available that legitimately suit their name and brand(s), at the same time as checking to see if other businesses have got there first. However, blanket defensive registration policies are fast becoming outmoded as a method of protecting all but the core brands of any company. This is partially due to improvements in the availability, technology and service behind domain and digital content monitoring offerings, coupled with a greater understanding and acceptance of domain names as legal IP rights.
Nevertheless, it is still wise to protect key brands through defensive registrations in key territories for your current or future business operations. However, in those territories deemed less important for overall brand strategy, it makes more sense to monitor domain name registrations for potential infringement. Ultimately, most brand owners will agree that whatever the cost of their brand protection strategy, the overall value of the brand and its reputation is vastly greater.
Once a brand has been created, it's advisable to implement watching strategies to deal with attacks on a rights holder. As Steward says: 'Making sure that a member of staff does a Google search on the company name and key brand names every Monday morning could throw up examples of cybersquatting or IP infringements.' This process is often very time consuming and you may not catch everything, so the alternative would be to deploy the skills of a specialist trademark watching company or agent. The danger of brand damage is something to be very aware of, with competitors, bored teenage hackers and gripe sites all able to damage a growing brand in a variety of ways. Their activities may sit uneasily on the borderline of the right to freedom of expression - enshrined in law in many Western jurisdictions - but rights holders need not abandon hope. There are ways in which they can protect their online brands.
Gripe Sites
Gripe sites are those which are established with the express intention of criticising an institution, such as a company, union, government body or politician. A wellknown example is www.alitaliasucks.com, a site dedicated to attacking Italy's national airline for a catalogue of alleged problems including lost baggage and the absence of compensation for flight delays and cancellations. Other 'sucks' sites have been established, but Alitalia's bid to fine and silence the creators of alitaliasucks.com - claiming violation of statutory and common law trademark laws as well as the Anti-cybersquatting Consumer Protection Act - was rejected by the US courts, which found that the defendant's First Amendment right to free speech, allied with the non-commercial nature of criticism, foiled Alitalia's claims.
Rajita Sharma, a partner specialising in IP law with Reed Smith, says that gripe sites can be difficult to combat: 'The law of defamation and trade libel may be used for derogatory contents of such sites. However, as the various decisions have shown, actions for trademark infringement are unlikely to succeed if the judge takes the view that the use of the marks in the gripe sites is not in the course of trade in relation to goods or services, or the use does not take unfair advantage of or is not detrimental to the character or repute of the trademark.'
Engel agrees: 'The protection of rights and reputation online is an increasing issue for many businesses, but dealing with reputation damage online is not quite as straightforward as complaining to a newspaper about an unflattering article, action can and has been taken against Internet infringers.'
For Sharma, brand owners would be well-advised to think laterally in order to deal with gripe sites. 'Companies could adopt strategies including registering variants of their trade marks and domain names which contain words such as 'sucks,' 'protest' and 'hate.' They could ensure that their hosting agreements with ISPs require removal of sites that infringe their trademarks or contain offensive material. They could also complain to the domain name registries such as Nominet and ICANN and seek removal of the offending domain name.'
If a company does decide to take action and try to get a website shut down, they will need to compile evidence for the case. Web-page-change watches can be placed on the sites so that the brand owner is made aware of any changes to the page. Sometimes, for example, if a gripe site hears about potential action, they may temporarily change the content of the site. This would mean that the evidence is then no longer available for the courts. However, if the page is being monitored, the pages are archived and the dates and times of any changes are recorded.
Organisations such as the International Chamber of Commerce's Counterfeiting Intelligence Bureau (CIB) and the Anti-Counterfeiting Group (ACG) have been set up expressly to fight the fraudsters. Both provide advice on brand protection and management, and, indeed, on how to deal with yet another problem, 'phishing.' This occurs when an e-mail is sent to a user falsely claiming to be from an established, legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. Microsoft has been so bedeviled by the problem that it has launched its 'Global Phishing Enforcement Initiative,' which works in partnership with law enforcement, governments and industry to educate consumers, prosecute criminals and develop technology solutions to address phishing threats.
Meanwhile brand owners are increasingly turning to third-party experts to assist them with online monitoring of their brand names. With eight million new pages added to the web every day, it is becoming nigh on impossible for brand owners to be sure that mentions of their brand are legally sound. And, once infringement has been found, content watching services will also provide rights owners with the necessary background evidence necessary to make a case. After all, it is all too easy for a cybersquatter to shut down the website and restart a new one elsewhere. Brand owners need the evidence to back their claim to stop such practices.
Definitions
Cybersquatting: The registration of a domain name that directly copies the identity or trademark of an established firm, product or public figure.
Cybersmearing: The practice of targeting a specific firm or individual online with the intent of committing commercial fraud. Typically conducted as a form of revenge by disgruntled former employees or associates.
Cyberstalking: A method of harassing an individual by email or on social networking sites to obtain personal information or make inappropriate requests. Also used as an alternative name for cybersmearing.
Drop Catching: The action of registering a domain at the point it is deleted at the registry.
Domain Tasting: The practice of registering a domain name, examining traffic or other aspects of the domain and deleting it within a grace period for full credit, if it does not meet success criteria. Typically automated.
Domainer: Someone who:
1. Individually profits from domain names, through the buying, selling or monetisation of domain names, and/or 2. Is gainfully employed by an organisation with income derived from work pertaining to domain related industry.
Gripe Site: A website set up for the specific purpose of attacking an institution, product or individual.
Phishing: The practice of stinging web users for sensitive information, often financial, such as credit card details, by imitating an established corporate or brand identity.
Cybersmearing
If one option in counter-attacking a gripe site will be an action for defamation, this remedy could also be deployed in dealing with another recent phenomenon, 'cybersmearing' or 'cyberstalking'. This occurs when one or more individuals target a specific business for financial gain, often with the agenda being to exact revenge against their former employer. The classic methodology of the cyberstalker is the posting of defam atory material on Internet message boards and chat rooms. This can present a serious problem for brands, given the vast potential audience and the fact that the defamatory posting can take on an online life of its own. However, sometimes commencing litigation will not be the best answer, as Caroline Kean, a libel lawyer with Wiggin LLP, explains: 'The problem with suing a cybersmearer for libel - assuming that he or she can be found - is that the defendant may post accounts of the pre-trial correspondence online. Often they are motivated by ill-will and will relish being able to do this. This can end up doing the brand more harm than good. The best way of combating cybersmearing is to plan ahead - a company should review its in-house employment policies and do its utmost to be a good listener so that, hopefully, grudges are not formed. Ensuring that employment agreements prohibit the posting of defamatory attacks may also help to create a culture inimical to potential cybersmearers.'
If a company is sited in a cybersmearing campaign, often the best policy is to be upfront and honest. We've seen two highprofile cases in recent years with two completely different outcomes: in the first, the brand owner came across negative commentary on a blogging site and decided to pursue the case to court to force the site owners to take down the postings. In the second case, the brand owner decided to answer the blogger's comments on the blog site itself: expressing concern about the service they felt they had received and offering to resolve it for them and other users. Unsurprisingly, the second approach was much more effective from a PR point of view. Many companies have now put together a blogging policy so that it is clear what employees should be saying about the company if they indulge in blogging.
If gripe sites and cybersmearers pose problems that are arguably better solved by a combination of good business practice and astute PR than legal remedies, the law comes into its own in dealing with the distribution of fake goods via the Internet. This is just as well, given the scale of the problem: according to the Gieshen Consultancy DOPIP Security Counterfeit Intelligence Report (January 2006), more than 3,700 counterfeit and pirated intellectual property item seizures in 133 countries resulted in a total loss of USD$1.54bn in 2005 alone. eBay itself has publicly said that approximately 0.1% of all of its listings were confirmed cases of fraud (not taking into account unreported cases).
Is it Such a Big Deal?
Many consumers have an indulgent attitude to rogue traders, as if they somehow encapsulate a lost spirit of entrepreneurialism. But according to Anthony Riem, partner with City law firm, PCB, which specialises in commercial fraud and asset recovery, it is about time we woke up to the real cost of such fraud.
'The demand for fake goods is incredible,' says Riem, citing the seizure of goods worth £1.5m at the Wembley street market last year, 'but people seem blind to the implications of allowing counterfeit trade to continue. Based just upon the value of fake goods seized at Wembley market, the VAT payable on fake goods sold at the 1,200 permanent markets in the UK would have been enough to build a school or hospital.' The problem is compounded by the Internet, says Riem, not only because of its global reach but because the law tends to treat online auction sites as conduits of information, analogous to BT, rather than the publisher which would, in most cases, be legally liable for content. Beyond that, says Riem, 'we should remember that organised and dangerous criminal syndicates are behind online counterfeiting. They use revenue to finance other, more obviously unacceptable activities such as drug running and terrorism.'
Riem is convinced that the most effective deterrent is taking away the proceeds of crime. 'We are fortunate in that domestic law has wide-ranging powers that enable action without notice to the criminal. We can obtain thirdparty disclosure orders, using civil procedure rules and the Norwich Pharmacal principle, to compel an ISP to disclose who is posting material online, which are in turn accompanied by so-called 'gagging orders' to prohibit the ISP notifying anyone. Similar applications can be made to banks to freeze assets. The overriding point to be made is that the English courts cannot abide the idea of London being used as a centre of international financial crime, and so are very open to attempts to stop the fraudsters. Our courts are on the cutting edge of finding ways to combat online counterfeiting.'
Similarly, in the US, a growing number of legal tools are available to firms and their clients to help combat counterfeiting and Internet crime. Temporary restraining orders (TROs), permanent and temporary injunctions, and orders of seizure and asset seizures can all help brand owners to enforce their rights.
A number of other mechanisms exist to deal with the problem. eBay has implemented the Verified Rights Owner (VeRO) Program to allow brand owners to report listings that infringe their intellectual property rights. If a seller appears to be offering infringing goods for sale, eBay removes the listing from the site, notifies the seller of the listing's removal, refunds all fees associated with the listing and reviews the seller's account for possible suspension. If eBay is not sure whether or not an item is infringing, the company refers the suspect listing to the rights owner for review. Yahoo! also provides an Auction Abuse form that enables users to report any listing that abuses its guidelines and Terms of Service. Brand owners without their own inhouse manpower can also use automated services.
But as Jeremy Phillips, IP consultant at Olswang points out, legal remedies in the virtual setting of the Internet are not always that simple. 'Even if you do find your target, where can you sue them? The Internet is the proverbial global village, but courts only exist in real locations - countries,' he points out. 'Old fashioned terrestrial law has its own web of rules that decide which country's courts you can sue in, with separate rules governing arbitration of domain name disputes by WIPO, Nominet and other national registrars. And, even if you know who your e-quarry is and you've found somewhere to sue, you need to assess the likely results of your enforcement action. If your infringer has no assets to speak of, you can forget about winning damages and getting back costs.'
Ultimately, it's all about retaining control of your brand in the virtual world, and that necessitates a step change in the way in which users view the Internet. Educating the public of the cost of online fraud is, according to most experts, essential. So, too, as Jeremy puts it, 'intelligence and effective deterrents.' In a world which has changed immeasurably thanks to the advent of the Internet, and which is set for yet more accelerated evolution, 'education, intelligence and effective deterrents' would seem a sensible formula for brand owners looking to manage and protect their digital content. So, too, an ability to think laterally - and a readiness to utilise legal remedies when necessary.
Keep Informed
You can help protect your domain names by keeping informed of the latest developments in the industry.
Useful resources include:
Further reading:
About CPA
With clients in over 100 countries, CPA is a leading provider of legal process outsourcing services and the world's top intellectual property (IP) management specialist. Founded in 1969, CPA provides lifecycle management services for intellectual property such as patent, design and trademark searching, watching, renewals, and portfolio strategy in over 181 jurisdictions. CPA is also a leader in the growing market for outsourced contract management and litigation support services, helping law firms and corporations to realize value by managing risk, cost and capacity. CPA employs over 1,000 people in 16 offices in 8 countries. www.cpaglobal.com