Calls are increasing for domain name registrars to do more to prevent cybersquatting at the point of registration. Is it fair to place this burden on their shoulders, and how would you prefer to see it achieved?
Executive vice president and co-founder
‘Not-com’ domain names already have more protections against cybersquatting and abuse than previously have existed in the industry. These protections, including the Uniform Domain Name Dispute Resolution Policy (UDRP), the Uniform Rapid Suspension (URS) system, Domains Protected Marks List (DPML), mandatory sunrise, as well as others, are sufficient to mitigate problematic registrations. Point of registration barriers would not be an effective tool against cybersquatting and would disrupt the registration process, placing an unfair burden on registrants.
Squire Patton Boggs
With the expansion of the internet, especially with more TLDs coming online, there is an increased risk of cybersquatting and trademark infringement. Counterfeiters, cybersquatters, and infringers can grab domain names that infringe trademark owners’ rights. Traditionally, the burden of enforcement has been placed on the shoulders of trademark owners, which are obliged to ‘police the market’ and track down infringing uses.
Assessing whether a domain name is an infringement really has to be the brand owner’s judgement call. That is because the determination of what is an infringement depends on an assessment of many factors relating to the specific goods and services associated with the mark and the nature of the domain name or website. For example, ‘delta.link’ could relate to either the airline, or the faucet manufacturer, or perhaps a geography site. So a conclusion of infringement requires an assessment of the context that will not always be available to a registrar. Domain name registrars are essentially retailers selling domain names. The registrars are not required to have an in-depth understanding about the trademarks, or about the respective uses or goods or services.
The Trademark Clearinghouse (TMCH) is an innovation created for the new TLDs that might be a useful anti-infringement tool if extended to other domains. Registrars are required to run the applied-for domain names in new TLDs against the TMCH database. That results in notice to trademark owners of ‘direct hits’. Then it is up to the trademark owner to take action if a problem is detected. The registrars do not—and arguably cannot—have the depth of knowledge about the mark and its uses for every potential domain it registers. It would therefore be unfair to subject registrars to the burden of screening potential domain names.
Instead, some alternatives to requiring general pre-screening would be: (i) prohibit ‘private’ registrations, which are used by infringers to make it more difficult for the brand owners to find them; (ii) require the registrars to divulge the registrant’s name and contact information if a claim is made against the registrant; (iii) extend the TMCH to the more traditional TLDs such as .com and .net, so that trademark owners can take advantage of the benefits of notice now provided for the new TLDs; or (iv) develop a category of ‘abused’ marks—famous ones such as ‘Microsoft’ or ‘Gucci’—and prohibit registrars from registering domain names incorporating those marks unless either the brand owner is the applicant or gives prior written consent, or the applicant demonstrates that the website will be a fair use or protected speech site.
To fight cybersquatting, it is necessary to guarantee the reliability and integrity of Whois information. Increased reliability could help victims of cybersquatting to identify cybersquatters more quickly and effectively.
Registrars should be able to verify the registrant’s information at the time of the registration (using a system of email validation, for example). In the same way, registrars should not register domain names with outdated contact information. They should instead sanction such abuses.
Another solution might be found by the creation of registrant blacklists for those engaged in a pattern of conduct, for example, recurring appearances in Uniform Domain Name Dispute Resolution Policy (UDRP) and/or Uniform Rapid Suspension (URS) procedures, or registrations of domain names with outdated information).
Moreover, registrars are not part of a regulated profession. They should therefore be subject to more regulation in order to avoid abuses while securing domain name registration and the processing of personal data, the sale of which could be banned, for example.
Regulation regarding private services should also be considered. It seems necessary for registrars to ban privacy services not controlled by them. Privacy service providers should be approved by ICANN or a third party, independent of the domain name market, and should follow specific rules.
A system of restrictive diffusion of personal data could be established in order to reconcile interests.
The AFNIC, the French registry, currently uses similar system in order to protect natural persons.
The TMCH should also concern all TLDs without time limitation with regard to the notification of prior trademark existence, and should be extended to similar domain names, not only identical ones.
It seems essential for ICANN to take responsibility for registrars in order to find lasting solutions, not only attempts to reconcile opposing interests.
Domain name registrars are not the appropriate entities to individually prevent cybersquatting at the point of registration.
Gary Fisher and Steve Machin
Co-CEOs and founders
As an industry, we need to collectively work harder to support the registrar channel to deliver a consistent methodology to clean up the cybersquatting challenge. Why? ICANN requires “equitable access”, a hangover from the former .com, .net, .org era, in which all registrars must be allowed common access by a registry.
There are hundreds of registrars, so even if one operates with high integrity, there is no guarantee that they all will. Corporate registrars such as Netnames or ComLaude already do a lot of great work on behalf of their corporate clients. Many, or indeed most retail registrars, do not care who buys domains from them. Integrity can only ultimately be managed by the registries, and it is up to each individual registry to ensure its name space protects rights holders. Most registries are incented to maximise the volume of sales, not the integrity of domains.
However, if each registry implements a unique methodology, it becomes increasingly hard for the registrar channel to accommodate, and the end-user registrants will find domain name registration to be even harder to navigate.
As an industry we need to standardise rights protection, not just during sunrise periods but on an ongoing basis—services such as Accent Media’s Domains Watch, which can operate across multiple TLDS, or the Donuts DPML service, for their corporate portfolio of TLDS, are beacons of integrity.
ICANN has been too insistent on protecting registrars’ right to sell domains, and not sufficiently protective of impact TLDs or indeed the end consumer.
At Accent Media, we are working hard to put that right.
Vice President, channel development
Domain name registrars bear a considerable burden already for the defence of intellectual property. As an industry, in cooperation with ICANN, and working with governments and IP interests around the world, we have created the TMCH.
The TMCH cooperates with trademark providers in more than 70 jurisdictions globally and, together with registrars, provides claims notices to potential cybersquatters. This doesn’t prevent someone from registering a domain name containing a trademarked term (and it shouldn’t because full rights cannot be determined in that short of a time). It does, however, give the registrant a warning that a trademark exists on a term in the domain they wish to register.
The TMCH achieves proper balance. Cybersquatting is an abuse of trademark law. Under most jurisdictions, the primary responsibility for defending a trademark lies with the trademark holder.
If a trademark holder ignores the TMCH, then registrars should not be expected to protect them. How can a registrar know every trademark right in every jurisdiction around the world and balance that against the rights of domain name registrants? They simply cannot.
It’s not possible nor practical. Where would the line be drawn? What about tracking expired or abandoned trademarks?
The other issues are those of due process and enforcement. Registrars cannot be the judge and jury. They also have no power of enforcement unless a court or government authority orders it. There is a famous case in the US related to Nissan Motor Corp and Uzi Nissan, who has operated businesses under his surname since 1987.
After 20 years of legal wrangling and appeals, Mr Nissan maintains the rights to the domain name, nissan.com. Registrant rights are just not that simple and the domain registrar community has made great strides in assisting trademark holders to do their job.
Head of internet dispute resolution section
WIPO Arbitration and Mediation Center
Given the complex and controversial nature of this topic, the following is intended as food for thought.
The domain name system remains—by design—open and permissionless. In asking whether registrars ought to do more to prevent cybersquatting, it is important to also think about potential unintended side-effects.
For example, would pre-screening new domain name registrations impede the free-flow of information, hinder start-ups, or get in the way of online commerce, or would registrants simply adjust to a more regulated domain name system and undertake registrations with more deliberation?
Both proponents and opponents of enhanced registrar roles in preventing cybersquatting will confront questions such as: if registrars were tasked with preventing cybersquatting, who would be the arbiter of whether a proposed registration should be accepted? What standards would be applied?
Would registrars look only at the domain name itself, or also at the proposed use? What role would the identity of the registrant play? It’s worth adding that even one seemingly obvious way to screen out potential cybersquatters, namely, prohibiting registrations by recidivist infringers, could be easily circumvented by aliases or privacy services.
Would decisions not to allow a registration be appealable? How would sometimes complex questions about geographical and trademark class‑based co-existence be addressed?
Presumably, designing and implementing a process to address cybersquatting at the pre‑registration phase would drive up registration costs. Some may even argue that this would not be a bad thing.
Indeed, one of the arguments as to why cybersquatting continues with regularity is that there is virtually no deterrent against future infringements—most registrants do not even bother to defend UDRP cases.
Readers will recall that the eBay VeRO programme, a lynchpin to avoiding liability in the Tiffany case, came at a cost of millions of dollars per year to eBay—a fact registrars and registries may bear in mind when it comes to the possibility of an ICANN review weakening the globally relied-on UDRP, which has kept tens of thousands of domain name cases out of court, and in some cases out of these registration authorities’ inboxes.
A practical, albeit curative, way to stem the tide of cybersquatting may lie in a narrowly focused takedown option expressly connected to the existing UDRP in the event a transfer is sought.
The design of the current URS system, however, both lacks the desired efficiency and a meaningful connection to the UDRP.
As ICANN convenes a rights protection mechanism review, it may be worth recalling that the World IP Organization proposed just such a mechanism to ICANN in 2009, and again in 2012, and will continue to engage in discussions on rights protection in the domain name system.
The simple answer is that it is not fair to ask registrars to do more to prevent cybersquatting. A registrar may be a skilled technologist, a savvy businessperson, involved in supporting the expanding role the internet plays in society and business. But we are not a law enforcement agency and our lawyers are only those we have on retainer.
We rely on the experts and agencies tasked with tackling cybersquatting and trademark infringement—this includes a well-grounded and well-funded network of dispute resolution processes, the court system, trademark and copyright laws, and law enforcement—which together should really do the bulk of the job.
It’s not a registrar’s position as part of the supply chain to be capable of properly evaluating all the legal questions. The registrant takes on the responsibility to abide by appropriate laws and if they violate the existing laws, we’re here to support the process in their resolution.
One thing we could do is work together to offer clarity and consistency to the IP community to help them understand how we’ll manage a complaint, so they can know what to expect of any registrar they are working with.
Registrars are quite willing to give those working within the current process an easy and straightforward way to communicate with us when issues do occur.
We can’t be responsible for upholding trademark law, but we recognise that we have a role of collaboration with those who are working in that space by making the process of that collaboration easy, straightforward and clear.