August 20, 2016

    Protecting Your Brand in a Complicated Internet Landscape

    John H. Rees

    Introduction

    In the online business world, trademarks and domain names have become irrevocably interconnected. Having a web presence is a natural extension of business branding efforts in a bricks-and-mortar environment.

    Having a web presence also means having a domain name, and domain names become part of a business’s brand. Domain names by themselves can carry a message, and they control the ability to direct a consumer, or millions of consumers, to websites that also carry a message, for better or for worse. No business should be started, and no existing business should move to the Internet, without first adopting one or more domain names that incorporate the applicable brand of the business. Similarly, no business should fail to manage the risks associated with using brands in an online environment, particularly when it comes to domain names.

    Even if you do not have a web presence, failing to police your brand on the web risks damage to your business. Others may use the web to reach your customers, damage your brand, or infringe your business’s intellectual property.

    Brands developed in bricks-and-mortar environments extend to the Internet. It makes little sense to have one brand in a store and another brand online unless there is a strategic purpose in doing so. Brand owners have traditionally protected their brands offline. They monitor the use of the brands, and if a competitor started using a trademark confusingly similar to the business owner’s mark, they act. The business owner would likely send a demand letter or pursue litigation to stop the infringing behavior and protect the goodwill associated with the brand.

    The need to protect your brand is no different in the online world. The legal issues are slightly different, but the need for vigilance is the same.

    The New World of Domain Names

    There are at least two parts to every domain name, a top-level domain name and second-level domain name. Top-level domain names are the part of a domain name to the right of the last dot (e.g., the “.com” in delta.com). The part of the domain name to the left of the last dot is the second-level domain name (e.g., the “delta” in delta.com).

    There generally are two types of top-level domain names: (1) generic top-level domain names (gTLD) and (2) country code top-level domain names (ccTLD). gTLDs are three letters, and the first .com domain name was registered on March 15, 1985. Originally there were seven gTLDs, including .com, .net, and .org. On the other hand, ccTLDs are comprised of two letters. The United States ccTLD is .us, and there are many others, such as .ch for Switzerland and .uk for Great Britain.

    For years, the best domain names have used .com as the extension. With the exponential growth of the Internet, however, new .com domain names have become scarce. The Internet is so saturated with .com domain names that it has become virtually impossible for Internet users to register their desired domain names using .com.

    Recognizing the problem, the Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit organization responsible for managing Internet domain names, decided to create more virtual addresses and expand the possible range of new domain names. The decision was made to add substantially more top-level domain names, permitting users to adopt and register domain names that were already taken under .com.

    On January 12, 2012, ICANN opened the window to applications for new, generic top-level domain names (ngTLDs) to supplement the originals like .com. ICANN received 1,930 applications for ngTLDs. To provide context for what is involved in submitting an application for an ngTLD:

    • The filing fee alone was $185,000 per ngTLD.
    • There were enormous additional costs associated with preparing the application, including legal and consulting fees and building the infrastructure necessary to operate a registry.
    • Successful applicants for each ngTLDs must operate a registry that manages all of the domain names registered under the ngTLDs.

    As of May 26, 2016, 995 ngTLDs have been introduced and made available for new domain names on the Internet. Another 326 are working their way through the application process. ICANN has left the door open to more rounds of applications in the future. Examples of ngTLDs that have launched are .law, .tickets, .jewelry, .cafe, .sucks, .pharmacy, .bank, .samsung, and many others.

    Domain-name registries are the organizations responsible for registering and managing all domain names under a specific gTLD. fTLD Registry Services LLC is one such registry, and it manages the registry for .bank and .insurance. Each registry contracts with ICANN to manage the domain names and to maintain the technology behind the domain names. Registries then contract with registrars—the retail side of domain-name registration—to register domain names under a gTLD for the registry. Some registrars include Network Solutions, GoDaddy, and 101Domain.

    Everyone who registers a domain name through a registrar accepts the terms of a registration agreement with the registrar. This agreement limits your rights to those specified in the agreement.

    Brand Protection Issues

    Brands are source identifiers and create consumer impressions. In order to develop strong trademarks, brand owners can spend significant amounts of money and effort for consumers to associate specific products and services with their brands. These trademarks become very valuable and can bring significant goodwill to the brand owner. For example, the Google brand is valued at approximately $45 billion, and Microsoft is valued at $43 billion.

    Expanding ngTLDs makes it easier for Internet users to adopt and register domain names without having to rely exclusively on .com or the other more popular top-level domains, such as .net, .biz, and .info. In addition, having ngTLDs could change the way businesses market online. For example, .sony may become the go-to ngTLD for anything Sony. The introduction of .bank and .pharmacy could lead to greater consumer confidence when using online banking or pharmacy products.

    However, this is also a brand owner’s potential nightmare. Prior to the introduction of the ngTLDs, cybersquatters were active on the Internet, misusing and abusing trademarks in domain names. Now that there are hundreds of ngTLDs, under which each could have countless numbers of domain names, the potential for cybersquatting and trademark misuse will grow exponentially.

    Here are a few examples of potential risks with ngTLDs:

    1. Pharming, spoofing, and other fraudulent activity. Pharming is the redirection of a user to an illegitimate website through technical means using malicious code, and usually involves a recognized domain name to make the user believe he or she is at a legitimate website. Spoofing is related and involves a fraudulent website, again with a recognized domain name that masquerades as a legitimate site. Typosquatting is intentionally misspelling a trademark or otherwise creating a typographical error in a domain name to draw traffic from users who unintentionally misspell a domain name for a site where the user wants to go. Domain names play a role in these fraudulent activities and contribute to the capture of sensitive information from a consumer. For example, a website could be created that has windows asking for a consumer’s bank or other website user ID and password. A less sophisticated or distracted consumer may enter the information before recognizing that the website is fraudulent. The obvious conclusion is that the website owner could take the information and use it to access the accounts of consumers who were misled by a typosquatted domain name.
    2. Loss of goodwill. Brand owners spend considerable time and money developing their brands and the associated goodwill. They must address any activity that degrades that goodwill and devalues the brand. For example, a domain name that includes a brand that leads to a parking or landing page may lead consumers to believe that the business is dead. Domain names that lead to poor-quality sites may create a bad first or lasting impression. Domain names and cybersquatted websites can be used by competitors, angry customers, or former employees to destroy goodwill.
    3. Tarnishment. Tarnishment is a separate and more destructive problem. Tarnishment involves websites that are not just poor quality, but also promote products or services or encourage discussions or views about activities that misuse and tarnish a brand. For example, one typosquatted domain name directed traffic to a website that displayed provocative images and discussed gaming and prostitution. There is no data on how many users or potential customers may have visited the page, and hopefully the consumer would understand that the website is not affiliated with or sponsored by brand owner, but there is the potential for tarnishment of the brand owner’s brands. Allowing the use of a brand in a domain name that leads to a site inconsistent with the brand is like a sign on a building saying it is a Costco or Target store that instead offers gambling and the sale of illegal substances.
    4. Regulation. Although there may not be much regulatory activity in this arena now, it is critical to be vigilant in watching for new regulatory guidance on how to manage issues with domain names. This is particularly true in highly regulated industries, such as banking and healthcare.

    Available Strategies

    There are two potential categories of strategies for brand owners to address concerns: (1) a proactive strategy, using ngTLDs to their benefit; and (2) a defensive strategy, defending against trademark misuse.

    It is still too early to tell how the ngTLDs will change Internet marketing strategies and consumer behavior. It is safe to assume, considering the economic investment made in ngTLDs, that they are here to stay and that there will be changes, but whether they will be accepted by Internet users and how registrants of the domain names will use the ngTLDs are still not clear. However, it is not too early to plan for the protection of brands using both proactive and defensive strategies.

    Brand owners may make the business decision to watch and monitor, and not spend significant time or resources on, domain-name management; however, there should be a brand protection plan in place. Ignoring the problem and hoping it will go away is not a strategy.

    Proactive Strategies

    It is not yet clear how the introduction of ngTLDs will change marketing strategies and consumer behavior. However, there are two proactive strategies that should be adopted by all brand owners:

    1. Identify ngTLDs on a watch list. Not all of the ngTLDs will be relevant to most businesses, but some will be. For example, real estate brokers and agents will want to register under .realtor, banks under .bank, insurance companies under .insurance, wedding planners under .wedding, and the list goes on. The brand owner should create a watch list not only for registration of core brands under the ngTLDs on the list, but also for monitoring purposes, as discussed later.

      Core brands are trademarks that are the most widely used and recognized brands of the company. The overall brand or name of the company under which products and services are sold is a core brand. The trademarks on the most popular or highest selling products or services are core brands. Taglines and slogans may be core brands if they are widely recognized and add significantly to the marketing efforts of the company. Trademarks that may not be considered core brands are those for products or services that are secondary and not part of the main group of products and services offered by the company. Other source identifiers that are not prominent or that are not perceived to have significant economic value are not core brands.
    2. Identify the brand owner’s core brands and register the core brands as second-level domain names, including those under ngTLDs on the watch list. Registration of domain names under ngTLDs is generally very inexpensive, especially relative to the cost of other remedies. A good strategy is to not only register domain names that incorporate core brands, but to include registrations for potential typosquattings of core bards and noncore brands as well. If domain names are not registered now, it may be too late in the future. Inaction will quickly wipe out potential options for adopting domain names using core brands under relevant ngTLDs in the future.

    Defensive Strategies

    In addition to existing strategies available prior to the launch of ngTLDs, ICANN recognized the need to offer greater ability to protect brands, so several new brand-protection mechanisms have been made available. These are recommended strategies to minimize the potential negative impact of the introduction of ngTLDs. These strategies generally apply to core brands or trademarks.

    1. Register all core brand or trademarks with the Patent and Trademark Office. Federally registered trademarks provide several benefits to brand owners, including the exclusive right to use the trademark in all 50 states and to enjoin the use of infringing trademark by others. Generally, the use of a trademark in a domain name does not constitute use in commerce, so a trademark infringement action is not a recommended strategy. However, federal registration of a trademark is a necessary precondition, or substantially helps, when implementing the other defensive strategies identified below.
    2. Register all federally registered trademarks in the trademark clearinghouse (TMCH). The TMCH is a new creation with the introduction of ngTLDs. Registration of a trademark in the TMCH provides several potential benefits:
      1. When a new domain name is registered under an ngTLD that includes a second-level domain name that is identical to a trademark registered in the TMCH, the TMCH will give notice to the domain-name registrant that the registered domain name includes a federally registered trademark of another. If the domain-name registrant proceeds with the registration, the TMCH will give notice to the trademark owner of the registration, which will then provide the trademark owner with an opportunity to take appropriate action. That action may include monitoring the website to which the domain name resolves, or pursuing another strategy identified below.
      2. When an ngTLD is launched, there is a sunrise period during which domain names may be registered on a priority basis with a trademark registered in the TMCH. This allows the domain name to be controlled at a minimal cost before registration is open to the public. This may be coupled with the offensive strategy discussed above essentially to take domain names with a brand owner’s trademark out of circulation before others register them.
      3. Other brand-protection mechanisms require registration in the TMCH as a condition to using the other mechanisms.
    3. Register abused domain-name labels. The TMCH will not give notice to the domain-name registrant or the brand owner if the trademark included in the domain name is not the identical trademark, which means typosquatting is not covered by TMCH registrations. However, if the brand owner files and is successful on a UDRP action (as described in number 5 below) such that the domain name is transferred to the brand owner, the TMCH will allow that string or domain name which is slightly different from the registered trademark to be registered in the TMCH and be treated as if the modified domain name were registered in the TMCH as a federally registered trademark.
    4. Register all TMCH registered trademarks under the domain protected marks list (DPML). As indicated previously, ngTLDs are managed by domain-name registries. Within limits, the registries establish the rules and guidelines for the registration of domain names under the ngTLDs. Some registries have applied for and been awarded several ngTLDs. For example, the Donuts registry has approximately 200 ngTLDs, and the Rightside registry has approximately 40. Both of these registries will allow trademarks that are registered in the TMCH to be registered with the registries. Whenever an applicant seeks to register a new domain name under an ngTLD managed by the registry, and the second-level domain name is the registered trademark of a brand owner that has registered under the DPML, the registry will block registration of the domain name. This means that, by simply registering a trademark under the DPML, potentially hundreds or thousands of problematic domain names could be blocked.
    5. File Uniform Domain Name Dispute Resolution Policy (UDRP) actions when a core brand is misused and the ngTLD is on the watch list. The UDRP provides a mechanism for forcing a transfer of a domain name to a brand owner. If a domain name is registered and used in bad faith, the brand owner may be able to have an approved arbitration forum force a transfer of the domain name to the brand owner. The process is handled by an arbitration forum, such as the World Intellectual Property Organization or the National Arbitration Forum (now Forum), and generally takes less than three months for a decision. The cost is substantially less than litigation. The biggest challenge with UDRP actions is deciding whether to file. There are potentially countless iterations of typosquatted brands that can occur with domain names. Obviously, it makes no sense, economically or otherwise, to pursue all of them. Some factors to consider include whether the typosquatting is close to a core trademark, the ngTLD is on the watch list, the ngTLD is particularly relevant, and the risk of consumers directed to an inappropriate site is high. Not all ngTLDs are relevant to a business. For example, .xyz is now the most popular of all ngTLDs and could essentially become another .com. Based simply on the popularity of the domain name and its exposure, brand owners should seriously consider taking action under the UDRP.
    6. Consider actions under the Uniform Rapid Suspension System (URS). The URS is a less expensive alternative to UDRP actions, and decisions are rendered more quickly; however, the downside to a successful URS action is suspension of blocking of the domain name. Control or registration of the domain name is not transferred to the brand owner. In cases where a quicker resolution is necessary, or the brand owner simply needs time to consider other options, this may be a good course of action.
    7. File a lawsuit under the federal Anti-Cybersquatting Consumer Protection Act (ACPA). Litigation is expensive, time consuming, and potentially destructive to a business. Often the only winners are the lawyers. Sometimes litigation is necessary, however, and statutes such as the ACPA can be helpful in reaching a quick resolution to a domain-name dispute. Under the ACPA, a person is liable to the owner of a mark if the domain-name registrant has a bad-faith intent to profit from the brand owner’s trademark and the registrant registers, traffics in, or uses a domain name confusingly similar to the brand owner’s mark. There are several factors courts may use to determine whether the registrant of the domain name had the requisite bad-faith intent. Available remedies include transfer or forfeiture of the domain name and statutory damages in the court’s discretion of up to $100,000 per domain name. For negotiating purposes, that number may get the attention of a domain-name registrant.
    8. Defensive registration of offensive or risky domain names, including .sex, .porn, .adult, .xxx, .sucks, and others on the watch list. The cost of registering a domain name usually is insignificant. Sometimes instead of waiting for someone else to register a domain name, and then taking affirmative steps to deal with the problem, it is much easier and much less expensive to simply register domain names using core brands under the ngTLDs where brands may be abused or misused. There are several ngTLDs that most brand owners would not want associated with their brands. For example, most brand owners would likely not want to have their core trademarks associated with .sex, .porn, .adult, or .sucks, so it would be better to register the core brands under these ngTLDs and control those domain names. The cost of registration for most of these is less than $100 per year and is inexpensive insurance. Registration information for domain names generally is publicly available, so it also makes sense to register the domain names using a proxy service so that the core brand is not associated in any way with the offending ngTLD.
    9. Monitor domain name registrations for potential abuse. There are services available to monitor for domain-name registrations. The TMCH will provide some notices, but the scope of monitoring should be broader than what is provided by the TMCH alone. Without monitoring, brand owners will not know what potential activity is occurring and whether any of the risks identified above are realized. Without knowing the risks, meaningful decisions cannot be made about how to address and manage them.
    10. Prepare and follow a budget. Given the exponential growth in ngTLDs, it is critical to establish and follow a budget for domain-name management. It would be very easy for domain-name management to get away and begin to consume more of the marketing or other budget than was intended or would be appropriate.

    The key to your brand-protection strategy is to consider the potential risks of having core brands used in domain names in ways that are damaging to those core brands and to the associated goodwill. Making consistent, strategic decisions about how to proceed should follow the consideration of risks. Waiting for the dust to settle is probably not a great strategy. Generally, brand owners spend considerable resources on building goodwill, and such effort should not stop when it comes to the new world of brands on the Internet.

    John H. Rees

    John H. Rees is a corporate and intellectual property lawyer at TechLaw Ventures working with clients to develop strategies and solutions for complex legal challenges and managing legal risk in a dynamic business, legal, and regulatory environment.