Over the past few years, the internet’s naming system has been undergoing a profound change initiated in June 2011 when the Internet Corporation for Assigned Names and Numbers (ICANN) started a programme to allow any organisation to apply for a new generic top-level domain (gTLD). Now, in addition to .com, .fr or .be, you can find domain names under top-level domains (TLDs) including keywords (.music), cities (.paris), industries (.bank) and brands (.yahoo). ICANN received 1,936 new gTLD applications in 2012 and plans to open further application rounds in the near future. We are now eight years into the programme, with over 1,500 TLDs now operational. Yet, despite the fact that some gTLD applications are still being processed, there are calls for a next round of applications; some even call for a permanent window. Companies such as Twitter – which let the 2011 round pass – are among the brand owners already lining up for this future internet naming expansion. A Subsequent Procedures working group within ICANN has already finished reviewing the first new gTLD application round and has proposed initial recommendations for the second round. These initial recommendations deal with, inter alia, the rules of eligibility, the application process, timing, costs, geographic names, objections, string similarity, etc. For example, with regard to string similarity, the working group has recommended to prohibit the delegation of both singular and plural versions of the same word as coexisting gTLDs. During the first round, gTLDs such as .car and .cars have both been delegated but similarity issues arose in other instances. Additionally, the allocation of new gTLDs on a first-come, first-served basis has also come into question, with certain stakeholders advocating an application system based on subsequent application rounds for different kinds of TLD categories, namely brand TLDs, geographic TLDs, and generic and community TLDs. With internet fraud reaching new highs, many brands see the opportunity to control their link to the root zone of the global internet as a well-justified security investment. What this means for online branding, and indeed the internet naming system as a whole, remains to be seen. Early indications, however, are that change is inevitable. Key in barclays.com and you are redirected to home.barclays. American rapper 50 Cent hosts a fan page on 50inda.club. Google uses its .new gTLD to allow users to quickly create new documents, for example by typing document.new in their browser. Social causes are also capitalising on the easier-to-remember naming conventions possible with new gTLDs; for example, autism research funded by concerts is promoted at autism.rocks.
At the same time, internationalised domain names – domain names written in non-ASCII characters such as Cyrillic or Pinyin – are also now widely available. While still presenting some technical challenges (in other words, universal acceptance) this development sets the scene for the billions of non-native-English internet users to access websites in their native languages. Consequently, the use of internationalised domain names for purposes of cybersquatting, notably typo squatting, has also emerged. Typo squatters take advantage of the resemblance of several non-ASCII characters to Latin characters to register domain names that are virtually identical to the trademarks of brand owners. For example, the domain name ‘gettıngthedealthrough.com’ will lead internet users to believe that it redirects to Getting the Deal Through’s website. However, the domain name makes use of a dotless Turkish ‘ı’ instead of the dotted Latin ‘i’. The fact that internet users will often not be able to distinguish between domain names using ASCII and non-ASCII characters may make internationalised domain names prone to phishing or other fraudulent uses.
When the new gTLD programme moved from concept to reality in 2011, a significant number of brand holders expressed concern over the lack of attention to the protection of their digital assets. Cybersquatting was a growing problem for organisations within the 300 or so existing TLD names at the time, with the general feeling that the domain name industry as a whole was not doing enough to prevent intellectual property abuse and infringement. The introduction of new gTLDs indeed brought new challenges for brand owners and other organisations, whether they had applied for a gTLD or not. The following are only a few of the questions that the introduction of new gTLDs raises: what should you do if a company has applied for a gTLD that is identical or confusingly similar to your brand or business name? What should you do if a competitor has applied for a gTLD that captures your industry? When should you consider registering domain names in the new gTLDs? Can registration of domain names resembling your own brand or existing domain names (in other TLDs) be blocked in a new gTLD?
Meeting the challenges will require monitoring the introduction of new gTLDs, spotting and analysing any issues as they develop, considering strategic options and navigating the complex world of internet governance. There is a wide range of actions that may need to be considered, from strategies for defending an application to contesting the applications of others. Brand holders will want to protect their trademarks and existing domain names in the new internet space.
The number of domain name registrations has already risen over 340 million and is expected to keep growing significantly. Monitoring and contesting domain name registrations will grow proportionately. However, brand owners are facing new challenges in that regard. Most notably, the introduction of the General Data Protection Regulation (GDPR) in the European Union on 25 May 2018 has had a monumental impact on the WHOIS registration data directory services. The WHOIS system contains information on registered domain names and their holders, and is used by various interested parties, such as intellectual property owners and law enforcement authorities, to investigate crime and infringements online. Before the GDPR came into effect, all of this information, including the identity and contact information of the domain name holders, was publicly available for all gTLD domain names. However, after 25 May 2018, most of this information, such as the domain name holder’s name, phone number, postal address and email address, was redacted for the public to protect the personal data of domain name holders. Currently, an expedited policy development process is being conducted within ICANN to implement a reasoned and balanced WHOIS policy by 25 May 2019, including a uniform mechanism for access to non-public WHOIS information.
With over 1,200 new gTLDs launched since 2012 without any major restrictions, unprepared brand holders face the headache of formulating a strategy that balances the opportunity the evolution of the internet brings with the threat of cybersquatting and ultimately reputational damage to their brands. It would be foolhardy for any brand, irrespective of how deep its intellectual property pockets, to be expected to register its trademarks in every one of the 900+ open TLDs. While we did see some brands follow this strategy when the first dozen or so were released in January 2014, it soon became apparent that there was no need for registrations in each and every one – an organisation really did not need to proactively own a .bike, a .plumbing and a .kitchen unless it really was operating across many verticals.
The concerns of brand holders were heard and a number of measures were put forward to protect brand holders’ digital assets when the programme moved into the launch phase in 2013. This sixth edition of Getting the Deal Through – Domains & Domain Names is meant to guide aggrieved parties in the gTLD and domain name sphere and help them vindicate their interests through domain name disputes, both in court and through alternative dispute resolution procedures. We focus on ICANN’s rights protection mechanisms regime (including the Trademark Clearinghouse (TMCH) and the Uniform Rapid Suspension (URS)).
Whereas the URS does not seem to have become very attractive, one of the most successful instruments put in place was the creation of the TMCH. ICANN stipulated that the main purpose of creating a central database of trademarks was to enhance the protection of intellectual property. A total of nine applicants applied to run the service, with Deloitte eventually being chosen to build the central repository that every new TLD registry would have to connect to and provide authentication and validation services. The TMCH would provide an early warning system for trademark holders should someone attempt to infringe their intellectual property during the initial registration phases of each TLD. Additional mechanisms such as the TMCH’s TREx or Donuts’ DPML allow trademark holders to effectively block domain name registrations under specific TLDs.
While the current number of valid objects in the TMCH is significantly less than the estimated number, it has proved to be effective in preventing cybersquatting and intellectual property abuse in the Trademark Sunrise application period. The early warning system of presenting a potential breach of trademark notice to would-be applicants in this initial registration phase has proved to be over 90 per cent effective (ie, only one in every 10 domain names is registered once the warning notice is displayed). Any organisation that has utilised the TMCH essentially gets a first-mover advantage in securing its digital assets. The opportunity to get one step ahead of the competition is of paramount importance to some brands, and that is the opportunity the TMCH delivers.
As a cost-effective rights protection mechanism, the TMCH has proved to be the most successful element of the new gTLD programme so far, and with some of the most eagerly anticipated and potentially most popular TLDs yet to be released, it is still not too late for brand and trademark holders to take advantage of the benefits it offers as well as the protection it can bring.
Alternative dispute resolution centres such as the World Intellectual Property Organization (WIPO) Arbitration and Mediation Center provide time- and cost-efficient alternatives to court litigation to resolve domain name disputes. The benchmark Uniform Domain Name Dispute Resolution Policy (UDRP) has resulted in the processing of tens of thousands of cases over almost 20 years.
Aside from pioneering the UDRP itself, WIPO championed paperless pleadings in 2009, and provides a free online searchable legal index of UDRP panel decisions and the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, which is often said to be a practitioner’s bible for UDRP cases.
2019 also marks the 20th anniversary of the UDRP. Since the initiation of this global procedure in 1999, WIPO has administered over 42,000 UDRP cases.
All of these developments make the life of a practitioner exciting, intense and innovative when it comes to resolving disputes in this dynamic world of abbreviations.