A few weeks ago, we reported that Equifax was successful in wresting over 125 domain names from squatters who were hoping to cash in on the publicity behind the Equifax security breach.  For those that have been in a sensory deprivation tank for the last few months,  on September 7th of this year, Equifax Inc. announced a cyber security breach that could potentially impact 100 million US consumers. On December 5th, the World Intellectual Property Office issued a second decision involving Equifax related domains against a different Respondent with a well reasoned opinion that requires the transfer of some, but not all of the domains stating that “Scandals spawn hashtags and disasters breed domain names”.

Warpaint Resources LLC had registered 135 domain names the next day.  These include EFXbreach.biz, EFXbreach.club, Equifax breach.guru, etc. (the “28 domain names”), efxhack.attorney, equifaxfuckedme.com, equifaxhackedus.com (the “107 domain names”).   Warpaint argued that the domain names were not confusingly similar.  Warpaint claims it was retained by an attorney to develop a communication strategy  to provide information to consumers about the data breach and regarding the possiblility of filing individual and class action lawsuits against Equifax.  The 28 domain names were transferred to Equifax Inc. while the Respondent retained ownership of the 107 domain names. The panel had no issue in concluding that all 135 of the domain names met the confusingly similarity requirement for establishing standing.  The panel also determined that some of the marks fell into the  category of fair use for purposes of asserting a legitimate interest in the Domains. Those domains that trigger an inference of affiliation with Equifax’s rights (the 28 domain names) that include the more neutral term of “breach” in association with the Equifax trademarks.  The panel found that these domains were inherently likely to engender confusion as to source or affiliation and are likely to “misleadingly divert consumers…for commercial gain”.  The panel concluded that the Respondent had legitimate interests based on the nature of the 107 domain names that included terms like “hack”, “lawsuit” and “equihax” as it was unlikely to cause confusion as Equifax would not utilize such domain names itself nor would it be likely that consumers would believe that such domains emanated from Equifax.  Therefore, the 107 domain names were not transferred.

The panel did issue a cautionary note to the Respondent that if they were to turn to a pay per click (PPC) monetization of the 107 domains, the panel might view these domains differently and even mentioned that allowing domain names that incorporate or mimic another party’s trademarks to be used for monetized PPC landing pages is irresponsible, unfair to the trademark owner and inconsistent with Respondent’s obligations under the registration agreement. The panel then takes the “unusual step of entering this Decision expressly without prejudice” so that Complainant may refile a Complaint after either websites are published or if any of the domains continue to be used by third party advertising landing pages after a reasonable transition period.

So.  Today’s lesson incorporates a few thoughts:  It is potentially legitimate to utilize another’s trademarks in your domain names if there is a legitimate fair use of the trademarks.  However, companies defending their trademarks are encouraged to continue to monitor the domain registrations and subsequent webpages that resolve from the domain names. All may not be lost.

On September 7, Equifax Inc. announced the cyber security breach that could potentially impact 100 million U.S. consumers. In addition to Equifax’s main website, Equifax.com, the company set up a dedicated website — www.equifaxsecurity2017.com — for consumers wanting to confirm whether their information was breached.  Between September 8 and September 15, China Capital Investment Limited filed in excess of 125 domain names that included multiple typosquatting versions of the website including equifaxdatabreach2017.com, equifaxsecuriy.com and 2017equifax.com, to name only a few. The domains were connected to monetized parking pages with a banner announcing that the domain name was for sale.

Equifax filed a Complaint with the World Intellectual Property Organization (WIPO) requesting transfer of the domains.  In the complaint, Equifax alleged not only that the domains were identical or confusingly similar and that China Capital had no right or legitimate interest — pretty standard stuff.  In the allegation that the domains were filed in bad faith, Equifax went on to allege that China Capital has been on the receiving end of many similar complaints from well-known trademark owners.  Combined with the monetized site as well as the offer for sale, the WIPO Panelist had little difficulty in assessing bad faith.

The case also reiterated that while failure on the part of China Capital to respond to the complaint was not fatal to China Capital’s case.  The burden of proof is still on the party filing the complaint. The panelist is allowed “in the absence of exceptional circumstances to draw such inferences as it considers appropriate.”  See WIPO’s administrative panel decision.

A good practice tip:  whether good news or bad news is being communicated from a company, a watch of new domain names should be considered.  Take immediate action and review whether the respondent has been determined to be a serial squatter.

The World Intellectual Property Office (WIPO)  has released its 2016 Uniform Dispute Resolution Proceedings (UDRP) statistics.  http://www.wipo.int/pressroom/en/articles/2017/article_0003.html. The overall number of new cases increased by 10 percent over the previous year. WIPO indicates that this surge of new cases relates to the new generic Top-Level Domains (gTLDs) that have come online during the year.

Trademark owners filed 3,036 disputes involving a total of 5,374 domain names. It appears that .XYZ (321 domain names disputed), .TOP (153 domain names disputed) were the most common of the new GTLDs to be involved. That number still pales in comparison to the number of domain names disputed in the .COM (3135 domain names disputed), .NET (272 domain names disputed) and .ORG (129 domain names disputed).

The United States accounted for 895 cases being instituted with a corresponding 680 cases where a US entity was the Respondent. France came in second, with 466 cases being brought by a French entity. China took the honors of being the second most likely source of Respondents to actions, with 473 cases.

So, what does this mean? It appears that the original gTLD’s, in particular .COM is still the most contested (and sought after) domain address. That doesn’t appear to be going away anytime soon. It also means that with the increase of the new gTLD’s, trademark owners should consider monitoring their trademarks in the .XYZ and .TOP gTLDs in addition to the .COM gTLD. While it would be great to watch trademarks in all of the new domains, it can be financially prohibitive. Choose your battles, win the big wars.

In a World Intellectual Property Office (WIPO) domain name decision, WIPO has ordered the cancellation of 175 domain names that include the famous Range Rover, Land Rover and Jaguar trademarks. The domains were registered in the .au ccTLD by the Trustee for the Trivett Family Trust (Trivett). Representative samples of the domains include rangeroverservicecentre.com.au., jaguarhybrid.com.au and landrover.net.au. Jaguar Land Rover (JLR) submitted its complaint in August. The decision was rendered on October 10, 2016. The ownership of the Jaguar, Land Rover and Range Rover marks was not in dispute. Trivett submitted that the domains were acquired by Trivett for the purposes of developing a proposed “Maintain My” web platform that would connect consumers to a range of service providers, including manufacturers of both genuine and non-genuine automotive spare parts.

JLR submitted that the use of well-known trademarks together with geographic or descriptive terms creates a domain name that is confusingly similar to the well-known trademark. Furthermore, JLR did not license or permit Trivett to use the trademarks, nor was the proposed use of the trademarks tantamount to a bona fide offering of goods and services. Trivett relied upon the test set out in the Oki-Data Americas, Inc. v ASD decision that sets out four minimum factors used to help decide whether there was a bona fide use of the domain name. Those factors include:

  1. The respondent must actually be offering the goods or services (Trivett had said that it was going to use the names starting in 2017 as part of its “Maintain My” platform);
  2. Only genuine trademarked goods could be sold on the website;
  3. The site must accurately disclose the relationship between the registrant and the trademark owner, and may not falsely suggest that the registrant is the trademark owner or is an official site; and
  4. The respondent must not try to corner the market in all domain names (175!) depriving the trademark owner of its own use of the mark.

The WIPO panel discussed that the decision may have been different had Trivett been able to show development of its “Maintain My” mark and if they could show that they actually sold JLR vehicles and they had not registered 175 domains.

The result: Oki-Data is still a reasonable test for the bona fide intent. It just so happened that Trivett did not qualify for any of the prongs of the test.

In a recent February 15 decision by the World Intellectual Property Organization (WIPO), approximately 40 domain names were ordered transferred from their registrants to Yahoo! (WIPO Case D2015-2323). The domains included yahoopasswordreset.com, yahootechnicalsupport.net, yahootechsupport.net, yahoosupportnumber.com, yahoo-customerservice.com, yahoomailcustomersupport.com, yahoo-tech-support.com, etc. The domain names were registered by multiple parties, however, Yahoo! was able to identify common management and control of the parties. Yahoo! alleged that the registrants sought to obtain remote access to users’ computers through a phishing scheme that compromised users’ personal and sensitive information for financial gain by “spoofing (Yahoo!’s) technical support.” This common control was established through the use of the same MSN email account, the same IP address and the same physical address in the registration details. There were also similar patterns of operation that were established.  Yahoo! filed extensive documentation to identify the patterns and the WIPO panel was convinced.

Only two of the registrants sent communications in response to the WIPO notices. The first originally claimed that they were doing nothing wrong, and then subsequently denied any connection to the website. The other merely stated that they were no longer associated with the domains.

The WIPO panel had little trouble establishing the three prongs of the test:

1.  The disputed names are identical or confusingly similar to a trade mark or service mark owned by Yahoo!.

2.  The registrants have no rights or legitimate interest to the domains:

The panel stated that “Phishing” is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user Ids, passwords, etc. A fake website or email address is created that is similar to that of a legitimate organization and this is used for identity theft and other predatory activities. See, e.g., Halifax plc. v. Sontaja Sunduci, WIPO Case No. D2004-0237. The domains in question resolve to websites that give the impression of being customer support or are used for email accounts.

3.  The disputed domain names have been registered and are being used in bad faith:

The panel believes that establishing a phishing website is a strong example of bad faith. “Such conduct is squarely of the type that the Policy is designed to prevent.”

While the common control may not have been immediately evident, the WIPO panelist was quite willing to determine the common control. When dealing with multiple entities, it would pay dividends to have as much evidence gathered at the time of filing and to be prepared to go back and identify other linking factors. The Uniform Domain-Name Dispute-Resolution Policy (UDRP) process can move quickly. Yahoo! filed its initial action in late December 2015, and a decision was issued on February 15, 2016.

Healthcare giant, F. Hoffmann-La Roche (Roche) filed for and was awarded the transfer of 74 domain names that had been registered by multiple individuals. Roche had filed with the World Intellectual Property Organization (WIPO), for the cancellation and transfer of domains that included Roche’s pharmaceutical product names Accutane, Bactrim and Xenical. The domains were allegedly held by members of a criminal network and a known cybersquatter.

The most interesting aspect of this case is that Roche was able to combine several different respondents under a single complaint. The domains were in the name of more than half a dozen different individuals allegedly located in Russia and China. The WIPO terms allow for the Consolidation of Proceedings where either the domains are owned by the same individual or entity, or that the complainant can demonstrate that the disputed names or websites that the domains resolve to are subject to common control and that the panel determines that consolidation would be procedurally efficient, fair and equitable to all parties. Respondents failed to file any response.

The second issue that the WIPO panel faced was the determination of which language should be used. The panel determined that English should be the language of the proceeding based upon the determination that the Respondents were part of a criminal enterprise in an earlier domain dispute which was conducted in English without any objections, the domain names incorporate only English words and phrases, showing that the Respondents should be capable of communicating in English, several of the domains had identical contact information which was subject to English registration agreements, the fact that the proxy server for the domains was located in China does not necessarily mean that the registrants were located in China, and that to conduct separate parallel proceedings in Chinese would serve to add costs and delays to the process. Finally, all communications regarding the complaint were sent to the parties in both English and Chinese.

The panel confirmed that the domains were identical or confusingly similar to Roche’s trademarks, that the respondents had no right or legitimate interest in the trademarks and that the domains were registered and used in bad faith. The link to the WIPO decision can be found here.

 

For both new and existing businesses, new generic top-level domains (gTLDs) offer increased flexibility and opportunities for an expanded online presence. A gTLD is the part of a web address that comes after the “dot” (“.”). Historically, gTLDs were limited to only a few, such as “.com,” “.org” or “.net.” However, in 2012, the Internet Corporation for Assigned Names and Numbers (ICANN) began accepting applications for new gTLDs, and the first new gTLDs went live in 2013. Some of the new gTLDs are company and brand names such as .Abbot or .Amex, while others are descriptive, for example, .book, .clothing, .flowers and .pharmacy. A list of the new gTLDs and their release dates can be found here. The trademark issues arising out of the new gTLDs are many — here we explore their impact on trademark applications both for new applicants and existing trademark holders.

Generally, the new gTLDs will have little impact on the trademark application process aside from choices for trademarks that might also double as domain names. That is, the process to register yourname.shopping will be the same as the process that has applied to registering yourname.com. In both instances, the mark must be distinctive and in use. In addition, unregisterable matter, such as descriptive or generic terms and non-source-identifying gTLDs may need to be disclaimed. In our example, “.com” and “.shopping” are both technically unregisterable matter. With that said, in many instances the U.S. Patent and Trademark Office (USPTO) has allowed such marks to register, without any disclaimer of the “.com” or “.shopping” portion of the mark. Thus, applications for marks that include a non-source-identifying gTLD are likely to receive the same treatment by the USPTO as marks did before the introduction of the new gTLDs.

If a gTLD has source-indicating significance (.yourbrand), it may be registrable as a trademark. However, not every gTLD will qualify as a trademark. If the proposed mark is perceived merely as part of a website address, it will not be registrable. In addition to the requirement that the trademark is source-identifying, the applicant of such a mark will have to show that (1) he/she has registered the gTLD with ICANN, and (2) the services provided will primarily be for the benefit of others. As of now, there are few businesses or individuals that have taken advantage of this new trademark opportunity. But as these new gTLDs are launched and their presence becomes increasingly important, we may see an increasing number of trademarks composed solely of new gTLDs.

Ikea Systems BV of the Netherlands filed with the World Intellectual Property Organization (WIPO) for the transfer of multiple domain names registered by Michael Herman, an individual located in North Carolina. These domains included names such as custom4ikea.com, ikeaaftermarketparts.com, ideaikea.com, pimpmyikea.com, ikeaaftermarket.com, etc. A full list of domains and the Administrative Panel Decision can be found here. Mr. Herman allegedly was using the domains to steer traffic to a website featuring adult content including pornographic pictures, videos and toys.

Mr. Herman did not respond to the complaint filed by Ikea.

The sole panelist writing the Administrative Panel Decision determined that Ikea was, indeed, a famous mark. Therefore, “well known marks with inherent distinctiveness have the right to prevent any use in relation to any goods and services under trade mark law.” In addition, the panelist found that the marks were identical or confusing similarity in that many of the additional terms (idea, aftermarketparts, custom4, etc.) appear to be pertinent to Ikea’s business. (Author’s note: It would be difficult to imagine Ikea using a domain such as pimpmyikea.com notwithstanding.) The panelist found that Mr. Herman did not have any rights or legitimate interests in the Ikea name and that Ikea had not granted consent to use the domains. Finally, the decision confirmed that the domain names were registered and used in bad faith “by using the domain name [the Respondent] has intentionally attempted to attract, for commercial gain, Internet Users to [its] website or other on line location, by creating a likelihood of confusion with the Complainant’s mark as the source, affiliation or endorsement of [its]website or location or a product or service on [its] website or location.”

This is a true story (well…..kind of…names have been changed to protect the guilty).

I am a technology junkie.  Unfortunately, my addiction to technology led me to buy a first release dishwasher from X.  The dishwasher stopped working the day after the warranty expired.

Sure, I should have purchased a longer warranty.  Sure, I should have bought a proven dishwasher.  Sure, I kicked myself over and over.

I looked for X’s customer service number.  I wanted to make sure that I called a repairman who had the training and know-how to work on the dishwasher.  It took me at least 20 minutes to find a number for X; when I called that number, it took at least 30 minutes to reach the correct department.  When I finally reached the right person, he chastised me for not buying the extended warranty.  Then, I was given the contact information for three repairmen who were trained on my dishwasher.  The first two had gone out of business.  When I finally got a hold of the third one, he had to schedule me a week out.  I was flustered.

When the repairman showed up, he had no idea what was wrong with my dishwasher.  He indicated that he would consult with X and come back the following week.  When he came back, he didn’t have the right parts and, he would have to order them from X.  Of course, for whatever reason, X could not overnight my parts.  It would be another week and a half before the repairman would receive the needed parts from X.  When the repairman showed up again, the parts he ordered did not fix the dishwasher.  This cycle went on for the next six months.  Sure, a smarter person would have just bought a new dishwasher.

At the first month mark, I felt more than just flustered: X could not get parts out to the repairman quickly; and the repairman who was certified by X, but could not fix my dishwasher.  I needed to vent.

I Googled “X customer service” to find an email or snail mail address were I could send my complaints.  To my surprise, GoDaddy® popped up telling me that the domain “xcustomerservice.com” was for sale for a low, low price.  And, so my blogging career started.

I used this venue to catalog my experience with X, and encouraged others to share their experiences.  I even used X’s logo on my website.  Subconsciously, I was daring X to sue me so that I could tell the world about its defective product and its worse customer service.

What could X do to stop me?  X did not register the domain name I used which incorporated X’s name, and I was clearly using X’s name and logo to draw consumers to my site.

X could have litigated the issue.  Courts and judges have the authority to award control and ownership over domain names (just as they have authority to award control and ownership over any other property).  If the action was based on trademark law, X would have to prove that consumers would confuse the product/services I was selling with those products/services that X was selling; that there was a “likelihood of confusion”.

X could have brought action based on Anti-cybersquatting Consumer Protection Act (the “Act”).  Theoretically, the Act made it easier for registered trademark owners to take over domain names that are confusingly similar the registered trademarks.  Under the Act, X would have to establish that I acted in bad faith.  A court would consider the following factors to make a finding of bad faith:

  • Does the domain name holder have trademark rights in the domain name?
  • Is the domain name the legal name of the domain name holder, or some other name that is otherwise commonly used to identify that person?
  • Has the domain name holder made use (prior to the dispute) of the domain name in connection with a bona fide sale of goods or services?
  • Is the domain name holder using the mark in a bona fide noncommercial or fair use way at a web site accessible at the domain name?
  • Is the domain name holder attempting to divert consumers from the trademark owner’s web site in a confusing way, either for commercial gain or in an attempt to tarnish or disparage the trademark mark?
  • Has the domain name holder offered to sell the domain name to the trademark owner (or anyone else) for financial gain without having any intent to use the mark with the sale of goods or services?
  • Has the domain name holder behaved in a pattern of registering and selling domain names without intending to use them in connection with the sale of goods or services?
  • Did the domain name holder provide false information when applying for the registration of the domain name (or do so in connection with other domain names)?
  • Has the domain name holder registered domain names of other parties’ trademarks?
  • How distinctive and famous is the trademark owner’s trademark?

X could sue me under the theory of slander/defamation.  Truth is the defense.

Courts are notoriously slow and expensive.  I’m sure X would want to put a gag on my blog quickly and cheaply – before I could do any more damage to X.

Alternatively, X could bring action under the Uniform Domain Name Dispute Resolution Policy (“UDRP”) created by ICANN and used by all accredited registrars.  Under UDRP, a trademark owner can initiate a relatively inexpensive administrative procedure to challenge the existing domain name.  A trademark holder will win under UDNDR only if ICANN found the following three factors to be true:

  • that the trademark owner owns a trademark (either registered or unregistered) that is the same or confusingly similar to the registered second level domain name;
  • that the party that registered the domain name has no legitimate right or interest in the domain name; and
  • that the domain name was registered and used in bad faith.

X could show that I had no legitimate right or interest in the domain name by showing that I:

  • registered the name primarily for the purpose of selling or transferring the domain name to the trademark owner or a competitor of the trademark owner for a price greater than out of pocket costs;
  • engaged in a pattern of registering trademarks of others to prevent the use of the domain name by the trademark owner;
  • registered the domain name primarily to disrupt the business of a competitor; or
  •  attempted to attract users to a web site for commercial gain by creating a likelihood of confusion with X’s trademark.

The lesson to be learned here?  Have good customer service or, at least, buy domain names that have words that your customer will search for like:  YourNameCustomerService and YourNameSucks.  It is nearly impossible to buy all the domain names that have YourName in it.  However, with a little planning, you can figure out the most important ones.

How did my story end?  Well, X gave me a new dishwasher and that domain name…let’s just say it now belongs to its rightful owner.