Brand Protection on the Internet
Today, trademarks and domain names are interconnected. A web presence is a natural extension of brick-and-mortar business branding.
A web presence means having a domain name. Domain names have become part of a business’s brand. They can carry a message. They also control the ability to direct one or a million consumers to websites that also carry a message. Every business should adopt domain name(s) that incorporate the brand. Every business needs to manage the risks associated with using brands online, particularly when it comes to domain names.
Even if you do not have a web presence, failing to police your brand on the web risks damage to your business. Others may use the web to reach your customers, damage your brand, or infringe your business’s intellectual property.
Brick-and-mortar brands now extend to the Internet. Brand owners have traditionally protected their brands offline. They monitor brand use. If a competitor started using a trademark confusingly similar to the business owner’s mark, they act. The business owner would send a demand letter or sue to stop the infringing behavior and protect the brand.
The need is no different online. The legal issues are slightly different, but the need for vigilance remains.
THE DOMAIN NAME WORLD
There are at least two parts to every domain name, a top-level domain name and second-level domain name. Top-level domain names are the part of a domain name to the right of the last dot (e.g., the “.com” in whatever.com). The part of the domain name to the left of the last dot is the second-level domain name (e.g., the “whatever” in whatever.com).
There generally are two types of top-level domain names: (1) generic top-level domain names (gTLD) and (2) country code top-level domain names (ccTLD). gTLDs are three letters. Originally there were seven gTLDs, including .com, .net, and .org. ccTLDs are two letters. The United States ccTLD is .us.
For years, most commercial domain names used .com as the extension. With exponential growth, new .com domain names are scarce. It has become virtually impossible for users to register their desired domain names using .com.
Recognizing this problem, the Internet Corporation for Assigned Names and Numbers (ICANN), the organization responsible for managing Internet domain names, decided to add substantially more top-level domain names, permitting users to adopt and register domain names that were already taken under .com.
In January 2012, ICANN opened the window to applications for new, generic top-level domain names (ngTLDs) to supplement the originals like .com. As of May, 2016, 995 ngTLDs have been added and made available for new domain names on the Internet. Another 326 were working their way through the process. ICANN has left the door open to more rounds of applications in the future.
Domain-name registries are the organizations responsible for registering and managing all domain names under a specific gTLD. Each registry contracts with ICANN to manage the domain names and maintain the technology behind the domain names. Registries then contract with registrars to register domain names under a gTLD for the registry.
Everyone who registers a domain name through a registrar accepts the terms of a registration agreement with the registrar. This agreement limits rights to those specified in the agreement.
BRAND PROTECTION ISSUES
Brands are source identifiers. They work by creating consumer impressions. To develop strong trademarks, brand owners spend significant money and effort to get consumers to associate specific products and services with their brands. These trademarks become very valuable and bring significant goodwill to the brand owner.
Expanding ngTLDs makes it easier for Internet users to adopt and register domain names without having to rely exclusively on .com or the other more popular top-level domains. Having ngTLDs could change the way businesses market online. For example, .sony could become the go-to ngTLD for anything Sony. The introduction of .bank and .pharmacy could lead to greater consumer confidence when using online banking or pharmacy products.
This could also be a brand owner’s nightmare. Before the introduction of the ngTLDs, cyber squatters were active on the Internet, misusing and abusing trademarks in domain names. Now that there are hundreds of ngTLDs, where each could have countless domain names, the potential for cybersquatting and trademark misuse grows.
Examples of potential risks with ngTLDs include:
Pharming, spoofing, and other fraudulent activity. Pharming is redirecting a user to an illegitimate website through malicious code. It usually involves a recognized domain name to make users believe they are at a legitimate website. Spoofing involves a fraudulent website, again with a recognized domain name that masquerades as a legitimate site. Typo squatting is intentionally misspelling a trademark or a domain name to draw traffic from users who unintentionally misspell a domain name for a site where the user wants to go. Domain names play a role in these fraudulent activities and contribute to the capture of sensitive consumer information. A website could ask for a consumer’s website user ID and password. A less sophisticated or distracted consumer may enter the information before recognizing the website is fraudulent. The fraudulent website owner could take the information and use it to access the accounts of misled consumers.
Loss of goodwill. Brand owners spend considerable time and money developing their brands. Activity that devalues the brand has to be dealt with. A domain name that includes a brand that leads to a landing page may lead consumers to believe the business is dead. Domain names that lead to poor-quality sites may create a bad impression. Domain names and cyber squatted websites can be used to destroy goodwill.
Tarnishment. Tarnishment involves websites that promote products or services or encourage discussions or views about activities that misuse and tarnish a brand. For example, a typo squatted domain name directed traffic to a website displaying provocative images and discussing gaming and prostitution. Allowing the use of a brand in a domain name that leads to a site inconsistent with the brand is like a sign on a building saying it is a branded store that instead offers gambling and the sale of illegal substances.
Regulation. There is not much regulatory activity in this arena now. But one must careful to watch for new regulations on how to manage domain name issues. This is particularly true in highly regulated industries like banking and healthcare.
There are two categories of strategies for brand owners: (1) a proactive strategy, using ngTLDs to their benefit; and (2) a defensive strategy, defending against trademark misuse.
It is uncertain how the ngTLDs will change Internet marketing strategies and consumer behavior. They are here to stay and there will be changes. Whether they will be accepted by Internet users and how domain name registrants will use the ngTLDs is not clear.
Brand owners may make the business decision to watch, monitor and not spend significant resources on domain-name management. Ignoring the problem and hoping it will go away is not a strategy.
There are two proactive strategies that could be adopted:
1. Identify ngTLDs on a watch list. Not all the ngTLDs will be relevant to most businesses. For example, real estate brokers and agents may want to register under .realtor, banks under .bank, insurance companies under .insurance, wedding planners under .wedding, and so on. A brand owner should create a watch list not only for registration of core brands under the ngTLDs on the list, but also for monitoring.
The overall brand or name of the company under which products and services are sold is a core brand. The trademarks on the most popular or highest selling products or services are also core brands. Taglines and slogans are core brands if they are widely recognized and add significantly to marketing efforts.
2. Identify the core brands and register them as second-level domain names, including those under ngTLDs on the watch list. Registration of domain names under ngTLDs is inexpensive, especially relative to the cost of other remedies. A good strategy is to not only register domain names that incorporate core brands, but to include registrations for potential typosquattings of them. If domain names are not registered now, it may be too late in the future. Inaction will wipe out potential options for adopting domain names using core brands under relevant ngTLDs in the future.
ICANN has recognized a need to offer greater ability to protect brands. Several new brand- protection mechanisms are available. These are recommended strategies to minimize the potential negative impact of the introduction of ngTLDs. These strategies generally apply to core brands or trademarks.
Register all core brand or trademarks with the Patent and Trademark Office. Federally registered trademarks provide several benefits, including the exclusive right to use the trademark in all 50 states and to enjoin the use of infringing trademark by others. Generally, the use of a trademark in a domain name is not used in commerce, so a trademark infringement action is not a useful strategy. However, federal registration of a trademark substantially helps when implementing other strategies.
Register all federally registered trademarks in the trademark clearinghouse (TMCH). The TMCH is a new creation with the introduction of ngTLDs. Registration of a trademark in the TMCH provides several benefits:
1. When a new domain name is registered under a ngTLD that includes a second-level domain name that is identical to a trademark registered in the TMCH, the TMCH will give notice to the registrant that the registered domain name includes a federally registered trademark of another. If the domain-name registrant proceeds with the registration, the TMCH will give notice to the trademark owner of the registration, which gives the trademark owner an opportunity to take action. That action may include monitoring the website to which the domain name resolves, or pursuing a strategy identified below.
2. When an ngTLD is launched, there is a sunrise period during which domain names may be registered on a priority basis with a trademark registered in the TMCH. This allows the domain name to be controlled at a minimal cost before registration is open to the public. This may be coupled with the offensive strategy discussed above essentially to take domain names with a brand owner’s trademark out of circulation before others register them.
3. Other brand-protection mechanisms require registration in the TMCH as a condition to using the other mechanisms.
Register abused domain-name labels. The TMCH will not give notice to the domain-name registrant or the brand owner if the trademark included in the domain name is not the identical trademark. Typo squatting is not covered by TMCH registrations. However, if the brand owner files and is successful on a UDRP action such that the domain name is transferred to the brand owner, the TMCH will allow that string or domain name to be registered in the TMCH and be treated as if the modified domain name were registered in the TMCH as a federally registered trademark.
Register all TMCH registered trademarks under the domain protected marks list (DPML). ngTLDs are managed by domain-name registries. Within limits, the registries establish the rules for the registration of domain names under the ngTLDs. Some registries have applied for and been awarded several ngTLDs. Some registries will allow trademarks registered in the TMCH to be registered with the registries. Whenever an applicant seeks to register a new domain name under an ngTLD managed by the registry, and the second-level domain name is the registered trademark of a brand owner that has registered under the DPML, the registry will block registration of the domain name. This means that, by simply registering a trademark under the DPML, hundreds or thousands of problematic domain names could be blocked.
File Uniform Domain Name Dispute Resolution Policy (UDRP) actions when a core brand is misused and the ngTLD is on the watch list. The UDRP provides a mechanism for forcing a transfer of a domain name to a brand owner. If a domain name is registered and used in bad faith, the brand owner may be able to have an approved arbitration forum force a transfer of the domain name to the brand owner. The process generally takes less than three months. The cost is substantially less than litigation. The biggest challenge with UDRP actions is deciding whether to file. There are many iterations of typo squatted brands that can occur with domain names. It makes no sense to pursue them all. Factors to consider include (i) whether the typo squatting is close to a core trademark, (ii) the ngTLD is on the watch list, (iii) the ngTLD is particularly relevant, and (iv) the risk of consumers directed to an inappropriate site is high. Not all ngTLDs are relevant to a business. For example, .xyz is now the most popular of all ngTLDs and could become another .com. Based simply on the popularity of the domain name and its exposure, brand owners might consider taking action under the UDRP.
Actions under the Uniform Rapid Suspension System (URS). The URS is a less expensive alternative to UDRP actions. Decisions are issued more quickly; however, the downside is that control or registration of the domain name is not transferred to the brand owner. In cases where a quicker resolution is necessary, or the brand owner simply needs time to consider other options, this may be a good course of action.
Suing under the federal Anti-Cybersquatting Consumer Protection Act (ACPA). Litigation is expensive, time consuming, and potentially destructive to a business. Sometimes, it is necessary, however, and statutes like the ACPA help in reaching a resolution to a domain-name dispute. Under the ACPA, a person is liable to the owner of a mark if the domain-name registrant has a bad-faith intent to profit from the brand owner’s trademark and the registrant registers, traffics in, or uses a domain name confusingly similar to the brand owner’s mark. There are several factors courts may use to determine whether the registrant of the domain name had the required bad-faith intent. Available remedies include transfer or forfeiture of the domain name and statutory damages in the court’s discretion of up to $100,000 per domain name. For negotiating purposes, that number may get the attention of a domain-name registrant.
Defensive registration of offensive or risky domain names, including .sex, .porn, .adult, .xxx, .sucks, and others on the watch list. The cost of registering a domain name is usually low. Sometimes instead of waiting for someone else to register a domain name and then taking affirmative steps to deal with it, it is easier and much less expensive to simply register domain names using core brands under the ngTLDs where brands may be abused or misused.
There are several ngTLDs that most brand owners would not want associated with their brands. For example, most brand owners would likely not want to have their core trademarks associated with .sex, .porn, .adult, or .sucks. It would be better to register the core brands under these ngTLDs and control the domain names. The cost of registration for most of these is less than $100 a year and is cheap insurance. Registration information for domain names generally is publicly available. It makes sense to register the domain names using a proxy service so that the core brand is not associated in any way with the offending ngTLD.
Monitor domain name registrations for potential abuse. There are services available to monitor for domain-name registrations. The TMCH will provide some notices, but the scope of monitoring should be broader than what TMCH provides. Without monitoring, brand owners will not know what potential activity is occurring and whether any of the risks identified above are realized.
The key is to consider the potential risks of having core brands used in domain names in ways that are damaging to them and to their associated goodwill. Making consistent, strategic decisions about how to proceed should follow the consideration of risks. Waiting for the dust to settle is probably not a great strategy. Generally, brand owners spend considerable resources on building goodwill. That effort should not stop when it comes to the world of brands on the Internet.