Posts filed under 'Legislative'
By Chuck Kisselburg
In the March 28 issue of the New York Times there was an article titled, “Domain-Name Complaints Rise To a High Over Cybersquatting”. The story pointed out that complaints of cybersquatting were up to 2,156 in 2007; an increase of 18%.
To me, that was a large figure. However, it left me with the question of does that figure represent the whole industry or just WIPO? To confirm this I contacted WIPO to learn that the 2,156 figure quoted in the article represents the complaints being handled only by WIPO. So this tells me the number is actually higher.
When looking at ICANN’s UDRP (Uniform Domain-Name Dispute-Resolution Policy) there is a list of “Approved Dispute-Resolution Service Providers”. In my conversation with WIPO I learned that of the approved dispute-resolution service providers, WIPO handles about 50% - 60% of the cases being disputed. So that means of the 2,156 complaints being handled in 2007, the real number of UDRP cases is slightly less than double, or around 4,000 complaints in 2007 alone! What this means is the approximate 4,000 complaints are the complaints being handled by ICANN’s “Approved Dispute-Resolution Service Providers”. Then we need to think about other complaints that may not be going through any of ICANN’s service providers. Anyway, for me, the number is high and signifies this is a definite issue.
This also lets me know, however, that procedures DO exist to handle such complaints; and such procedures are being exercised.
In earlier posts (“Skipping Through the Senate Bill 2661 Mine Field” and “The Opportunity Surrounding Senate Bill 2661”) I discussed, or questioned the need for the Anti-Phishing Consumer Protection Act of 2008 (APCPA), introduced by Senator Snowe, other wise known as S. 2661. The bill’s title leads one to see that the bill’s title indicates the bill is geared around anti-phishing. I am all for this. In fact I received a phishing e-mail today. However, I objected, or more accurately, could not find the need to include a rather large section that addressed domain names. To me the bill feels like a fox in sheep’s clothing as the bill’s name suggests a bill against anti-phishing. Instead the bill not only discusses anti-phishing but seems to be based around the use, or misuse of domain names. What I objected to most was what I consider to be the vaguely-worded definition of what constitutes abuse. To be specific:
Section 3. Phishing; Related Deceptive Practices, (b), (2), (H).
…acquisition of multiple domain names which the person knows are identical or is confusingly similar to the name or brand name of a government office, nonprofit organization, business, or other entity…
So I started researching and found current procedures and laws in place today that rely on similar verbiage.
The Lanham act first enacted in 1947, says:
Title 15, Chapter 22, Subchapter 1, 1051, Section A-3-D.
“…to the best of the verifier’s knowledge and belief, no other person has the right to use such mark in commerce either in the identical form thereof or in such near resemblance thereto as to be likely, when used on or in connection with the goods of such other person, to cause confusion, or to cause mistake, or to deceive, except that, in the case of every application claiming concurrent use…”
The Anticybersquatting Consumer Protection Act in 2000 (ACPA) amended the Lanham Act by adding Section 43(d). The amended language includes the following verbiage:
Section 3002, (a), (d)(1), (ii), (I)
“in the case of a mark that is distinctive at the time of registration of the domain name, is identical or confusingly similar to that mark;”
ICANN’s UDRP includes:
Section 4, “a”, (i)
“your domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights…”
I see the term, “confusingly similar” has been used over the decades when referring to potential trademark infringement. So I humbly eat crow. Hmmmmm…. (Add a little habanero sauce and not bad! But I digress….)
When looking at the various bills and procedures I find the following:
UDRP: If awarded to the complainant, the domain name(s) in question are transferred to the complainant. No other fines are incurred.
With the revised Anticybersquatting Consumer Protection Act (ACPA) the fines are a minimum of $1,000 with a maximum fine of $100,000.
With the Anti-Phishing Consumer Protection Act (or S. 2661) the fines are $250 per violation with a maximum of $2,000,000. The courts would have the discretion to increase the maximum to $6,000,000.
So if I am a person who finds someone with a domain name that is “confusingly similar” to my trademarked name, I can go through the UDRP process, or some other non-ICANN approved UDRP process to have the domain name handed over to me. Once I have the domain name can I then take the former domain owner to court under the ACPA for purposes of cybersquatting to get damages up to $100,000? Once awarded my $100,000, could I then take the same former domain owner to court again under phishing abuse to go after another $2,000,000? Or would the ACPA trump the APCPA, or vise-versa?
This all seems rather inefficient and uncoordinated to me.
Through this process I have also been hearing CADNA (The Coalition Against Domain Name Abuse). While I see they are all against cybersquattting, domain tasting and domain kiting, (which I am too) CADNA states its approach as follows:
“CADNA will work to educate the public, lobby the relevant agencies of jurisdiction in the United States government, and actively communicate with members of Congress. Through these activities CADNA aims to effectively exert pressure on ICANN, propose draft legislation to increase the statutory damages set forth in the Anti-Cybersquatting Consumer Protection Act (ACPA) to take decisive action on abuses by domain name registrars and registrants, and work with the World Intellectual Property Organization (WIPO) to introduce an international anti-cybersquatting treaty.”
Hmmmmmmm…. So while I see a button on CADNA’s home page supporting Snowe’s Anti-Phishing Consumer Protection Act (S. 2661), why are we not seeing a similar button regarding efforts on amending Anticybersquatting Consumer Protection Act, or ACPA? When I look at what all CADNA stands for and I read Snowe’s S. 2661, I see what CADNA is all about in S. 2661. Personally I believe it is clever that CADNA’s charter is basically spelled out in a single Federal bill.
So while cybersquatting complaints are up, while there are several avenues for complainants to pursue their case, of which most are won by the complainant, and while there is a law in place for the complainant to recover any damages, I still feel S. 2661 is a fox in sheep’s clothing.
Call a bill what the bill is about! If we need an anti-phishing bill (ooops, received another e-mail!) then let’s have a bill that addresses anti-phishing. If we need to have damages increased due to cybersquatting, then let’s amend the Anticybersquatting Consumer Protection Act (ACPA) to reflect the increase in damages that can be collected. It has been done once with the ACPA amending the Lanham Act so you know it can be done again. As mentioned in previous posts, I personally do not own any domain names so can not be classified as a “Domainer” – in the best or worst sense of the word. I do, however know “Domainers” who work to ensure their domain names are not infringing upon any trademarks. I know Domainers who are working to develop their domains as unique business units. I do know the Executive Director of the Internet Commerce Association who is working to ensure a code of ethics among domainers and, through experience, have noticed first hand his even-keel approach.
Bottom line? Revise S. 2661 to focus on what the bill’s title indicates; that dealing with phishing. For issues regarding domain names, continue working through established UDRP processes and, if necessary, make the appropriate modifications to the current ACPA. The number of UDRP cases handled by WIPO in 2007 alone indicated procedures are in place and being exercised.
If someone can tell me why we need another bill, such as 2661, that also covers issues regarding domain name dispute resolution when we already have established UDRP procedures as well as the ACPA, please reply to this post as I am interested in understanding the need.
April 14th, 2008
By Chuck Kisselburg
After submitting my last post regarding Senate bill 2661 (S. 2661), I couldn’t help but feel the message was not complete. There was another element that remained to be explored.
While the bill, as is, is definitely in its infancy and, if it survives, will continue through the process with many revisions made along the way. As the bill stands today I still feel it is a bad bill and leaves room wide open for misinterpretation, taking advantage of others by the “bad seeds†of the world and money wasted on MANY lawsuits ahead.
So knowing that there still is a long road ahead, something continued to bug me about my last post. While sipping an iced-tea in one of Portland’s MANY local coffee shops, it hit me.
“OPPORTUNITY!â€
There is no doubt that people and businesses are being harmed through phishing scams. Such scams are something we all hate. However, when you read the Anti-Phishing Working Group’s December 2007 report and the Brandjacking Winter 2007 report , you will find that the phishing community is alive and active. Based on such reports I can see the basis for the bill.
However, labeling an entire community by the actions of a small few is wrong. That’s like saying all Americans are loud and arrogant. Hmmmmm….. Perhaps that was a bad example, but I think you understand what I mean.
What “opportunity†do I see with this bill? As mentioned, there is no doubt that phishing is a problem and, just like domain tasting, needs to end. However the opportunity I see is this is a chance for various organizations to come together to work “together†on providing input to this bill. In my mind I would like to see Congress work with the following consortium:
The Internet Commerce Association, or ICA.
ICANN
Registrars
Registries
The ICA clearly needs to be present as this organization provides the voice for the Domainer community.
ICANN needs to be present as it is their policies that affect the Internet community on a global basis. ICANN is currently working in conjunction with other organizations to build in the policy to squelch domain tasting.
Registrars are the interface between the registries and the Domainer community.
Registries maintain the integrity of their respective TLDs, gTLDs or ccTLDs, live by the policies developed by ICANN and work with the Domainer/registrar community.
I feel it is necessary for ALL groups to be at the table to help provide input into the crafting of this bill.
If Senate bill 2661 never makes it to a vote, or is voted down, other bills will emerge.
So while organizations are busy working in their own respective communities, the “opportunity†is there for all parties to come to the “SAME†table, roll up their sleeves and provide constructive input. This also applies to Senator Snowe’s office. It also behooves members of their respective communities to provide their respective organizations with constructive input instead of expressing frustration or simply complaining. So, if a bill is to come about, and Senate bill 2661 may be that bill, the opportunity is there to educate each other and work together to craft a good bill.
And if people are thinking about an organization needing to make the first move, let me move us all beyond that barrier by saying ICANNWiki.org, this neutral organization for the overall ICANN “communityâ€, based in a Portland State University facility, will be more than happy to provide the stage, both physically as well as virtually, for this conversation or “opportunity†to occur.
March 17th, 2008
by Chuck Kisselburg
On February 25 of this year Senator Snowe, (R) of Maine, introduced Senate bill 2661. The bill, co-sponsored by Senators Ted Stevens, (R) Alaska, and Bill Nelson, (D) of Florida, is aimed at, “protecting Internet users“.
When you read the bill itself it seems pretty innocuous as it starts off talking about guarding against phishing that can result in the massive amounts of phishing e-mails we all receive. The bill states that 59,000,000 phishing e-mails are sent each day. That is STAGGERING! The bill further states that, “According to Gartner, Inc., between August 2006 and August 2007, roughly 3,500,000 United States computer users were victims of phishing scams, and suffered losses totaling $3,200,000,000.â€
However, if you keep reading what you will find are statements like, “Phishing operators utilize deceptive domain names for their schemes. They routinely register domain names that mimic the addresses of well-known online merchants, and then set up websites that can fool consumers into releasing personal and financial information.†As well as “Deceptive domain names, and the abuses for which they are used, threaten the integrity of domain name systemâ€. The bill also notes that “The World Intellectual Property Organization reported in April 2007, that the number of Internet domain name cybersquatting disputes increased 25 percent in 2006.†I couldn’t help but sense the “stage is being setâ€, but for what?
As I read the bill I find information to ensure the accuracy of the WHOIS database, meaning the information contained in WHOIS should be accurate and not contain information that hides the identities of others. OK, I get that. That makes sense, but I know that makes a portion of the domainer community nervous. (I say only a portion because I know a lot of domainers who don’t try to hide their identity.) However, when reading further I stumbled across the below verbiage in the bill:
(b) Deceptive or Misleading Domain Names-
(1) IN GENERAL- It is unlawful for any person to use a domain name in an electronic mail message, an instant message, or in connection with the display of a webpage or an advertisement on a webpage, if–
(A) such domain name is or contains the identical name or brand name of, or is confusingly similar to the name or brand name of a government office, nonprofit organization, business, or other entity;
(B) such person has actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that the domain name would be likely to mislead a computer user, acting reasonably under the circumstances, about a material fact regarding the contents of such electronic mail message, instant message, webpage, or advertisement (consistent with the criteria used in enforcement of section 5 of the Federal Trade Commission Act (15 U.S.C. 45)).
This is certainly “interesting” as, the way I read it, the portion that reads, “such domain name is or contains the identical name or brand of, or is confusingly similar to the name or brand name of a government office, nonprofit organization, business, or other entity†opens the door for anyone to go to a domainer and say that their domain name is “confusingly similar to their name or brand nameâ€. This, despite the fact that a domain owner may have taken the steps to work with a lawyer to ensure their domain names are not conflicting with any other domains or trademarks and have, themselves, trademarked their domain name(s). This bill is SOOOOOOO open that it basically allows business owners, no matter how upstanding, or lowstanding they may be, to go to a domainer, having the domainer turn over the domain name they have purchased and developed in good faith.
After reading this bill I couldn’t help but wonder several things…..
First of all, some people look at domainers as living in the “Wild West†, heading out on their own without boundaries and being reckless. After attending various domainer conferences I know that image is false. However, I can’t help but apply that “Wild West†description to this bill. Keep in mind ICANNWiki.org is neutral and listens to the entire ICANN “communityâ€, but in reading this bill the recklessness, for lack of a better term, is fairly obvious. Is Snowe’s office reaching out and working in concert with the community to try and curb phishing activity? Is Snowe’s office working with ICANN or are they off and running on their own? Is Snowe’s office working directly with the Internet Commerce Association? Or is Snowe’s office running on their own?
Yes, there are domain tasters and there are people who try to tie up domain names that may infringe on trademarks, but from what I have learned that is far more the exception than the norm. So labeling everyone in one community based on the actions of a few is, what I feel, not what this country is about. Regarding domain tasters, the community IS taking steps to bring tasting to a halt.
One of the many things I wondered about was the jurisdiction of this bill. If passed as is, would the teeth of this bill reach beyond the US shores? In dialing into the ICANNWiki.org community I found out that the answer is probably yes. On January 1, 2007 the US joined the Council of Europe Cyber Crime treaty. The purpose of the treaty “…provides for `mutual assistance and extradition among participating nations.’ ” While 30 countries signed the treaty when created in Budapest in 2001, the number of countries currently supporting the treaty today is not easily found. Also, from a jurisdictional perspective, how might this work with, or interfere with UDRP policies that have been established in various countries. For those countries that have not signed onto the Council of Europe Cyber Crime treaty, but have an established UDRP within their country, does this bill seek to work with such UDRPs?
Getting back to the statement, “ such domain name is or contains the identical name or brand of, or is confusingly similar to the name or brand name of a government office, nonprofit organization, business, or other entityâ€, how many times have you attempted to drive to a location only to stop and pause, thinking, “You know…. That looks familiar. Is that my destination?†With that in mind, should the same apply to land? If someone feels their land is confusingly similar to their piece of land does that mean you need to hand the title of your property over to the other person? No!
While this bill has understandably raised much concern by the community, one sage counselor in the ICANNWiki community reminded me that the bill is still in its infancy. One of the things to watch in a bill is if the bill is “partisan†or “bi-partisanâ€. Bills with a “bi-partisan†sponsorship tend to have a stronger chance of going forward. As we know, this bill has bi-partisan sponsorship. While it has been referred to the Commerce subcommittee, one should become more concerned if it winds up in either the Judiciary or Banking committees. Another good signal is to watch what is going on in the Center for Democracy & Technology site. Finally, if this bill progresses through the Senate it will not doubt receive edits like other bills. Also, a similar bill will need to make its way through the House. Bottom line is if the bill ever passes it has the opportunity go filter through both the Senate and the House, with various edits along the way before a single bill is decided upon for vote.
So, while reducing phishing is a good thing, this bill seems to be grabbing at anything associated with the “potential†of phishing. Remember the “Salem witch huntsâ€? That is what this bill reminds me of as it is lumping and affecting large groups of people who should not have to bear the “Scarlet Iâ€.
March 12th, 2008