With the New Year upon us, we at FairWinds and CADNA are excited to see the many opportunities that technology will bring to businesses like yours during the course of 2017; but, at the same time, we—as you too must be—are concerned about recent incidences of criminal hacking and cybercrime, both state-sponsored and non-state, that are being reported with increasing frequency in world news.

It is now widely understood that a typo domain name, meant to look confusingly similar to a fundraising site for the US democratic party, was the means by which hackers accessed that party’s network and, some say, changed the outcome of the recent US presidential election.

Cybercrime on the Rise According to Recent Study

In our most recent study, we looked at how the practice of typosquatting is impacting top retailers and found an alarming amount of malicious content.

According to this study, 39% of the typos that garner traffic are delivering phishing, ransomware, and download malware via fast flux DNS, a dangerous website deployment system.  In my two decades of experience working with trademark owners, this is the first time that I have seen such a high rate of cybersquatted or typosquatted domains involved in the dissemination of malicious scams.

Scammers are using trademark-rooted domains to cause more harm than ever before, and their bolder cybercrime activities touch more than consumer retail companies and their customers.  We have observed the same worrisome trend in our analyses of similarly constructed datasets across virtually all industry sectors, but financial services and healthcare in particular.

Effective Approaches to Dealing with Cybercrime

While the problems are daunting, I know that we can do better to protect online audiences, as well as defend brands and profits.  One approach would be to develop policies that provide law enforcement and intellectual property owners with a better toolkit to combat these threats.  The CADNA organization is trying to do just this via its role as trusted advisor to relevant committees on Capitol Hill and is well positioned to advance anti-cybersquatting legislation now given the current environment in Washington.

Since policy solutions are macro and long-term in nature, a necessary, complementary approach to combating these threats is through well-considered and targeted enforcement.  When reviewing the daily tally of new UDRP decisions, I frequently see too many wasted dollars spent scooping up worthless, benign domains.  Brands can take care of the most pressing problems with far fewer actions through applying a data-driven analytical approach to limited, yet more effective, enforcement.

Will .FOX Guard the Henhouse?

Branded gTLDs offer a new, exciting method of combating cybercrime and bolstering consumer confidence in the internet because they symbolize the trust we have in brands. However, since more time is required for them to become universally known and understood, and because not all brands have their own secure space, it is important to support the aforementioned approaches to foiling cyber criminals’ plans to misuse brand names at the legislative and brand protection levels.

Cybercrime Protection Outlook for 2017 and Beyond

Despite the obvious challenges of increasingly sophisticated cybercriminals and perpetually inadequate corporate budgets to counteract them, there is reason for hope and optimism. CADNA’s policy agenda seeks to reduce instances of domain cybercrime as a whole through the development of stronger legislative defenses. In the meantime, FairWinds’ sophisticated brand protection strategies offer solutions to today’s acute problems.

We are working to make the internet safer. Will you join us?

Luxury brands are typically very aggressive about protecting their brand names against incidences of online trademark infringement. Protecting their brand names from misuse is integral to maintaining their cachet, supporting their high margins, catering to their customers, and protecting against counterfeits. While the luxury watch market has suffered a downturn this year given lower demand from Hong Kong, there are signs of potential rebound, with increased sales in the UK and select areas of East Asia. We have no expectation of this affecting their critical brand protection activities, and the influx of new gTLDs has created a new realm of potential domain name registrations that these brands must take into account.

Given this starting point, we decided to conduct a study of key Swiss luxury watchmakers, with the goals of assessing (i) whether these brands were protecting their trademarks against infringement in new gTLDs to the same degree that they have been in legacy domains, and (ii) if they are not, whether cybersquatters had stepped in to take advantage of this lapse in trademark protection activity. This study looked at .COM and .CH, the country code TLD for Switzerland, to establish a baseline indicator of brand protection activity and extended beyond these two to look at .BOUTIQUE, .LUXURY, and .WATCH.

Luxury Watch Brands On The Defensive Against Trademark Infringement

For the most part, we found that luxury brands’ typically aggressive trademark infringement protection and defense strategies in legacy extensions held true across new gTLDs. Nearly half of the brands included in the study were found to have blocked avenues of third-party registration or registered themselves all relevant names. Thus, out of the 270 domain names we considered, only 6% were cybersquatted domains, while 73% were brand-owned. (The remainder were a mix of reserved by registry, owned by a different, though legitimate, entity, or available for registration.) Just 0.4% of infringement activity took place in .COM and .CH, while 5.6% was found across the new gTLDs considered. The “worst” extension in terms of infringement rate was .WATCH, although even there most brands have done a good job of protecting their names—there were only 10 cybersquatted domains.

New gTLDs and Trademark Infringement Defense Strategies

That said, there were some more concerning findings. Namely, the rate of mark infringement was found to be 14 times greater in the new gTLDs than in the legacy extensions. These infringements were largely benign, that is, did not feature malware or other malicious content; however, given the extent to which trademark rights protection mechanisms have been discussed with reference to new gTLDs, this difference is worth noting.

Why was there greater cybersquatting in new gTLDs? In keeping with our preliminary research questions, cybersquatting rates reflect either (i) ineffective trademark protection strategies on the part of these luxury watchmakers or (ii) opportunistic cybersquatters registering in available names. The explanation, at this point, is overdetermined. Certainly, not all mark protection strategies are equal. Top-performing in this regard include Breguet, Chanel, Rolex, and Panerai. Lowest-performing in this regard include Movado, Breitling, Ebel, and Audemars Piguet. Brands have had time to secure most significant names in .COM and .CH. Across the newer extensions considered, .LUXURY had the lowest incidence of cybersquatting and the highest registration prices, with registrars charging $433 at minimum—price is clearly a natural impediment to cybersquatting. In contrast, the new gTLD with the greatest amount of cybersquatting had a minimum registration price of only $20.

A Need for More Robust RPMs?

Luxury brands are clearly well-acquainted with the risk of online trademark infringement and have been generally proactive in protecting their marks in new gTLDs. Yet, cheap new gTLDs, in particular, do feature cybersquatting. Brands cannot register all potentially mark-infringing names—this would be too costly—and those scrutinized here have done a fairly good job, but there appears to be room for more robust rights protection mechanisms to be introduced.  While they are most needed across the cheaper new gTLDs, where registration prices do not pose barriers to cybersquatter registrations, more effective deterrents for cybersquatting are necessary across all TLDs.

Online brand protection is an ever-present concern for all name brands. Interestingly, in spite of the extra protections available to it, the International Olympic Committee (IOC) faces the same sets of challenges that we regularly outline in our UDRP-focused blog posts on brand trademark defense cases.  So, while the Olympics is primarily about athleticism, clearly, online brand protection and promotion have become an important part of the event too.

Online Brand Protection Isn’t Just For the Athletes and Sponsors

There are many “brands” present at the Olympics events, but they are not all the same in the eyes of cybersquatters.

Gold medal-winning athletes, such as Michael Phelps, Simone Biles, and Usain Bolt, are the victims of only very minimal infringement of their personal brands via cybersquatting in new gTLDs containing their names. According to our research, these athletes all have their official sites at .com, as do the major Olympic sponsors, some of which are also new gTLD owners, such as Samsung (.SAMSUNG), Bradesco (.BRADESCO) and Bridgestone (.BRIDGESTONE). For example, Michael Phelps’ name is registered as an address in .rocks, .xyz, , and .vip;  Simone Biles’ name is registered as an address in .ninja and .news; and Usain Bolt’s name is registered as an address in .land, .paris, .vip, and .xyz. Despite this, the athletes in question do not own any of these domains; fortunately, none of these domains show evidence of commercial use as the pages either don’t resolve or are simply parked with a standard homepage provided by the registrar. They’re registered, likely, in the event that the legitimate athlete might want to purchase these domains. Official Olympic Brand sponsors, meanwhile, predominantly publicize their Olympic affiliation at the event itself and not on custom websites, thus are not subject to any such cybersquatting.

On the other hand, the IOC’s concerns about online brand protection and promotion are more substantial.  Fearful of “ambush marketing,” that is, when entities not officially affiliated with another entity or event puts out unofficial or misleading information that suggests a legitimate commercial relationship—and a lucrative one at that—the IOC has become notorious for policing illegitimate use of its trademarked terms, which include “Olympic,” “Olympiad,” “Citius Altius Fortius,” “Paralympic,” “Paralympiad,” “Pan-American,” “America Espirito Sport Fraternite,” plus any combination of these terms.

Limits on Olympic Brand Hashtags Might Improve Online Brand Protection

The IOC is concerned not only with domain registrations containing their trademarked terms and related phrases, but also with misuse of these on social media, in written and photo form. Indeed, in the lead up to Rio, the IOC ruffled some feathers by announcing in a letter that “Commercial entities may not post about the trials or games on their corporate social media accounts” and that “This restriction includes the use of USOC’s trademarks in hashtags such as #Rio2016 or #TeamUSA.”  A Twitter search revealed that while other, recognizable brands obeyed this prohibition, both hashtags were nonetheless widely used by individual users not subject to the ban. Given that these individual users are not using these hashtags for commercial activity, their use of them is permitted in the United States, for example, under First Amendment free speech rights.

Special Online Brand Protection Tools Protect Olympic Brand

A typical brand pursuing reclaim of offending domain names will head to the World Intellectual Property Organization (WIPO) or other similar venue to pursue the Uniform Dispute Resolution Policy (UDRP), the IOC has unique tools at its disposal and to its advantage. These include:

• A U.S. statute specific to them, the Amateur Sports Act of 1978, which also established the US Olympic Committee.

• The 1981 Nairobi Treaty on the Protection of the Olympic Symbol, an international treaty administered by WIPO.

• Specific national legislation that protects the Olympic brand trademarks, such as China’s “Regulations on the Protection of Olympic Symbols,” and the 1946 Lanham Act, which, while not specific to the Olympics, serves as the major federal trademark statute of law in the United States and therefore offers protection for the Olympic brand.

It is highly unusual for a trademark to have such special protection via a statue; the only other trademarks that receive similar treatment are the Red Cross and the Red Crescent names and logos.

Online Brand Protection Still a Challenge

Still, as with other brand owners, proving illegitimate and infringing use of a mark requires proof of commercial use. As an example, one individual has, over the years, registered some 150+ domain names based on city name/year combinations that sometimes mirror an Olympics event, such as the upcoming 2020 Olympics in Tokyo (“Tokyo2020.com”). The U.S. District Judge who ruled on this recent case dismissed most of the IOC’s claims as there was no explicit evidence that the registrant was using the domain names for “trade or to induce the sale of goods or services, or for use in commerce.”  Reminiscent of the rationale behind the controversial .SUCKS new gTLD, the registrant argued that the website was hosted solely to permit “A Balanced Discussion” on the event associated with the domain name in question.

The Olympic Games, a 121-year-old celebration of athleticism (while ancient, the first games held under the auspices of the IOC were in 1896), have been successfully commercialized over recent decades to the point where the Olympics brand is a highly valuable sponsorship opportunity for other companies. Though it may not be the stated purpose of the protective statutes, the practical effect of the statutes is clearly an enhanced ability of the various Olympic committees to derive revenue from these famous trademarks. In comparison, private companies, though lacking the benefit of such extraordinary trademark protection, are not left out in the cold and still have the usual enforcement tools at their disposal such as the UDRP, the URS, and traditional courtroom litigation.