New Year Brings New Plans by the FTC to Take Down Deceptive Weight Loss Advertisers

BY: Rachel Hirsch

New year, new resolutions.  Yesterday, the FTC announced a resolution of its own: to undertake a nationwide enforcement effort to protect consumers against deceptive weight loss claims.  Dubbed “Operation Failed Resolution,” the FTC’s latest enforcement effort seeks to protect consumers who face a barrage of “opportunistic marketers” promising quick ways to shed pounds. According to the FTC, these marketing tactics cause millions of dollars of consumer injuries and encourage people to postpone important changes to diet and exercise.

To announce this new initiative, the FTC held a press conference in which it identified four significant enforcement actions: (1) Sensa – a flavored powder that claims to cause weight loss when sprinkled on food; (2) L’Occitane Inc.– a skin cream that promised to shave inches off consumers’ bodies; (3) HCG Diet Direct – a product based on the human chorionic gonadotropin hormone; and (4) LeanSpa – a dietary supplement. Collectively, these four enforcement actions total $44 million in potential recovery for consumers.

All four enforcement actions shared one common thread – claims of quick and easy weight loss that were not supported by evidence.  Many of the ads in question touted substantial weight loss without diet or exercise simply by using the product alone.  Although some of these marketers cited clinical studies that supported their claims, the FTC said that the so-called “independent” studies were largely fabricated. The FTC also took issue with consumer endorsements, which failed to disclose that the consumers were paid for their testimonials or that the consumers were related to the owner.  The FTC also scrutinized so-called physician endorsements.  According to the FTC, marketers failed to disclose that their endorsers were compensated to the tune of $1,000-$5,000 and free trips.

Yesterday’s press conference is not the first time that the FTC has taken action against deceptive weight loss claims.  In 2011, we reported on 10 lawsuits filed by the FTC against marketers behind the ubiquitous “1 Tip for a Tiny Belly” ads, which the FTC claimed were a scheme by marketers of diet and weight loss products to grab consumer credit card information and pile on additional, unapproved charges.

Although deceptive weight loss claims are not a new phenomenon, the FTC announced yesterday that it is taking a new approach to cracking down on these types of ads. The FTC is now encouraging media outlets that run these ads to conduct a “gut check” and turn down spots with bogus claims. Yesterday’s press conference was a call to action for both consumers and media outlets to help the FTC track down deceptive weight loss marketers, which can mean only one thing – more widespread enforcement efforts against marketers of dietary supplements. The FTC does not comment on non-public investigations and would not comment on whether these enforcement efforts would result in criminal enforcement from other agencies. One thing is for certain, however: If you make a claim about your weight loss product, you’d better be able to back it up.

Botnet ZeroAccess Hit With Complaint by Microsoft, but Will This Slow the Malware Industry Down?

BY: Rachel Hirsch

ZeroAccess is one of the world’s largest botnets – a network of computers infected with malware to trigger online fraud.  Recently, after having eluded investigators for months, ZeroAccess was disrupted by Microsoft and law enforcement agencies.

Earlier this month, armed with a court order and law enforcement help overseas, Microsoft took steps to cut off communication links to the European-based servers considered the mega-brain for an army of zombie computers known as ZeroAccess. Microsoft also took control of 49 domains associated with ZeroAccess.  Although Microsoft does not know precisely who is behind ZeroAccess, Microsoft’s civil suit against the operators of ZeroAccess may foreshadow future enforcement efforts against operators alleged to have illegally accessed and overtaken people’s computers.

ZeroAccess, also known as max++ and Sirefef, is a Trojan horse computer malware that affects Microsoft Windows operating systems.  It is used to download other malware on an infected machine and to form a botnet mostly involved in Bitcoin mining and click fraud, while remaining hidden on a system.  Victims’ computers usually fall prey to ZeroAccess as the result of a drive-by download or from the installation of pirated software.   Essentially, ZeroAccess hijacks web search results and redirects users to potentially dangerous sites to steal their details.  It also generates fraudulent ad clicks on infected computers then claims payouts from duped advertisers.

The Microsoft lawsuit, originally filed under seal in Texas federal court, alleges, among other things,  violations of the Computer Fraud and Abuse Act  (“CFAA”) (18 U.S.C. §1030), the Electronic Communications Privacy Act (18 U.S.C. §2701), and various trademark violations under the Lanham Act (15 U.S.C. §1114 et seq.).  Microsoft secured an injunction blocking all communications between computers in the U.S. and 18 specific IP addresses that had been identified as being associated with the botnet.  The company also took control of 49 domains associated with ZeroAccess.  Microsoft took action against ZeroAccess in collaboration with Europol’s European Cybercrime Centre, the FBI, and other industry partners.  As Microsoft enacted the civil order obtained in its case, Europol coordinated law enforcement agency action in Germany, Latvia, Luxembourg, the Netherlands and Sweden to execute search warrants and seize servers associated with the fraudulent IP addresses operating within Europe.

The federal statutes on which Microsoft relied in its lawsuit may be broad enough to capture the gravamen of the complaint here.  For example, the CFAA was enacted in 1986 to protect computers that there was a compelling federal interest to protect, such as those owned by the federal government and certain financial institutions. The CFAA has been amended numerous times since it was enacted to cover a broader range of computer related activities and there has been recent discussion on Capitol Hill of amending it further. The CFAA now prohibits accessing any computer without proper authorization or if it is used in a manner that exceeds the scope of authorized access. The law has faced steep criticism for being overly broad and allowing plaintiffs and prosecutors unfettered discretion by allowing claims based merely on violations of a website’s terms of service.  In those cases in which ZeroAccess has accessed a user’s computer entirely without permission, there will likely be no dispute about whether the CFAA applies; however, in any follow-on cases in which the authority to access the computer was less clear, Microsoft may have more difficulty in relying upon this statute.

According to Microsoft, more than 800,000 ZeroAccess-infected computers were active on the internet on any given day as of October of this year.  Although the latest action is expected to significantly disrupt ZeroAccess’ operation, Microsoft has not yet been able to identify the individuals behind the botnet, which is still very much intact. Microsoft’s attack is noteworthy in that it represents a rare instance of significant damage being done to a botnet that is controlled via a peer-to-peer system.  But ZeroAccess has come back to life once before after an attack on it, and it would not be surprising if it recovered from this attack as well.  Unless Microsoft or Europol can identify the “John Does 1-8”referenced in the complaint, this and other botnets will keep on operating without fear of reprisal.

The big question at this point is whether Microsoft’s actions will have an enduring impact beyond ZeroAccess.  Will Microsoft’s actions spur other private companies to take steps of their own to stop malicious software?  That answer remains to be seen.

Parameters of CDA Immunity Being Tested by Appeals Court in Jones v. Dirty World Entertainment

BY: Griffin Finan

The U.S. Court of Appeals for the Sixth Circuit is currently hearing an appeal of a district court decision, which if upheld would have enormous ramifications for freedom of speech and the online service provider safe harbor under the Communications Decency Act (CDA).

TheDirty.com is a website run by Nik Lamas-Richie. The site allows users to submit gossip about anyone or anything and the site currently features hundreds of thousands of comments on a wide range of topics and users can also freely post comments on stories that are published on the website. Lamas-Richie then selects some of the user posts, and sometimes adds a little commentary to the user submission, which he then posts to the site. Sarah Jones, a former Cincinnati Bengals cheerleader, was featured twice on TheDirty.com including allegations that she was promiscuous and that she had a sexually-transmitted disease.

Jones then sued TheDirty.com and Lamas-Richie alleging defamation, libel and invasion of privacy. The first trial resulted in a hung jury, but in the second trial in July a jury of eight women and two men in a Kentucky federal court awarded Jones $338,000 in damages.

Typically, cases involving claims like Jones’ against websites are quickly dismissed under the CDA, which provides websites immunity from third party content. TheDirty.com filed a pre-trial motion to dismiss the case on the basis that the suit was barred by the CDA that was rejected by the district court, which held that the CDA did not offer protection because “the very name of the site, the manner in which it is managed, and the personal comments of defendant Richie, the defendants have specifically encouraged development of what is offensive about the content of the site.” The court reasoned that since the site served to encourage the comments then it was not entitled to immunity under the CDA. The CDA typically immunizes providers of interactive computer services against liability arising from content created by third parties if the provider is not also responsible in whole or in part or the creation or development of the offending content.

In August, after the jury verdict, the judge wrote a supplemental opinion reiterating the views expressed in the earlier opinion. In particular Judge William Bertelsman said that because Richie “played a significant role in developing the offensive content such that he has no immunity under the CDA.”

Richie appealed the decision to the Sixth Circuit, arguing that the case should have been dismissed because the CDA immunizes liability for users’ comments. Congress enacted the CDA to encourage website owners to actively screen, review, and moderate third party posts and to allow website operators to have the ability to remove offensive content when necessary without fear of liability. Richie argued that under the CDA website operators are free to edit, alter, or modify user-created content without losing immunity, as long as their edits do not materially alter the content’s original meaning.

Four separate amicus briefs were filed with signatories that included many of the biggest names on the Internet including Facebook, Google, Amazon, Microsoft, Yahoo, Twitter and eBay. The briefs argue that the district court ruling wrongly interpreted the CDA and that the consequences of upholding the district court’s decision would be enormous. The amicus brief submitted on behalf of Google, Facebook and others states that aspects of the district court decision “significantly depart from the settled interpretation of [the CDA] and, if adopted by this Court, would not only contravene Congress’s policies as declared in the statute, but also introduce substantial uncertainty regarding a law that has been a pillar for the growth and success of America’s Internet industry.” \

This case will be closely watched because of the far reaching consequences it would have if the district court ruling imposing liability of the website is upheld. A ruling from the Sixth Circuit that affirmed the district court’s ruling could chill the operation of online businesses that are open for users to create content. There is a long line of cases that have held that conduct similar to TheDirty.com’s in this case is protected by the CDA, but a decision from the Sixth Circuit finding TheDirty.com liable would uproot the well-established jurisprudence under the CDA.

New Job? Think Twice Before Announcing it via Social Media

BY: Sarah Coffey

A lawsuit filed in Massachusetts state court recently raised the issue of whether a former employee’s LinkedIn post announcing a new job could violate an anti-solicitation clause of a non-compete contract with the former employer.

In KNF&T Inc. v. Muller, staffing company KNF&T filed suit against its former vice president, Charlotte Muller, for violating a non-compete contract in a number of ways, one of which was a LinkedIn update which notified Ms. Muller’s 500+ contacts of her new job.  Among those contacts were Ms. Muller’s former clients at KNF&T.  KNF&T filed suit alleging that the update notification violated her one year non-compete contract by soliciting business from current KNF&T clients.

The court issued a narrow ruling stating that the posting did not violate the non-compete agreement because Ms. Muller’s new position in information technology recruiting did not directly compete with KNF&T’s work in recruiting administrative support specialists.

Since the court was able to resolve the case based on a differentiation in practice areas, it did not have to resolve the issue of whether a LinkedIn notification could violate the terms of a non-competition agreement.  Such a determination will always depend of the particular facts of the case, such as whether the new position directly competes with the former employer, whether the individual is connected with former clients on LinkedIn, and the content of the notification.

Employees subject to a non-competition agreement should exercise caution when using social media to announce a new position.  If they do make an announcement, they should consult the terms of their non-compete agreement to determine what could constitute a violation.  For instance, if the non-compete only prohibits solicitation of the former employer’s current clients, the employee should be sure to exclude any such clients from the notification by selecting which groups receive the message.  The time spent paring down the list of recipients is well worth avoiding a potential lawsuit.

After Google Action, Those Who Dig for Dirt Must Dig a Little Harder

BY: Jeffrey Hamlin

Google recently announced that it would be taking action to demote websites that profit from the use of mugshot photos. These mugshot sites compile booking photographs taken after people’s arrests and publish them along with the arrestees’ names and information concerning the charges against them. Individuals who want their mugshot and arrest record deleted from the site usually must pay a fee ranging anywhere from $10 to $400. Until recently, when a Google user searched the Internet for the name of a recent arrestee, the search hits would include, and often prioritize, mugshot sites. Owners of those sites were content with that outcome; many others were not.

New York Times writer David Segal was one of the latter. In a recent article, Segal took Google to task for not penalizing mugshot sites, which many believe traffic in exploitation. Segal argued that Google should take corrective action because it had prioritized the sites in contravention of its own stated corporate goal that favors original web content. Mugshots do not offer original content; instead, they gather and use images and text from third-party sources.

Before his article ran, Segal contacted Google to discuss the issue. Google responded that it had been working to address the problem in a consistent way. Days later, a Google spokesperson confirmed that mugshot sites do not comply with one of the search giant’s guidelines. To address the problem, Google amended its algorithm, presumably to disfavor sites without original content.

Consequently, mugshot sites are now pushed off the front page of Google search results. People digging for dirt now have to look a little bit harder.

Others who object to mugshot sites have taken the fight to regulators and legislators. On October 7, the Maryland Consumer Protection Division settled its case against the owner of Joomsef.net for false and deceptive advertising. Joomsef’s owner, Stanislav Komsky, published information on the site about traffic offenses, but added statements falsely suggesting there had been an arrest. Persons identified on the site had to pay $40 to $90 to have the information removed. As part of the settlement, Komsky must take down the site, return all payments to consumers, and pay a penalty of $7,500.

Other states are addressing the problem through legislation. Segal points out that Oregon and Georgia have passed laws this year giving site owners 30 days to take down an image, free of charge, if an individual proves that he or she was exonerated or that the individual’s record has been expunged. Utah attacked the problem another way. There, sheriffs are prohibited from giving out headshots to websites that charge for deleting them. Lawmakers in other states, like Florida Representative Carl Zimmerman, have introduced legislation targeting the sites, but many of those bills died from lack of support.

These acts of government are constrained, as they should be, in view of free-speech guarantees under the First Amendment. By contrast, the private sector is not so limited and, therefore, may end up striking the decisive blow against mugshot sites. Things are heading in that direction. MasterCard, Discover, American Express, and PayPal recently pledged to sever all ties with mugshot sites, and Visa has asked merchant banks to investigate the practices of the sites.

FTC Takes First Enforcement Action on ‘Internet of Things’

BY: Griffin Finan

A company that markets video cameras that are designed to allow consumers to monitor their homes remotely has agreed to settle charges with the FTC that it failed to properly protect consumers’ privacy. This marks the FTC’s first enforcement action against a marketer of a product with connectivity to the Internet and other mobile devices, commonly referred to as the “Internet of Things.”

The FTC’s complaint alleges that TRENDNet marketed its cameras for uses ranging from baby monitoring to home security and that TRENDNet told customers that its products were “secure.” In fact, however, the devices were compromised by a hacker who posted links on the Internet to live feeds of over 700 cameras. Additionally, TRENDNet stored and transmitted user credentials in clear unencrypted text.

Under the terms of its settlement with the FTC, TRENDnet is prohibited from misrepresenting the security of its cameras or the security, privacy, confidentiality, or integrity of the information that its cameras or devices transmit. The company must also establish a comprehensive security program and notify customers about security issues with the cameras and must provide a software update to customers to address security issues.

“The Internet of Things holds great promise for innovative consumer products and services,” FTC Chairwoman Edith Ramirez said. “But consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet.”

The FTC’s authority to regulate and penalize companies that the agency claims do not protect consumers with sufficient data security is being challenged in federal court in New Jersey by The Wyndham Hotel Group. Wyndham has argued, among other things, that the FTC has not published any formal rules on data security and therefore cannot penalize companies that it deems have not protected consumer information. That case is pending.

This is the first time the FTC has brought an enforcement action involving the “Internet of Things,” but the FTC has already signaled it will be carefully watching how the Internet of Things develops. In particular, the FTC will be hosting a workshop in November to explore these new technologies. The agency previously sought comment from interested stakeholders on the Internet of Things – including the privacy and data security implications of interconnected devices. We expect that the FTC will continue to explore these issues, with a particular emphasis on how these devices collect and share information, particularly sensitive and personal information, such as health information.

NLRB: Use of Social Media Can Be Protected Employee Activity

BY: Sarah Coffey

The rise of social media has led to the application of old law to new forms of communication. For instance, an effort by the National Labor Relations Board to educate workers on their right to engage in protected concerted activity has left some employers feeling that the NLRB went too far in supporting employees’ rights – particularly their right to post disparaging work-related comments on social media forums without reprisal.

Section 7 of the National Labor Relations Act (NLRA) protects all private-sector employees’ absolute right to engage in protected concerted activity, including the right to discuss among themselves their wages, hours, benefits and other terms and conditions of their employment. Generally, this requires two or more employees acting together to improve wages or working conditions, but the action of a single employee may be considered concerted if he or she involves co-workers before acting, or acts on behalf of others. It also requires that the improvement sought benefit more than just the employee taking action, so as to distinguish protected concerted activity from mere individual complaints.

Last year, the NLRB launched a website seeking to educate workers on their right to engage in protected concerted activity. The site provides several examples of cases in which employers violated an employee’s right to engage in protected concerted activity over the Internet. For example, in one case the NLRB issued a complaint against an employer that terminated an employee who criticized her supervisor on Facebook. The Board also found that the employer’s Internet policy, which prohibited employees from making negative statements about the company or supervisors, interfered with the right to engage in concerted activity.

The NLRB has in fact ruled in workers’ favor in a number of social media cases. For example, in Hispanics United of Buffalo, the NLRB considered a case in which an employer discharged five employees because of their Facebook posts. In that case, an employee went on Facebook to solicit her coworkers’ thoughts on work-related criticism she received from a fellow employee. In response, four coworkers weighed in about working conditions, work load and staffing issues at the company. All of the employees’ posts were made off-duty on the employees’ personal computers. The employer terminated all five employees, claiming that their comments constituted harassment of the employee mentioned in the initial post.

An NLRB administrative law judge reviewed the case and found that the employees had been unlawfully discharged. The ALJ found that the NLRA protects employees in “circumstances where individual employees seek to initiate or to induce or to prepare for group action, as well as individual employees bringing truly group complaints to the attention of management,” even if that action takes place online. Since the employees were discussing the terms and conditions of their employment, the discussion was protected concerted activity within the meaning of Section 7 of the NLRA.

While cases like Hispanics United of Buffalo have served as a rallying cry for employers on the NLRB’s perceived overreaching in support of workers, a recent report on NLRB social and general media cases reveals that the NLRB actually sided with employers in slightly more than half the time by finding that employees’ statements on Facebook or Twitter did not constitute “protected concerted activity” under the NLRA. For example, in Karl Knauz Motors, Inc., the NLRB found that an employee was lawfully terminated for his Facebook postings about an accident that took place at a car dealership owned by his employer. The NLRB found that these comments were not protected because they were not related to the terms and conditions of his employment.

Similarly, in another case brought before the Board, an employee who had just been reprimanded by her supervisor posted a Facebook status that consisted of an expletive and the name of the company that employed her. One of her coworkers “liked” that status. Half an hour later the same employee posted a comment expressing her belief that the company did not value its employees. None of the employee’s coworkers responded to that posting. The company terminated the employee for her postings.

On review, the NLRB upheld the employee’s termination, finding that the posts were merely the expression of a personal gripe. The NLRB’s Associate General Counsel summarized the Board’s reasoning by stating, “The Charging Party had no particular audience in mind when she made that post, the post contained no language suggesting that she sought to initiate or induce coworkers to engage in group action, and the post did not grow out of a prior discussion about terms and conditions of employment with her coworkers. Moreover, there is no evidence that she was seeking to induce or prepare for group action or to solicit group support for her individual complaint. Although one of her coworkers offered her sympathy and indicated some general dissatisfaction with her job, she did not engage in any extended discussion with the Charging Party over working conditions or indicate any interest in taking action with the charging party.”

Despite the uproar over the NLRB’s application of “protected concerted activities” to social media, this does not represent a shift from the NLRB’s previous decisions. It merely applies existing policy to a new set of facts brought about by technological changes in how workers communicate. As before, employers may set limits on employee’s social media activities as long as they do not impinge on the employees’ protected concerted activities.

Judge’s Ruling on Antitrust Complaint Has Implications Far Beyond the .xxx Domain

BY: Ifrah Law

A recent decision by a federal judge in California has brought ICANN’s broad authority over the domain name system once again into question. Manwin Licensing International – perhaps the most lucrative provider of online adult-oriented content – brought an antitrust action against ICANN arising from the establishment of the .xxx top-level domain and the award of the registry contract for .xxx to ICM Registry. Manwin claimed, among other things, that because ICANN’s registry contract with ICM contains no restrictions on the price ICM may charge for its services (while providing for an enhanced fee to be paid by ICM to ICANN) and ICM is insulated from competition on renewal, the award of the contract violated the Sherman Antitrust Act.

In any antitrust case, the plaintiff must establish a “relevant market” that it can show is adversely affected by the anticompetitive actions. Here, Manwin sought to establish that the relevant markets affected by ICANN and ICM were the markets for affirmative registrations (i.e., the lack of an adequate economic substitute for .xxx domain names) and for defensive registrations (i.e., the need for trademark holders to protect their marks by registering .xxx names, for instance, playboy.xxx). The court made short work of Manwin’s claim with respect to the affirmative registration market, pointing out that domain names in other generic TLDs (gTLDs) are an adequate economic substitute for .xxx registrations. Indeed, the court pointed out that one of Manwin’s own websites – youporn.com – is the most popular free adult video website on the internet. Thus, the .com gTLD, among others, provides a perfectly adequate (if not superior) substitute to a .xxx registration.

However, the court was not so forgiving as to the defensive registration market. It held that Manwin adequately identified an adversely affected market in defensive registration because Manwin asserted that trademark owners and registrants of domain names in other gTLDs were compelled to register domain names in the .xxx TLD for defensive or blocking purposes, to protect their marks or other domain names from a loss of goodwill, prevent consumer confusion, or prevent association with adult entertainment. The court found no economic substitute for this market, as, it found the “only way to block a name in the .xxx TLD is to register a name in the .xxx TLD.” Therefore, the antitrust case will proceed with respect to the defensive registration market.

This decision has enormous potential consequences to the domain name registration market, particularly with the coming roll-out of new gTLDs. By way of example, one of the applied-for new gTLDs is .hotel. While Marriott has a very popular website located at marriott.com (as do Hyatt at hyatt.com, Hilton at hilton.com, etc.), these hoteliers may feel compelled to register their corresponding names and trademarks in the .hotel TLD, to protect against cybersquatters.

Compounding the problem, particularly for those with famous marks, is the issue of “typosquatters” who may register common misspellings of the mark in the new gTLD (such as marriot.hotel). Thus, the defensive registration market identified by Manwin has implications that extend far beyond the .xxx TLD — although .xxx has its own unique challenges not found with more mundane gTLDs, as the .xxx TLD’s association with adult content and pornography has the very real potential to tarnish otherwise unrelated marks. Imagine, for instance, pepsi.xxx (probably bad) versus pepsi.hotel (probably innocuous). Whether the existence of this case will cause a delay in the launch of the new gTLDs remains to be seen. It would seem that ICANN would proceed cautiously, as an adverse ruling might lead to a requirement that the registry contracts for gTLDs found to violate antitrust laws be unwound. Time will of course tell.

However, in the end, while Manwin seems to have hit upon a soft spot in ICANN’s shield, its claims ultimately seem overblown and contrary to the rights enjoyed by trademark owners and domain name registrants with respect to .xxx registrations. Setting aside blocking/sunrise rights that were afforded to trademark owners in advance of the public rollout of the .xxx TLD, trademark owners have extraordinary rights with respect to infringing domain names registered in .xxx. A trademark owner has available to it three means of challenging an infringing domain name registered in the .xxx TLD. These are the Rapid Evaluation Service (RES), the Charter Eligibility Dispute Resolution Policy (CEDRP), and the Uniform Dispute Resolution Policy (UDRP).

The RES provides a quick take-down process for infringing registered word marks or personal names of individuals. If an RES claimant shows that the domain name is identical or confusingly similar to a registered word mark that the claimant owns and uses, that the registrant has no rights or legitimate interests in the disputed domain name, and that the domain name was registered and is either being used in bad faith or cannot possibly be used in good faith, the domain name is directed to a page which states that the domain name has been deactivated. Temporary take-downs pending a final decision may be effected within two business days.

Trademark owners may also initiate a CEDRP proceeding, which will be handled by NAF, to challenge .xxx domain names that are being used in violation of the Adult Entertainment Industry eligibility requirements for the .xxx TLD (for instance, the example of pepsi.xxx, above). If the trademark owner is successful in a CEDRP proceeding, the offending domain name registration will be cancelled.

In addition, a trademark owner may initiate a UDRP proceeding with respect to a .xxx domain name registration, just as it might for an infringing domain name in any other TLD. Such a proceeding might result in the cancellation or transfer of the offending domain name – though if the registrant is not engaged in the adult entertainment industry, the domain name will not resolve.

In the meantime, since the Court’s ruling allowing Manwin’s case to proceed, ICM Registry has filed a counterclaim against Manwin, asserting antitrust and trade libel claims, amongst others. In the end, this battle promises to have consequences that extend far beyond the .xxx world in which it is clothed.

Report From an Energized WIPO Conference in Geneva

BY: Ifrah Law

Each October, the World Intellectual Property Organization (WIPO), a United Nations agency, hosts at its Geneva, Switzerland, headquarters about 50 participants from around the world for a two-day conclave to discuss recent developments and issues surrounding domain name trademark disputes. This conference brings together, in one place (as an added bonus, scenically overlooking Lake Geneva and the French Alps) representatives of domain name registrars and registries, and lawyers from every corner of the globe to discuss the Uniform Dispute Resolution Policy (UDRP), which governs disputes between domain name registrants and trademark owners in most generic top-level domains (gTLDs).

With ICANN’s roll-out of new gTLDs imminent, the UDRP is likely about to experience increased use and importance, as cybersquatters will doubtless target brand owners whenever and wherever possible in the new gTLDs.

The UDRP is not without its faults — but, in general, it provides brand owners with a fast, relatively inexpensive and effective means to shut down domain names that are registered to take advantage of the goodwill attached to their trademarks. At this year’s conference, as with those in years past, the most hotly contested issues involve domain names that  resolve to “criticism” websites. It is with these issues that legal and cultural differences on the borderless Internet intersect and conflict. Many (but certainly not all) representatives from the United States see these issues through the lens of freedom of speech, while participants from elsewhere have no such point of reference. These cases come in two basic flavors.

First, there are the “trademark sucks” sorts of cases (the ubiquitous “suck sites”), and second, there is the more harmful “trademark.com” cases, which then resolve to a site critical of the trademark owner.

Suck site cases are less harmful because there is less risk of initial interest confusion – the likelihood that an Internet user would type the name into his or her browser thinking that the site belonged to the trademark owner. But in this era of the Internet in which search engines drive a great deal of traffic, such sites can cause great harm. However, a small consensus seems to lean toward finding that such domain names are not infringing.

The more hotly contested issue continues to be the trademark.com (including typos, hyphenations and other close variants of the trademark) cases. First Amendment considerations make it very difficult for a trademark owner to retrieve these domain names, when used for noncommercial purposes, in U.S. courts; in other parts of the world, this is not the case. But one UDRP panelist from the United States pointed out that the UDRP process is not a governmental act, and therefore he believes (correctly, I think) that the UDRP should pay no heed to these considerations. At bottom, U.S. trademark owners facing such situations should consider pursuing UDRP cases, understanding that even if they prevail, if the case ultimately lands in court, the likelihood of a successful outcome is diminished.

Other topics discussed included the new proposals for Rights Protection Mechanisms (RPMs) associated with the new gTLDs. While many of these RPMs remain in the discussion stages, they promise to bring to the fore new opportunities for trademark owners to protect their trademarks against cybersquatters who begin infringing in the new gTLD space. A good summary of all of the RPMs can be found here. The most interesting among these is the proposed Uniform Rapid Suspension System, which may bring about a means to temporarily suspend a name (that is, redirect the domain name to a web page revealing the suspension) in an expedited fashion. The devil will be in the details, as the costs and specifics of the proposed program are still up in the air. ICANN, WIPO and the other stakeholders are working on the details, and if implemented, this has the potential to provide trademark owners with another tool to combat those who damage their brands.

WIPO’s conferences are always first class and informative, and the opportunity to hear from and confer with talented, knowledgeable (and opinionated) domain name lawyers from around the world is always a pleasure and a privilege. I was able to meet and work with people from all over the world –from a representative of the Tanzanian registry, to brand managers from Sweden, to IP lawyers from China and Taiwan. And from it, we all are better able to serve our clients who do business on the Internet, which knows no national boundaries.

Domain Names Go Creative: Will We Soon See Dot-Poker?

BY: Griffin Finan

Domain names on the Internet are about to get much more varied and creative. Soon websites will not just end in the few familiar suffixes like “com” or “edu,” but could end in things like “.movie” or ”.lawyer” or “.lol.”

On Wednesday, the Internet Corporation for Assigned Names and Numbers (ICANN), the organization tasked with regulating Internet domain names, released a list detailing who has applied for new suffixes, also known as top-level domains (TLD). This is the third major expansion ICANN has allowed of domain name suffixes, in addition to a few others that have been allowed on an ad hoc basis. The new system will streamline the application process and allow for up to 1,000 new domain suffixes a year.

The application process allowed companies to apply for their own brand name to use as their domain suffix name. For instance, Apple applied for the “.apple” suffix. Amazon applies for 76 names including “.amazon” and “.zappos.” Google applied for over 100 suffixes, including “.google” and “.youtube,” as well as “.lol,” and “.book.”

An interesting development related to the world of online gaming is that four groups applied for domain names that would end in “.poker.” The companies that applied for the “.poker” suffix are U.S.-based Binky Mill, LLC and Dot Poker, LLC as well as European-based dot Poker Limited and Afilias Domains No. 5. Limited.

Now that the initial list of applicants for TLD’s has been released, the public will have 60 days to comment. This time period will allow for companies and organizations to see whether others’ applications conflict with their interests or their intellectual property. After conflicts are resolved, there will be an appeals process. The new addresses likely will not launch until next year.

It remains to be seen whether these new domain extensions will become popular. Some companies may be able to capitalize on the marketing opportunities presented by the new TLD’s and other generic TLD’s that could become much more common. In any event, domain names are surely going to be more creative starting very soon.