When the Web site FreeLegoPorn.com began publishing pornographic images created with Lego toys, trademark owner Lego Juris AS, which sells the popular plastic building blocks for children, acted quickly.
"The content available on the site consisted of animated mini-figures doing very explicit things. We were not amused," says Peter Kjaer, an attorney for Billund, Denmark-based Lego.
Lego didn't go to court. Instead, it filed a complaint with the World Intellectual Property Organization's (WIPO) Arbitration and Mediation Center, which ruled in its favor. The domain registrar for FreeLegoPorn.com, Scottsdale, Ariz.-based GoDaddy.com Inc., eventually shut down the site and transferred the domain name to Lego, in compliance with the Uniform Domain Name Dispute Resolution Policy (often called the UDRP), a procedure set up by the Internet Corporation for Assigned Names and Numbers (ICANN) to address domain-name brand abuse.
The UDRP process, set up 10 years ago, saves businesses time and money by getting offending sites down relatively quickly and without lengthy lawsuits. But it hasn't deterred cybersquatters, who lay claims to domain names that play on a virtually unlimited number of variations of well-known brand names, including common misspellings of those names, to drive traffic to their own sites.
People intending to visit a brand's Web site may instead end up on a cybersquatter's site and then be redirected to a phishing site, a Web page with objectionable content or -- most commonly -- advertising that may link to competing products and services. The most popular brands can be the target of thousands of cybersquatting sites.
Cybersquatting can damage a business's brand reputation and result in substantial losses. One company that has tried to defend itself is Verizon Communications Inc., which has aggressively pursued cybersquatters and reclaimed thousands of domain names related to its businesses. This year it activated many of those and set them up to redirect users back to its own Web site.
Brand Problems Online
Cybersquatters use variations on trademarked names to draw visitors to their sites. Those sites may contain offensive content or pay-per-click ads, or they may create a false association with the trademark owner or sell competing products. Some may combine offensive content and e-commerce -- featuring pornographic images and offers for sex toys or other products, for example.
Percentage Increases, 2007 to 2008:
* Cybersquatting: 18%
* Offensive content: 21%
* Pay-per-click advertising: 24%
* False association: 20%
* E-commerce/counterfeit product sites: 46%
Source: 2008 Brandjacking Index, MarkMonitor Inc., San Francisco
"We're on track to bring in 9 million new visitors, just from the names we've been able to get back," says Sarah Deutsche, vice president and associate general counsel at Verizon.
Malicious sites can create havoc with a brand's reputation. Sometimes, criminals copy a brand's entire Web site in order to collect usernames and passwords from unwitting visitors. They then try to figure out where else on the Web those names and passwords might work. "Guess the fake. You can't, usually. It's pretty nuts," says Fred Felman, chief marketing officer at MarkMonitor Inc., a San Francisco-based domain registrar that also monitors brand-abuse activity for corporate clients.
Eighty percent of the cybersquatting sites MarkMonitor tracked in early 2007 were still online one year later, Felman says. Why aren't brand owners pursuing them? Some businesses have had to prioritize which cybersquatters to pursue, while others have given up on the problem or chosen to ignore it.
Ignoring the problem is getting harder to do as the amount of brand abuse continues to rise. Cybersquatting activity rose by 18% last year, with a documented 440,584 cybersquatting sites in the fourth quarter alone, according to MarkMonitor's annual Brandjacking Index report.
Lego's Kjaer has noticed an uptick in activity as well. "The number of cases in our monitoring reports and number of UDRPs has definitely increased," he says. And WIPO cited an 8% jump in dispute filings in 2008, to 2,329 complaints -- a new record.
Push for Reforms
With ICANN preparing to open a potentially unlimited number of new top-level domains (beyond the current .com, .biz, etc.) as early as the first quarter of 2010, intellectual property holders worry that the cybersquatting problem may spin out of control. That has them pushing hard for reforms.
Ten years ago, most cybersquatters redirected users to porn sites or tried to sell domain names that included the names of major brands back to the companies that owned those brands. But today, advertising-based "domain parking" sites are the fastest-growing cybersquatting problem.
"Domainers" build portfolios of thousands of domain names and profit by reselling the names or selling advertising on those sites. They may generate revenue by posting pay-per-click ads and other advertising content.
Advertising-supported domain-parking sites that exploit trademarked names damage those brands by diverting traffic away from the brand owner's site -- or, worse, by linking prospective customers to competitors' products. InterContinental Hotels Group suffers from both, says Lynn Goodendorf, global head of data privacy at Denham, England-based IHG.
Goodendorf says she doesn't like domain-parking cybersquatters, but she has to prioritize her activities. IHG will go after cybersquatters when the sites include objectionable content or if they contain malware or refer visitors to competitors. Although Goodendorf isn't happy about it, the company doesn't have the time or resources to pursue cybersquatting domainers whose sites contain more generic advertising, she explains.
Glossary of Domain Practices
Cybersquatting: The practice of abusing trademarks within the Internet Domain Name System.
Typosquatting: The practice of registering domain names that feature common misspellings or typographical errors in trademarked names.
Domain parking: The practice of registering domains for potential future development. Parked domains may include pay-per-click advertisements.
Domaining: The practice of buying, selling and monetizing domain names.
Domainer: A person or business that buys, sells and monetizes domain names for financial gain.
Domain tasting: The practice of registering a domain name, then using ICANN's five-day free grace period to monitor traffic volumes and determine whether the domain should be dropped based on a cost-benefit analysis.
Domain kiting: The process whereby domains are registered and dropped within the five-day ICANN grace period and then registered again for another five days. Kiting a domain lets the registrant gain the benefit of ownership without ever paying for the domain.
Source: MarkMonitor Inc., San Francisco
Even domain-parking sites that don't include advertising are a problem, contends Verizon's Deutsche. "Cybersquatters who register and hold on to valuable brands harm trademark owners by taking names the trademark owner could use for itself," she says.
Domain parking has changed from a cottage industry to a big business over the past five years, as has cybersquatting activity associated with domain parking, says Doug Isenberg, an attorney at The GigaLaw Firm, which specializes in domain-name disputes. The reasons are simple: Start-up costs for domainers are low, the potential financial gain is huge, and the penalties for cybersquatting -- the possible loss of the domain name in a UDRP proceeding -- are small.
Domainers who register variations on popular trademarked names can drive up site traffic. This increases income -- and the value of the domain name, which they can then resell at a premium.
The cost of maintaining a domain can be as little as $6 per year. "If you can make $1 a year on domain traffic, that's worth keeping," Isenberg says.
Domainers may keep thousands -- or hundreds of thousands -- of domain names. While some domainers are legitimate, most aren't, Deutsche contends -- and she has sued many of them. "Tens of thousands of variations of our brand are being monetized by domainers -- including some accredited registrars," she says.
The distinction between domain-name brand abuse (cybersquatting) and domain parking is important, says Jeffrey Eckhaus, general manager at domain registrar eNom Inc. in Bellevue, Wash. "Cybersquatting is illegal in the U.S., while domaining is a legitimate business," he says. ENom supports domainers with advertising services, but domaining is "not the main focus of eNom's business," Eckhaus adds.
But domain parking is part of the core business model of some registrars, says Steve Metalitz, president of the Intellectual Property Constituency (IPC), an ICANN-sanctioned organization that lobbies for brand owners.
Trademark holders have responded to the problem by buying up "defensive" domain names so that cybersquatters can't use them, hiring monitoring services, pursuing violators through the UDRP process and, increasingly, taking cybersquatters to court.
Dealing with the problem isn't cheap. IHG has registered 4,200 domain names to protect its seven brands, which include such well-known names as Holiday Inn and Crowne Plaza, Goodendorf says.
Verizon has registered more than 10,000 domain names, mostly to protect its three most visible brands: Verizon, VZ and FiOS. "It's extremely costly," Deutsche says.
As expensive as maintaining thousands of defensive registrations might be, paying $6 a year to maintain a domain name is far cheaper than the $1,500 fee to file a UDRP case with WIPO, especially when a business has hundreds or even thousands of complaints to address, Isenberg says.
UDRP at a Glance
$1,500: Cost to file a Uniform Domain Name Dispute Resolution Policy complaint
85%: Complainant success rate in UDRP process
60-70 days: Average time to a decision
2,329: Cybersquatting complaints filed with WIPO in 2008
8%: Increase in complaints over previous year
Most UDRP Filings, by Industry
1. Biotech and pharmaceuticals
2. Banking and finance
3. Internet and IT
5. Food, beverage and restaurants
Sources: WIPO and ICANN
But even if it pays for thousands of defensive registrations, a company can't rest easy. Goodendorf says cybersquatters can continue to register new variations of IHG's brand names, often in combination with other words, such as a city name, and many of these sites take visitors to competitors' properties or other travel industry Web sites.
"We cannot possibly buy every conceivable combination," she says. The company has prioritized which cybersquatters to go after based on factors such as the offending site's name, content and amount of traffic diverted from IHG properties. "We have to figure out where the most serious harm is -- and what is actionable," Goodendorf says. Therefore, many cybersquatters go unchallenged.
Monitoring services offered by companies like MarkMonitor or Arlington, Va.-based Cyveillance Inc. can alert a business to the existence of cybersquatters. But the services cost thousands of dollars annually, and the business still needs to review each case.
"Small to medium-size businesses are screwed," Felman says. "They can't afford our services. They can't afford lawyers. Consumers and small businesses get harmed the most."
IHG uses Cyveillance's monitoring services and receives daily alerts. "I have a person who does nothing but sort through those alerts and decide which to pursue. That's her full-time job," Goodendorf says.
Once a company has determined that it wants to pursue a cybersquatter, it must decide what action to take. It might start by paying a brand-protection service provider like MarkMonitor to contact the domain-name registrant and registrar and ask to have the site taken down. If the registrant is unresponsive, the brand owner has several other options.
Intellectual property owners can sue cybersquatters under the federal Anticybersquatting Consumer Protection Act, but that's expensive and limits damages to $100,000; they can try to shut down sites containing copyrighted content under provisions of the Digital Millennium Copyright Act; and in some cases, they might be able to pursue violators for trademark abuse under provisions of the Lanham (Trademark) Act.
The least expensive approach is to file a UDRP complaint with a dispute-resolution provider such as WIPO or the National Arbitration Forum. But even when the complainant wins -- which, according to WIPO, happens 85% of the time -- that's not always the end of it. Cybersquatters can delay the transfer by challenging it in court.
Some registrars can be uncooperative, too, failing to complete domain-name transfers within the specified 10 days, Isenberg says. ICANN hasn't done enough to deal with complaints about such registrars, he adds. "They get a slap on the wrist and then it happens again," he says.
What Businesses Want
Businesses want ICANN to do more to combat the cybersquatting problem. The following are some of their recommendations.
* Make the loser pay: Require the loser of a UDRP decision to pay all costs of preparing the case. That would give cybersquatters a financial disincentive, which is lacking today.
* Validate registrations: Require registrars to do more to validate the domain-name registrant's identity information in Whois databases. Critics argue that some registrars accept even clearly bogus data, such as fields filled with zeros or gibberish.