A Brief History of the UDRP

Tuf of War

We write about trademark enforcement and domain disputes, but we rarely discuss how these policies – which allow for the resolution of disputes over domain names to take place outside of a court room – came to be. And it’s an important topic, since having a single, agreed-upon process for recourse was a milestone in domain name enforcement.

Well, here it is – the history of the Uniform Dispute-Resolution Procedure (UDRP) in a nutshell.

It all began in the late nineties, when the U.S. Government – having acknowledged and defined what it dubbed ‘The Trademark Dilemma’ – asked the World Intellectual Property Organization (WIPO) to study domain name and trademark issues. In a Statement of Policy released by the National Telecommunications and Information Administration (NTIA), the USG explained the significance of trademark protection to consumers, trademark holders, and the Internet community as a whole:

“When a trademark is used as a domain name without the trademark owner’s consent, consumers may be misled about the source of the product or service offered on the Internet, and trademark owners may not be able to protect their rights without very expensive litigation. For cyberspace to function as an effective commercial market, businesses must have confidence that their trademarks can be protected. On the other hand, management of the Internet must respond to the needs of the Internet community as a whole, and not trademark owners exclusively.”

In April of 1999, WIPO drafted and delivered the requested report to the newly-created Internet Corporation for Assigned Names and Numbers (ICANN), the non-profit organization in charge of managing Internet domain names. The report laid out the Uniform Dispute-Resolution Procedure (UDRP) in Chapter 3, and by the fall of 1999, ICANN had approved the implementation of the URDP and registrars agreed to abide by the procedures. By the end of the same year, WIPO and the National Arbirtration Forum (NAF) became the first approved dispute-resolution providers.

Almost 15 years later, WIPO and the NAF are still my preferred UDRP dispute-resolution providers. Expert panelists decide on the complaints, and the process is far less expensive and time-consuming than litigation. That doesn’t mean that complainants, respondents, and their counsel should assume that this form of dispute resolution is simply an administrative exercise. Complainants must submit sufficient evidence in support of three clearly defined elements designed to ensure that freedom of speech and other rights are upheld and protected, too. The elements, outlined in the beginning of each decision written by UDRP panelist(s), are as follows:

  1. the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
  2. Respondent has no rights or legitimate interests in respect of the domain name; and
  3. the domain name has been registered and is being used in bad faith.

While disputes are reviewed by expert panelists – specialists well versed in the areas of domain names and trademarks – it’s important to note that the UDRP is not designed to resolve complex cases involving issues better suited to the courts – only “predatory and parasitical practices” such as “deliberate, bad faith registration as domain names of well-known and other trademarks” (WIPO Final Report, Par. 23 (1999)). For a wealth of examples and analyses of the types of cases that the UDRP has handled, please follow this blog for a fresh, new case review each week.

Tackling the Registry Onboarding Process

While the recent focus of the New gTLD Program has been centered around contention sets, auctions, and contracting, it isn’t too early for Registry Operators (especially brand owners) to start thinking about Registry Onboarding.

What is Registry Onboarding?

According to the process laid out by ICANN, Registry Onboarding takes place after the execution of the Registry Agreement, and before Delegation of the gTLD into the root (when the gTLD becomes a “live” gTLD). As a prerequisite for Delegation, the Registry Onboarding process consists of syncing the Registry Operator with ICANN to ensure smooth ongoing operations. It includes important steps such as completing Pre-Delegation Testing, establishing emergency points of contact with ICANN, and registering with the Trademark Clearinghouse.

What’s the timeframe?

Officially, the Registry Operator must complete the Registry Onboarding process within 12 months of signing the Registry Agreement. However, the Registry Operator could tackle multiple tasks simultaneously, and it may be able to complete the entire onboarding process in 8 weeks or less with proper preparation.

What do brand owners need to know?

It’s important to make sure arrangements with your back-end provider are clear and that you have a process in place, especially if you want to move quickly through the onboarding process. Here are a few key considerations new Registry Operators should keep in mind as they move through the process.

First, the Registry Operator should connect with the back-end registry service provider to review responsibilities and coordinate communication with ICANN. While ICANN provides instructions in the Welcome Kit for New gTLD Registry Operators, the delineation between the Registry Operator’s responsibility and the back-end’s responsibility is not always clear.

The Registry Operator should also establish clear internal points of contact and responsibilities. Unlike previous phases of the New gTLD Process, the onboarding process will require the Registry Operator to manage two communication portals with ICANN – the Customer Service Center (CSC) Portal and the Global Domains Division (GDD) Portal. Moreover, 22 points of contact must be provided to ICANN during onboarding. One individual may take on multiple responsibilities, but the Registry Operator should ensure that it is fully aware of the expectations.

Finally, the Registry Operator’s contract with the back-end may include additional fees for onboarding services. Therefore, it is important to review the relationship with the back-end registry service provider to ensure that there are no surprises.

What’s next?

Registry Onboarding serves as a basis of the operational relationship between the Registry Operator and ICANN. Once this step is completed, the Registry Operator will be able to proceed to the TLD Launch phase, and eventually to general registration and use.

Social Media Brand Protection: What is Social Squatting?

As the popularity of social media platforms increases and their numbers proliferate, attorneys are constantly trying to shut down usernames that harmfully infringe on brands or trademarks. Thanks to the variety of policies and procedures that exist from platform to platform, social media brand protection is not a simple matter.

Recently at an INTA event in San Francisco, the majority of the IP attorneys attending a panel on social media raised their hands when asked if they had attempted to take down an offending username in the last month. When prompted to keep their hands up if they were satisfied with the process, only a few hands remained in the air.

Social media brand protection, however frustrating it may be, is an important one.

According to IP expert Steve Levy, Esq., social squatting is a form of impersonation/cybersquatting in which someone registers a publicly viewable username that incorporates a brand, trademark or personal name (or the misspelling thereof) in an attempt to capture traffic from a legitimate well-known entity.

What are a few of the reasons people squat on a social media username?

  • Spread false information
  • Execute phishing attempts or other fraudulent activity
  • Monetize famous brands by hosting ads that profit off of traffic that has been diverted from the target brand

To be clear, this type of infringement is different from being a fan or even a critic of a brand. There is a difference between creating a fan page or legitimate gripe page, handle, or other account and operating a social media username for profit or fraudulent purposes. The end goal of many fan pages or even gripe usernames is to communicate like or dislike of a brand, not simply to profit from the use of the brand, trademark or personal name; instead, it is a form of expression protected by the First Amendment. If attorneys are not aware of this issue, PR nightmares can quickly pop up from overly aggressive enforcement.

Rather, social squatters are people like the folks behind the Instagram handle @virgin_uk, who promised two free tickets to the first 20,000 followers. The fake handle amassed nearly 10,000 followers, and tricked many people, including several people I know, before it was finally removed (actually, I get many tips about handle hijacks from friends thinking they’ve found themselves a deal). Fortunately, the infringing handle was removed before it could cause any significant harm to Virgin’s brand, but remains an example of how quickly these infringements can pop up.

What Is Social Squatting Pic

Dozens of brands, from JetBlue to Ray-Ban have fallen victim to the same social squatting issue in the last few years. For the victimized brand, trademark or person, the loss of control over reputation ultimately reduces consumer trust, and those tasked with protecting brands and trademarks can become exasperated by this seemingly never-ending cycle of infringement and enforcement. As of now, trademark holders can address the social squatter through the particular social media platform’s policy and processes, but there is not an overarching and uniform social media dispute resolution process as there is for domain names (the Uniform Domain Name Dispute Resolution Policy and Uniform Rapid Suspension).

With the number of registered social media accounts growing into the billions, though, it’s likely that the problem of social squatting will not go away anytime soon.

Legal Fees Go Up in Smoke

As a brand owner have you ever wondered how efficiently you’re using your precious trademark enforcement budget?  During my nearly 10-year tenure heading up the intellectual property practice for The Home Depot, this was constantly at the forefront of my mind.  Unfortunately, this may not have been the case for whoever handles in-house legal matters at the Complainant company in the recent case of UTVG Europe Holding B.V. v. Vitali S, WIPO Case No. D2014-1345.

This Amsterdam-based e-cigarette producer owns a few trademark registrations for the terms PREMIUM VAPES and VAPE MASTER, although it was required to disclaim the word “premium” as merely laudatory in its US trademark application.  There are also some questions as to whether the word “vape” can function as a distinctive trademark in relation to the Complainant’s products. The Complainant’s earliest provable rights to these trademarks date to 2012.

The Respondent is based in the U.S. and registered the domains <premiumvape.com>, <premiumvapes.com> and <vapemaster.com> between 2009 and 2012 for websites promoting the sale of e-cigarettes. It seems that the Respondent and one of the Complainant’s owners were past business partners who set up a U.S. venture that, unfortunately, ended with a disagreement between the two individuals. However, during their tenure, the Respondent claims that the Complainant’s owner was aware of the disputed domains and consented to their use in promoting the U.S. venture.

The 3-member Panel in this case first addressed the question of whether the domains are confusingly similar to the Complainant’s trademarks under UDPR Par. 4(a)(i).  It quickly concluded that the word ‘premium’ is laudatory and descriptive of the Complainant’s goods and that the word “vape” is likely generic or merely descriptive for e-cigarettes. This left the Complainant with trademark rights only to the word “master” and the graphic components of its registrations.  The Panel ultimately concluded that the first two domains are not confusingly similar to the trademarks where the textual portions of such marks are not really protectable as such.

Next, the question of bad faith was addressed, and the Panel zeroed in on the prior business relationship between the parties.  It noted that there are many open questions surrounding this relationship, the creation of the trademarks, and whether the Complainant actually consented to the Respondent’s registration and use of the disputed domains.  Unfortunately, neither party provided sufficient details in their pleadings to answer these questions and so the Panel was left with little to go on in considering the par. 4(a)(iii) element of the UDRP.  In the end, it held that the words of a UDRP decision from 2000 still ring true today: “[t]o attempt to shoehorn what is essentially a business dispute between former partners into a proceeding to adjudicate cybersquatting is, at its core, misguided, if not a misuse of the Policy.”  It also noted that there is a question as to whether two of the Respondent’s domains were created prior to the earliest date on which the Complainant could claim trademark rights.  In the end, the claim was denied and the Respondent’s use of its domains continues.

The upshot of this case is a lesson for would-be complainants to carefully study the circumstances of its dispute and decide if it is truly one that is within the scope of the UDRP.  This policy, which was created to address cases of genuine cybersquatting, is not the proper forum for broader legal disputes and fine questions of law involving trademark distinctiveness, ownership rights, and business disagreements.  If the Complainant had sought the advice of an attorney with longstanding experience in UDRP practice it could have saved itself the wasted expense of fees and costs which, in the end, left it holding an armful of nothing but smoke…

Why is Social Media Important to Business?

The Good

Why is social media important for newer, smaller brands? Pushing out great content via social media posts – promoted or organic – allows these brands to address product questions quickly and publicly, as well as increase their brand awareness and recognition, driving customers to websites to make purchases (think companies like Betabrand or Alex and Ani).

Pic1

Why is social media important for other, more established brands? Social media can deepen existing customer relationships. Take Nike’s inspirational Instagram account; Kate Spade’s decadent travel-themed Pinterest boards; or Taco Bell’s massive and engaged Facebook following.

Pic2

But, of course, there are also challenges to running a successful digital strategy on Twitter, Facebook, and other platforms.

The Bad

A message could be hijacked, as was the case with McDonald’s #MDStories; even the platform’s use as a mouthpiece can be hijacked, as was the case with the now well-known parody account of @BPGlobalPR. Complaints have to be addressed or they risk getting shared by other unhappy customers; this means that human resources must be allocated in the form of social media-savvy customer service reps to help monitor and manage a brand’s online image.

The Ugly

Another challenge that social media brand managers must recognize and deal with is that of a socialsquatter; a socialsquatter could create a handle using a well-known trademark that tricks users into thinking it is owned by the corporation or company and start fake contests. With this challenge, social media brand managers need to pull in legal professionals into the room to weigh options: Use and abuse policies vary from platform to platform, adding another element of complexity to managing brand presence online.

Social media brand managers, legal, and other marketing minds also must work together when considering whether the risks are worth the rewards; as Ferrero SpA discovered in their legal departments’ pursuit of NutellaDay.com, sometimes the public backlash is much worse than any perceived risk posed by the domain name or social media username being in someone else’s hands.

Hungry? This Case Is A Buffet of UDRP Issues!

shutterstock_132955583

Most UDRP cases turn on one major issue – maybe the domain was registered before the complainant acquired trademark rights or the website for the domain is an example of fair-use, such as a fan page. Perhaps the domain just isn’t confusingly similar to the complainant’s brand.

Here, there were at least three major issues for the Panelist to contend with and decide on.

Since at least 1988, the joint Complainants have owned the trademark ZIPP for bicycle components, including wheels. The Respondent, a former distributor for the complainant, registered the domain zippwheels.com in 2001 and initially redirected it to the Complainant’s own website. More recently, however, the domain has redirected to a website controlled by the Respondent on which at least one legitimate ZIPP product is sold amongst others shown on the site.

Finding that the domain is confusingly similar to the ZIPP trademark (not a stretch by any means), the Panelist went on to consider whether the Respondent was making a bona fide use of the domain for a legitimate business purpose. Addressing the first major issue of the case, he cited one of my personal favorite UDRP cases, Oki Data Americas, Inc. v. ASD, Inc., WIPO Case No. D2001-0903 which says that even unauthorized dealers and distributors may use a trademark in their domain if they meet certain criteria, two of which being that they use their website to sell only the trademarked goods and that they clearly disclose their relationship (or lack thereof) with the trademark owner.

Here, although one legitimate ZIPP product was sold on the Respondent’s current website, other products of a competing manufacturer were also shown. Further, there was no mention of the Respondent’s former or current lack of a relationship with the Complainants. So the Panel decided that the Oki Data case was of no help to the Respondent.

Second, the long delay in bringing this action (13 years) was examined and the Panelist noted that delay (often called “laches”) is typically not a defense to UDRP complaints but may be considered under some circumstances.

And this ties into the third major issue of the case: Whether the Respondent both registered and used the domain in bad faith. The Panel went into a discussion of the two views of this UDRP language with the majority considering the requirement conjunctive (the clear meaning of the word “and”) and a minority view that use and registration are actually a unified concept and so bad faith in either one of them may support a decision to transfer a domain.

Noting that Respondent was, in fact, an authorized distributor of the Complainant’s products back in 2001 and that archival screenshots of Respondent’s website show that the domain was used only to promote the Complainant’s products, the Panel found that whatever the current use, the domain was not registered in bad faith 13 years ago and the first notice the Respondent received of the Complainant’s concern was when it received a demand letter in January of 2014.

So, in the end, does this former distributor get to keep his domain and continue using it to sell both ZIPP and other products? Since the UDRP is a limited-use tool intended only to address cases of cybersquatting and not contractual or more subtle infringement disputes, the answer to this question will depend on whether the Complainants pursue the matter in a courtroom – the proper venue for such disputes.

Alphabet Soup – The ICANN Edition

We’ve dipped into the alphabet soup of Internet governance meetings, and now it’s time to cover a whole new set of acronyms that you might see cropping up: ICANN acronyms.

The Internet Corporation for Assigned Names and Numbers’ (ICANN) holds three public meetings a year, and a variety of stakeholders – Internet users, businesses, policy makers, government representatives – are meeting up in various combinations to take on pressing issues in the DNS (the Domain Name System.) The DNS translates the domain name you type into the corresponding IP address, and connects you to your desired website.

First, a little more on ICANN: ICANN is an internationally organized, non-profit corporation responsible for coordinating the technical services required for the ongoing operation of the Internet. As a private-public partnership, ICANN says it is dedicated to preserving the operational stability of the Internet; to promoting competition; to achieving broad representation of global Internet communities; and to developing policy appropriate to its mission through bottom-up, consensus-based processes.

So, what are some of the groups that comprise this bottom-up, consensus-based policy development process?

GNSO: The Generic Names Supporting Organization is one of the groups that helps coordinate global Internet policy at ICANN. It is responsible for creating policy applicable to generic top-level domains (gTLDs) and is comprised of four stakeholder groups (SG):

  • Commercial Stakeholder Group
    • Here you’ll find the Business Constituency (BC), Internet Service Providers (ISP Constituency), and Intellectual Property professionals (IP Constituency)
  • Non-Commercial Stakeholder Group
    • Non-Commercial users and non-profits
  • Registrars Stakeholder group
  • Registries Stakeholder group
    • Sometimes you’ll hear about the opinions of the “NTAG” – this is the New TLD Applicant Group, entities whose TLDs aren’t operational yet but who might be preparing to enter into the stakeholder group as full voting members once they operate those TLDs. In the mean time, the NTAG helps organize the voices of applicants.

You may also hear about “Advisory Committees” such as:

  • ALAC: The At-Large Advisory Committee is where you can find individual Internet users represented in the policy development process.
  • GAC: The Governmental Advisory Committee (GAC) is an advisory committee comprised of appointed representatives of national governments, multi-national governmental organizations and treaty organizations, and distinct economies. It advises the ICANN Board on matters of concern to governments. The GAC operates as a forum for the discussion of government interests and concerns, including consumer interests. As an ICANN advisory committee, the GAC has no legal authority to act but it does report its findings and recommendations to the ICANN Board.
  • SSAC: The Security and Stability Advisory Committee advises the community on – you guessed it – the security and stability of the Internet as it pertains to technical matters of operation, registration, and administration.

There’s plenty more to ICANN, but knowing how different stakeholders group together can help give you a bigger picture of how the multistakeholder model works. For more acronyms and definitions visit beyondthedot.org – a great resource to point folks to for a reference on the world of ICANN and new gTLDs.

Delay In Website Setup Leads To Transfer Order?

Having been in this business for many years and having handled thousands of domain disputes I’ve found that owners of these disputed domains seem to fall into one of a small number of categories, such as: The hard-core cybersquatter; the shifty squatter who tries to concoct an overly-creative yarn to defend its domain; the pragmatic and quick-profit domain investor; and the owner who actually has a good and defensible story to tell.

But the category that’s often the most difficult to handle is the naïve owner who didn’t realize they were doing something that would get them into hot water.  These owners often register and use their domains in such a way that is technically infringing though they may not understand the implications of their actions until it’s too late.  Conversations with these owners have been some of the most challenging of my career as they require tact, careful and repeated explanation of the law, and lots and lots of patience. Sometimes the owner gets it and we’re able to resolve the matter, but sometimes they just refuse to budge often forcing the brand owner to make a hard decision on whether to take the dispute a step further.

A recent case involving the domain usedhaasparts.com seems to fall somewhere between this last category and one where the owner has a good story. The complainant’s HAAS trademark is used on factory milling and machining tools. The disputed domain name was registered earlier this year and the UDRP complaint was filed in September.  In between those dates there was some correspondence between the parties, although the decision only gives limited specifics about the Respondent’s offer to sell the domain to the Complainant for “what I have in it along with what GoDaddy charged me.”

However, I feel the most important facts of the case are 1) the Respondent owns a business that sells new and used factory machines; 2) he claims that he intended to use the usedhaasparts.com domain to actually sell used parts for HAAS products; and 3) at the time he was first contacted by Complainant, he hadn’t yet set up his website which was then showing pay-per-click links to Complainant’s competitors.

So, here we have a guy who perhaps could have more quickly gotten his site up and running and, if it was set up in compliance with UDRP precedent which allows some “fair use” of trademarks, this decision could have gone very differently.  No mention was made in the decision about the time between the domain’s registration and the filing of the UDRP complaint or whether it was reasonable for the Respondent to have launched his site within that time.  However, the Respondent’s offer to sell the domain to the Complainant was also not considered by the Panelist and I suspect this is because the offer was probably made in response to a demand letter from the Complainant and the amount requested may not have risen beyond the Respondent’s out-of-pocket costs.

In the end, it seems this Respondent’s hosting of competitive links on his website lead to his downfall.  The message is clear – domain owners must educate themselves on what is and is not permitted when using a domain that contains a trademark and, if they’re going to do something defensible, do it as soon as possible after registering the domain.

You Gotta Know When To Fold ‘Em… Know When To Walk Away…

The UDRP decision over the domain name myschool.com seems to be a classic case of a complainant who got angry at an ambitious domain investor and over-estimated the strength of its trademark rights.

The Facts

The Complainant in the National Arbitration Forum (NAF) Claim FA 1578228 owns a 2009 TM registration for the mark MY SCHOOL and uses it at its www.MySchool411.com social website where students, parents, faculty, and alumni can connect with others from their school. The Respondent is a domain investor and owns many other domain names that it created or purchased at auction. These domains are made up of generic or descriptive words, and there is no claim that they infringe on other trademarks. The domain name in question in this complaint, myschool.com, was first created in 1996 but Respondent purchased it at auction in 2013 for $42,000 and has it resolve to a pay-per-click site with school related listings.

The Complainant claims that the “Respondent is using the domain name to redirect Internet users and to extort money from Complainant to purchase the domain name” since the Respondent had offered to sell the domain to the Complainant for an unspecified amount of money. The Respondent claims that its domain is merely descriptive, that it had no knowledge of Complainant or its mark, and that “Complaint is trying to hijack the domain name to which he was never entitled.”

The Decision

The three-member Panel held that “The selling of domain names comprised of generic terms is a recognized and legitimate practice” and noted that the “Respondent has legitimately used the domain name for advertising related to the descriptive nature of the domain name itself” – the school related links on its site. So, the case was denied because Complainant couldn’t prove that the Respondent has no rights or legitimate interest in the domain.

Unpacking the Results

Although the Complainant somehow managed to get its mark registered in the U.S., this doesn’t mean it’s a strong mark that is capable of being enforced against all other uses.

The fact that the Complainant’s business is also relatively obscure likely didn’t help. American Airlines can enforce its mark more broadly because it is famous and has been around for decades. However, a little known site called MYSCHOOL – even without a space between the words – that is focused on connecting people who went to a particular academic institution can’t reasonably expect to be able to stop all other school-related uses of that phrase.

Another interesting facet of this decision is its lack of discussion about the relative dates of each party’s rights.  Typically, when a domain name predates a complainant’s trademark rights, there can be no bad faith since the respondent wouldn’t have even known about the trademark at the time it registered the domain.  However, it is an established concept in UDRP jurisprudence that you must consider whether the respondent acted in bad faith at the time it acquired the domain if this was after the domain’s original creation.  Here, the Respondent may not have argued that the 1996 creation of the myschool.com domain predates Complainant’s trademark rights, which could be why the Panel never addressed it. However, had he raised the point, he would have learned that his acquisition of the domain after the Complainant’s trademark came in to existence starts the clock running again and, in that scenario, the Complainant would have prior rights.

In the end, I agree with the outcome in this case and think that an attorney experienced in domain name enforcement matters would have advised this Complainant that the UDRP was not a good choice for addressing the situation. Sometimes you’ve gotta bite the bullet and pay a domain investor to acquire the name you want or be prepared to just walk away and accept that you have to coexist with another domain out there that’s similar to your weak brand.

The Complainant should also consider itself lucky that it avoided a finding of reverse domain hijacking. But I expect its ownership of actual trademark registrations for the MYSCHOOL mark caused the Panel to lean the way it did.

Federal Domain Name Policy for .Gov Websites is Putting People at Risk

Michael Olenick of West Palm Beach, FL was so irritated with his experience on ‘fafsa.com’ that he created a petition in an effort to prompt an investigation into the website’s practices.

FAFSA, or the Dept. of Education’s “Free Application for Student Aid” has two legitimate websites ending in .gov and .ed.gov, but the .com address has allegedly been using predatory financial practices for years.

Olenick claims that the website has been misleading students applying for financial aid into paying $79.99 for a service that the government provides for free.

Fraud, deception, and other predatory practices are unfortunately prevalent on the Internet, but the practice of deceiving consumers with websites using government names is avoidable.

What is becoming clear is that the current domain name policy implemented by the federal government for .gov websites is creating some unintended consequences and could be directly related to encouraging bad behavior on the Internet.

How did the Digital Government Strategy affect .Gov Websites?

In 2012, the United States released its Digital Government Strategy, which outlines the steps being taken to improve the quality and efficiency of government services online.

As a part of this initiative the General Services Administration, the agency that is responsible for registering second level names under .gov, implemented the “no new domains” policy.

Under this policy, federal agencies can no longer obtain new second-level domains unless they are afforded an exception. This exception is typically done on the grounds of consolidating websites.

The policy also reinforced the standing registration rule that all government domains must use .gov and cannot use top-level domains such as .com and .net. Thus ensuring all agencies are .gov websites.

The federal government created this system of consolidation and standardization of federal government websites to deliver better digital services. Having a consistent, tightly controlled gTLD like .gov helps the federal government ensure authentic, accurate information is getting out to Internet users.

However, the “no new domains” policy, as well as the lack of a large public awareness campaign about .gov websites, has inadvertently fostered some problems for Internet users.

The Exploitation of .Gov Websites

The Internet is full of examples of websites that appear in some form or another to be official government sites, but aren’t.

If a veteran seeking assistance from the Department of Veterans Affairs (VA) mistakenly navigates to ‘va.org’, he or she will discover content that is as relevant as it is potentially misleading.

In another example, taxpayers may navigate to IRS.com and believe that they are on the official Internal Revenue Service website.

These sites appear to be related to the VA and the IRS but they exist to generate revenue and may be looking to take advantage of unsuspecting users.

The delegation of nearly 1,400 new generic TLDs currently underway will certainly create the potential for greater confusion. The U.S. government must be cognizant of the frequency at which these websites will emerge and the severity of the scams involved.

There are a variety of potential misuse cases, several of which are highlighted by these examples:

  • CIA.agency
  • EPA.careers
  • IRS.claims
  • SEC.email
  • VA.services

Any of these domains could be linked with solicitation, extortion, or even fraud if they fall into the hands of nefarious actors.

A Path to Consumer Safety When it Comes to .Gov Websites

There is some good news. The government has already completed a sizeable amount of work in auditing the entire .gov websites portfolio.

The current number of registered names has been reduced by nearly 25% and every state, including the District of Columbia and nearly every U.S. territory has an operational .gov website.

This type of audit is a critical first step towards creating a domain name portfolio that reduces the potential for consumer harm when it pertains to .gov websites.

Taking into account that consumer behavior is difficult to predict, there are measures that can be taken to protect customers without compromising the work already underway:

  1. Develop a public awareness campaign to educate customers. In the case of the U.S. government, the campaign would communicate that official federal government information is only found on .gov websites
  2. Consider cleaning up the Internet by obtaining websites in other top-level domains, such as .com, that are directly related to government agencies and programs, but are misleading customers
  3. Register agency trademarks with the Trademark Clearing House and participate in sunrise and land rush periods during the launch of new generic TLDs

As the Internet continues to expand at an unprecedented rate it is in everyone’s best interest for federal agencies to control as many relevant points of entry as possible on the web.