By: Chelsea VanderWoude
Trademarks and domain names have become an increasing point of concern for those who conduct business online. Any company that owns a trademark and operates a website may have its fair share of intellectual property headaches – from trademark infringement to cybersquatters. Now, any and all trademark owners may find their portfolios at the mercy of European regulations when it comes to resolving such issues.
ICANN (Internet Corporation For Assigned Names and Numbers) is a not-for-profit multi-stakeholder group and is the de-facto face of Top Level Domains (TLDs) and generic Top Level Domains (gTLDs) such as .com, .gov, .mil, etc. In the 1990’s the Department of Commerce commissioned the ICANN to manage DNS servers, i.e. internet names and addresses, in an effort to privatize such development for the benefit of stability, competition, bottom-up coordination, and representation. Following its inception, ICANN developed TLD’s and gTLD’s in conjunction with the Department of Commerce’s National Telecommunications and Information Administration (NTIA), extending the list of TLDs and gTLDs significantly.
In 2016, the Department of Commerce’s control over ICANN came to an end, and ICANN now operates autonomously. ICANN is composed of a Board, supporting organizations, councils, and advisory committees, all focusing on a “community-based, consensus-driven, policy-making” approach; essentially, ICANN is a large committee with no executive oversight apart from its Board.
Among its various functions, ICANN administers the Uniform Domain Name and Dispute Resolution Policy (UDRP). The UDRP allows bona fide trademark holders to take down cybersquatters abusing the holder’s registered trademark on a domain name. ICANN also runs WHOIS, a database that allows anyone to enter a domain name and discover who the registered domain holder is, as well as their contact information.
In view of the upcoming implementation of Europe’s new General Data Protection Regulations (GDPR) on May 25, 2018, ICANN is considering the largest shift in its policies since it became autonomous. Among other things, the GDPR, once implemented, will require WHOIS to prevent public access to the identity of domain owners and their addresses based in Europe.
Muddled by community-based approval on an international scale, ICANN has struggled to put forth an adequate solution to address the changes required by the GDRP to the WHOIS system. In January 2018, ICANN introduced several draft models addressing the impending changes required by the GDRP. By March, the options were winnowed down to a single draft interim model referred to as the “Cookbook.” To date, ICANN has not proposed a final model. Among other things, the “Cookbook” proposes that there will be no publicly accessible information that would allow one to find the identity and address of a domain name owner. Notably that restriction is not limited to Europe. Rather it is proposed to take effect world-wide.
Because ICANN holds all DNS server information world-wide, there is no alternative access to this data. Without ownership data available through WHOIS, it will be very difficult for trademark holders to track down the identity of intellectual property infringers or cybersquatters – leaving them with few or no reasonable options to stop infringement of their rights on the Internet.
Consequently, the interim model (should it be accepted) may require an intellectual property firm to list all clients it may need to conduct intellectual property enforcement research on during the course of the year, and provide a list of claimed IP for each one. Investigative searches performed by the firm may also be open to third-party audit. That presents numerous legal and ethical issues for intellectual property practitioners and their clients. Because intellectual property attorneys would need to submit information detailing what intellectual property (IP) is owned by their clients, they will need to carefully consider who will have access to this information once it is submitted. Providing such information may be considered public disclosure of client confidential information, potentially breaching legal and ethical obligations of the attorney to their client. Providing such information to ICANN could also create other types of problems. For example, if an IP owner has a common law trademark but the IP listed in the WHOIS accreditation form does not include it, that omission could be used as evidence against the IP owner in a later dispute with a third-party. Such concerns could be addressed with various informational safeguards. But at this time, it is uncertain what, if any, safety measures will be employed regarding such information.
In addition to the above concerns, because the proposed interim model has not yet been approved there is no manner in which an IP firm can be pre-emptively accredited. It is likely, therefore, that intellectual property firms will have to operate as an unaccredited user for some time, leaving them without access to important information for protecting their clients’ rights.
A vote to approve or disapprove the interim model will likely occur on May 17, 2018. As the interim model has not been met with enthusiasm, there is a chance it will not be approved. Indeed, numerous international parties and even ICANN’s own advisory committee have spoken out against the model. For example, on April 11, 2018, the Article 29 Data Protection Working Party (Art. 29 WP) (an advisory board of the European Commission) sent a letter to ICANN in response to its proposed interim model. In it, the Art. 29 WP “encourages ICANN to explore a wide range of mechanisms that could be used to identify third parties who have a legitimate ground for accessing non-public WHOIS data…” On April 16, 2018, NTIA sent a public letter to ICANN addressing these issues, specifically scolding GoDaddy for restricting ownership information on WHOIS in anticipation of the GDPR’s implementation. NTIA noted that such restrictions are a “grave concern” and requested ICANN to step in and remedy the situation. NTIA also warned that the failure of ICANN to provide DNS server information may lead to third-parties entering the field and replacing it.
The Governmental Advisory Committee (GAC), one of ICANN’s own advisory committees, also provided comments in March which stated that more information could be publicly available than what will be available under the interim model’s current draft. Specifically, the GAC advised the ICANN Board (1) distinguish between legal and natural persons, allowing for public access of WHOIS data of legal entities, as the GDPR is meant to protect data of individual persons, and (2) ensure continued access to WHOIS for users with a legitimate purpose until the new WHOIS model is fully operational. On May 11, Cherine Chalaby, Chair of ICANN’s Board of Directors, responded that the Board’s preliminary position is to reject those requests based on “competing views in the community.”
This situation has exposed a major flaw in ICANN’s structure. The committee-approach on the world stage has left ICANN, and the internet community, paralyzed. If this situation occurred two years ago, NTIA would still be empowered to take control. With no executive authority who can step in and remedy ICANN’s missteps, however, the current proposed interim model presents serious challenges to the enforcement of modern trademark rights. Approval of the model will also leave many questions unanswered, such as: How long will it take to implement the interim model? How long will it take IP practitioners to become accredited? What impact will the interim model have on client confidentiality issues? How will IP owners react to the potential disclosure of their portfolios to third parties? And what will the final model look like?
For the time being, the future of WHOIS, and possibly ICANN, remains uncertain. Perhaps the final version will not raise so many concerns; perhaps non-ICANN accredited registrars will enter ICANN’s field and offer new solutions and access to information. Only one thing is for certain—online intellectual property enforcement is likely to significantly change in the near future.