11.2 Expanding Trademark Rights

Throughout the domain name controversies, almost all sides of the dispute have reiterated the principle that new laws or policies should neither expand nor diminish traditional intellectual property rights. The Commerce Department White Paper claimed that its proposals 'were designed to provide trademark holders with the same rights they have in the physical world' (NTIA 1998b, sec. 8). WIPO (2001) also made a point of emphasizing this claim: '[T]he goal of the first WIPO process was not to create new rights in intellectual property, nor to accord greater protection to intellectual property in cyberspace than that which existed elsewhere. Rather, the goal was to give proper and adequate expression to the existing, multilaterally agreed standards of intellectual property protection in the context of the multi-jurisdictional medium of the Internet' (para. 18).

The notion that we are simply translating traditional rights into a new medium is easily exposed as fiction, however. The only way to do this would be to apply trademark concepts to domain name disputes on a caseby-case basis, using traditional legal standards and institutional methods. Instead, ICANN and its backers have directly inserted trademark protection criteria into the administration of the technical system. This is inherently problematical. Trademark rights are based on subjective criteria, involving factors such as interpretation, culture, and confusion.

Everything depends on the context and the way the name is used. Rights in the domain name system, on the other hand, are based primarily on technical exclusivity. Furthermore, trademark rights are territorial, whereas domain names are inherently global in scope. It is therefore impossible to map DNS administration and trademark protection onto each other without fundamentally changing the nature of the rights involved.

And we are in the process of altering the nature of name rights. Much attention has been devoted to the threat of cybersquatting. Less attention has been paid to the danger that measures to control it are expanding property rights to names at the expense of free expression, privacy, and competition.

11.2.1 Mechanized Rights

Increasingly in the domain name space rights are established and defended not through ex post facto litigation that applies a legal standard to a particular situation, but by preemptive regulation. By 'preemptive regulation' I mean techniques that protect name rights on an ex ante basis by hardwiring certain kinds of protection into the technical system. Rights become mechanized, the ultimate example of what Lessig (1999) calls regulation by Code.

The clearest examples of preemptive regulation are name exclusions. If one controls the root, one can insert into all contracts with domain name registries a list of prohibited names or words, and require all registries to check all applications for registrations against that list and block any registrations that match the words on the list. In other words, control of the DNS root can be exploited to make the assignment of certain names impossible, regardless of who uses them, the purpose of the use (e.g., commercial or noncommercial), or the impact of the use on the mark holder.

WIPO promoted the idea of across-the-board exclusions for major trademark holders during its first domain name process in 1999 (WIPO 1998; 1999). It advocated creating a list of globally famous trademarks that would then be excluded entirely from the DNS database. The list of famous marks would be compiled by WIPO through an application and review process that did not impose any fixed limit on the number of companies or marks to be granted this exclusive status. The proposal was a rather dramatic contradiction of WIPO's claim that it did not want to create new rights. An authoritative list of famous trademarks that is accepted on a global scale simply did not exist then, nor does it now. Had the ICANN process not blocked it, WIPO would have created a completely new kind of name right and implemented it via the domain name space.

But WIPO is not the only organization to advocate and use name exclusions. ICANN's staff unilaterally imposed a significant number of name exclusions upon the new generic top-level domain registries it created in 2001. Most of the affected names were acronyms and names associated with the Internet technical community and ICANN's own organizational subsidiaries. ^{[3 ]}Some of the excluded acronyms, however, were actually trademarked by private companies in various places in the world. Generic words like ripe and museum were excluded. The fact that global rights could be created by fiat, without any policy consultation or oversight, speaks to the potential power inherent in ICANN's position at the root.

Another form of preemptive regulation is simply the refusal to permit the creation of new top-level domains. Trademark holders fought successfully against the creation of any new TLDs from 1997 to 2000 because it would raise their policing costs and increase the possibility that someone, somewhere, might register a name that a trademark owner finds objectionable. If there are no new TLDs, that can't happen and, of course, there is no need to judge whether a particular registration really is diluting or infringing a trademark. The situation is analogous to what might happen if photocopying machines were banned, or access to them tightly regulated by a copyright authority. Obviously, there would be fewer violations of the copyrights of book publishers and scholarly journal publishers. But all kinds of legitimate and legal activities would be curtailed, too.

There is, of course, nothing new about attempts by incumbent intellectual property holders to block the introduction of services or technologies that (they feel) threaten the exclusivity of intellectual property. Major copyright holders attempted to ban videocassette recorders on the grounds that someone might use them to make illegal copies. ^{[4 ]}In those cases, U.S. courts and legislators adhered to the commonsense principle that one must not prohibit an entire business simply because a small portion of the activity it generates might be violating copyright or trademark laws. In the domain name space, however, intellectual property interests have achieved the kind of prior restraint that they have sought but never been given in other new communication media. Intellectual property holders have succeeded in gaining control, or a large amount of influence, over the point of market entry.

Preemptive regulation can also take the form of procedures regulating the initial assignment of names in new top-level domains. So-called 'sunrise' procedures, for example, give trademark owners privileged access to domain name registrations in the opening phase of new top-level domains. A proposal put forward by the Intellectual Property Constituency of the Domain Name Supporting Organization (DNSO), for example, demanded a 30-day period prior to the public launch of a new top-level domain during which registrations would only be available to trademark owners. The plan, dubbed 'sunrise plus twenty,' allowed a trademark owner whose mark was at least one year old to register 21 variations of a trademarked name within the new TLDs. It also asked registries to supply these ' sunrise' registrations at a discount to normal domain name registration fees. Such procedures privilege trademark owners over other claimants regardless of whether classical infringement is involved. This is a completely new kind of trademark right; such preemptive privileges over the adoption of names by presumptively innocent third parties have never existed before. Indeed, the rights created both by the famous marks exclusion and the 'sunrise-plus' proposals are so far afield of traditional trademark rights that they would bring many legitimate trademark holders into conflict with each other. Although the extreme version of 'sunrise' sought by the International Trademark Association (INTA) and other large trademark holders was not implemented, many of the new TLDs licensed by ICANN did adopt milder variants of the 'sunrise' proposal. Indeed, even the new .name top-level domain, which was supposed to be devoted exclusively to individual domain name holders who wanted their domain name to reflect their personal identity, adopted a 'sunrise' procedure.

The problem with name exclusions, 'sunrise' proposals, and other preemptive rights should be apparent. They substitute technical exclusivity and ex ante rules for what should be ex post legal judgments. Hence, they are completely insensitive to the boundaries and limitations that normally accompany trademark rights. Limitations on the ownership of words and names meant to protect freedom of speech and fair use can easily be squashed in a regime based on technical exclusivities. An across-the-board name exclusion doesn't distinguish between the name ford.sucks, which might be used legitimately for a protest site about the automobile company, and a deceptive or infringing registration of the domain name ford.com. It cannot make a distinction between the many legitimate concurrent uses that might be made of trademarked words, such as the Ford Theatre, the Ford Modeling agency, and the Ford Motor Company.

Neither WIPO nor the trademark interests have succeeded in getting all the preemptive rights they wanted out of the new regime. But it is significant that such rights are constantly being sought and that it is fairly easy to implement them as long as artificial scarcity is maintained and ICANN continues to link technical coordination to policymaking. The new regime encourages and rewards such expansion. Fighting against it, on the other hand, is costly and difficult.

11.2.2 Expanding Surveillance Rights

A critical part of maintaining any property right is the need to monitor its boundaries, that is, to identify perceived violations of the right and take effective enforcement action against them. Under traditional trademark practice, the owner of a mark is responsible for all policing and monitoring activity and costs. In the physical world, there is no single, integrated, global database of company, product, or brand names in which everyone must register. Trademark policing relies on a variety of activities: monitoring official trademark registers, checking telephone directories and Yellow Pages, searching industrial directories, and physically examining products in stores, to name a few. A number of specialized firms supply this surveillance function on a commercial basis to major brand holders.

As discussed in chapter 9, the creation of an institutional regime based on control of the DNS root has made it possible for intellectual property interests to claim new and expansive rights of surveillance over the adoption of names by users. The vehicle for these new rights is the WHOIS database.

The WHOIS database allows one to type in a domain name and pull up the name and address of the individual or company that registered the domain. It also shows the dates on which the domain was created, when it expires, and when it was last updated. It includes the name, address, and contact numbers of the domain technical administrator as well as technical information, such as the domain name and IP addresses of the name servers to used to resolve a name. The protocol was invented by the original creators of the Internet to provide information that might be needed to resolve technical problems involving a domain or an IP address. Later, the information proved to be useful in tracing the source of spam or hacking attacks. As domain names became economically valuable, WHOIS also became a popular way of finding out which domain names were taken, who had registered them and when, and when the registration would expire.

With the emergence of domain name-trademark conflicts, the WHOIS protocol took on a new function. It became a surveillance tool for intellectual property holders. The intellectual property interests discovered that they could perform searches for character strings that matched trademarks, and pull up many of the domain name registrations in the generic top-level domains that matched or contained a trademark. This automated and universal searching function proved to be so valuable to the trademark interests that they began to demand that the WHOIS surveillance functions be institutionalized, expanded, and subsidized.

The first WIPO process recommended that the contact details in a WHOIS record be contractually required to be complete, accurate, and upto-date, on penalty of forfeiture of the domain name (WIPO 1999, para. 73). The intellectual property interests also demanded 'bulk access' to the WHOIS data of domain name registrars, that is, the right to purchase the complete list and contact data for all of a registrar's customers in one fell swoop. They now want WHOIS functionality to be expanded, so that data can be searchable by domain name, the registrants' name or postal address, technical or administrative contact name, NIC handles, ^{[5 ]}and IP addresses. They also want searches to be based on Boolean operators or incomplete matches, as well as exact string matches. Further, they are requesting that the results of searches not be limited to a certain number (Network Solutions can only return 50 records at a time). Moreover, they want this expanded capability to be subsidized, that is, they want it to be considered a part of the public Internet infrastructure and not a valueadded service that they would have to pay for. Not content with the already massive reduction in transaction costs brought about by the mere existence of a single, integrated name space that can be searched using automated tools, they want to shift the costs of policing and monitoring the trademark-domain name interface onto users, registries, and registrars.

As noted in chapter 9, the issue is no longer exclusively one of trademark surveillance and protection. Copyright interests now view expanded WHOIS functionality as a way to identify and serve process upon the owners of allegedly infringing Web sites. That is, 'technical coordination' of the domain name system is already being leveraged to police the content of Web sites as well as their domain names. Moreover, public law enforcement agencies, notably the U.S. Federal Bureau of Investigation, have become deeply interested in the use of WHOIS to supplement their law enforcement activities. Ultimately, the intent seems to be to make a domain name the cyberspace equivalent of a driver's license. Only, unlike the driver's licenses database, this one would be publicly accessible to anyone and everyone to rummage through as they pleased.

Whether one supports or opposes the intellectual property interests' agenda for the WHOIS service, it is incontestable that the surveillance rights they are seeking are more comprehensive than any that have existed before. A reduction of transaction costs per se is not bad; indeed, from an economic standpoint, lower transaction costs, almost by definition, contribute to greater efficiency. The problem is that the expansive and compulsory WHOIS functions sought by the intellectual property interests do not reduce transaction costs for all. They mostly shift cost and risks that used to be assumed by intellectual property owners onto end users, registries, and registrars, in order to make life easier for trademark owners. End users are being asked to sacrifice privacy and expose themselves to spam, slamming, and other unsavory practices that exploit the open availability of WHOIS data. Registrars are required to lose control of their customer lists. Both registries and registrars must make major investments in software and infrastructure to support the comprehensive global surveillance capabilities sought by the intellectual property interests.

To compel everyone in the domain name space to expose themselves to surveillance expands the strength and comprehensiveness of intellectual property owners' rights over names. To require that the system be funded by the subjects of the surveillance is the coup de gr‚ce.

Just how radical a shift in the balance of power the intellectual property agenda for WHOIS represents was illustrated by an amusing exchange on a public email list between Judy Henslee, the U.S. trademark manager for Harley-Davidson motorcycles, and an intellectual property lawyer, John Berryhill. Ms. Henslee was complaining about the limitations of the current WHOIS protocol on the INTA email list, and she concluded, 'The ability to produce (or at the very least, purchase) accurate lists of all domains owned by a single person or entity would be extremely helpful to the trademark owner.' Mr. Berryhill replied,

Dear Ms. Henslee,

I was sitting on my back porch this evening, and someone drove by riding a Harley Davidson motorcycle with a defective exhaust system. My community has strictly enforced noise and smog ordinances, and this person was clearly in violation of both. This person was also not wearing a helmet, in violation of the law. I shouted at the rider, whereupon he rode across and damaged my lawn. I would like to bring a trespass action against him, but I could not identify him. However, I can identify the make, model, year and color of the hog. I went to your Web site, and I noticed that Harley Davidson does not provide a readily accessible database of warranty registrations or, indeed, any other information that will assist me to identify the violator. As you surely can appreciate based on your comments concerning the WHOIS database, your provision of this information would certainly help in bringing this lawbreaker to justice, as well as anyone else who uses a Harley Davidson product to violate the law. As I'm sure you are aware, despite the fine reputation enjoyed by Harley, and my own admiration for your machines, there is an element of the subculture associated with your company's product which has been known to demonstrate a pattern of unlawful behavior such as gang activity and drug transportation. Many of them may own more than one motorcycle. So, I'm sure there is considerable demand for this data.

Since there doesn't appear to be a convenient database, is there some way that I can arrange to purchase the names, postal addresses, email addresses, and telephone and fax numbers of people who own Harley Davidson motorcycles? If I send the description to you, will you help me identify the owner?

The Harley-Davidson lawyer was not amused by the parallel. But she did not argue effectively against its validity. Under ICANN's contractual regime, the consumers and suppliers of domain name registration services are required to facilitate their own surveillance by intellectual property owners. If we apply the same logic to any other industry, it seems absurdly overreaching. Motorcycles can be used to break the law, but we do not require all vehicle manufacturers to create a publicly accessible, global database with complete and accurate contact information about all their customers. Even the official, state-issued licenses attached to such vehicles are not open to anyone who wants to search through them; one must go through official law enforcement channels and demonstrate some cause of action. The linkage of resource administration to policy and regulation in the domain name regime has given intellectual property interests much more extensive rights of surveillance than they had before.

^{[3 ]}The following names are reserved at the second level and at all other levels within the TLD at which an ICANN-accredited registry operator makes registrations: .aso, .dnso, .icann, .internic, .pso, .afrinic, .apnic, .arin, .example, . gtldservers, .iab, .iana, .iana-servers, .iesg, .ietf, .irtf, .istf, .lacnic, .latnic, .rfc-editor, .ripe, .root-servers. The following names are reserved at the second level: .aero, .arpa, .biz, .com, .coop, .edu, .gov, .info, .int, .mil, .museum, .name, .net, .org, .pro.

^{[4 ]}Sony Corp. of Am. v. Universal City Studios, Inc., 464 U.S. 417 (1984).

^{[5 ]}The NIC handle is a short, unique alphanumeric code that a registry assigns to a domain name holder when the registrant registers a name. People who use different names might use the same NIC handle in the WHOIS record.