Law

Law / Featured Blogs

Domain Enforcement in a Post-GDPR World

The implementation of the General Data Protection Regulation (GDPR), and ICANN's conservative temporary policy, which favors privacy and limits registrar liability, has made domain enforcement against cybersquatters, cyber criminals and infringement more difficult, expensive and slow. With heightened concerns over privacy following high-profile breaches of consumer data and its subsequent illicit use and distribution, there is no question that consumer data protection practices would come under scrutiny.

Dead Ends: The Achievement of Consensus in UDRP Jurisprudence

Like the Internet Corporation for Assigned Names and Numbers (ICANN), the Uniform Domain Name Dispute Resolution Policy (UDRP) is consensus-driven; from the bottom up, not the top down. The result is a jurisprudence of domain names that develops in common-law fashion through Panel decisions that over time and through "deliberative conversations" among panelists resolve into consensus.

Internet Consolidation at EuroDIG 2019: Questions in Need of Answers

At EuroDIG 2019 a workshop was organised around the topic of consolidation on the Internet. It was organised around four angles: technique, competition, society and human rights and; future research. One thing became extremely clear: no one contested that consolidation is taking place nor that this already has and will have an impact on the Internet and consecutively on society.

What is a Security Mechanism?

Orin Kerr recently blogged about a 9th Circuit decision that held that scraping a public web site (probably) doesn't violate the Computer Fraud and Abuse Act (CFAA)... On its surface, it makes sense – you can't steal something that's public – but I think the simplicity of the rule is hiding some profound questions. One, I believe, can most easily be expressed as "what is the cost of the 'attack'"? That is, how much effort must someone expend to get the data? Does that matter? Should it?

IGF Best Practice Forums, an Opportunity to Bring Your Experience to the Policy Debate

In the run-up to the 14th Internet Governance Forum in Berlin, Germany, 25 to 29 November, different groups are discussing best practices pertaining to specific internet governance policy questions. These groups are open and thrive on your input and experiences. Their findings will be presented at the IGF and published shortly after. The IGF Best Practice Forums intend to inform internet governance policy debates by drawing on the immense and diverse range of experience and expertise...

Recovering Domain Names Lost to Fraudulent Transfer

Domain Names composed of generic terms and combinations – dictionary words, random letters, and short strings – have achieved ascending values in the secondary market. DNJournal.com (Ron Jackson) reports on his year to date chart, for example (just a random sampling from the charts) in August 2019 joyride.com was sold for $300,000, in June voice.com sold for $30 million, in July rx.com sold for $1 million, and in January california.com sold for $3 million... The magnitude of the reported sales suggests that businesses have come to depend on resellers than go to the trouble of inventing brand names from scratch.

Domain Name Registrar Isn’t Liable for Counterfeit Goods – InvenTel v. GoDaddy

InvenTel makes security cams for cars. It is trying to crack down on Chinese counterfeiters. It brought a prior lawsuit against a wide range of defendants, including GoDaddy. InvenTel voluntarily dismissed GoDaddy from that suit. It brought a second round of litigation involving a new counterfeit site allegedly by the same bad guys, www.hdminorcarnbuy.com, a domain name registered via GoDaddy.

Satisfying the Evidentiary Demands of the UDRP

It continues to surprise that some counsel in proceedings under the Uniform Domain Dispute Resolution Policy (UDRP) are unaware or oblivious of its evidentiary demands, by which I mean they file and certify complaints with insufficient evidence either of their clients' rights or their claims. Because the UDRP requires conjunctive proof of bad faith registration and bad faith use (as opposed to the disjunctive model of the Anticybersquatting Consumer Protection Act), it should be ingrained for counsel experienced in the jurisprudence to know they cannot hope to succeed with marks postdating registration of domain names.

GDPR Fine Enough or More Disclosure?

The UK cares about its citizens' privacy to the tune of a $229 million (US) fine of British Airways for a breach that disclosed information of approximately half a million customers. It's exciting -- a significant fine for a significant loss of data. I think GDPR will lead to improved security of information systems as companies scramble to avoid onerous fines and start to demand more from those who provide information security services and products.

The Question of Fairness in UDRP Decision-Making

In disputes under the Uniform Domain Name Dispute Resolution Policy (UDRP), parties should be able to rely on Panels delivering predictable, consistent, and legally reasoned decisions. In large measure, this depends on Panels analyzing the facts objectively through a neutral lens and applying principles of law consistent with the jurisprudence. However, the results are not always seen by the losing party as having achieved a fair result.