In the past few months there have been some notable international and domestic developments relating to the administration of domain names. This article summarizes the key developments and their potential impact.

1. ICANN Domain Name changes

All Internet addresses have a suffix that represents a particular top level domain ("TLD"). Typically, an Internet site or e-mail address will have any one of a few generic TLD ("gTLD") (e.g. .com, .net., .biz, .name, .asia[1]) or a country-code top-level domain (e.g. .ca, .uk., .de) ("ccTLD")[2]. However, at the June 2008 meeting of the Internet Corporation for Assigned Names and Numbers (ICANN), the international body responsible for the management of Internet domain names, ICANN voted unanimously to overhaul the Internet domain name system to permit, among other things[3], the possibility of an unlimited number of gTLDs. This decision may have important consequences for any organization that has a presence on the Internet.

The gTLD Program

At the core of the amendments adopted by ICANN is the gTLD Program. Up until now, it has been ICANN or an ICANN-authorized registrar that has administered TLDs. The gTLD Program proposes to change this structure. Under the gTLD Program, ICANN is proposing to permit any individual or organization, public or private, to apply for, and subject to approval by ICANN, administer a new TLD. Based on the available information, there does not appear to be any limitation on the suffix proposed to be used. In other words, subject to the process described below, any party will be able to apply and register any TLD and corresponding domain name(s) that he/she/it wishes. The net effect of the gTLD Program is that there is the potential for a multitude of new TLDs in the next few years, thereby fundamentally changing Internet addresses as we know them today.

It is anticipated that the gTLD Program will be launched in Q2 of 2009. At that time, any individual or organization will be entitled to submit an application to ICANN for a new TLD. In order to prepare for the gTLD Program, on October 24, 2008, ICANN released a draft version of the Applicant Guidebook (the "Guidebook")[4]. Even though the Guidebook is in draft form, it does provide potential gTLD applicants with a fairly detailed overview of the proposed process to obtain a new gTLD. The Guidebook is composed of six modules: Module 1 – Introduction to the gTLD Application Process; Module 2 – Evaluation Procedures; Module 3 – Dispute Resolution Procedures; Module 4 – String Contention; Module 5 – Transition to Delegation; and Module 6 – Top-Level Domain Allocation Terms and Conditions.

Module 1 provides a high level overview of the process involved in applying for and being delegated a gTLD. As described in the Guidebook, applying for a gTLD involves completing an on-line application and submitting to a series of evaluations. Upon receipt of an applicant’s application within the prescribed timeline, the applicant’s application is reviewed for administrative completeness. If it is complete, the application is made public for comments and objections (as described below).

The next step will be for ICANN to conduct an initial evaluation to determine whether or not the applicant’s proposed TLD: (a) is an existing TLD; (b) would cause instability in the domain name system; or (c) would lead to confusion with other TLDs. Additionally, ICANN will review the application’s organizational, operational, technical and financial capability to administer the proposed TLD. Concurrent with the submission of the application, the applicant will be required to pay an application fee which has been set at US$185,000.[5] However, this might not be the only fee that an applicant might be required to pay. In the event of an objection (as described hereafter) in connection with a proposed gTLD, an applicant may be required to pay a dispute resolution filing fee (which ICANN estimates to be between US$1,000 and US$5,000 or more per proceeding) as well as a dispute resolution adjudication fee (which ICANN estimates to be anywhere between US$2,000 for a fixed cost adjudication and US$122,000 for a three-member adjudication panel).

As noted above, at any time after the publication of the applicant’s application and prior to the completion of the initial evaluation, an interested third party, subject to filing the appropriate documents and fees, may object to the delegation of the proposed gTLD. Some of the potential grounds for opposition include confusion, infringement of legal rights, morality and public order objection and community objection order.

In Modules 3 and 4 of the Guidebook, ICANN sets out the standards and procedures to be used to adjudicate disputes. In addition to "true" disputes, ICANN also recognized the possibility that multiple applicants could apply for a similar or the same gTLD. In the event that two (or more) applicants succeed in passing the initial evaluation stage, ICANN has contemplated a number of different mechanisms to resolve disputes between competing applicants. One of the proposals includes an "auction" for the right to become the successful applicant for a particular gTLD.

Finally, if an applicant is successful in all of the preceding stages, including the resolutions of any disputes, the applicant is required to enter into a gTLD Agreement.[6] While the gTLD Agreement is also currently in draft form and lacks a number of specifics, it does anticipate, among other things, granting ICANN significant audit rights and requiring that the applicant/registrar establish and publish certain policies relating to fees, operations and the protection of legal rights of third parties. At this time the proposed term of the gTLD Agreement is ten (10) years and the fees payable by the applicant/registrar is set at the greater of US$18,750 per calendar quarter and a variable transaction fee calculated per calendar quarter.

Implications of the gTLD

Based on the foregoing summary, it is clear that the new gTLD Program will have a number of implications for any party that is interested in protecting its brand on the Internet.

First, there is the possibility that the cybersquatting practices that were prevalent in the late 1990s and early 2000s may resurface. While the high cost of securing a gTLD may prohibit most cybersquatters from securing gTLDs that are similar to or confusing with the names of a particular company or brand (e.g., .widgetco or.widget), the possibility remains that a person may seek to register a gTLD that is of interest to WidgetCo, with a view of selling the gTLD(s) to WidgetCo at a significantly higher cost than if WidgetCo had applied for such gTLD itself.

In addition, companies and brand owners will have to consider registering domain names in connection with newly registered gTLDs. For example, if a new .shop gTLD is created, companies and brand owners will have to decide whether they want to register with the .shop gTLD the domain names they have previously registered with a .com gTLD. As a further example, a company or brand owner will have to consider registering with any "city" or other geographical gTLDs that are created in order to protect its interest in a particular geographic market (e.g. widgetco.london, widgetco.tokyo or widgetco.sanfran).

It is clear that trying to register all of the possible gTLDs or other domain names would require significant time, money and effort. Therefore, organizations interested in protecting their brand, should decide whether they wish to be pro-active or reactive in dealing with new gTLDs.

In being pro-active, brand owners may choose to pre-emptively apply for gTLDs and/or domain names with applicable gTLDs. In adopting this strategy, the brand owner will have to turn its mind to what potential gTLD would make the most sense for its overall branding strategy (i.e. .widgetco vs. .widgetcompany vs .widgetretailco vs. .widgetretailcompany etc.). Additionally, constant vigilance will be required of organizations as they try to monitor the number of gTLDs that are registered so that they can register the appropriate domain names. Given that this strategy will require significant financial resources, brand owners may be faced with the difficult choice of deciding which domain names it will seek to obtain and which domain names it will forego. For example, WidgetCo may wish to register a widgetco.london and widgetco.sanfran address because it does business in those jurisdictions, but not register widgetco.tokyo since it does not contemplate doing business in Asia.

The other option is a reactive approach in dealing with the potential issues and problems stemming from the gTLD Program. With this strategy, brand owners will not actively apply for a multitude of gTLDs and thereby avoid having to pay the large application fees. Instead, they will monitor the number and types of gTLDs that are registered in order to participate in the opposition stage of the gTLD application process. Similarly they may choose to use the universal dispute resolution process (UDRP) to contest certain gTLDs and related domain names that might be of importance to the organization.

Whichever strategy, or combination of strategies, is adopted by an organization, it is clear that the creation of new gTLDs will require organizations to increase the time, and likely cost, they spend on monitoring and dealing with domain name issues.

2. Chinese Domains

Dot cn (.cn) is the ccTLD for the People’s Republic of China. According to recent sources, .cn has now surpassed .net to become the web's third most popular top-level domain (after .com and .de) and is the second most popular country-specific domain (after .de). While China's domain surge is undoubtedly due in part to China’s increasing global economic and social importance, some have suggested that the increase is also due to the fact that .cn domains are very low in cost and are the most widely used domains for spam activities.

Although Chinese domain registration requirements have permitted non-Chinese persons or entities to register .cn domains for some time, recent increases in the number of registrations have been accompanied by an increase in the amount of spam and other solicitations regarding the .cn domains themselves. Many of our clients continue to report that they receive unsolicited emails stating (in substance) that the organization sending the email is a domain name registration organization in China (or Asia generally) and that they have received a request from a third party to register various .cn domains incorporating the recipient’s corporate name, trade-mark or other brand/indicia. These emails indicate that the sending organization has determined that the recipient of the email is the rightful trade-mark owner and requests that the recipient either provide permission to allow the registration in favour of the third party or, alternatively, confirmation that the recipient wishes to register the .cn domain itself.

Thus far, authorized .cn registrars have indicated that they have not engaged in such practices. In addition, some recipients have reported checking the sending party’s information against the China Internet Network Information Center's (CNNIC) list of authorized registrars and have determined that the sending party is in fact not listed.

While a business should not reply to the spam e-mail like the ones described above, it nonetheless may wish to consider whether having a Chinese domain would be useful, just as having a .ca or a .co.uk domain might be valuable, if the business has a presence or other relationship within China or connections to China. As is the case with other domains/jurisdictions, even if there is currently a lack of connection, businesses should consider filing for key domain names under the ".cn" regime to protect their trade-marks and keep domains available for future use.

Notably, the dispute resolution policies applicable to .cn domains, as determined by CNNIC, include a unique provision as compared with most other jurisdictions’ policies, that limits dispute resolution actions over potentially infringing domain names to two years from the date of registration. As a result, businesses which come into conflict with a .cn domain name registered for more than two years could only proceed through the Chinese courts on the basis of trade-mark infringement or similar action.

Canadian Domain Privacy Changes

The Canadian Internet Registration Authority (CIRA), which is responsible for administering the dot ca (.ca) ccTLD, as do other such authorities, maintains an electronic look-up service called WHOIS. WHOIS is designed to provide (limited) information about domain name registrations such as the name of the registrant, contact information and other particulars. CIRA’s policies state that WHOIS exists for certain specified purposes, namely:

(a) to allow network administrators to find and fix system problems and to generally maintain the stability of the Internet;

(b) to help combat inappropriate uses of the Internet such as spam or fraud;

(c) to facilitate the identification of instances of trademark infringement; and

(d) generally to enhance accountability of dot-ca domain name registrants.

CIRA also notes that the WHOIS service permits CIRA to fulfill its primary role and mandate as an independent and neutral top level domain name registry and to ensure the attainment of public policy objectives in the operation of the .ca registry, including the facilitation of fair competition, the management of a scarce resource, the maintenance of reasonable access for all and the protection of privacy and personal information.

Building on the last point above and as a result of increasing pressure and the requirements of private sector privacy legislation such as the Personal Information Protection and Electronic Documents Act, CIRA undertook a review of its policies regarding disclosure of individual (i.e. a natural person) registrants’ information beginning in 2004. After a fairly lengthy process involving two public consultations, CIRA announced this year that there would be changes to its disclosure practices related to WHOIS.

More specifically, the identity and contact information of registrants of .ca domains who are individuals is no longer included in WHOIS results, rather only information relating to the registrar, the registration dates, etc. will be provided. Individual registrants may opt into allowing more information, including name and contact information, to be disclosed via WHOIS results, however, this is entirely voluntary and the default remains that this information is not included. To facilitate communication between interested parties and individual registrants who are "privacy protected" in WHOIS results, CIRA implemented an "Interested Party Contact Procedure" which permits interested parties to send a message to a registrant of a particular domain through the CIRA website without the registrant’s information being disclosed to the interested party (i.e. like a flow through email service).

While this privacy change was initially applauded by privacy advocates, it has since become subject to criticism by some for the "backdoor" exceptions which allow law enforcement and intellectual property owners access to individual registrant information in certain instances, namely where there is immediate risk to children or the Internet or alleged infringement of trade-mark rights.

Although the exceptions exist, they are not without limitations. Specifically, in respect of non-law enforcement matters, a party wishing to obtain individual registrant information must have a current, good faith "dispute" with a registrant. What constitutes a "dispute" is fairly limited and must relate to the infringement of a registered trade-mark, registered copyright, issued patent or registered corporate, business or trade-name or use of the requestor’s personal information without consent to commit a crime or procure money, credit, loans, goods or services without authorization.

Moreover, a party which requests the information pursuant to the above mentioned rules may only utilize the registrant information to attempt to resolve the dispute and for no other purpose. Additionally, the requestor must have first attempted to contact the registrant through the Interested Party Contact Procedure and have not received a response or otherwise resolved the Dispute within 14 days of sending the message.

In addition, even where the requirements to permit access to individual registrant information appear to have been met, CIRA has reserved the right not to respond to a request or refuse a request where CIRA believes the requestor has not fully complied with the requirements. Finally, where CIRA does approve the request for access to registrant information, it will, not less than 30 but not more than 60 days after the disclosure of the information, use "reasonable" efforts to contact the registrant in question to advise the registrant that CIRA has disclosed the registrant information and to whom it was disclosed.

Overall, the implemented changes may be a reasonable, somewhat balanced solution given that both sides of the debate are somewhat unhappy with the result. The implication for business, however, is that it may be somewhat, even significantly, more difficult to resolve a domain name dispute with another party as the ability to make contact with the other party is now, at best, highly procedural and time consuming, and, at worst, significantly hampered.

FMC has been involved in several recent domain name disputes following implementation of these rules where the registrant is an individual and their identity and contact information is withheld in WHOIS results. Our experience is that the new rules, while protecting the privacy of individuals, has hampered or delayed the ability to have disputes brought to the forefront.

Even without the relatively recent changes, business owners should be mindful of registering and maintaining domain names which may be relevant or important to their business. However, these changes make the timing of registration of domain names even more important so as to avoid potential domain disputes. If a business is changing its name, launching new products or acquiring new divisions or brands, it should ensure that appropriate domain name registrations are made prior to public announcement as an announcement may trigger cyber-squatters to register potentially useful domain names in hopes of extracting a profit. While a business may ultimately be successful against a squatter or other party with no legitimate interest in a domain name, there will undoubtedly be increased time, expense and frustration to achieve such result.