Imagine that you are a member of a private network. To get your company’s archived documents, you type “mycompany.mail” into your browser and instead of reaching secured files, you are directed to a public website selling email storage space. Welcome to the world of name collision, where private and public uses of the domain name system (DNS) collide. Simply defined, name collision results when strings used in private networks are identical to strings used in the public name space. Name collision is not new to the generic top-level domain (gTLD) program, but the concern is that as the number of these domains increases exponentially, so will the possibility for unintended misdirection. Of the 1,409 new gTLDs under consideration, nearly 400 have been delegated.
Name collision came to the forefront of the new gTLD debate a little over a year ago, when the Internet Corporation for Assigned Names and Numbers (ICANN) released the results of a study performed by the Interaisle Consulting Group. ICANN had commissioned Interaisle to evaluate the likelihood of name collision for new top-level names. The study was the first of two reports and corresponding comments that resulted in permanently deferred names; temporarily deferred names; and lists of potential name collision strings, numbering in the thousands, that were blocked from both brand owners and members of the general public—the end users. (The study can be found here.)
The Interaisle report did not find new problems associated with the expansion of domains. It did, however, clarify that name collision is a reality that ICANN, and the technological community as a whole, must address. The study acknowledged that 3 percent of proposed names could have problems with name collision, based on a snapshot of Internet traffic compiled in 2012 and referred to as DITL (Day in the Life of the Internet). DITL is consistently used to benchmark DNS performance. Of the 1,409 unique applied strings, only 64 never appeared in the top-level position in the request stream. The Interaisle report recommended assessing names as high-risk versus low-risk based on the DITL results.
A Storm of Reaction
As you would expect, the report created a storm of reaction regarding how ICANN would or should address the instances of name collision. If the recommendations were followed, registries, including brand registries, would require that remedial controls be put in place, which would result in cost increases and implementation delays. Brand owners were left with further confusion as they awaited the results of the debate about the means and level of those controls and as second-level names were caught in a net of embargoed domains without clear Rights Protection Mechanisms (RPMs). A further concern for brand registries was that because of the manner in which the lists based on DITL data were generated, they inevitably included a number of their own branded and industry-relevant terms. So, for example, the list for .IBM includes computer.ibm, laptop.ibm, cognos.ibm, lenovo.ibm and lotus.ibm.
The discussions resulted in the new gTLD Occurrence Management Plan, released in October 2013, and the engagement of JAS Global Advisors to create a Name Collision Management Framework. The plan allowed the majority of strings to proceed by following an Alternate Path to Delegation (APD), requiring that they block from use as second-level domains (SLDs) all the terms identified on their block lists, pending further work. Two domain names (.home and .corp) were identified as so “high risk” that they were permanently reserved for internal use. An additional 25 gTLD names were not eligible for the APD, having been identified as “high risk” and requiring specialized assessment before implementation: .box, .business, .casa, .cisco, .comcast, .dev, .family, .free, .google, .iinet, .log, .mail, .network, .office, .orange, .philips, .prod, .sfr, .site, .taobao, .taxi, .web, .work, .world and .zip. Eventually, .mail was put on the permanently reserved list, based on the JAS Final Report, issued in June 2014. (See the final report here.)
ICANN also implemented a public awareness campaign regarding name collision within the technical community and created a list of resources and problem reporting page. ICANN’s position is that it will initiate an emergency response only where there is a reasonable belief that name collision will endanger human life. We are not aware of any scenarios where such a report has been submitted.
Mitigating the Risk
On July 30, 2014, following the JAS Final Report, ICANN’s New gTLD Program Committee approved the Name Collision Occurrence Management Framework, which directs new gTLD registries regarding how to mitigate the risk of name collision. Aside from the three permanently reserved strings, the rest may now proceed, including those classified as “high risk.” Each gTLD applicant and new gTLD registry that has entered a gTLD contract (“registry agreement”) with ICANN has received a Name Collision Assessment Management addendum to the contract stipulating how to check for potential occurrences of name collision and how to release blocked SLD names that were identified as potential name collisions in a previous study.
Each registry operator (new gTLD applicant or registry) is not to release any of these blocked names for a period of 90 days, when testing for name collision. The testing framework is referred to as “controlled interruption” and alerts system administrators to a conflict between a private and public DNS record using a special IP address. The appearance of the special IP address in system logs will assist registry administrators in making necessary site name changes within their networks. gTLDs that are delegated on or after August 18, 2014, will receive a waiver to use wild-card records for purposes of controlled interruption testing measures only. During this period, only the SLD name nic can be delegated. gTLDs that have already been delegated and have already activated names (other than nic) under the TLD must run controlled interruption testing for each SLD name that they wish to release from their block list. If no occurrences of name collisions are reported within the 90 days of testing, the new gTLD registry is allowed to make all the names on the block list available for registration. Further, registry operators are to be reachable and respond to any reports of name collision within the first two years of the lifetime of a TLD, which applies to .brand names as well.
Still to be resolved is how the RPMs will be applied to the released names. Typically, a new gTLD will have a “sunrise period,” when only registrants with trademarks filed in the Trademark Clearinghouse may apply for a domain name matching their trademark. ICANN’s initial proposal is that registry operators that have already been delegated and completed their sunrise period must submit those names through the Trademark Claims Service, which offers notification to brand owners with trademarks registered through this service that a domain name that is identical to their trademark has been reserved by a third party. The Trademark Claims Service sends an email to the registrant of a new gTLD informing the registrant that the requested domain name is identical to a trademark filed in the Trademark Clearinghouse. The registrant may cancel the registration or may continue to register the domain name. If the domain name is registered, the trademark owner will be notified via email that this particular domain name is registered to a third party. This notification is mandatory only within a period of 90 days from the release day of the blocked domain names.
The gTLDs not on the “high risk” list conducted self-analyses of potential name collisions, resulting in hundreds of lists with thousands of blocked names, including many brand names, compiled using an ICANN-created list of 2,000–3,000 names that allegedly raise security concerns. The criteria for choosing the names were not revealed, and there was no due process to get them removed. “The irony is that ICANN has put many brand names on the list for security reasons, thereby blocking brand owners from safeguarding them through registrations,” says Stephen Coates, Head Trademark Counsel for Twitter. “However, ICANN plans to release these names to the general public, bypassing the sunrise registration period set aside for brand owners, and opening the potential for fraud and abuse by cybersquatters.”
This is particularly troubling for brand owners, because ICANN’s proposal would not require that each gTLD registry offer a new sunrise period, which would give brand owners the ability to preemptively register their trademarks, for these names (including those that match trademarks in the Trademark Clearinghouse) that are now being released after the 90 days of testing. This approach is controversial in that, rather than extending the full array of RPMs to the continued interruption testing context, it limits the options for brand owners to police their trademarks in the case of these blocked second-level domain names.
Advocating for a Better Solution
As a result of objections raised by the community, including by INTA, ICANN has been put on notice that brand owners are not satisfied with this proposed course of action. ICANN solicited public comments on alternative proposals for the appropriate RPMs for names removed from registry SLD name block lists, where the registry has already delegated and completed its sunrise period.
ICANN has addressed the RPMs in a name collision context, referencing the various concerns of the trademark stakeholder groups, including INTA and ICANN’s own Intellectual Property Constituency (IPC).
INTA’s position, as stated in a letter to ICANN on July 18, 2014, is that ICANN must offer a secondary sunrise period to trademark owners for all new gTLDs apart from the closed .brand TLDs, where no sunrise periods are needed, as all domain names will be registered to the gTLD registry (the brand) itself. (The letter, which was prepared by the INTA Internet Committee’s gTLD Registry Issues Subcommittee, may be accessed here.
INTA stresses that the sunrise period and Trademark Claims Service, the Uniform Domain-Name Dispute-Resolution Policy (UDRP) and the new Uniform Rapid Suspension System (URS) are “complementary” and not substitutes for one another. It further emphasizes that “the goals and benefits of preventative measures, such as Sunrise, are not the same as the goals and benefits of curative measures.”
Support from Outside Constituencies
Remarkably, the Registries Stakeholder Group (RySG), the IPC and the business constituency (BC)—all stakeholders at ICANN—have submitted a joint letter proposing an alternative mechanism to protect trademarks when the blocked names are released. Among their recommendations:
“Any name on the name collision block list not reserved by the registry would have to be subject to some period of 30 days or more in which registrations were available exclusively to SMD holders.” (SMD signifies a Signed Mark Data Holder, which is a trademark owner that has filed its trademark in the Trademark Clearinghouse. Each filed trademark is given an SMD code qualifying the owner to file for domain name registrations during the sunrise period.)
“ICANN and/or the TMCH would develop procedures by which appropriate notification of these registration periods could be made to trademark holders. We expect that ICANN would work with the community to develop appropriate notification requirements and mechanisms.”
The released names “would NOT be subject to the requirement of an additional 90-day Claims period.”
The letter echoes INTA’s request for a secondary sunrise period. The three groups, like INTA, do not believe that the Trademark Claims Service alone (as had been proposed by ICANN) is sufficient to provide trademark owners with a fair set of RPMs, as the Claims Service will inform only those trademark holders that have registered with the Trademark Clearinghouse once a domain name is already registered to a third party. In addition to these recommendations, ICANN stakeholder groups further take into consideration that a Claims notification requirement would, potentially, be a financial and technical burden for the registry operators to implement and may not be needed, as the expected number of registrations is so limited that a manual or simple process should be sufficient.
A Clear Message
Jointly, the two letters send a clear message to ICANN: that a sunrise (or similar) process for those domain names, many of which are identical to trademarks, must be mandatory for all open gTLDs. Further, the letters indicate that ICANN should help to implement a direct notification of the release of these blocked names to those who have filed with the Trademark Clearinghouse, so that brand owners can plan for the application of their names in these various new sunrise phases. Many brand names were blocked because of the results of the risk assessment for name collision. Some may be released as early as November 2014.
In a time when ICANN’s accountability is being questioned, not only by many brand owners but also by governments, the decision by ICANN to allow the release of name collision blocked names before having found a solution for proper RPMs would appear to cast doubt on its commitment to reliability and security in the public interest.
INTA’s Internet Committee has been closely following these issues, submitting comments and participating in working groups to protect the interests of brand owners and, ultimately, the consumer. INTA submitted additional comments on the treatment of RPMs for the name collision block-listed names during the public comment reply period. That public comment period closed on October 7, 2014, and we await ICANN’s decision. It is hoped that ICANN will accept the widely supported joint RySG, IPC and BC approach, eliminating much of the risk that brand owners would otherwise face upon the release of the name collision block lists.
Although every effort has been made to verify the accuracy of items in the INTA Bulletin, readers are urged to check independently on matters of specific concern or interest.
© 2014 International Trademark Association