Skip to main content
This website uses cookies to ensure you get the best experience. By continuing to use this site, you agree to the use of cookies.
Holiday Schedule: Addgene will be closed December 24 - January 1, 2020. For more information, see our holiday shipping schedule. If you have any questions, please contact us at [email protected].

Please note: Your browser does not support the features used on Addgene's website. You may not be able to create an account or request plasmids through this website until you upgrade your browser. Learn more

Please note: Your browser does not fully support some of the features used on Addgene's website. If you run into any problems registering, depositing, or ordering please contact us at [email protected] Learn more

tto icon WHOIS CYBERSQUATTING ON MY CYBERLAWN?


Introduction

In our last newsletter,1 we discussed the European Union’s (EU) enactment of the General Data Protection Regulation (GDPR), which went into effect this past spring. Aside from harmonizing the various member states’ approaches to data protection and privacy, the GDPR is also intended to increase EU data subjects’ control over their personal information and to ensure that proper safeguards are in place when said information is used, stored and transferred. This includes, amongst other things,2 requiring that organizations convey in clear, concise language the purpose of collecting personal information; that the information collected is limited to the amount necessary for said purpose; and that collected personal information will be deleted once it is no longer necessary or upon request by the applicable data subject.3 While the GDPR is an EU regulation, its impact has been global. From culling through user lists to adding scores of opt-in boxes and buttons, organizations around the world have adjusted their practices and policies to account for an EU user base. Moreover, many organizations--rather than siloing their marketing efforts, data servers, and other activities to just the EU-- have chosen to bring their entire infrastructure into compliance with GDPR. Overall, the GDPR has led to a significant check on the use and security of almost any given data subject’s personal information.

Yet, such widespread, well-intentioned efforts are not without their consequences. Prior to the GDPR, trademark (TM) holders were already facing increased monitoring and enforcement costs following the Internet Corporation for Assigned Names and Numbers (ICANN)’s release of over 1,000 new generic top level domains (gTLDs).4 Fortunately, at the time,TM holders looking to combat new gTLD cybersquatter sites like “lego.xyz”5 could readily access registrant information, such as a name and email address. Now, however, in the wake of widespread redaction of personal information, TM holders must pursue longer and more costly options.

This article will discuss how the GDPR has impacted such TM holders and what resources remain available to them. Part I will provide a brief summary of gTLDs’ creation and purpose. Part II will discuss TMs and their applicability to domain names, and Part III will discuss how GDPR has affected a TM holder’s ability to enforce their TM rights as the pool of domain names continues to grow.

I. Generic Top-Level Domains

A. A Crude Summary of How the Internet Works

While the term “generic top-level domain” may conjure abstract images of a chrome-colored cyberverse and a complex of pulsating cables, billions of people--having no technical background whatsoever--successfully input gTLDs into their phones, tablets and computers every day(if not every minute). The most well-known gTLD inputs are “.com”, “.org”, “.edu” and “.gov”. In other words, gTLDs are that final string of letters you put at the end of a web address. However, just as you cannot simply pick up your phone and yell “Dentist” at it and expect it to call your dentist without a pre-programmed number, so too are you unable to reach a site like “amazon.com” without an associated number or Internet Protocol (IP) address. Fortunately for us, typical internet browsing does not require one to keep a running list of IP addresses. If everyone had to memorize strings of numbers like “72.21.211.176” to visit a website, the internet would be a much quieter place.

A crude (and perhaps dated) analogy can be made to finding someone’s phone number within a phonebook.6 By scanning the phonebook for the person’s name and residence, i.e., domain, you can find his or her phone number. With phone number in hand, you can make your call and connect with that person. Similarly, by inputting a domain name into your web browser, you will be connected to the applicable website. The only difference is that the “phonebook” or Domain Name Server (DNS) is accessed automatically by your computer. When you input a domain name like “addgene.org”, your computer relies on a DNS to find and locate the applicable IP address and, once found, to direct your computer to that website. Moreover, much like the impossibility of everyone sharing the same physical phonebook, a single DNS would be immediately overwhelmed if it had to resolve domain name inquiries of every single computer. Accordingly, your computer is directed to a specific DNS based on a variety of factors including your location, internet service provider (ISP) and/or your home network.

B. Domain Names

A typical domain name generally consists of three components separated by dots. For example, in “www.addgene.org”, the “.org” represents a top-level domain. While many top-level domains are indicative of the website’s and/or website owner’s business, activities or even location,7 their functional purpose is to allocate a seemingly infinite combination of words and numbers to specific servers, which are managed and maintained by a registrar. In our phonebook example, the book’s covered city/region might be considered analogous to a top-level domain. The company that manages its contents need only update and maintain the addresses and numbers of residents in the city/region. Generic top-level domains, or gTLDs, which are generally available to anyone, were originally classified by what they were not, i.e., country-specific. However, as will be discussed below, there are now over 1,000 gTLDs--some of which are restricted but non-country-specific.8

Left of the top level domain dot are the second-level domain (SLD), which resides below (in terms of a domain directory) the applicable top-level domain, and the host name, which specifies a certain machine within that domain. In “www.addgene.org”, “addgene” is the second-level domain of “.org” and “www” refers to the machine within the domain that functions as its web server. Like Addgene, many organizations choose to use the name of their company as their SLD. Unfortunately, not all are able to do so due to cybersquatting, registration and maintenance costs, or preemption. While competing interests to register a preferred domain name are often many, the internet (and specifically, domain names) cannot permit duplicate web addresses for different registrants.

C. There Can Be Only One (Name per Domain)

Unlike the physical world where OMEGA, a US supplier of thermocouples, flow meters and other devices; Omega, a Swiss manufacturer of luxury watches; and Omega, a US manufacturer of juicers, can all operate successfully under the same name given their different industries and locations, the cyberworld can permit only one to use the domain name “www.omega.com.” Barring a successful action against a cybersquatter, domain names are usually available on a first-come, first-served basis. Successive companies wanting to register under the same top-level domain, i.e., “.com”, must use a variant like “www.omegawatches.com” and “www.omegajuicers.com”.

Ensuring that a given domain remains free of repetition is the task of registrars like GoDaddy, Namecheap, and more. After a registrar has assigned a domain name(s) to a registrant, the registrar records the domain name registration with ICANN, who, amongst other things, hosts a central database of every registered domain name. Understandably, the limited and ever-shrinking availability of domain names and their variants presented a real problem as more organizations began to carve out their online presence.

D. Expansion of gTLDs

In its earliest days back in the mid-80s, the internet’s only gTLDs were “.com”, “.edu”, “.gov”, “.mil”, and “.org”. While more would be added throughout the 90s and into the early 2000s, including “.net”, “.int”, and “.biz”, ICANN continued to receive requests for expanded options and availability. In 2011, ICANN moved to expand the current list of twenty-two gTLDs by allowing registrants to submit applications for suggested gTLDs. Suggestions were no longer restricted to Latin characters but could include script such as Sanskrit, Korean, Urdu, etc. Despite the high application cost of $185,000 and any subsequent maintenance fees, ICANN has received about 2,000 new gTLD applications.9 Although some applications have been rejected due to competing and compelling interests, e.g., Amazon lost its bid for “.amazon” after the Brazilian and Peruvian governments raised their objections,10 ICANN has since delegated, or added to the internet, over 1,200 new gTLDs. This means that organizations like the Omegas could avoid competing webspace claims by registering domain names like: “www.omega.tools”, “www.omega.watches”, and “www.omega.juice”.11 Yet, for all the cyberspace that ICANN has carved out to accommodate newcomers and successive organizations, the expansion is not without its drawbacks. Just as the potential domain name options for an organization have increased, so too has the potential for malicious activities.

II. Trademarks and Online Enforcement

A. What is a Trademark (TM)?

A TM (or service mark) can be any word, name, symbol, color, sound and any combination thereof, so long as the mark is capable of identifying and distinguishing a seller’s specific goods or services from those of others. Many companies own several TMs surrounding their goods and services. For example, the words “Apple”, “Nike” and “McDonald’s,” are TM'ed by their respective companies. Moreover, they have also each TM'ed logos: a stylized apple, a swoosh and golden arches; as well as phrases: “Think different”, “JUST DO IT.”, and “i’m lovin’ it”. McDonald’s has further TM'ed the lyrics as well as the accompanying melody to “ba da ba ba ba”. Yet, despite all the steps companies take to protect their brand and associated goods and services, protecting companies is not the focus of TM law.

In today’s ever-growing market, consumers are presented with more options to meet their specific needs than ever before. Whether a consumer is looking for the bare minimum to satiate that need or is considering added bells and whistles, there is usually a host of manufacturers, vendors, and/or providers to choose from. For many consumers, the deciding factor may come down to who is providing that good or service. One may opt for a Dyson-branded vacuum over a generic label because of Dyson’s reputation for high quality and dependability. Maybe one chooses to fly Southwest Airlines rather than Spirit Airlines because of their consumer reviews. Or maybe, one is simply loyal to a particular brand--swearing off Pepsi in favor of Coca-Cola. Unsurprisingly, brands that have built up such goodwill with their customers are going to take proactive steps to protect their image.

B. Protection via Enforcement

As alluded to above, a TM’s functional role is to identify and distinguish a seller’s goods and services in order to benefit the consuming public. Distinct TMs are all the more important when the goods or services are seemingly indistinguishable from one another. For example, many new watch companies have produced timepieces that, but for their own brand name stamped across the dial, look identical to Rolex’s iconic Submariner. Nevertheless, so long as these watch companies do not use a mark that would present a likelihood of confusion amongst the consuming public, they will be allowed to continue offering their goods and services.

However, when a competitor uses a confusingly similar--or in some cases, an identical--mark to the extent that it is “likely to cause confusion, or to cause mistake, or to deceive,”12 the TM holder can sue the competitor for TM infringement. Suspiciously similar or identical marks, i.e., counterfeit goods, tend to occur more frequently with fashion and luxury items, where a devious actor is attempting to profit from the luxury brands by offering cheap products at a fraction of the authentics’ costs and quality.13 While the factors slightly vary amongst the circuit courts, the “touchstone for TM infringement . . . asks whether a ‘reasonably prudent’ marketplace consumer is ‘likely to be confused as to the origin of the good or service bearing one of the marks.”14 Should a court rule in favor of the TM holder, then the competitor will be ordered to cease offering the deceptively / confusingly marked goods and to pay some sum of monetary damages. Although it may seem that awarding monetary damages to a prevailing TM holder benefits only that TM holder, the consuming public is also protected by the removal of offending goods or services that would not meet their paid-for expectations. This may not seem as significant with fashion and luxury items ; however, it can be a matter of life and death in the case of counterfeit drugs.15 In any case, a TM holder’s ability to enforce its rights is generally good public policy.

C. Cybersquatting

Unlike the physical world where similar or identical marks can co-exist in separate industries (e.g., Omega juicers and Omega watches), domain names, such as “www.omega.com”, are available on a first-come, first served basis. There are no internet equivalents that would allow one user to view and purchase juicers at “www.omega.com” and another to view and purchase watches at the same domain name. There can be only one domain name. In the internet’s early days, many rushed to register domain names using company names and TMs as an SLD (a relatively, quick and inexpensive process) in hopes of later selling the domain name rights to the respective companies and TM holders. Such profiteering and ransoming of domain names became known as “cybersquatting.” Fortunately, there are a few measures that a TM holder (or “complainant” for the purposes of this section) can take to unseat a squatter. They are, in order of increasing complexity and potential cost, filing a claim under ICANN’s Uniform Domain-Name Dispute-Resolution Policy (UDRP) or pursuing a U.S. federal action under the Anti-Cybersquatting Consumer Protection Act (ACPA) or the Federal Trademark Dilution Act (FTDA). Each have their advantages and disadvantages, depending on the nature of the domain name registration and the respective registrant.

1. The Uniform Domain-Name Dispute-Resolution Policy (UDRP)

The UDRP is perhaps the simplest and most straightforward measure to combat cybersquatting. Unlike the ACPA and FTDA, the UDRP process is not conducted by the courts. Instead, decisions regarding the use and registration of a given domain name are made by a panel from one of four ICANN approved arbiters: the World Intellectual Property Organization (WIPO), the National Arbitration Forum, the CPR Center for Dispute Resolution or the Asian Domain Name Dispute Resolution Centre. To initiate a UDRP proceeding, the complainant must allege three things: (a) the domain name is identical or confusingly similar to the complainant's TM, (b) the registrant has no right or legitimate interest in the domain name, and (c) the domain name was registered and is being used in bad faith.16 Some bad faith examples include a registrant’s attempt to upsell the domain name to the complainant, a history of registering domain names to prevent TM holders from doing so, an intent to disrupt the complainant’s business, and an intent to attract web traffic to the registrant’s site, for commercial gain, by creating confusion between the domain name and the applicable TM holder. If a panel, upon reviewing the submitted documentation, determines that the registrant has abused the domain name registration process, it has the option to cancel, transfer or change the domain name.17 Moreover, because all registrants and registries most agree to the terms of the UDRP to register a domain name, enforcement of the arbiters’ decisions need not rely on any applicable laws or court rulings but simply on the agreed to contractual provisions.

Overall, the UDRP saves complainants significant costs in related court filing and examination fees and provides complainants with an ideal and immediate remedy of transferring particularly coveted domains names such as “[insert TM here].com.” Unfortunately, the UDRP is really only suitable for clear cut, bad faith registrations as any amount of fact finding that would require additional evidence or testimony is excluded from UDRP proceedings. Additionally, while the UDRP is a relatively quick and low cost proceeding, a panel’s decision is not necessarily final. A losing party is not precluded from trying again in the courts, who need not give any deference to a panel’s decision. In more complex cases, such as those pitting legitimate and competing interests, complainants should look to the ACPA and FTDA.

2. The Anti-Cybersquatting Consumer Protection Act (ACPA)

Prior to the enactment of the ACPA, a TM holder’s only judicial recourse was alleging infringement under the Lanham Act, the federal statute governing trademarks, service marks and unfair competition. However, trademark infringement requires the use of the mark in commerce, and courts were reluctant to find that mere domain name registration constituted such use.18 The enactment of the ACPA provided TM holders with a much needed option. To bring a claim under the ACPA, a complainant must show that the domain name registrant: (a) selected the domain name in bad faith; (b) has registered, trafficked in, or used the domain name; and (c) (1) used a mark that is identical or confusingly similar to a distinctive mark, or (2) used a mark that is identical, confusingly similar or dilutive of a famous mark, or (3) used a mark that is a trademark, word or name protected explicitly under federal law.19 The ACPA provides a non-exhaustive list of examples to consider when determining bad faith intent. In addition to those described in the UDRP above, the act considers what information was provided at the time of registration, the extent of the mark incorporated into the domain name, and whether the mark is famous or distinctive (more on this below). Most notably, however, the ACPA acknowledges that there will be other competing, legitimate registrations by identically or similarly named companies or registrations for purposes of parody and/or commentary, i.e. fair use. Outside a finding of a bad intent to profit from registering the domain name including the TM, courts will likely find against the complainant.

The ACPA does have several advantages over UDRP proceedings. For one, courts are better suited to handle complex investigations that may require additional fact finding. If you lost in the UDRP because of limited evidence, you can try again in the federal courts and delay whatever remedies were decided by the UDRP panel and/or request temporary injunctions on the ongoing uses. Understandably, given the greater complexity, ACPA proceedings will be more expensive in court and attorneys’ fees. Nonetheless, ACPA proceedings tend to be less complex and costly than FTDA proceedings, which require complainants to carry higher burdens of proof.

3. The Federal Trademark Dilution Act (FTDA)

Contrary to some of the discussion above, the FTDA is aimed at protecting the famous marks of TM holders. Given this departure, FTDA claims are harder to establish but do provide broader protection. To bring an FTDA claim, a complainant must establish: (a) that the mark is famous and (b) distinctive; (c) that the famous mark has been used by another in commerce; and (d) that such use is is likely to cause dilution of the famous mark regardless of the presence or absence of actual or likely confusion, of competition, or of actual economic injury.20 In other words, if the mark is “so widely recognized by the general consuming public [or famous] . . . as a designation of source of the goods or services [or distinctive],” a complainant can stop another from using that mark--even use in a different industry--if the use will cause dilution of the famous mark.

The FTDA recognizes two kinds of dilution: blurring and tarnishment. Dilution by blurring occurs when the subsequent commercial use “impairs the distinctiveness of the famous mark.”21 In determining impairment, the FTDA provides the following factors: (i) the degree of similarity between the use and the famous mark; (ii) the degree of inherent or acquired distinctiveness of the famous mark; (iii) the extent to which the owner of the famous mark is engaging in substantially exclusive use of the mark; (iv) the degree of recognition of the famous mark; (v) whether the use is intended to create an association with the famous mark; and (v) any actual association between the use and the famous mark.22 Dilution by tarnishment occurs when the subsequent commercial use “harms the reputation of the famous mark.” For example, because “Starbucks” is a famous mark associated with coffee, a third party would be prohibited from selling “Starbucks” branded shoes or using the “Starbucks” mark in association with offensive and inappropriate content. Such uses would arguably blur or tarnish the famous mark, respectively.

Like the ACPA, FTDA court proceedings are better suited than a UDRP panel to handle complex cases requiring greater degrees of fact finding. Moreover, FTDA complainants need not limit their suits competing goods or services as the FTDA does not rely on a likelihood of confusion standard. It does, however, require that the complainant establish that the mark is famous and that the offending commercial use is diluting the famous mark. Given the high evidentiary burdens to meet,23 these suits tend to be more expensive than both UDRP and ACPA proceedings.

Regardless of which measure a TM holder pursues to unseat a cybersquatter, the scope of gTLDs to protect and/or challenge was much more limited prior to ICANN’s release of 1000 more gTLDs. For a while, TM holders could choose how many domain names, and in what gTLD/SLD combinations, they wished to purchase and maintain, and how many they would leave for potential competition and bad faith actors. In the event of a bad faith domain name registration, a TM holder could readily obtain the registrant’s information and choose which course of action it should pursue. With the enactment of GDPR, however, this may no longer be the case.

III. General Data Protection Regulation (GDPR) & Domain Name Registrations

A. Who is in WHOIS?

As of May 2018, all organizations that controlled and/or processed the personal information of residents of the European Union had to take strong steps in building an infrastructure that provided those residents, or data subjects, greater control over their personal information. Such steps included obtaining opt-in consent to use information for a specific, well-defined purpose, rewriting public-facing policies in less legalese and more commonly used and understood terms, and limiting what information was displayed and for how long. This latter step has presented some unanticipated problems for those who rely on informational databases.

Upon registration of a domain name, the respective registrar (e.g., GoDaddy, NameCheap, etc.) will file the registration information with ICANN and its WHOIS database.24 WHOIS is a publicly searchable database that contains the information of domain name registrants, including but not limited to name, organization, mailing address, phone number, email and the respective registrar. With the enactment of GDPR, however, the publicly available information for domain names that may have been registered within the EU, or by EU residents, or by businesses with EU ties, or might have an EU top level domain, has been redacted. Search results that might otherwise yield the names and addresses of individuals now display “Private Data” or “Data Protected” instead. For those looking to enforce their TM rights in a given domain name, this ironically creates the very question that ICANN intended to solve: “who is the owner/registrant of domain name TM.com?”

B. TM Enforcement Through ICANN

UDRP procedural rules require that a complainant provide the name of the domain name registrant and his/her contact information. As noted above, such information may no longer be publicly available in the WHOIS database pursuant to GDPR compliance. Fortunately, for concerned TM holders, ICANN still collects a registrant’s information. Shortly before the GDPR went into effect, ICANN adopted a “Temporary Specification for gTLD Registration Data” (the “Spec”).25 The Spec sets forth, amongst other things, the reasons why ICANN’s collection of personal information is important, including legitimate and proportionate purposes relating to law enforcement, consumer protection, security, malicious abuse, and other rights protections. In implementing the Spec, however, ICANN expressly acknowledged the need to balance these purposes against the fundamental rights and freedoms of individuals whose personal information was being collected.26 What has resulted, insofar as the WHOIS is concerned,27 is a “tiered/layered access” framework intended to “minimize the intrusiveness” of personal information queries. Under the Spec, WHOIS provides the public with a WHOIS abuse contact, a registrant-specific anonymized email address and a complaints submission form, which complainants can use to notify ICANN of registration and domain name abuse and/or send messages (and takedown threats) to the registrant. However, because complainants are relying on the registrar, ICANN, the WHOIS admin, and/or some combination thereof, to forward the message(s) on to the registrant, a complainant can never be sure her/his message was received, unless a response is sent.

Outside the preceding “message relay” framework, TM holders may still be able to obtain the personal information of registrants, but they must first prove to the registrars, ICANN and/or a WHOIS operator that they have a legitimate reason for requesting the personal information--namely that the registrant is “blatantly committing harmful illegal activity.”28. The Spec provides that the following information should be included in the information request: (a) the complainant’s full name, address and contact details; (b) the basis of the complaint, e.g., trademark infringement; (c) the offending domain name; (d) the complainant’s interest in the matter, e.g., complainant’s trademark is being infringed; and (e) a statement of reasonable belief that the offending domain name is being used to infringe intellectual property rights. If the request is denied, then TM holder must resort to other legal means to obtain the information. A WHOIS subcommittee suggests exploring other data sources such as non-GDPR compliant websites associated with the domain name; the IP address itself, which may provide details as to how and where the website is hosted geographically; or cross-referencing any corporate information that might appear on the website or within WHOIS with a non-EU databases or registry.29 Alternatively, TM holders could serve the applicable registrars and registries with a subpoena, which would grant greater access (albeit at greater cost) to the previously restricted information. In any case, a TM holder’s ability to initiate an action against a perceived cybersquatter faces immediate and costly hurdles to overcome.

Conclusion

Despite the internet’s explosive growth in the last decade, ICANN and its accredited registrars have been tasked with the monumental effort of ensuring that no two websites have ever held the same domain name at the same time. Recognizing an ever increasing need to accommodate more and more websites, however, ICANN released more than 1,000 gTLDs to provide registrants with greater domain name flexibility as well as specificity. While this has allowed identically named companies in different industries to each retain their trademarked names as a second level domain (e.g., www.omega.watches vs. www.omega.juicers), it has also provided cybersquatters with more opportunities to register a trademarked word as a domain name. Some TM holders have been proactive in protecting their rights by registering additional domain names using gTLDs consistent with their brand, goods and/or services. In some cases, they may have even registered alternative spellings or typos of the TM. However, such registrations still cost time and money in filing and maintenance fees. Moreover, with the recent enactment of the GDPR, TM holders are faced with potentially higher costs in protecting and enforcing their TM rights. In complying with the GDPR, ICANN has redacted the names, addresses and other personal information of domain name registrants from its WHOIS database. This has made it more difficult for TM holders to determine whether such registration was done in bad faith (i.e., whether the user has a legitimate reason for choosing that domain name) and, if so, to pursue immediate action against the bad faith actor. Instead, concerned TM holders must rely either on a patchwork of middlemen to assess their claims and to convey their message to the bad faith actor or on the cyber-sleuthing abilities of their employees and agents. Should that prove unworkable, TM holders must then turn to the subpoena power of the courts, in order to obtain the registrant’s personal information.

Given the infancy of the GDPR’s enactment, we will likely continue to see other ways in which its provisions have led to unintended consequences. Hopefully, this will lead to guidance letters or amended legislation by the EU that addresses such issues. Until then, trademark holders may be left wondering who is cybersquatting on their cyberlawns.


Notes

  1. ABC’s of GDPR (General Data Protection Regulation)
  2. See Id. for a list of GDPR principles.
  3. Assuming, of course, that there are not legitimate, compelling reasons that would allow an organization to retain the subject’s personal information, such as a legal obligation.
  4. In addition to gTLDs like ".com", ".edu", ".org", and ".gov", would-be website owners can now pick from gTLDs like ".top", ".work", ".space", ".shop", and many more.
  5. Despite Lego’s extensive efforts in protecting its brand, this website is not owned by Lego.
  6. "Whitepages" listed the phone numbers of residents, whereas the "yellowpages" listed the phone numbers of businesses, which were grouped by category (the Yelp of its time).
  7. Such as ".edu" for educational institutions and ".gov" for government.
  8. For a current and complete list of top-level domains, visit http://data.iana.org/TLD/tlds-alpha-by-domain.txt.
  9. Internet Corporation for Assigned Names and Numbers, Program Statistics, https://newgtlds.icann.org/en/program-status/statistics (last visited Nov. 14, 2018).
  10. TMs & Brands Online, Amazon gTLD Hit By Killer Blow, May 19, 2014, available at https://www.TMsandbrandsonline.com/news/amazon-gtld-hit-by-killer-blow-3924 (last visited Nov. 14, 2018).
  11. For a current and complete list of top-level domains, visit http://data.iana.org/TLD/tlds-alpha-by-domain.txt.
  12. This assumes that such a gTLD has been delegated by ICANN and that there are no restrictions on using that specific gTLD.
  13. 15 U.S.C. §§ 1114(1)(a), 1125(a)(1)(A).
  14. Suneson, Grant, America’s Most Counterfeited Items, 24/7 Wall Street (July 20, 2018) available at https://247wallst.com/special-report/2018/07/20/americas-most-counterfeited-items-2/3/ (last visited Nov. 14, 2018).
  15. Stone Creek, Inc. v. Omnia Italian Design, Inc., 875 F.3d 426, 431 (9th Cir. 2017) (quoting Rearden LLC v. Rearden Commerce, Inc., 683 F.3d 1190, 1214 (9th Cir. 2012)) (emphasis added)
  16. Bichell, Rae Ellen, Fake Drugs are a Major Global Problem, NPR (Nov. 29, 2017), available at https://www.npr.org/sections/goatsandsoda/2017/11/29/567229552/bad-drugs-are-a-major-global-problem-who-reports (last visited Nov. 14, 2018).
  17. ICANN, Uniform Domain Name Dispute Resolution Policy, para. 4(a), available at https://www.icann.org/resources/pages/policy-2012-02-25-en (last visited Nov. 14, 2018).
  18. Id. at para. 3.
  19. Although, in instances of clear, bad faith registration, many courts were willing to shoehorn the registration into a “stream of commerce” framework.
  20. 15 U.S.C. § 1125(d)(1).
  21. 15 U.S.C. § 1125(c).
  22. Id.
  23. The Supreme Court’s decision in Moseley v. Victorias Secret Catalogue, Inc.,537 U.S. 418 (2003), further suggests that actual injury to the economic value of the famous mark would have to be established.
  24. https://whois.icann.org.
  25. ICANN, Temporary Specification for gTLD Registration Data, available at https://www.icann.org/resources/pages/gtld-registration-data-specs-en (last visited Nov. 14, 2018).
  26. Id. at 4.4 and 4.5.
  27. Other directives were made to how registrars and registrants collect, submit, store and transfer information.
  28. WHOIS/RDS Subcommittee of the Internet Committee, WHOIS Challenges: A Toolkit for Intellectual Property Professionals, Jun. 15, 2018, available at https://www.inta.org/INTABulletin/Pages/WHOISChallengesAToolkitforIntellectualPropertyProfessionals7310.aspx (last visited Nov. 14, 2018).
  29. Id.