Protecting your business from cybersquatters

Feature

Protecting your business from cybersquatters

It’s not enough to be simply watching your network for viruses. A more sinister threat may already be lurking on the Internet, waiting to steal your reputation - the cybersquatter

Cybersquatting is the misappropriation of a business name or image through the use of domain names or IP addresses. It literally means stealing your business identity for profit or personal gain. It's a growing problem too. Businesses that are new to the Net are often confronted by yet another bill for legal expenses if it has to pursue those who are intent on capitalising on your customer's hard-earned, good image.

There are around 90 million people on the Web all of whom, potentially, could be looking for your site. You can either have a domain name that relates to your business name, or you can rely on search engines to bring your site to your customer's attention. If you abandon the concept of domain names and go purely down this route, then beware! Unethical businesses can hide text within a web page which will draw in search engine "worms" that will then place that companies website at the top of the users search results.

What this means is that if you searched for, for example, "Sony" in a search engine and a site and the search engines metatag software recognised the word Sony in the code of a site, even if it is completely unrelated to Sony. For example, a site that is owned by a competitor, it will appear in the search results. If you are lucky, your potential customer will realise that the site is not what it appears, if you are even luckier, they will continue their search. If you aren't, they may well look at the first site (if its services are what they are looking for). Of course, you may choose to use this method on your site to bring potential customers in when they search for your competitors, so this may be seen as just a rather sneaky marketing method for your site.

Cybersquatters have the potential to damage your business. The reason is simple: your customers remember and associate you with those things they see or hear about your company. If they visit what they presume to be your site and see unrelated, possibly obscene, content, they may realise it's not from your company, but might be deterred from looking for your real site URL and visiting it. Not to mention the effect of very similar domain names that your customers can get to by misspelling your company name. Imagine your dismay when you have spent thousands on your site, only to find that your main competitor is just a few letters - or a mistyped URL - away.

The problem arose with the informal nature of Internet growth. From a few academic and military institutions and research groups, the culture of the Net has not been one of control. The laissez faire attitude of users - that the Net should be a forum for freedom of speech - has led to the Net becoming hopelessly schewed towards the use of guidelines and a sense of fair play, rather than legislature. The US Government sought to protect businesses from misuse of their name or image, by law, but the intermix of volunteer groups, governments and contractor has left a rather woolly set of controls over the ownership of domain names, root server systems and the allocation of IP address space.

Let's take some very obvious examples: champagne producers fiercely protect the word champagne and will only allow it to be used in relation to those sparkling wines that are produced using the champenoise method. Therefore if a wine merchant or maker registered a domain name using the word "champagne" but it wasn't entitled to use the term, this would be considered to be using a domain name in bad faith, or cybersquatting.

Take another example, and this one is particularly obnoxious. Imagine you want to purchase a car, you have enough money to buy a Porsche. Consider the things you associate with the Porsche name, slick, fast, quality and glamour. However, let's assume you don't know the URL, so you guess it, and instead of going for www.porsche.com, you decide to visit www.porschecars.com you will discover that the only slickness is in the sales patter for the lurid adult services the site offers. Through one domain name, the proprietor has potentially ruined all the marketing effort that Porsche has made. Jaguar has taken the precaution of registering both the Jaguar.com and Jaguarcars.com names, perhaps to prevent this happening to them. Even very obviously adult sites do not escape the trend, Playboy had to take court action over domain names www.playboyxxx.com and similar. Either way, the businesses concerned have a choice of either to pay to take over the domain name or pay out for court costs. In most cases it's cheaper to throw £10,000 away than spend £50,000 and two years fighting for your image, which will undoubtedly be tarnished by the court case's ensuing publicity.

Taking this to the next level, there are domain names which actually pass comment on your company. You can find satirical sites passing comment on the software giants, you can even buy a domain name (subject to availability) in the name of your favourite software guru or whatever else you fancy (within the confines of the libel laws). The frightening thing is that this can happen to any company, big or small, and while large companies may have enough money to take legal action, there is little they can do to stem the damage that comes with the cybersquatters.

There are several groups who are trying to prevent cybersquatting. WIPO (World Intellectual Property Organisation) is concerned that the confusion over who can claim rights to domain names, has led to confusion amongst consumers and the belief that the Internet is not a place to be trusted. In their April '99 report, WIPO proposed that standard practices be enacted for all jurisdictions covering domain name registration; that a more streamlined procedure be brought in to tackle disputes, and that mechanisms are put in place to prohibit the "bad faith" registration of famous marks. The WIPO have the support of 171 member states and details of their work can be found on their website www.wipo.org.

In the past it has been difficult to track down illegitimate proprietors of domain names, leaving high costs for businesses who attempt to track down offenders in order to pursue them in the courts. Civil rights organisations argue that this is an invasion of privacy, however, the requirement to register contact details of certain domain names will protect the legitimate owners of trademarks and prevent future cybersquatting. The regulation of domain names may also protect consumers from fraud as well as supporting the interests of intellectual property owners.

WIPO has conceded that it will create a new TLD for non commercial, use-restricted domain names that will not require contact details for registration to protect the freedom of those who wish to use the Web for commercially non-damaging free expression.

The WIPO registration procedure is limited to trademark abuse and is subject to three cumulative conditions:

a domain name which is identical or misleadingly similar to mark in which complainant has rights

a domain name to which the holder has no rights or legitimate interests

A domain name which has been registered and is used in bad faith.

The uniform dispute resolution procedure will be limited to abusive registrants (cybersquatters), and submission is mandatory by domain name applicants. This will cut the time and money wasted waiting for court decisions and trying a very complex set of laws, which may be subject to a mix of regulations in the different parties' countries.

Companies who chose domain names ending in .uk are not limited to seeking redress in the courts if their name or image is misappropriated by a cybersquatter. They may also appeal via Nominet, which is the national registration and mediation service for all Internet Domain Names ending in .uk and their associated numeric addresses. Nominet UK is a non-profit company, limited by guarantee, which investigates alleged misappropriation of .uk domain names, and tries to find mutually acceptable resolutions to disagreements. This is a reasonably quick process (usually concluding within 6 weeks) although the resolutions are not compulsory and do not prevent either party from seeking legal redress.

The Internet Assigned Numbers Authority (IANA) was established in 1980 and is another non-profit organisation. It has recently undergone a rebirth after the loss of funding from the US Government. It oversees the operations of the necessary central co-ordinating functions of the Internet. It works on the principle of industry self-regulation and relies on funding from Internet user organisations.

The new independent IANA organisation will have responsibilities in three interrelated areas: Internet Protocol (IP) addresses, domain names, and protocol parameters. This will include the root server system and the work carried out currently by the existing IANA. IANA aims to "preserve the central co-ordinating functions of the global Internet for the public good." This includes the address registries (APNIC, ARIN, RIPE), domain name registry organisations, the Internet Architecture Board acting for the Internet standards community, and organisations representing users and industry.

Currently, the Internet Corporation for Assigned Names and Numbers (ICANN) is trying to regulate the Internet's core technical management functions. During the first phase of their plans, they will be trying to enact a shared Registry system for the .com, .net, and .org domains. This will mean that there will be a registration process for companies who wish to use these suffixes. This is to protect famous trademarks and intellectual property holders.

The problem with all of the regulatory bodies is that due to the fact that regulation of the Net is a relatively new concept, it's difficult to predict how effective their work will be. In conclusion, there are many different types of protection available to defend your business against cybersquatters, which is positive, since many SMEs may not be able to afford to seek redress in the courts. However, since most of the work of the governing bodies is not statutory (and even if it were, the variance in the laws of different countries would make it costly and time consuming to enforce) the biggest single defence a company can have is vigilance. Only time will tell if any of the organisations created to protect businesses from cybersquatters will be effective. It's likely that the technically literate cybersquatter will have other tools (such as hidden metatags) in their pages. This will mean even if you own the domain, you may not be able to prevent your competitors, or those who wish to trade off the back of your company reputation, from shouting their presence at your customers. Whether a business chooses to fight, or pay for the rights to a previously registered name, will depend on the amount of damage that it is likely to receive from any consequential court case, rather than the rights and wrongs of the matter.

Rachel Hodgkins


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in September 1999

 

COMMENTS powered by Disqus  //  Commenting policy