[gnso-rpm-wg] A Brave New World Without Sunrises or the TMCH

George Kirikos icann at leap.com
Fri Apr 14 01:00:23 UTC 2017 

Hi Marc,

Thanks for taking the time to wade in. See responses below:

On Thu, Apr 13, 2017 at 8:16 PM, <trachtenbergm at gtlaw.com> wrote:
> 1.       The Globally Protected Marks List will never work and has always been DOA when discussed because:
>
> a.       People can ever agree on who should make the list; and
>
> b.      It penalizes the vast majority of trademark owners that have been granted protection by the relevant authority but are not the biggest 100 brands in the world

For 1(a), if an "objective" standard can't be agreed to using an
algorithm, the easiest way to allocate it is to auction off the slots
(sealed bid auction, regular basis, and the 100th highest bid sets the
price for everyone who bid that much or higher, if it's 100 slots).
Presumably, the brands who benefit the most from being on it (e.g.
Paypal, some other banks, etc.) would bid the most (and rationally,
they'd bid an amount *less* than the incremental benefit it would
deliver, so they'd each still be better of than the "status quo" of
"do nothing").

For 1 (b), it doesn't "penalize" them -- the status quo would still be
the status quo for them. If we're trying to find solutions for
everyone, we're never going to get anywhere. Let's try going after
lower hanging fruit.

> 2.       Your two week (or whatever the term is) proposal will not work for a variety of reasons including:
>
> a.       Online abuse is increasingly in the form of email addresses created on the domain names, not content; and
>
> b.      That requires all trademark owners to constantly monitor and take action against every potentially infringing domain name within 2 weeks, which is an unreasonable burden.  When they don’t the infringers will just start their infringing conduct at the beginning of the third week (or whatever period);
>
> c.       Who will create this algorithm – ICANN?  Will it work as well as the string similarity algorithm for new gTLDS?

For 2(a), if the domain name is not registered, but not in the zone
file (no nameservers), then the email address won't be able to receive
incoming email. And, outgoing email purporting to be from that domain
would be easily caught in spam filters (i.e. just like a sender
sending email with a "from" of a non-existent existent domain name
today).

For 2(b), this is only for the "top" abused marks, who presumably are
*already* monitoring freshly registered domain names to assess their
"riskiness". Miscreants have the advantage currently of a real-time
registration system. Reduce that advantage, for those top abused
marks, and their economics change. You don't need to actually *see*
the abusive behaviour on certain domain names, to know that they're
abusive -- often you can tell just by looking at the domain name
itself (e.g. domains that have variations of Paypal with hyphens,
extra words, etc.).

For 2(c), definitely not ICANN! (nor the people who designed SWORD!)
Hold a competition. There are certainly algorithms out there used to
assess risk already, and assign a risk score to a domain name. Have
them duke it out, on a regular basis. With artificial intelligence and
deep learning these days, it's a different world than 10 years ago.
Artificial intelligence can identify videos of cats, and can nearly
drive! Abusive domain names are much simpler problem sets. Establish
training sets, and automated systems can do a pretty good job of
identifying potentially malicious domain names before they're even
used. As an example, go to:

http://www.wipo.int/amc/en/domains/casesx/list.jsp?prefix=D&year=2017&seq_min=1&seq_max=199

to see the first 200 UDRPs filed at WIPO in 2017, and hide all but the
2nd column. I'm confident you can predict the outcome successfully in
most cases, just by looking at the domain name itself, and nothing
more (not even knowing the complainant, not even knowing the TM
involved, registrar, etc.). Do an "out of sample" test with 200
upcoming UDRPs, and I'm sure you'd get similar results. You've
developed heuristics, and those can be taught to a machine.

For a freshly domain name risk score, one has potentially even more
information than just the domain name (e.g. the fields in the WHOIS)
with which to refine the risk assessment. e.g see:

https://www.domaintools.com/products/reputation-scoring/

(I'm sure there are others)

Sincerely,

George Kirikos
416-588-0269
http://www.leap.com/

More information about the gnso-rpm-wg mailing list