[gnso-rpm-wg] A Brave New World Without Sunrises or the TMCH

[jonathan matkowsky]

What is the exact timing differential of the TMCH notices versus what's
made available from CZDS? This is important before anyone were to assume
TMCH notices don't add some value. I think they probably do. Especially for
the first day or two of registrations when MX records may be used for an
attack.

I don't think we are asking the right questions regarding gaming. Gaming
always exists in any system. I am not convinced there is a systemic problem
with the TMCH just because some early adopters gamed the system. It's too
early to draw any conclusions from the number of sunrise registrations for
similar reasons that it would be to do so regarding the URS. It will take a
bit more time for trademark owners to get used to the landscape.

While most phishing sites are on compromised domains that has nothing to do
with trademark abuse, there is no question that spear-phishing and other
scams like BEC (which often begins with phishing emails) is on the rise,
and without the TMCH, businesses generally will be set back in the fight
against cybercrime--including sunrise. I agree there are other even more
important steps that must be taken, such as giving the UDRP more "teeth",
but there is no good basis so early, relatively speaking in the roll out of
new gTLDs, to do away with these important tools to mitigate abuse.

The fact that systems can and will be gamed is a fact we cannot change.
Whether its a significant enough problem to merit attention--I am not
convined based on anectodal evidence that it merits our attention any more
so ghan I would be convinced the new UDRP rules need to be changed just
because there is gamesmanship going on that is causing an increase in
cyberflight, which there seems to be. But like I said, gamesmanship in and
of itself is not a problem--it's a fact of life for EVERY system. Does it
merit attention for the TMCH? I am not convinced.

Happy holidays for those celebrating.

Cheers,
Jonathan

On Thu, 13 Apr 2017 at 11:59 George Kirikos <icann at leap.com> wrote:

> Hi folks,
>
> (changing the subject accordingly)
>
> On Thu, Apr 13, 2017 at 2:15 PM, J. Scott Evans via gnso-rpm-wg
> <gnso-rpm-wg at icann.org> wrote:
> > I think all of this is a huge red herring. If my memory serves me, there
> > have only been about 130 Sunrise Registrations. That is a very small
> number
> > when compared to the number of second level domains registered in the new
> > TLDs. I think it is safe to assume that there has been some gaming. We
> don’t
> > need to do an exhaustive investigation. What we need to do is look at
> > reasonable solutions to the gaming problem. I have not seen any proposals
> > for you on how to handle the problem. We need to close down this
> > unproductive discussion and move on to finding solutions to the problem
> of
> > gaming.
>
> These numbers stand for the proposition that the sunrise period should
> be entirely eliminated, given that folks concede it "is a very small
> number", and thus is not conferring many benefits to those who
> register them defensively, since they're not utilizing the procedure.
> And the gaming that does exist is amplified, since it means that a
> higher percentage of the sunrise registrations are gamed. It could be
> that 30%, or even 50% of sunrise registrations are gamed, given the
> various blog posts and examples provided to this mailing list already
> (and how many others might exist "under the radar", that some folks
> are trying to keep hidden due to the lack of transparency of the
> TMCH).
>
> Consider a "thought experiment" as to what would happen if Sunrise
> registrations and the TMCH were eliminated. Those 130 registrations
> would shift to either landrush or to general availability.
>
> For those who are "gaming" the sunrise, they'd now be on an equal
> footing as everyone else.
>
> For those legitimate TM holders, they can either register in landrush
> (or general availability), *or* they have curative rights protection
> mechanisms (courts, cease and desist letters, UDRP, URS, etc.) *if*
> domains which conflict with their TM rights are registered by someone
> else and misused.
>
> I could even support a "hybrid" (horse trading, as Phil called it
> yesterday) model, where landrush imposed **additional burdens** on
> registrants, e.g. paying costs if they lose a UDRP), but then that
> extra burden is eliminated during general availability (as it is
> today). This way, TM holders and legitimate end users who don't have
> trademarks but have non-conflicting uses, etc. are on equal footing
> during a landrush.
>
> I think many people are overly protective of the TMCH & sunrise period
> not because it's "working", but because it's an opportunity for extra
> consulting, revenue streams, etc. e.g. lawyers can tell their clients
> "get registered", and they can make money from the filing fees, etc.
> There's a huge amount of money being wasted, in my voice, that can be
> redirected to other things (like curative rights, better education,
> etc.).
>
> Suppose that of the 130 sunrise registrations, half of them got
> registered by legitimate TM owners in landrush. Of the 65 that were
> registered by someone else, how many of those would actually be cases
> of cybersquatting? I would suggest it's a small number, given the
> overall stats of UDRPs relative to registrations. Even if it was a
> massive 2% (actual percentage is much, much lower), that might mean 1
> extra UDRP per TLD? With 1000+ TLDs launched over 4 years, that might
> mean an extra 250 UDRPs per year. That's a relatively negligible
> amount.
>
> If the "all-in" costs of those 250 UDRPs (lawyers fees + filing fees)
> is $5,000 or so, that's $1.25 million/yr.
>
> TMCH revenues, by contrast, are on the order of $5 million/yr for
> Deloitte. And perhaps another $5 million or more per year for all the
> TM agents, etc. filing on behalf of clients. Let's call it $10
> million+ for TMCH-related fees on those using that system.
>
> Trading $10 million/yr in "preventive" costs for $1.25 million/yr in
> "enforcement" costs -- that's a no-brainer for TM holders.
>
> And if, as I argued above, if some of those UDRP enforcement costs are
> shifted to the losers (for landrush registrations), then the economics
> are even that much stronger for the elimination of the sunrise period
> (since that $1.25 million becomes even lower, due to cost recovery).
>
> And of course, a system that has no landrush definitely benefits
> ordinary registrants and prospective registrants who simply want a
> "good" name, or at least a fair chance at one, and don't want to see
> "THE" or "FLOWERS" or "HOTEL" or all of the other common words being
> grabbed in sunrise.
>
> Processes would be simplified for registry operators and registrars,
> if sunrises and TMCH were eliminated, which saves them money (which
> gets passed along as savings for consumers). TLDs would launch faster,
> too. The best second-level strings would be "spread around" more,
> which is probably a good thing (except to some who feel, wrongly, that
> they have exclusive rights to common dictionary terms, etc., which is
> not something the law supports).
>
> So, I hope folks will give serious consideration to what would happen
> if sunrise was completely eliminated. With a few small tweaks (as
> noted above), it could be much better than we have for most people
> (except for those exploiting the current system).
>
> Sincerely,
>
> George Kirikos
> 416-588-0269
> http://www.leap.com/
>
> P.S. I know I've not written much above about the TM Claims notice
> aspect of the TMCH, but those are obviously have a chilling effect,
> with a 96%+ abandonment rate of registrations. A 90 day claims notice,
> which determined cybersquatters are going to ignore anyway, simply
> confuses legitimate registrants. The "ongoing notifications service"
> aspect of the TMCH is available through other companies, e.g.
> DomainTools or other domain monitoring services.
>
> P.P.S. Some might argue that you can never collect $5K from
> registrants if they lose a UDRP. Shift some of that to the registrar,
> who can then police their own clients, a sort of "know your client"
> rule for those participating in landrushes. One can even envision a
> system of insurance, so that those who are involved in risky domain
> name registrations pay higher "insurance" (to indemnify their
> registrars) than less risky registrants who don't engage in
> cybersquatting. Or require a deposit at the start of the UDRP process
> (if one side doesn't post a deposit, they'd be in default).
> _______________________________________________
> gnso-rpm-wg mailing list
> gnso-rpm-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rpm-wg

-- 
jonathan matkowsky, vp - ip & head of global brand threat mitigation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rpm-wg/attachments/20170414/09539f1b/attachment-0001.html>