This post explores similarities between ICANN's Domains Protected Marks List (DPML) process and Pervasively Distributed Copyright Enforcement (PDCE). The DPML operates on trademarks, while PDCE concerns copyright. However, similarities exist in the intentions and consequences of them.
I'll first introduce PDCE with a brief summary. Then I will explain the Trademark Clearinghouse and the DPML service that depends on it. I'll explore this further using an example, and then end with three points that PDCE and DPML have in common.
A Quick Introduction to PDCE
Pervasively Distributed Copyright Enforcement (PDCE) was first described in a paper by Julie Cohen in 20061, and while readers of this post would probably benefit from having read it, this is not a requirement for understanding this post.
To quote the abstract from Cohen's paper,
"The distributed extension of intellectual property enforcement into private spaces and throughout communications networks can be understood as a new, hybrid species of disciplinary regime that locates the justification for its pervasive reach in a permanent state of crisis. This hybrid regime derives its force neither primarily from centralized authority nor primarily from decentralized, internalized norms, but instead from a set of coordinated processes for authorizing flows of information."
PDCE relies on delegation of authority to processes carried out by machines. Digital Rights Management (DRM) is a good example of this. Whether or not a given act would be permissible under law is irrelevant if a machine implementing a process forbids it. Where a judge might have ruled an act of copying to be fair-use ex-post, DRM might forbid the action ex-ante.
An Introduction to DPML
In 2005 ICANN started a policy development process to introduce new generic Top Level Domains (gTLDs) to the Domain Name System (DNS) hierarchy.2 In 2013 the first of these domains went live.3 As of this writing there are more than 500 new gTLDs in use.3 Additionally, there are roughly 700 new gTLD applications still being processed by ICANN.3
As part of the development of its new gTLDs, ICANN also revisited its policy towards trademark protection. The Uniform Dispute Resolution Policy (UDRP) had been the sole means of resolving trademark disputes in DNS prior to the introduction of the new gTLDs. UDRP does not go away for new gTLDs, but it does get augmented with two new tools for trademark protection: the Trademark Clearinghouse (TMCH) and the Uniform Rapid Suspension System (URS).
The TMCH is a database of registered trademarks. It is not a trademark office, since each mark must already be registered at an actual trademark office. Trademark holders can pay to have their mark recorded at the TMCH. Currently this costs $150 for a year, $435 for three years, and $725 for five years. Bulk discounts are also available.4 In return, users gain access to services that help protect their trademark in the DNS.
The first service is a sunrise service, which gives the TMCH user 30 days of priority access to register their trademark as a Second Level Domain (SLD)5 in any new gTLD. During this sunrise period, only the trademark holder can register their mark as an SLD.Once the sunrise period ends the new gTLD will start accepting registrations from the general public.
Then begins the 90-day notification period. During this period, individual registrants receive notification when attempting to register a potentially infringing SLD. The TMCH user also receives notification that someone attempted to register their mark as an SLD. Following the 90-day notification period, TMCH users can still elect to receive notification when an SLD is registered that potentially infringes their mark.
The above services are offered by the Trademark Clearinghouse itself. The final service, Domain Protected Marks List (DPML), is optionally offered by new gTLD registries. DPML allows TMCH users to defensively block DNS registrations using their trademark. Each registry has slightly different policies regarding DPML, but the general idea is the same. The point of DPML is to prevent registrations of TMCH recorded trademarks at participating new gTLD registries. It is not a notice-based service like the two services offered by ICANN, instead it blocks registrations that a registry determines to be infringing the TMCH user's mark.
TMCH users must pay for DPML protection at each new gTLD registry separately. However, since most new gTLD registries control multiple new gTLDs, paying for protection at one registry protects the TMCH user on all of that registry's gTLDs.
For example, paying for DPML protection from Donuts, a new gTLD registry, would afford protection for all of Donuts' new gTLDs.6 Donuts offers an expansive definition of protection. In addition to direct naming conflicts, Donuts will also block registrations of SLDs which merely contain the TMCH trademark. According to their website, "..if the Domain Name Label [is] 'sample' .., a DPML Block may be applied for any of the following labels: 'sample', 'musicsample', 'samplesale', or 'thesampletest'".7
It's important to understand the distinction between the Trademark Clearinghouse and DPML. The TMCH is a database of verified trademarks. ICANN is responsible for hosting the TMCH and verifying that the data in it is valid. The DPML is a service provided by some new gTLD registries that makes use of the TMCH, and must be paid for separately.
Let's say there is a company called Mixahedron Inc. that manufactures and sells drink-mixing equipment in multiple geometric shapes. Mixahedron Inc. holds the trademark for the term 'Mixahedron' in the country where it is incorporated. They own mixahedron.com and use it for their main corporate Internet presence, but in the past they've had problems on other TLDs. When .info was launched a cyber squatter registered mixahedron.info and sent phishing emails to Mixahedron Inc's customers, directing them to change their account information on mixahedron.info. Mixahedron Inc. was able to gain control of mixahedron.info, but it cost time and money. This event caused customer complaints and loss of credibility.
In fear of this happening again Mixahedron Inc. became a user of the Trademark Clearinghouse when it was launched. In addition, they paid both Donuts and Rightside, for a ten-year service contract for DPML on their mark 'Mixahedron'. Now when someone tries to register mixahedron.business they get blocked. Also nice is that disgruntled customers cannot register mixahedron-sucks.wtf, i-hate-mixahedron.gripe or mixahedron.fail. With thousands of new gTLDs coming into existence, a service like DPML offers the only viable venue for Mixahedron Inc. to defensively register all derivatives of their mark.
Another side to this story is from a customer of Mixahedron Inc's named Mark. Mark had his left index finger ripped off by one of Mixahedron Inc's professional mixers. After his recovery he started investigating their mixers and discovered other people had suffered similar fates with them. Mark decided to set up a forum website called mixahedron.surgery where the community of people injured by Mixahedron Inc's mixers could share stories and plan actions. He thought the satirical name would help to get the message out, and provide a bit of a publicity boost to his campaign. Unfortunately for Mark, his registrar GoDaddy.com refused his registration. Donuts is the registry for .surgery, and since Mixahedron Inc. pays Donuts for DPML services only Mixahedron Inc. can register mixahedron.surgery.
Mark doesn't understand any of this, and doesn't know anything about trademark law, the Trademark Clearinghouse, or DPML. In frustration, Mark gave up and instead registered a domain name unrelated to Mixahedron. His entirely valid campaign against Mixahedron was constrained by his inability to register a recognizable domain name. To compensate for this, and to spread word of his campaign, Mark purchased Google AdWords for terms like 'Mixahedron pain', and 'Mixahedron defect'.
A key similarity between Pervasively Distributed Copyright Enforcement (PDCE) and the Domain Protected Marks List (DPML) is its lack of recourse for the user at the time of rights constraint. With PDCE this might take the form of an inability for a user to argue fair use with a DRM system. Similarly with DPML, a DNS registrant is unable to argue with the registry refusing their domain name application. Both PDCE and DPML are rigid processes with ex-ante assumptions of misuse that favor intellectual property holders.
One of the main purposes of trademark law is to prevent confusion of genuine branded products with illegitimate or fake products. In the United States, there is considerable legal precedent we call upon when deciding whether the use of a trademark is infringing, or is acceptable because of free speech protections. The DPML short-circuits this human decision making in favor of an immediate unappealable constraining of action.
The trademark theory that the DPML regime comes closest to implementing is referred to as the 'initial interest confusion' theory. In the context of cybersquatting case precedent, initial interest confusion results when users visiting a website mistake a so-called gripe site for an actual sponsored site of the trademark holder. Proponents of this theory argue that visitors to a gripe-site will confuse the gripe-site for that of the trademark holder's. This theory ignores any content on the site for evaluating whether a user might be confused by the use of the trademark. Trademark holders attempting to shutdown gripe sites have attempted to use this theory, and have sometimes succeeded.
In Lamparello v. Falwell, Christopher Lamparello registered fallwell.com and hosted a gripe site discrediting Jerry Falwell and his ministry. Falwell sued but the court ruled in favor of Lamparello finding in part that, “Applying the initial interest confusion theory to gripe sites like Lamparello's would enable the mark holder to insulate himself from criticism - or at least to minimize access to it. .. Rather, to determine whether a likelihood of confusion exists as to the source of a gripe site like that at issue in this case, a court must look not only to the allegedly infringing domain name, but also to the underlying content of the website.”8
The DPML affords no appeals process to the user who is denied registration of a domain name, and it cannot evaluate the content of a website before it is created. Both PDCE and DPML override legitimate freedom of expression concerns. Copyright's doctrine of fair use can be seen as an outlet for free expression in a similar vein as limiting the scope of initial interest confusion in trademark law. Both PDCE and DPML effectively disable that outlet by default. They force the user to find a means of enabling it again via the courts or, in the case of some DRM, technical subversion.
Another similarity between PDCE and the DPML is that they both depend on a state of permanent crisis. For PDCE this is the increasing ease with which the Internet and software has allowed copyright infringement to happen. For DPML this is the permanent threat of consumer confusion brought on by domain cyber squatting and phishing. Cyber squatters set up websites with DNS names similar to famous brand names and either attempt to sell the domain to the brand owner, or attempt to trick users into visiting their site to harvest webpage impressions. Phishers trick users into visiting websites and then divulging sensitive information.
Web users need to know that when they visit an organization's website, they are visiting the official website of that company instead of an imposter website attempting to scam them. Years of web browsing have established an expectation in users to perform this verification based largely on what appears in their web browser address bar, which for the time being, usually only contains a DNS name. There may be other icons in the address bar purporting to authenticate the website, but many users don't understand these. Thus, brand owners look to the DNS to provide a solution. DPML is an attempt to directly respond to the problems of both cybersquatting and phishing by 'cleaning up' the DNS.
The consequences of being a reaction to permanent crisis hold true for both PDCE and DPML. "Rather than normalizing those who remain on the 'right' side of the new boundaries, [PDCE] seeks to normalize a regime of universal, technologically-encoded constraint."9 The ultimate goal of both PDCE and DPML is to become invisible and establish new normative behavior.
The third similarity is that both PDCE and DPML are neither completely decentralized, nor completely centralized systems of control. Instead, they depend on a network of actors. "The resulting [PDCE] regime of crisis management is neither wholly centralized nor wholly decentralized; it relies, instead on coordination of technologies and processes for authorizing information flows." This quote about PDCE could just as easily apply to DPML. DNS is decentralized, but DPML is not. The network of DPML revolves around the very centralized TMCH, but from there becomes more decentralized as it branches out to registries, registrars and eventually individual registrants.
We have explored three similarities between PDCE and DPML in this post. The reason for pointing them out is not to show common thinking across two domains of intellectual property law. It is instead to highlight some genuine issues with the approach ICANN has taken in establishing the TMCH and the DPML. This is a complex issue, and the rights of trademark holders need to be balanced with those of free expression. The TMCH and DPML are both very new, and it can be difficult to predict the future. Only time well tell how users react to these changes in the DNS registration process. There could also be court challenges to the DPML or the TMCH. We'll just have to wait and see.
An earlier version of this paper was written as an assignment for Info 296a:Technology Delegation @ UC Berkeley's School of Information.
Julie Cohen, Pervasively Distributed Copyright Enforcement, Georgetown Law Journal, Vol. 95, 2006 ↩
In DNS lingo a registry contracts with ICANN to service a DNS TLD. Registrars contract with registries to offer second-level domains(SLD) to the public. If you register example.com, you are contracting with a registrar for an SLD. ↩
Lamparello v. Falwell, 4th Cir. 2005, 420 F.3d 309 ↩
Julie Cohen, Pervasively Distributed Copyright Enforcement, Georgetown Law Journal, Vol. 95, 2006, at page 28 ↩