What led you to a career in intellectual property and what advice would you offer anyone considering a similar route?
I wanted to be a lawyer since I was a child but I always thought I would be a litigator. I put myself through college working full time and after graduating I was burnt out; I was not ready to sit for the bar exam. Instead, I went into online ad sales and became the director of sales for a start-up venture that was the first company to sell ads targeted to very specific demographics and to compensate consumers for viewing them. I also liaised with the technical team and had to learn how to code structured database queries to prepare for pitches to prospective or existing customers. Despite strong sales, the company went the way of most start-ups in the dot-com boom. But I had been bitten by the technical bug so I moved on to software consulting and trained as a programmer. The firm I worked for specialised in hosted enterprise class CRM and ERP applications; in addition to coding, I managed projects and worked as a sales engineer. When the dot-com bubble burst, I decided it was time to follow my original path and went to law school. Based on my sales, marketing and technical experience, intellectual property seemed like a natural fit and was my focus from day one. I was fortunate that as a summer associate I took over a project to get ICANN accreditation for the registrar owned by the law firm.
While my path to intellectual property and online issues specifically was indirect, it had some unintended benefits. I draw on my sales, marketing and technical background every day and it has made my practice much stronger. It has also given me a significant advantage over other attorneys who do not have similar – or any – real-world business or technical experience. My advice to anyone considering a career in intellectual property is to get a non-legal job before going to law school, ideally but not necessarily in a field that you are interested in. The business experience that you gain will help you to better serve your clients because what they really want are solutions to their business problems – not necessarily a legal solution.
You are an expert in domain name, internet and other technology-related issues. How do you stay abreast of the latest developments in such rapidly evolving fields?
I am constantly reading articles and posts in relevant industry newsletters, blogs and journals to keep up with current developments. I also attend numerous industry events and conferences. On the domain name and internet front specifically, I have actively participated in the internet governance policy development process through ICANN for over 15 years. There is simply no substitute for attending events and directly interacting with the companies and individuals at the cutting edge of business and technology. This has been particularly challenging over the past year due to the pandemic. Virtual events are not the same as the real thing so I am looking forward to attending in-person events again. Last but certainly not least, I stay abreast of the latest developments by working for companies that provide those developments. I am fortunate enough to represent a number of social media and e-commerce platforms, search engines, domain name registrars and registries, and all sorts of internet intermediaries and service providers. When a new problem or issue arises related to one of their services, features or technologies, I learn about it directly from the source.
Which technologies/technological tools do you rely on most for your day-to-day role?
I have a huge library of open-source intelligence and proprietary tools. I am constantly checking current and historical WHOIS databases to see who owns (or owned) domain names. This information is less useful since the implementation of the EU General Data Protection Regulation, but the better tools provide a lot of ancillary information, including content, domain name system (DNS), advertising network and other technical information, which can be used in investigations. I like DomainTools, WhosiXMLAPI and Pandalytics. I also use a number of DNS query and analysis tools to investigate hosting and email setup for domain names and websites. Amazon’s Brand Registry is a great tool but is of course limited to Amazon. Finally, Google is invaluable. The things that you can find with a properly structed advanced query are really incredible and extremely useful.
What are the biggest threats facing brand owners online and how can these be overcome?
In addition to the sheer volume of infringement and abuse, we are also seeing an increase in the complexity of the infringement and abuse. Bad actors are engaging in multi-vector attacks using every type of platform and technology in coordinated infringement campaigns. They are registering abusive domain names to host malicious websites, as well as to create email addresses through free email providers, through which they send phishing and fraud emails. At the same time, they establish fake social media accounts to create posts that drive people to fake websites, fake email addresses or e-commerce listings for counterfeit goods, or to call VOIP 800 numbers or WhatsApp numbers, which transfer to well-staffed call centres operated by the bad actors. Their call centre agents then convince consumers to enter into fraudulent transactions and provide personal and financial information, before sending confirmations from fake email addresses. There are a million other variations and new ones are popping up every day. The reality is that we are always playing catch up to the bad guys; they are very smart and have virtually unlimited time and resources since many of the tools they use (eg, social media and email) are free, human resources are cheap where they operate, and they are funding their activities with stolen credit card information.
So what can brand owners do? The truth is that we will never fully overcome this problem, but we can be smarter about enforcement. We can utilise the many free tools available to detect online abuse and we should not just stop at what we initially find (eg, just the domain(s), the social media accounts or posts, or the e-commerce listings). Instead, it is critical that we look deeper and connect the dots across different platforms and try to shut down the whole network. Otherwise, we are only temporarily stopping one part of the infringement and abuse campaign, which the bad actors will quickly replace.
How do you work with clients to best determine where and when to enforce their rights against bad actors?
I think there are three primary factors:
- How bad is the threat, and is the bad actor causing actual harm?
- How likely is the enforcement action to be effective in countering the threat?
- How much will it cost and what resources are available to take the contemplated enforcement action?
The third factor can be the most challenging because you have to look beyond the immediate infringement and think about the budget for the current period and prioritise in comparison to other infringements. That said, each situation is different and fact specific.
How can brand owners work with external parties such as online platforms and regulatory authorities to better protect their rights online?
Getting online platforms to consistently action your complaints can be challenging. It does not help that in most of the current underlying liability regimes platforms are not legally required to be proactive. Even before covid-19 online platforms were receiving an overwhelming number of abuse complaints and takedown requests, which challenges their ability to be responsive.
That said, there are steps that brand owners can take to get more consistent results. First, if the platform has a form or an automated reporting option, use it. This enables automated action where available or at a minimum lets a human reviewer know that all of the required information is there and is much easier to review than a free-form and unstructured email or letter.
Second, be clear and specific on exactly what IP right is being infringed, as well as where and how. Generally, you will have more luck with copyright-based complaints as platforms will want to take advantage of the Digital Millennium Copyright Act or similar immunity. However, trying to take a trademark claim and turn it into a copyright claim will likely fail.
Third, include any evidence you have of the infringement (eg, from a test buy). If you cannot submit this through the form, indicate in the complaint that you have evidence and then submit it by replying to the email confirming the complaint.
Fourth, quote from the platform’s policy and explain exactly how the infringer is violating this.
Finally, engage with the platform. Platforms are increasingly working with brand owners and in some cases even filing lawsuits with them – or for them – against infringers. Trying to find the right person to engage with can be challenging, so I recommend attending events and webinars where platform representatives are speaking, as they will often provide their contact information and are then responsive if you reach out to them.
Regulatory authorities and law enforcement are similarly overwhelmed. You have the best chance of them getting involved if you have a situation where significant actual harm (safety and/or financial) has occurred and you have already done a lot of the work and collected significant evidence.
With the UDRP set for review, are there any changes that you would recommend and is there a risk that non-IP voices could weaken the mechanism?
While the UDRP certainly has some shortcomings (eg, how long it takes to get a decision, the fact that you have to establish both bad-faith use and registration, and that there is nothing to disincentivise squatters from engaging in the same behaviour again), it has also been an extremely effective tool against cybersquatters and I use it successfully all the time. Unfortunately, large brands and IP owners have little influence in the ICANN world and there is ever-growing hostility to IP interests from multiple sectors. Further, of the companies and individuals that participate in the ICANN policy development process, those that are hostile to IP interests far outnumber those that are sympathetic. As a result, any changes made to the UDRP will likely only serve to reduce its effectiveness as a tool to prevent trademark infringement and other online abuses.
How soon are we likely to see the next new gTLD application round open and what significant changes could there be from a rights protection perspective (compared to round one)?
I think it will be at least two to three years, if not longer, and I do not expect any meaningful improvements in the rights protection mechanisms. The most meaningful practical protection for IP interests is probably on the front-end of the application process in the form of keeping application fees high enough to disincentivise bad actors from squatting on a brand.
What impact would the the Integrity, Notification and Fairness in Online Retail Marketplaces for Consumers Act (INFORM Consumers Act) have on your clients’ brand protection strategies and how likely is this to pass?
I do not have much confidence that the INFORM Consumers Act will pass or that it will have a meaningful effect on clients’ brand protection strategies. In the current US political environment it is difficult to have confidence that any legislation will pass. Even if it does, Amazon and some other platforms already provide seller information and this does little to stop infringement as the bad actors either use stolen identities and financial information or increasingly use shell companies and trademark registrations for nonsense character strings.
How do you expect global enforcement practices to evolve in the coming years?
While infringement continues to increase in volume, complexity and geographic scope, enforcement budgets continue to shrink. This means that in-house and external brand counsel have to be innovative in their approach and utilise all tools available to them. Prioritisation of threats is critical, as is identifying complex schemes and campaigns that cross platforms and taking holistic action to shut down an entire network, rather than just one easily replaceable component.
