Ifrah Law is a proud member the Brand Activation Association (“BAA”). This week, we attended the BAA’s 36th annual BAA Marketing Law Conference in Chicago. Just as “Mad Men” reflects the 1960’s era advertising business, this year’s BAA conference demonstrated this generation’s marketing dynamic – where mobile is key, privacy concerns abound, and the Federal Trade Commission (“FTC”) and other agencies are watching and enforcing. Other key “take aways” from the conference are that sweepstakes, contests, and other promotions remain hugely popular via mobile devices and social networks.
Advertisers representing top brand names made clear that companies must reach consumers through various digital devices. Smartphones, tablets, and wearable technologies each represent ways to advertise a product or service. Today’s consumers, especially younger consumers, rely extensively mobile devices. Many actually welcome behavioral and other advertising. Consumers in the U.S. and abroad have shown receptiveness to “flash sales,” instant coupons and other deals, including those geared to their geo-location.
Emerging Privacy and Consumer Protection Trends
While advertisers interact with consumers and many consumers welcome offers and information, regulators’ and individuals’ concerns with the privacy of personal information dominate the landscape. Almost a year after the notorious Target data breach, and with the holiday shopping season approaching, all stakeholders are understandably cautious about how to utilize various methods of marketing while securing consumer information. Even assuming a network is secure, the FTC, state attorney generals, foreign regulators, consumer advocacy groups and consumers want to know how personal data is being collected, utilized and shared. In the consumer protection context, the FTC actively enforces the Federal Trade Commission Act’s prohibition on “deceptive acts and practices,” requiring that advertisers have substantiation for product claims.
Two Significant Forces – the FTC and California’s Attorney General
Top representatives from the FTC and the California Attorney General presented at the conference. Both representatives asserted their agencies remain active in enforcing their consumer protection and privacy laws, especially as to certain areas. Jessica Rich, Director, Bureau of Consumer Protection at the FTC, discussed the agency’s focus on advertising substantiation, particularly as to claims involving disease prevention and cure, weight loss, and learning enrichment (such as the “Your Baby Can Read “ case).
On the privacy side, Ms. Rich also noted the FTC’s specialized role in enforcing the Children’s Online Privacy Protection Act (“COPPA”). The FTC’s recent action against Yelp demonstrates that the FTC will not hesitate to enforce COPPA even where a website is not a child-focused website, per se. If a website or online service (such as a mobile app) collects personal information from children under 13, it must comply with COPPA’s notice and consent requirements. The agency is also exploring the privacy and consumer protection concerns associated with interconnected devices, known as “the Internet of Things.”
Promotions – Sweepstakes, Contests, Games
While some may think sweepstakes and contests are outdated, the opposite is true. Companies are utilizing mobile and social networks to engage with consumers through promotions. Facebook and Pinterest-based sweepstakes and contests continue to grow in popularity. Advertisers also increasingly look to “text-based” offerings.
These promotions can generate great marketing visibility and grow consumer relationships. However, advertisers need to be aware of many legal minefields. First and foremost is the federal Telephone Consumer Protection Act (“TCPA”), which requires prior express “written” consent for advertisements sent to mobile phones via text or calls utilizing an autodialer or prerecorded message. Plaintiffs’ lawyers continue to file hundreds of TCPA class actions based on texts without consent. Second, the social networks have their own policies. For instance, Facebook now bars advertisers from requiring consumers to “like” a company Facebook page in order to participate in a promotion.
BAA conference sessions were packed – many standing room only. The popularity of programs about comparative advertising, native advertising, sweepstakes and contests, and enforcement trends demonstrates that advertisers are finding innovative ways to reach consumers across devices. These marketing initiatives face a host of federal, state, and international laws and regulations, as well as restrictions imposed by social networks and providers. It’s an exciting and complex juncture in global marketing.
The fact is that social media has connected us to each other in ways which seemed unimaginable only a few decades ago. Take for example the progression of social activism through online fundraising. Over the course of two short months the ALS Ice Bucket Challenge (“IBC”) went viral with millions of videos being posted by people drenching themselves in ice water in order to spread awareness and raise money for the research and treatment of ALS. To date, the total amount of donations made to the ALS Association through the IBC is an unprecedented $114 million. The Association’s FAQs webpage regarding the IBC indicates that this amount is almost five times its annual overall budget.
The ALS Ice Bucket Challenge is also a good example of the online phenomenon of crowdfunding, where numerous individuals and groups pitch in to fund a project, cause or idea. Simply put, crowdfunding is fundraising through social media. There are several popular crowdfunding websites, however one of the most well-known sites is Kickstarter.com, which was launched in 2009, and boasts the facilitation of $1 billion in contributions by seven million backers who have so far funded 69,000 “creative projects” through the site. However, as is common when dealing with new technology, there are often unanticipated legal aspects of such innovation which can be problematic.
Earlier this year, the first crowdfunding consumer protection lawsuit was filed in the state of Washington (State of Washington v. Altius Management, LLC; Edward J. Polchlopek III (No. 14-2-12425-SEA)). In late 2012, defendant Ed Nash, as he is known, and his company Altius Management, were successfully funded through a Kickstarter campaign to produce a limited-edition playing card game called Asylum. According to the campaign page, backers exceeded Nash’s goal of raising $15,000, giving more than $25,000 in total for the promise of the card game to be made. In addition, many of those who funded Nash’s campaign expected certain perks for contributing, referred to by Kickstarter as “rewards,” as was detailed in his campaign’s backer pledge amounts, which included multiple card decks and custom artwork according to varying contribution levels. However, two years later the card game has not been produced, backers have received no rewards or refunds and there has been no communication from Nash regarding the status of the Asylum project since July 2013.
With this being the first case of its kind, there is no precedent to see exactly how these proceedings will develop or how this case will affect Kickstarter and other crowdfunding websites. We suspect it will proceed like many of the other cases we write about in the internet space. One thing is certain, whether they are made online or in person, people don’t like broken promises.
New year, new resolutions. Yesterday, the FTC announced a resolution of its own: to undertake a nationwide enforcement effort to protect consumers against deceptive weight loss claims. Dubbed “Operation Failed Resolution,” the FTC’s latest enforcement effort seeks to protect consumers who face a barrage of “opportunistic marketers” promising quick ways to shed pounds. According to the FTC, these marketing tactics cause millions of dollars of consumer injuries and encourage people to postpone important changes to diet and exercise.
To announce this new initiative, the FTC held a press conference in which it identified four significant enforcement actions: (1) Sensa – a flavored powder that claims to cause weight loss when sprinkled on food; (2) L’Occitane Inc.– a skin cream that promised to shave inches off consumers’ bodies; (3) HCG Diet Direct – a product based on the human chorionic gonadotropin hormone; and (4) LeanSpa – a dietary supplement. Collectively, these four enforcement actions total $44 million in potential recovery for consumers.
All four enforcement actions shared one common thread – claims of quick and easy weight loss that were not supported by evidence. Many of the ads in question touted substantial weight loss without diet or exercise simply by using the product alone. Although some of these marketers cited clinical studies that supported their claims, the FTC said that the so-called “independent” studies were largely fabricated. The FTC also took issue with consumer endorsements, which failed to disclose that the consumers were paid for their testimonials or that the consumers were related to the owner. The FTC also scrutinized so-called physician endorsements. According to the FTC, marketers failed to disclose that their endorsers were compensated to the tune of $1,000-$5,000 and free trips.
Yesterday’s press conference is not the first time that the FTC has taken action against deceptive weight loss claims. In 2011, we reported on 10 lawsuits filed by the FTC against marketers behind the ubiquitous “1 Tip for a Tiny Belly” ads, which the FTC claimed were a scheme by marketers of diet and weight loss products to grab consumer credit card information and pile on additional, unapproved charges.
Although deceptive weight loss claims are not a new phenomenon, the FTC announced yesterday that it is taking a new approach to cracking down on these types of ads. The FTC is now encouraging media outlets that run these ads to conduct a “gut check” and turn down spots with bogus claims. Yesterday’s press conference was a call to action for both consumers and media outlets to help the FTC track down deceptive weight loss marketers, which can mean only one thing – more widespread enforcement efforts against marketers of dietary supplements. The FTC does not comment on non-public investigations and would not comment on whether these enforcement efforts would result in criminal enforcement from other agencies. One thing is for certain, however: If you make a claim about your weight loss product, you’d better be able to back it up.
ZeroAccess is one of the world’s largest botnets – a network of computers infected with malware to trigger online fraud. Recently, after having eluded investigators for months, ZeroAccess was disrupted by Microsoft and law enforcement agencies.
Earlier this month, armed with a court order and law enforcement help overseas, Microsoft took steps to cut off communication links to the European-based servers considered the mega-brain for an army of zombie computers known as ZeroAccess. Microsoft also took control of 49 domains associated with ZeroAccess. Although Microsoft does not know precisely who is behind ZeroAccess, Microsoft’s civil suit against the operators of ZeroAccess may foreshadow future enforcement efforts against operators alleged to have illegally accessed and overtaken people’s computers.
ZeroAccess, also known as max++ and Sirefef, is a Trojan horse computer malware that affects Microsoft Windows operating systems. It is used to download other malware on an infected machine and to form a botnet mostly involved in Bitcoin mining and click fraud, while remaining hidden on a system. Victims’ computers usually fall prey to ZeroAccess as the result of a drive-by download or from the installation of pirated software. Essentially, ZeroAccess hijacks web search results and redirects users to potentially dangerous sites to steal their details. It also generates fraudulent ad clicks on infected computers then claims payouts from duped advertisers.
The Microsoft lawsuit, originally filed under seal in Texas federal court, alleges, among other things, violations of the Computer Fraud and Abuse Act (“CFAA”) (18 U.S.C. §1030), the Electronic Communications Privacy Act (18 U.S.C. §2701), and various trademark violations under the Lanham Act (15 U.S.C. §1114 et seq.). Microsoft secured an injunction blocking all communications between computers in the U.S. and 18 specific IP addresses that had been identified as being associated with the botnet. The company also took control of 49 domains associated with ZeroAccess. Microsoft took action against ZeroAccess in collaboration with Europol’s European Cybercrime Centre, the FBI, and other industry partners. As Microsoft enacted the civil order obtained in its case, Europol coordinated law enforcement agency action in Germany, Latvia, Luxembourg, the Netherlands and Sweden to execute search warrants and seize servers associated with the fraudulent IP addresses operating within Europe.
The federal statutes on which Microsoft relied in its lawsuit may be broad enough to capture the gravamen of the complaint here. For example, the CFAA was enacted in 1986 to protect computers that there was a compelling federal interest to protect, such as those owned by the federal government and certain financial institutions. The CFAA has been amended numerous times since it was enacted to cover a broader range of computer related activities and there has been recent discussion on Capitol Hill of amending it further. The CFAA now prohibits accessing any computer without proper authorization or if it is used in a manner that exceeds the scope of authorized access. The law has faced steep criticism for being overly broad and allowing plaintiffs and prosecutors unfettered discretion by allowing claims based merely on violations of a website’s terms of service. In those cases in which ZeroAccess has accessed a user’s computer entirely without permission, there will likely be no dispute about whether the CFAA applies; however, in any follow-on cases in which the authority to access the computer was less clear, Microsoft may have more difficulty in relying upon this statute.
According to Microsoft, more than 800,000 ZeroAccess-infected computers were active on the internet on any given day as of October of this year. Although the latest action is expected to significantly disrupt ZeroAccess’ operation, Microsoft has not yet been able to identify the individuals behind the botnet, which is still very much intact. Microsoft’s attack is noteworthy in that it represents a rare instance of significant damage being done to a botnet that is controlled via a peer-to-peer system. But ZeroAccess has come back to life once before after an attack on it, and it would not be surprising if it recovered from this attack as well. Unless Microsoft or Europol can identify the “John Does 1-8”referenced in the complaint, this and other botnets will keep on operating without fear of reprisal.
The big question at this point is whether Microsoft’s actions will have an enduring impact beyond ZeroAccess. Will Microsoft’s actions spur other private companies to take steps of their own to stop malicious software? That answer remains to be seen.
The U.S. Court of Appeals for the Sixth Circuit is currently hearing an appeal of a district court decision, which if upheld would have enormous ramifications for freedom of speech and the online service provider safe harbor under the Communications Decency Act (CDA).
TheDirty.com is a website run by Nik Lamas-Richie. The site allows users to submit gossip about anyone or anything and the site currently features hundreds of thousands of comments on a wide range of topics and users can also freely post comments on stories that are published on the website. Lamas-Richie then selects some of the user posts, and sometimes adds a little commentary to the user submission, which he then posts to the site. Sarah Jones, a former Cincinnati Bengals cheerleader, was featured twice on TheDirty.com including allegations that she was promiscuous and that she had a sexually-transmitted disease.
Jones then sued TheDirty.com and Lamas-Richie alleging defamation, libel and invasion of privacy. The first trial resulted in a hung jury, but in the second trial in July a jury of eight women and two men in a Kentucky federal court awarded Jones $338,000 in damages.
Typically, cases involving claims like Jones’ against websites are quickly dismissed under the CDA, which provides websites immunity from third party content. TheDirty.com filed a pre-trial motion to dismiss the case on the basis that the suit was barred by the CDA that was rejected by the district court, which held that the CDA did not offer protection because “the very name of the site, the manner in which it is managed, and the personal comments of defendant Richie, the defendants have specifically encouraged development of what is offensive about the content of the site.” The court reasoned that since the site served to encourage the comments then it was not entitled to immunity under the CDA. The CDA typically immunizes providers of interactive computer services against liability arising from content created by third parties if the provider is not also responsible in whole or in part or the creation or development of the offending content.
In August, after the jury verdict, the judge wrote a supplemental opinion reiterating the views expressed in the earlier opinion. In particular Judge William Bertelsman said that because Richie “played a significant role in developing the offensive content such that he has no immunity under the CDA.”
Richie appealed the decision to the Sixth Circuit, arguing that the case should have been dismissed because the CDA immunizes liability for users’ comments. Congress enacted the CDA to encourage website owners to actively screen, review, and moderate third party posts and to allow website operators to have the ability to remove offensive content when necessary without fear of liability. Richie argued that under the CDA website operators are free to edit, alter, or modify user-created content without losing immunity, as long as their edits do not materially alter the content’s original meaning.
Four separate amicus briefs were filed with signatories that included many of the biggest names on the Internet including Facebook, Google, Amazon, Microsoft, Yahoo, Twitter and eBay. The briefs argue that the district court ruling wrongly interpreted the CDA and that the consequences of upholding the district court’s decision would be enormous. The amicus brief submitted on behalf of Google, Facebook and others states that aspects of the district court decision “significantly depart from the settled interpretation of [the CDA] and, if adopted by this Court, would not only contravene Congress’s policies as declared in the statute, but also introduce substantial uncertainty regarding a law that has been a pillar for the growth and success of America’s Internet industry.” \
This case will be closely watched because of the far reaching consequences it would have if the district court ruling imposing liability of the website is upheld. A ruling from the Sixth Circuit that affirmed the district court’s ruling could chill the operation of online businesses that are open for users to create content. There is a long line of cases that have held that conduct similar to TheDirty.com’s in this case is protected by the CDA, but a decision from the Sixth Circuit finding TheDirty.com liable would uproot the well-established jurisprudence under the CDA.
A lawsuit filed in Massachusetts state court recently raised the issue of whether a former employee’s LinkedIn post announcing a new job could violate an anti-solicitation clause of a non-compete contract with the former employer.
In KNF&T Inc. v. Muller, staffing company KNF&T filed suit against its former vice president, Charlotte Muller, for violating a non-compete contract in a number of ways, one of which was a LinkedIn update which notified Ms. Muller’s 500+ contacts of her new job. Among those contacts were Ms. Muller’s former clients at KNF&T. KNF&T filed suit alleging that the update notification violated her one year non-compete contract by soliciting business from current KNF&T clients.
The court issued a narrow ruling stating that the posting did not violate the non-compete agreement because Ms. Muller’s new position in information technology recruiting did not directly compete with KNF&T’s work in recruiting administrative support specialists.
Since the court was able to resolve the case based on a differentiation in practice areas, it did not have to resolve the issue of whether a LinkedIn notification could violate the terms of a non-competition agreement. Such a determination will always depend of the particular facts of the case, such as whether the new position directly competes with the former employer, whether the individual is connected with former clients on LinkedIn, and the content of the notification.
Employees subject to a non-competition agreement should exercise caution when using social media to announce a new position. If they do make an announcement, they should consult the terms of their non-compete agreement to determine what could constitute a violation. For instance, if the non-compete only prohibits solicitation of the former employer’s current clients, the employee should be sure to exclude any such clients from the notification by selecting which groups receive the message. The time spent paring down the list of recipients is well worth avoiding a potential lawsuit.
Google recently announced that it would be taking action to demote websites that profit from the use of mugshot photos. These mugshot sites compile booking photographs taken after people’s arrests and publish them along with the arrestees’ names and information concerning the charges against them. Individuals who want their mugshot and arrest record deleted from the site usually must pay a fee ranging anywhere from $10 to $400. Until recently, when a Google user searched the Internet for the name of a recent arrestee, the search hits would include, and often prioritize, mugshot sites. Owners of those sites were content with that outcome; many others were not.
New York Times writer David Segal was one of the latter. In a recent article, Segal took Google to task for not penalizing mugshot sites, which many believe traffic in exploitation. Segal argued that Google should take corrective action because it had prioritized the sites in contravention of its own stated corporate goal that favors original web content. Mugshots do not offer original content; instead, they gather and use images and text from third-party sources.
Before his article ran, Segal contacted Google to discuss the issue. Google responded that it had been working to address the problem in a consistent way. Days later, a Google spokesperson confirmed that mugshot sites do not comply with one of the search giant’s guidelines. To address the problem, Google amended its algorithm, presumably to disfavor sites without original content.
Consequently, mugshot sites are now pushed off the front page of Google search results. People digging for dirt now have to look a little bit harder.
Others who object to mugshot sites have taken the fight to regulators and legislators. On October 7, the Maryland Consumer Protection Division settled its case against the owner of Joomsef.net for false and deceptive advertising. Joomsef’s owner, Stanislav Komsky, published information on the site about traffic offenses, but added statements falsely suggesting there had been an arrest. Persons identified on the site had to pay $40 to $90 to have the information removed. As part of the settlement, Komsky must take down the site, return all payments to consumers, and pay a penalty of $7,500.
Other states are addressing the problem through legislation. Segal points out that Oregon and Georgia have passed laws this year giving site owners 30 days to take down an image, free of charge, if an individual proves that he or she was exonerated or that the individual’s record has been expunged. Utah attacked the problem another way. There, sheriffs are prohibited from giving out headshots to websites that charge for deleting them. Lawmakers in other states, like Florida Representative Carl Zimmerman, have introduced legislation targeting the sites, but many of those bills died from lack of support.
These acts of government are constrained, as they should be, in view of free-speech guarantees under the First Amendment. By contrast, the private sector is not so limited and, therefore, may end up striking the decisive blow against mugshot sites. Things are heading in that direction. MasterCard, Discover, American Express, and PayPal recently pledged to sever all ties with mugshot sites, and Visa has asked merchant banks to investigate the practices of the sites.
A company that markets video cameras that are designed to allow consumers to monitor their homes remotely has agreed to settle charges with the FTC that it failed to properly protect consumers’ privacy. This marks the FTC’s first enforcement action against a marketer of a product with connectivity to the Internet and other mobile devices, commonly referred to as the “Internet of Things.”
The FTC’s complaint alleges that TRENDNet marketed its cameras for uses ranging from baby monitoring to home security and that TRENDNet told customers that its products were “secure.” In fact, however, the devices were compromised by a hacker who posted links on the Internet to live feeds of over 700 cameras. Additionally, TRENDNet stored and transmitted user credentials in clear unencrypted text.
Under the terms of its settlement with the FTC, TRENDnet is prohibited from misrepresenting the security of its cameras or the security, privacy, confidentiality, or integrity of the information that its cameras or devices transmit. The company must also establish a comprehensive security program and notify customers about security issues with the cameras and must provide a software update to customers to address security issues.
“The Internet of Things holds great promise for innovative consumer products and services,” FTC Chairwoman Edith Ramirez said. “But consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet.”
The FTC’s authority to regulate and penalize companies that the agency claims do not protect consumers with sufficient data security is being challenged in federal court in New Jersey by The Wyndham Hotel Group. Wyndham has argued, among other things, that the FTC has not published any formal rules on data security and therefore cannot penalize companies that it deems have not protected consumer information. That case is pending.
This is the first time the FTC has brought an enforcement action involving the “Internet of Things,” but the FTC has already signaled it will be carefully watching how the Internet of Things develops. In particular, the FTC will be hosting a workshop in November to explore these new technologies. The agency previously sought comment from interested stakeholders on the Internet of Things – including the privacy and data security implications of interconnected devices. We expect that the FTC will continue to explore these issues, with a particular emphasis on how these devices collect and share information, particularly sensitive and personal information, such as health information.
The rise of social media has led to the application of old law to new forms of communication. For instance, an effort by the National Labor Relations Board to educate workers on their right to engage in protected concerted activity has left some employers feeling that the NLRB went too far in supporting employees’ rights – particularly their right to post disparaging work-related comments on social media forums without reprisal.
Section 7 of the National Labor Relations Act (NLRA) protects all private-sector employees’ absolute right to engage in protected concerted activity, including the right to discuss among themselves their wages, hours, benefits and other terms and conditions of their employment. Generally, this requires two or more employees acting together to improve wages or working conditions, but the action of a single employee may be considered concerted if he or she involves co-workers before acting, or acts on behalf of others. It also requires that the improvement sought benefit more than just the employee taking action, so as to distinguish protected concerted activity from mere individual complaints.
Last year, the NLRB launched a website seeking to educate workers on their right to engage in protected concerted activity. The site provides several examples of cases in which employers violated an employee’s right to engage in protected concerted activity over the Internet. For example, in one case the NLRB issued a complaint against an employer that terminated an employee who criticized her supervisor on Facebook. The Board also found that the employer’s Internet policy, which prohibited employees from making negative statements about the company or supervisors, interfered with the right to engage in concerted activity.
The NLRB has in fact ruled in workers’ favor in a number of social media cases. For example, in Hispanics United of Buffalo, the NLRB considered a case in which an employer discharged five employees because of their Facebook posts. In that case, an employee went on Facebook to solicit her coworkers’ thoughts on work-related criticism she received from a fellow employee. In response, four coworkers weighed in about working conditions, work load and staffing issues at the company. All of the employees’ posts were made off-duty on the employees’ personal computers. The employer terminated all five employees, claiming that their comments constituted harassment of the employee mentioned in the initial post.
An NLRB administrative law judge reviewed the case and found that the employees had been unlawfully discharged. The ALJ found that the NLRA protects employees in “circumstances where individual employees seek to initiate or to induce or to prepare for group action, as well as individual employees bringing truly group complaints to the attention of management,” even if that action takes place online. Since the employees were discussing the terms and conditions of their employment, the discussion was protected concerted activity within the meaning of Section 7 of the NLRA.
While cases like Hispanics United of Buffalo have served as a rallying cry for employers on the NLRB’s perceived overreaching in support of workers, a recent report on NLRB social and general media cases reveals that the NLRB actually sided with employers in slightly more than half the time by finding that employees’ statements on Facebook or Twitter did not constitute “protected concerted activity” under the NLRA. For example, in Karl Knauz Motors, Inc., the NLRB found that an employee was lawfully terminated for his Facebook postings about an accident that took place at a car dealership owned by his employer. The NLRB found that these comments were not protected because they were not related to the terms and conditions of his employment.
Similarly, in another case brought before the Board, an employee who had just been reprimanded by her supervisor posted a Facebook status that consisted of an expletive and the name of the company that employed her. One of her coworkers “liked” that status. Half an hour later the same employee posted a comment expressing her belief that the company did not value its employees. None of the employee’s coworkers responded to that posting. The company terminated the employee for her postings.
On review, the NLRB upheld the employee’s termination, finding that the posts were merely the expression of a personal gripe. The NLRB’s Associate General Counsel summarized the Board’s reasoning by stating, “The Charging Party had no particular audience in mind when she made that post, the post contained no language suggesting that she sought to initiate or induce coworkers to engage in group action, and the post did not grow out of a prior discussion about terms and conditions of employment with her coworkers. Moreover, there is no evidence that she was seeking to induce or prepare for group action or to solicit group support for her individual complaint. Although one of her coworkers offered her sympathy and indicated some general dissatisfaction with her job, she did not engage in any extended discussion with the Charging Party over working conditions or indicate any interest in taking action with the charging party.”
Despite the uproar over the NLRB’s application of “protected concerted activities” to social media, this does not represent a shift from the NLRB’s previous decisions. It merely applies existing policy to a new set of facts brought about by technological changes in how workers communicate. As before, employers may set limits on employee’s social media activities as long as they do not impinge on the employees’ protected concerted activities.
A recent decision by a federal judge in California has brought ICANN’s broad authority over the domain name system once again into question. Manwin Licensing International – perhaps the most lucrative provider of online adult-oriented content – brought an antitrust action against ICANN arising from the establishment of the .xxx top-level domain and the award of the registry contract for .xxx to ICM Registry. Manwin claimed, among other things, that because ICANN’s registry contract with ICM contains no restrictions on the price ICM may charge for its services (while providing for an enhanced fee to be paid by ICM to ICANN) and ICM is insulated from competition on renewal, the award of the contract violated the Sherman Antitrust Act.
In any antitrust case, the plaintiff must establish a “relevant market” that it can show is adversely affected by the anticompetitive actions. Here, Manwin sought to establish that the relevant markets affected by ICANN and ICM were the markets for affirmative registrations (i.e., the lack of an adequate economic substitute for .xxx domain names) and for defensive registrations (i.e., the need for trademark holders to protect their marks by registering .xxx names, for instance, playboy.xxx). The court made short work of Manwin’s claim with respect to the affirmative registration market, pointing out that domain names in other generic TLDs (gTLDs) are an adequate economic substitute for .xxx registrations. Indeed, the court pointed out that one of Manwin’s own websites – youporn.com – is the most popular free adult video website on the internet. Thus, the .com gTLD, among others, provides a perfectly adequate (if not superior) substitute to a .xxx registration.
However, the court was not so forgiving as to the defensive registration market. It held that Manwin adequately identified an adversely affected market in defensive registration because Manwin asserted that trademark owners and registrants of domain names in other gTLDs were compelled to register domain names in the .xxx TLD for defensive or blocking purposes, to protect their marks or other domain names from a loss of goodwill, prevent consumer confusion, or prevent association with adult entertainment. The court found no economic substitute for this market, as, it found the “only way to block a name in the .xxx TLD is to register a name in the .xxx TLD.” Therefore, the antitrust case will proceed with respect to the defensive registration market.
This decision has enormous potential consequences to the domain name registration market, particularly with the coming roll-out of new gTLDs. By way of example, one of the applied-for new gTLDs is .hotel. While Marriott has a very popular website located at marriott.com (as do Hyatt at hyatt.com, Hilton at hilton.com, etc.), these hoteliers may feel compelled to register their corresponding names and trademarks in the .hotel TLD, to protect against cybersquatters.
Compounding the problem, particularly for those with famous marks, is the issue of “typosquatters” who may register common misspellings of the mark in the new gTLD (such as marriot.hotel). Thus, the defensive registration market identified by Manwin has implications that extend far beyond the .xxx TLD — although .xxx has its own unique challenges not found with more mundane gTLDs, as the .xxx TLD’s association with adult content and pornography has the very real potential to tarnish otherwise unrelated marks. Imagine, for instance, pepsi.xxx (probably bad) versus pepsi.hotel (probably innocuous). Whether the existence of this case will cause a delay in the launch of the new gTLDs remains to be seen. It would seem that ICANN would proceed cautiously, as an adverse ruling might lead to a requirement that the registry contracts for gTLDs found to violate antitrust laws be unwound. Time will of course tell.
However, in the end, while Manwin seems to have hit upon a soft spot in ICANN’s shield, its claims ultimately seem overblown and contrary to the rights enjoyed by trademark owners and domain name registrants with respect to .xxx registrations. Setting aside blocking/sunrise rights that were afforded to trademark owners in advance of the public rollout of the .xxx TLD, trademark owners have extraordinary rights with respect to infringing domain names registered in .xxx. A trademark owner has available to it three means of challenging an infringing domain name registered in the .xxx TLD. These are the Rapid Evaluation Service (RES), the Charter Eligibility Dispute Resolution Policy (CEDRP), and the Uniform Dispute Resolution Policy (UDRP).
The RES provides a quick take-down process for infringing registered word marks or personal names of individuals. If an RES claimant shows that the domain name is identical or confusingly similar to a registered word mark that the claimant owns and uses, that the registrant has no rights or legitimate interests in the disputed domain name, and that the domain name was registered and is either being used in bad faith or cannot possibly be used in good faith, the domain name is directed to a page which states that the domain name has been deactivated. Temporary take-downs pending a final decision may be effected within two business days.
Trademark owners may also initiate a CEDRP proceeding, which will be handled by NAF, to challenge .xxx domain names that are being used in violation of the Adult Entertainment Industry eligibility requirements for the .xxx TLD (for instance, the example of pepsi.xxx, above). If the trademark owner is successful in a CEDRP proceeding, the offending domain name registration will be cancelled.
In addition, a trademark owner may initiate a UDRP proceeding with respect to a .xxx domain name registration, just as it might for an infringing domain name in any other TLD. Such a proceeding might result in the cancellation or transfer of the offending domain name – though if the registrant is not engaged in the adult entertainment industry, the domain name will not resolve.
In the meantime, since the Court’s ruling allowing Manwin’s case to proceed, ICM Registry has filed a counterclaim against Manwin, asserting antitrust and trade libel claims, amongst others. In the end, this battle promises to have consequences that extend far beyond the .xxx world in which it is clothed.