Spain, divided in 17 autonomous communities can’t be compared to the administrative division of the regions. Indeed, these Spanish communities don’t have the same autonomy and Catalonia, located in the North East, benefits from an autonomous status, in effect since 2006.
Issue of October 1st
Last Sunday, the Catalan independent regional government organized a referendum concerning Catalonia independence among 7.5 million residents. This initiative has been quite badly perceived by the Spanish conservative government, which searches by any means to slow down if not stop the movement. For many media, this is one of the worst political crisis of the last 40 years.
Like many territories or regions, Catalonia benefits from its own TLD: .CAT.
In France, Brittany, Corsica, Alsace and Paris also benefit from a dedicated extension, i.e. respectively .BZH, .CORSICA, .ALSACE and .PARIS.
Beside France, we can find .SCOT for Scotland, .EUS for Basque culture, .FRL for Friesland, etc.
June, 9th 2017
The referendum on Catalonia’s independence is announced. It will take place on October 1st. The question that the voters will have to respond to is the following: “Do you want Catalonia to be an independent state in the form of a Republic?”
September 13th 2017
Spanish law enforcement officers seize the electoral equipment.
September 15th 2017
Madrid, judging Catalan referendum illegal, raided the registry managing .CAT, PunCat in order to make unavailable the access to websites in favor of independence, the hosting of these latter being abroad. The registries of the other countries expressed dissatisfaction for this situation: .EUS and .SCOT have thus communicated on this subject. To this day, if we can note the reactions of EFF and ISOC, neither the GeoTLD Group nor ICANN have communicated yet on this matter. The issue having been covered beyond borders, we can note an article of NYT on this subject, it would seem natural that a first release from ICANN would soon be published.
PuntCat, .CAT registry, communicated with words on this incident and asked help from ICANN: « The show that we have experienced in our offices this morning has been shameful and degrading, unworthy of a civilized country. We feel helpless in the face of these immensely disproportionate facts».
September 20th, 2017
“Anubis operation” launch, aiming to prevent the referendum.
September 24th, 2017
Catalonia’s secretariat of telecommunications complains to the European Commission about the blocking of some websites in .CAT and the raid of the Catalan registry.
September 25th, 2017
With the impossibility to cut pro-independence websites, Spanish government blocks them.
October 1st, 2017
The vote takes place. 90% of YES for independence, 42% of participation rate.
October 4th, 2017
Day of this article’s publication, Catalan government should announce the Catalonia independence.
At the Internet new extensions launch, Donuts operator, the biggest extensions applicant (.services, .legal, .photos, .vin etc.) has launched a specific protection program in addition to the TMCH.
The Donuts Protected Mark List (DPML) allows to block the registration by a third party of a domain name similar to the brand under all the extensions managed by the registry.
For example, if the brand “iPhone” is registered in the TMCH (prerequisite) then in the DPML, no one can register <iphone.photos> or <iphone.services>, as well as the other hundred Donuts extensions.
Other registries have also created protection programs, in common with Donuts’ DPML, on more restricted perimeters. It was the case of Rightside which managed the following 40 extensions:
.TV means television, .FM, FM radio, .IO tech companies…
Actually no. In fact, yes but no. These codes do not designate sectors of activity but territories according to ISO 3166-1 alpha 2:
TV is for Tuvalu, a Polynesian state;
FM is for Federated States of Micronesia ;
IO for British Indian Ocean Territory.
Why such a mix of genres? In fact, domain names and geopolitics make a whole.
When you communicate with a .COM domain name, you trust Verisign, an American company. With a .FR, it’s the AFNIC! For the .TV, nothing to fear, this extension is technically delegated to Verisign. And for the .IO, it will be said that the infrastructure is fairly resilient. Why mention this reality?
Simply because geopolitics are moving, political events have frequently cut off domain name extensions. This is the case of .LY, which corresponds to Libya. For example, South-West professionals communicating in .SO met some technical problems when Somalia has cut its DNS infrastructure for some time.
But then, how do we do? This is precisely what is exciting in this intangible industry: if no guide is available to track real-time geopolitical movements and the consequences on registries’ DNS availability, Nameshield informs you in real time.
Do not hesitate to contact us if you have any questions.
Photo : CC BY-SA 3.0 Nick Youngson – source : http://nyphotographic.com/
Act 4: Reconstruction
While a myriad of new extensions were open for recording, the time was to select .COM, .CM, .OM, .CO or .CAM records? .FR or .FRL?
The decision to make registrations in all new extensions of course has a high cost and is no longer necessarily wise.
This is also why, some brands have chosen a .BRAND: its own TLD, its own sovereignty, its own management rules! Many brands have opted for this configuration and we can see now the blooming of .BNPPARIBAS, .ALSTOM, .SNCF, .LECLERC, .GOOGLE …
This reflection on .BRAND has sometimes been badly conducted: some brands have now abandoned their own TLDs, such as McDonald’s. ICANN has a list of these TLDs, along with the very formal letters from the companies asking to remove the area of confidence, historically so costly. It reminds me of The Fallen Astronaut. We can say that the abandonment of these TLDs will be used for others to build themselves up. A good general uses the strength of the enemy as Sun Tzu said!
These discontinuations show that the companies concerned have not seen today the benefits they could make from the costs associated with the creation and management of a .BRAND. Others, more daring, have discovered the interest and / or imagine discovering new service opportunities allowing them to have an increased or even total control over their infrastructure to come with high stakes, Internet of Things, Industry 4.0 …
Let’s wait for the first connected objects and the deployment of a real infrastructure around a resilient .BRAND and we’ll see!
Trademarks identify a particular product or service and enable consumers to quickly identify the source of a given good. In order to meet this function they must be distinctive. Trademark law protects the owner’s right to use the trademark exclusively and prevent others using a mark that is confusingly similar. Use of an identical mark on the same product would be considered confusing and could clearly constitute infringement.
So far so good. But are you aware that the same standards exist for naming pedigree horses?
WorldFengur is the Icelandic committee in charge of the official register of the Icelandic horses breed. They have recently passed a rule stating that names must be of Icelandic heritage for them to be included in the official database. There are more than 400,000 horses registered across Europe and the USA. The two-person Horse Naming Committee has been set up to stop people giving obscene names to their horses but mainly to ensure that the names respect Icelandic tradition and grammar rules. It seems that purchasers don’t want their Icelandic horses to have foreign names.
Other countries have naming rules for horses too. The British Horseracing Authority (BHA) controls the appropriateness of names when horses are added to their database. In addition to being available – like trademarks – there is a long list of criteria that applicants need to meet. Here are some of the restrictions on name availability:
Names of more than 18 characters, including signs or spaces
Names followed by one or more numbers or which start with a sign other than a letter
Names made up entirely of initials, or which include figures, hyphens, full-stops, commas, signs, exclamation marks, inverted commas, forward or back slash, colon and semi-colon
The name of a public person or names of commercial significance without the appropriate permission
Names considered in poor taste or which may cause offence.
Further, when applying to the BHA for your name approval you need to supply two proposed names in order of preference with an explanation of the origin or meaning of the name. This all sounds familiar – a bit like applying for a drug marketing authorisation. One fun difference is that there is a Horse Name Availability Search tool that will not only tell you if the name is free but will provide some great alternatives if not.
Glencoe is an “unforgettable place of dramatic mountains, rare beauty and haunting history” in the Scottish Highlands.
It is also a UK trademark, registered by several companies including The National Trust for Scotland. NTS’s 2016 trademark is registered for goods including beauty products, jewellery and clothing. A prior UK Glencoe mark protecting articles of clothing was registered in 1996 by Glenmuir Limited, a “family-run business dedicated to producing the finest golf wear” but it does not currently appear to be used on any articles of their clothing.
It is similarly the name that Hilltrek Outdoor Clothing gives to one of their hand crafted outdoor jackets.
The company, based in Aboyne, on the edge of the Highlands, has a 30 year history of manufacturing quality outdoor clothing. They have a long standing policy to name their jackets after some of their favourite places in Scotland. On the website you can find a link to a glossary providing information about the names and places used for their clothing.
Earlier this month Hilltrek owner Mr Shand received a cease & desist letter from NTS demanding they stop selling the Glencoe jacket. Mr Shand was surprised that a place name could be registered as a trademark. The Hilltrek website respects trademark rights, displaying the ® symbol next to several marks but not Glencoe.
The letter instructed Hilltrek to stop selling any goods bearing the name Glencoe immediately and refrain from using the name on any future products. Mr Shand published the letter that he found “bullying and threatening” on social media, saying that he would have understood and preferred a polite letter explaining the situation and asking for a dialogue.
This case raises serval interesting points for consideration.
Is it correct to register a place name to thereby blocking others from using it? NTS says that their aim is to protect the properties in their care and stop them being exploited. They encourage and support local business but have contacted a number of companies using trademarked names which are not local, including businesses based in France.
It is important to show tact when defending your IP rights in cases such as this. Reacting too harshly can result in this case with negative media attention for the complainant and great advertising opportunity for the “infringer”.
Which both underline the necessity of obtaining professional advice from an experienced IP Counsel whether you are defending a trademark or using one, even if you are not yet aware of it.
McDonald’s! The symbol of globalization: from the invention of the express service by the eponymous brothers to its successful franchise by Ray Kroc (I recommend the film ‘The Funder’), McDonald’s is an example of post-war entrepreneurial success. The BigMac, the Filet o’Fish? These are the inventions of franchisees that headquarters have agreed to develop throughout the world. A model of innovation.
What about their digital strategy? When Internet arrives and everyone talks about it, a Wired reporter contacted McDonald’s to explain that Burger King could record mcdonalds.com. McDonald’s will not register it. Then the reporter does, the US firm tries to recover it and will donate 3500USD to a school in order to buy computer equipment.
Once bitten, twice shy. As a result, McDonald’s is creating a preventive policy of registration of domain names: goldenarches.com, mcd.com, bigmac.com, …
If RayKroc.com and mcdo.com are already cybersquatted, the implementation of a defensive registration policy has begun.
Thus, when the new gTLD program is launched in 2012, McDonald’s is a candidate and wins the .MCD and the .MCDONALDS (MCD is used internally for e-mail).
Illustration 1: Home page of NIC.MCD
We note the weak development on the home page of the .MCD, which is limited to ICANN’s obligations regarding the presentation of the TLD.
Illustration 2: WHOIS of .MCDONALDS
The Whois service of the .MCDONALDS allows the identification of the owner, although, as presented in the file for ICANN, the .MCDONALDS is not intended to be an open extension.
What is interesting in the Whois is the joint management of different departments:
First contact: IP Division, Eric William Gallender, Senior Intellectual Property Counsel
Second Contact: Marketing Division, Anja Morrison Carroll, ‘Senior Director, Marketing’
In the motivations of the company to benefit from a .MCD and a .MCDONALDS coming from a public document, we can find the will to recreate confidence. McDonald’s highlights its gTLD, ccTLD and preventive registrations (.XXX, among others).
McDonald’s has many commitments:
provide an easy and intuitive reference and access point for internet users;
represent authenticity thus promoting user confidence;
direct internet users to locally relevant information and products;
use appropriate geographic names to connect with internet users in the relevant regions ;
potentially use IDNs to enable customers to interact in their native language;
enhance security and minimise security risks by implementing necessary technical and policy measures;
strengthen brand reputation and user confidence by eliminating user confusion; and
prevent potential abuses in the registration process reducing overall costs to businesses and users.
However, on May 2nd, 2017, a signed letter from VP Global Brand Marketing, Colin Mitchell announces the end for both TLDs.
There is no reason mentioned to justify this request and McDonald’s IP has not responded to the requests for communication.
Illustration 3: The letter of McDonald’s
McDonalds has failed to do with these two TLDs more than a trusted place for the websites: a .BRAND, yes, but it’s necessary to have a real strategy of deployment and use.
Creating a .BRAND with the only purpose of defending the intellectual property doesn’t seem, in that light, to be a successful tactic. The success of a .BRAND is mainly conditioned by an effective strategy, and its development has to anticipate far ahead, its use, as well as its implications regarding the digital and commercial communication.
While the fate of 25 not yet delegated new extensions remains to seal, which represents approximately 2 % of all the accepted extensions during the current opening round, ICANN has just published a study on the proportion of DNS abuse in the new extensions launched after 2012.
The study was requested by the Competition, Consumer Trust and Consumer Choice Review Team ( CCTRT), which is mandated by ICANN to examine the extent to which the introduction or expansion of generic extensions has promoted competition, consumer trust and consumer choice. By defining the parameters of the study, the CCTRT tried to measure the rates of the common forms of unfair activities in the system of domain names, such as spamming, phishing and distribution of malware.
As a reminder, phishing is a technique used by swindlers to obtain personal information with the aim of committing identity thefts.
What is the report based on?
The study was led by SIDN, the registry of the extension of the Netherlands, as well as the University of Technology of Delft also located in the Netherlands. It was realized over a period going from 2014 to 2016, thanks to an access to the zone files granted by ICANN to these two entities.
More than 40 million names were analyzed, among which 24 million names registered in the new extensions and 16 million in the historic generic extensions: .com, .net, .org, .biz and .info. For the new extensions, it targeted the extensions which proposed a Sunrise phase for brand owners. Thus, this study ultimately concerned few .BRAND registries, since they are not required to make Sunrise phases.
Both entities made their own measures to detect abuse and the data were cross-checked with eleven heterogeneous lists referencing domains and URLS identified as hostile, which were supplied by five specialized organizations.
What are the study’s conclusions?
Regarding phishing and malware distribution, the study shows a convergence of the proportions observed within the new extensions and those in the historic generic extensions. However, in the historic generic extensions, the rates tend to remain stable while those of the new extensions increase.
On the other hand, a strong disparity appears on the spamming. At the end of 2016, the proportions of affected domains are almost ten times higher on the new generic extensions: 526 on 10000 names against 56 on 10000 names. Trends show a shift of the cybercriminals towards the new extensions.
The analysis also shows that near half of the deposits identified in activities of spamming on the three most concerned new extensions, come from known cybercriminals and from blacklisted users by Spamhaus. Spamhaus is a non-governmental international organization, its purpose is to trace spammers.
However, these phenomena do not concern all the new extensions because 36% did not encounter any abuses during the last quarter of 2016.
The study also shows that the operators which compete by lowering their prices in order to sell volume, are the ones which are the most used by the cybercriminals. Besides competitive registration prices, not restrictive registration requirements, a variety of other registration options such as the wide range of the available methods of payment, inclusive services such as DNS hosting or services of WHOIS masks, are so many other factors looked for by the cybercriminals.
What is the impact of the DNSSEC on abuses?
While the DNSSEC protocol is rapidly expanding, the entities appointed by ICANN to conduct this study also analyzed how the structural properties and the security measures implemented by the operators of new extensions influence domain abuses. As expected, the DNSSEC plays a statistically significant role and thus incites to deploy more widely the protocol on more extensions. The extensions supporting DNSSEC are indeed less of a target of such practices.
What’s happening next?
The study is now open to public comments until September the 19th. The entities which led it, also intend to analyze more in detail the possible correlations between the registration policies and abuses.
The CCTRT is then going to make recommendations to ICANN to stem the increase of DNS abuse that ICANN can then transform into new obligations for the registry operators. This time, however, all the registry operators may be concerned, thus also the .BRAND registries. NAMESHIELD is going to follow this subject closely.
On Wednesday, August 2nd, Digicert announced the acquisition of Symantec’s Website Security Business branch (including SSL business, and some other services). It’s the direct consequence of the conflict opposing Symantec to Google for a few months.
DigiCert’s Twitter account
You have certainly already heard about this disagreement opposing two companies on a certain number of certificates issued by Symantec and the possible loss of trust towards these certificates in the next versions of Chrome. Many information and dates have been flowing on this subject, sometimes contradictory, it can be sensitive to evaluate the impact on your own certificates.
Nameshield as a Symantec’s Platinum partner, has followed very closely the development of this case to ensure that its customers and partners don’t risk to be impacted and suffer from a loss of trust within their browsers. The very latest developments of this case lead us to communicate the following important information:
What happened?
Google and Symantec had a dispute in 2015, Symantec’s teams taking for example certificates often based on the CN google.com, by really issuing them to delete them afterwards. It was objectively a mistake and Google has sanctioned Symantec by making compulsory the subscription of all certificates within the Certificate Transparency base, which since became the market standard and a mandatory for all Certification Authorities. This decision was effective on June 1st, 2016.
At the beginning of 2017, Google and Mozilla announced the discovery of 127 Symantec certificates with irregularities, leading to a thorough investigation from Google, which would have found nearly 30 000 impacted certificates. Google decided to severely sanction Symantec by reducing the certificates’ duration to 9 months and by deleting the EV status for Symantec certificates in a very short period. Symantec has immediately reacted by sanctioning 4 partners who were at the roots of the errors. Many discussions between the two groups, and with many important actors of the industry, took place since March 2017. A part of these publications, proposals and counter-proposals has created confusion.
These different discussions have led Google and Symantec to an agreement on a method and a transition calendar towards a new PKI infrastructure for Symantec. Google officially communicated on this subject on Friday, July 28th. This communication can be consulted here.
Symantec is committed to create a new PKI infrastructure in collaboration with a third party to prove its good faith, answer to the transparency requirements of Google and maintain the high degree of trust which has always benefited the group from the web users. This infrastructure change will take place on December 1st, 2017 and will require the replacement (or if any, the renewal) of all the existing certificates for Symantec brands, Thawte, Geotrust and RapidSSL. This extended deadline will allow a smooth transition, without impact on web users.
Since August 2nd, we know that this trusted third party will thus be Digicert.
What Calendar?
Google distinguishes Symantec certificates issued before June 1st, 2016 from those issued after this date (Mandatory subscription in Certificate Transparency). The loss of trust in these two categories of certificates will arrive through two different versions of Chrome, hence the following calendar:
– Category 1: Certificates issued before June 1st, 2016, will have to be replaced (or renewed*) between December 1st, 2017 and March 15th, 2018 (arrival of the beta Chrome 66)
– Category 2: Certificates issued between June 1st, 2016 and November 30th, 2017, will have to be replaced (or renewed*) between December 1st, 2017 and September 13th, 2018 (beta Chrome 70 arrival).
The eventual emergency communicated by the different market actors is therefore not relevant.
*anticipated renewal: a renewal can be done until 90 days before the expiration date of a certificate, without penalizing the duration of the new issued certificate.
Are you impacted?
Yes you are, if you dispose of certificates issued with one of Symantec brands (Symantec, Thawte, Geotrust, RapidSSL) through Nameshield or other providers with whom you would be working. All that remains is to distribute them in the two mentioned categories. We could help you identify the eventual impacted certificates and their distribution in the right categories, in order to plan the actions to carry out from December 1st, 2017.
And Digicert in all this?
Digicert is an American company, of which the actual market share represents 2.2% of the world market, based on the last report of W3tech. It’s a company renowned for the work quality of its authentication team and its conformity with the CAB forum’s Baseline Requirements. Digicert is regularly growing for several years on serious values and manages certificates portfolios of very important companies and websites around the World.
Digicert will become a major actor of the certificates market, by taking the 14% of the global market shares of Symantec. More interesting, the 40% of market shares on EV certificates and 30% on OV certificates which represents Symantec.
On paper, this acquisition is good news for all the Symantec customers. It’s a guarantee of continuity in the quality of provided services. It’s the guarantee of a successful transition towards a new PKI infrastructure requested by Google. It remains to monitor Digicert capacity to respect the calendar imposed by Google, we will closely monitor this.
What does Nameshield think of this?
Nameshield trusts Symantec and its teams for several years. On one hand, for its quality of service, which allows us to provide you a service of first level and on the other hand for the brand image and the trust created by this group to the web users. The management of this Google/Symantec crisis doesn’t question the trust we have in this partner, and whose support remains irreproachable.
Furthermore, we were for a few months, in relation with Digicert to extend our solutions portfolio, we welcome this acquisition announcement like a positive news for our customers and partners, by being confident on the continuity of the services we could offer you. It means that the trust you place in us is primordial and if you want to move in a different direction, Nameshield remains at your service to propose alternatives to you.
Photo : CC BY-SA 3.0 Nick Youngson – source : http://nyphotographic.com/
Act 3: Depression
Five years ago, the number of domain name extensions was alright: less than 500. It was still possible to register its trademark and its company’s name in the extension of its choice and to act against fraudulent deposits. Attacks were unusual and you defended yourselves when smart little ones made contentious deposits. Some extensions only accepted subdomains registrations, such as Australia and the United Kingdom. Impossible to save at the root and impossible to register without having any rights: .CO.UK for companies, .AC.UK for the academic world,…
But that was before.
Then arrived several generic extensions and if the rare extensions created, caused only few problems (.MUSEUM, .MOBI, .AERO,…), this was not the case for the thousand new delegated extensions following the new gTLD program, opened on January 12, 2012. Although brands have filed .BRAND or .COMPANY to protect their territories, many extensions were open and the registration race allowed smart little ones to create big damage. The registration of BLOOMBERG.MARKET and VINCI.GROUP are two particularly well-known examples.
Today, the management of domain names is managed by people dedicated to this activity, mostly within marketing, legal and IT departments.
But what do you have to do? Register your brand in all TLDs? Spend an important amount in domain name retrieval procedures? An in-between?
Interesting alternatives are born from the opening of the new gTLDs:
Create a closed extension with subdomains to find the identification-trust link, such as the .FX project I presented a few days ago to NetWare2017 ;
Create your own extension: some already do this well, like .BNPPARIBAS or .LECLERC ;
Help the end user and this is the project of the Nameshield’s CEO, through Brandsays, a browser extension.
If the brands continue to rightfully submit domain names, they will also develop other means of access, such as SEO or social networks.
While INTA, in its recent study, highlighted impressive figures regarding defensive actions, to get the right answer, you have to ask the right question. We will see in the fourth and last episode of this summer saga, how to understand the .BRAND strategy.
Nameshield wishes to use cookies to ensure the proper performance of the website and, with our partners, to monitor its audience. More information in our Cookie Policy 🍪.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent
1 year
Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
_ga
2 years
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_25904574_14
1 minute
Set by Google to distinguish users.
_gid
1 day
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
NID
6 months
NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
