Dreyfus

EUIPO, R 275/2023-4, September 13, 2023, TVAR VIRTUÁLNÍ STŘELNÉ ZBRANĚ (fig.)

The fourth Board of Appeal of the European Union Intellectual Property Office (EUIPO) addressed an important issue for those interested in trademark protection in virtual worlds in a recent decision on September 13, 2023 

The decision concerned an application for registration of a European Union trademark in classes 9, 35, and 41 filed by Colt CZ Group SE (Colt), a Czech holding company that acquired Colt’s Manufacturing Company LLC, a well-known American firearm manufacturer.

Colt filed a trademark application for a virtual firearm in February 2022 for virtual products and services related to online firearms. However, in December 2022, the EUIPO examiner rejected the application, arguing that the trademark lacked the required distinctiveness.

The reasons for the examiner’s rejection were as follows:

• Without distinctiveness, the trademark resembled a common representation of a virtual firearm, and the target audience would perceive it as such.
• The fact that some members of the public may be knowledgeable about firearms had no bearing on the assessment of distinctiveness.

As a result, the trademark lacked distinctiveness.

Colt appealed the decision, arguing that the trademark was unique and recognizable, notably thanks to the verbal element “CZ BREN 2” and the complexity of the virtual weapon’s shape represented.

The Board of Appeal began by emphasising that the distinctiveness of a trademark must be evaluated in light of the requested products and services, as well as public perception.

Concerning the relevant audience, the Board determined that it consisted primarily of the general public.

Regarding the distinctiveness of the trademark, the Board examined two particular elements: the verbal element “CZ BREN 2” and the visual representation of the virtual firearm.

Because of its size and lack of contrast with the background, the verbal element “CZ BREN 2” was deemed insignificant, making it difficult to identify for a significant proportion of the public.

The visual representation of the virtual firearm was deemed commonplace and conforming to industry standards, not deviating significantly from consumers’ expectations for virtual firearms. 

In conclusion, the Board upheld the examiner’s decision that the trademark was not distinctive because it did not allow the public to identify the commercial source of the questioned products and services.

This decision emphasises the importance of distinctiveness in trademarks’ registration in the context of virtual worlds and clarifies how the target audience, as well as verbal and visual elements, are considered in this assessment.

It highlights an important point: even if a product or service in the real world is specialized or requires particular expertise (such as firearms), the targeted audience for the virtual equivalent of that product or service may be much broader and less specialized in terms of knowledge.

Introduction

The International Trademark Association (“INTA”) provided a comprehensive and clear definition of “Domain Name Abuse” on May 16, 2023. Prior to this date, the definition of “Domain Name Abuse” was imprecise in the private sector, government, and universities. INTA defines it as “any activity that makes, or intends to make, use of domain names, the Domain Name System protocol, or any digital identifiers that are similar in form or function to domain names to carry out deceptive, malicious, or illegal activity.”

This new definition will therefore enable prior trademark owners to protect their rights when their trademarks are targeted by criminals.

Understanding Domain Name Abuse

Abuse occurs when bad actors commit fraud and steal from consumers, businesses, or even governmental bodies, all while infringing on the rights of prior trademark holders. It manifests through the malicious use of domain name systems, notably via phishing, spamming, distributing malicious software, or engaging in fraudulent activities like cybersquatting, typosquatting, dotsquatting, domain hijacking, shadowing, and domain name impersonation.

Implications for Trademark Holders and Consumers

Abuse is a hazardous practice for both victims (consumers, businesses, government agencies) and prior trademark holders. In fact, bad-faith actors maliciously register domain names by replicating pre-existing trademarks or domain names that have been legitimately registered and renewed. To lend credibility to these dubious websites, these malicious domain holders will replicate the products and services offered by the legitimate owner, as well as their email correspondence, mailing address, and even the brand image of companies.

Domain name abuse thereby infringes upon the rights of legitimate trademark holders and creates a significant risk of confusion for users.

Previous Definitions: Gaps and Limitations

In January 2022, the European Commission published the European Union study on the abuse of domain names, which was quickly followed in March 2023 by the United States, with an active commitment to securing critical infrastructures, particularly domain name systems, as part of its National Cybersecurity Strategy. The prevalence of domain name abuse compelled various nations to take necessary action; however, these were frequently limited and ambiguous.

Although many definitions existed prior to INTA’s report, many of them failed to adequately address important intellectual property concerns like counterfeiting and privacy. 

One example is the definition given by the European Commission in January 2022. According to the European Commission, abuse would be “any activity using domain names or the DNS protocol to conduct harmful or illegal activities.”

In clause 11 of the registry agreement, ICANN, the Internet Corporation for Assigned Names and Numbers, asserts that domain name abuse includes “malware, phishing, trademark or copyright infringements, deceptive or fraudulent practises, counterfeiting, or any other activity contrary to prevailing legislation…”

Finally, the Voluntary Framework on Domain Name Abuse defines them as “malware, botnets, phishing, pharming, or SPAM disseminating malware, botnets, phishing, pharming, or SPAM disseminating malware, botnets, phishing, or pharming.”

These definitions largely represent what the technical community recognizes as abuse. Indeed, confining domain name abuse to “technical breaches” failed to anticipate the tangible legal challenges of these practices.

Similarly, mentioning “harmful or illegal activities” without defining their scope did not provide adequate legal guidance regarding intellectual property. 

It was therefore critical to develop a comprehensive, concise, and understandable definition of domain name abuse in order to best protect victims of these infringements and trademark holders.

INTA’s Comprehensive Definition of Domain Name Abuse

Given the increasing instances of attacks on domain names and cyber risks, INTA felt the need to step in and provide a clear technical and legal definition that incorporates issues of intellectual property and emerging technologies.

Domain name abuse, is now defined as “any activity that makes, or intends to make, use of domain names, the Domain Name System protocol, or any digital identifiers that are similar in form or function to domain names to carry out deceptive, malicious, or illegal activity”

The inclusion of the term “similar in form or function to domain names” allows INTA to make the necessary connection with intellectual property. Indeed, the function of a trademark is to assure the origin of a product or service. However, domain name abuse misleads internet users about the origin of brands, creating a significant risk of confusion through techniques such as cybersquatting, typosquatting, and dotsquatting.

Conclusion on the new definition of Domain Name Abuse.

The new definition of domain name system abuse now helps trademark owners and the general public. It calls for ongoing vigilance and cooperation between organisations such as INTA and ICANN to ensure a clear understanding of the issues surrounding this concept.

To find out more read our articles on Domain name right : bona fide offer of goods or services, AFNIC’s New Mediation Procedure: Fast and Free Dispute Resolution for Domain Name Holders or visit INTA’s website.

A lot of work is currently being done to define domain name abuse or domain name Infringements. Domain abuse is the use or intent to use of domain names, the DNS domain name system protocol, or any digital identifier with a shape or function similar to domain names, for deceptive, malicious, or illegal purposes.

But where do we stand in the fight against domain name infringement?

Focus on the Attack Vector:  a form of Domain Name Abuse

The form of damage corresponds to the attack vectors. Domain name abuse is becoming more common, manifesting itself on websites, via search engines, or in email inboxes via phishing attempts.

In 2023, holders of contentious domain names are increasingly using certain “modern” domain name infringements vectors. Among them are domain name infringements via SMS, QR codes, or even sponsored ads.

In the case of SMS, the infringement takes advantage of flaws in communication protocols. A URL link pointing to a malicious website is frequently attached to the SMS.

QR codes, on the other hand, function as URL shorteners and can direct users to potentially harmful websites. These QR codes are increasingly being printed in paper format on fake notices of passage or fines.

Finally, sponsored advertisements are extremely popular. Malicious sites often appear at the top of Google searches in the form of advertising inserts. The lack of a precise visual indicator often prompts internet users to click on these ads without being wary of the content they contain.

These new attack vectors highlight the creativity and determination of malicious actors. These novel forms are accompanied by substantive innovations. In actuality, the landscape of infringements is also expanding.

An overview of Domain Name Infringements

There are various types of infringements. Cybersquatting, phishing, and fake institutional websites are well-known practices. Others, more recent, require a thorough examination.

A New Form of Cybersquatting: Robot Cybersquatting

Cybersquatting, the act of registering brand-related domain names with the intent to profit from the brand’s reputation, disrupt its visibility, or sell it back to its rightful owner, isn’t new. However, its methods are becoming more sophisticated.

Bots, particularly in China, now constantly monitor domain names. They swiftly register domains once they become available, especially if they are related to legitimate brands. These “vacuum” bots snap up domains that lapse into the public domain for any reason. While this tactic existed in the past, it’s seeing a resurgence, especially in China.

The ‘Fake Shop’ Trend

The so-called “fake shop” is a new 2023 trend. Some fraudulent websites register domain names by linking a previous brand to a country name. These fake shops are counterfeit sites that deliver no product or service. They are near-perfect, semi-automated duplications of previously registered brand sites. The similarity of these contentious sites with legitimate ones creates almost inevitable confusion for consumers. In an effort to sidestep some alternative dispute resolution procedures, such as the UDRP (Uniform Domain Name Dispute Resolution Policy), by replacing trademarks within the domain name by a generic term, this new domain name infringement trend is more difficult to combat.

Click Fraud

Another trend for 2023 is “click fraud.” Click fraud is a type of fraud that occurs online within pay-per-click advertising. Website owners are paid based on the number of visitors who click on the ads in this advertising. Click fraud typically occurs on a large scale, with multiple links targeted and clicked multiple times, rather than just once. Malicious actors will obtain expired domain names or typosquat domain names that appear legitimate in order to entice users to click.

Identity Theft and Fake Merchant Sites

Identity theft and the creation of fake merchant sites are frequently seasonal, which means that fraudsters create contentious sites during tax or local fee collection periods, or during festive periods such as Christmas, Mother’s Day, or Valentine’s Day. This strategy targets both the B2B and B2C markets.

The fake merchant site is created in the name of a company whose official details are usurped. The credibility of these fake sites lies in the accuracy of the information concerning the merchant, such as the Siren, Siret, and VAT numbers, and in the usurpation of the company’s Whois data. This tactic is commonly used when legitimate businesses lack an online presence. Consumers who do not have access to the legitimate company’s official website believe the contentious site is authentic. To

Furthermore, fraudsters create fake Yellow Pages accounts, or official sites such as “Google My Business” or “societe.com,” and even fake reviews. The consequence of this practice is hefty as, beyond infringing on intellectual property rights and usurping companies’ identities, fraudsters scam consumers by never delivering the purchased products. This domain name abuse is severe since there’s both a monetary and personal data theft of the deceived consumers.

Identity Theft and Fake Orders

This practice consists in obtaining an undue merchandise delivery, in other words, diverting a product’s delivery. The perpetrators send an email that appears to be from a brand or company and requests large purchase quotes from sellers or distributors. Then they request payment for these purchases.

This method is especially dangerous since it can involve large amounts of money. Numerous elements give the appearance of an official site, lending credibility to identity theft. Fraudsters access official signatures and stamps from freely available online general assemblies, as well as recent financial statements, at least partially. Only the phone numbers and email are linked to the scammer.

Email Interception and Fake Bank Details

The most recent domain name infringement trend consists in redirecting a legitimate bank transfer to a third-party account. It is classified as a high-level attack because it primarily involves real estate and banking transactions.

The perpetrator begins by hacking the victim’s email. They monitor exchanges until they find an interesting transaction, identify related order discussions, and intercept a legitimate email during these exchanges. Then, they replace the legitimate email with a falsified one, modify the attached bank details, and send the email to the correspondent. Scammers use forged emails that look exactly like legitimate emails. Because of multiple exchanges in the victim’s email, the victim frequently misses the subtle email change, resulting in transactions that benefit the perpetrator.

Final thoughts

Consumers, companies, and owners of intellectual property are all affected by the recent rise in domain name infringement. Malicious actors can commit more difficult-to-detect domain name abuses thanks to increasingly sophisticated and cunning attack vectors combined with computer tool mastery. It is critical to exercise extreme caution when using the internet, emails, SMS, and even paper mail. The best way for businesses to protect themselves, their leaders, and their customers is to keep an eye on their domain names and put in place a policy and plan of action that takes this into account. Today, we talk about compliance strategy and domain names. If you have any questions, please do not be hesitant to get in touch with us.

To find out more, read our article New AFNIC Mediation Procedure: Fast and Free Dispute Resolution for Domain Name Holders

Generative artificial intelligence (AI) is a type of artificial intelligence system that can generate text, images, and other media.

The process of creating content with generative AI can be roughly divided into two steps:

– The initial source of inspiration is termed as the “input”. The generic creation is based on this initial data, either retrieved from data labelled by the user/creator of the AI or from data autonomously found by the AI, to subsequently produce an “output” or result.

 – From the initial data (input), the AI generates a model, infers rules, and then applies these rules. This is the output.

As a result, generative artificial intelligence raises concerns about the protection of both upstream content and downstream output.

Upstream protection for content processed by generative AI

In the upstream, intellectual property rights may be infringed upon if data is copied by AI and then used without permission. Indeed, there is a reproduction of copyrighted content (texts, images, sounds) to feed AI databases.

These contents, however, are protected by intellectual property rights. To legally feed AIs without prior authorization, the European legislator created an exception for “text and data mining,” which suspends the exploitation monopoly under copyright and related rights for data mining purposes. This relates to Articles 3 and 4 of Directive 2019/790 of the European Parliament and Council on copyright and related rights in the digital single market, which was adopted on April 17, 2019.

Data mining involves collecting data to transform them. There is a mining operation, which means algorithmic processing in order to interpret results. Nonetheless, these mining operations violate intellectual and artistic property rights.

Text and data mining can also lead to acts protected by copyright, sui generis rights on databases, or both, especially regarding the reproduction of works or other protected items, the extraction of content from a database, or both, which is the case when data is standardised during the text and data mining process.

The Directive 2019/790 establishes two mandatory exceptions for copying, i.e., two exceptions on reproducing content protected by literary and artistic property rights overall (texts, sounds, images, for all copyrights, related rights, and sui generis rights).

– Article 3 is a mandatory academic exception, benefiting research bodies and cultural heritage institutions performing mining for scientific research purposes, which right holders can’t oppose.

– Article 4, on the other hand, is an exception for all uses, regardless of the purpose (including commercial), provided that the copyright holder has not expressed opposition. In this case, the right holders can oppose even though the exception is mandatory. This may seem contradictory, but in reality, it’s the only possible balance between the rights of intellectual property right holders and the rights of those reproducing the data.

While data mining is currently allowed, the debate on the protection of content used upstream by generative AI to produce content is not over. Appeals are multiplying. For instance, in Europe, right holders are mobilising through “position papers” since the context between the drafting of Directive 2019/790 in 2018 and the time when generative AIs are booming in 2023 is very different. Compensation for intellectual property rights holders for the exception on data mining is now part of the considerations of intellectual property specialists working on the topic.

Protection of Content Generated by Generative AI

While robots were once considered passive tools, advances in artificial intelligence research have raised concerns about their role in the creative process. Indeed, these advancements sometimes attribute a significant role to them in content creation, raising questions about the protection of content generated by generative AI.

Under copyright law, the principle remains indifferent to merit (CJEU 1st March 2012, Football Dataco Ltd et al. vs. Yahoo! UK Ltd et al., Case C-604/10). Yet, it remains contentious to assert that generative AI can be the author of a work it produces.

This brings up the question: Is the appearance of a work tied to a regime? Should we accept protection for works generated by AI?

The European Parliament’s report from 27th January 2017 on recommendations for civil law rules on robotics suggested that copyright criteria should be adapted to accommodate these new AI-generated creations.

What’s crucial here is distinguishing between creations assisted by generative AI and those autonomously generated by AI.

If generative AI is used as a tool assisting creation, there’s no debate. The work is protected by copyright, with the affiliated rights belonging to the human creator. In this scenario, the work clearly reflects the personality of its human creator.

But what about the opposite scenario? Do we lean towards copyright or other paths (common law, special law)?

In 2018, the Superior Council of Literary and Artistic Property conducted an economic and legal analysis of the options.

The idea of AI as an author is ruled out today. To qualify as a work under the European Union law, it must meet specific conditions:

– There must be a human author.
– The work must be original.

Given these conditions, today’s perceived autonomy of AI is exaggerated as human involvement is essential. The idea of creating an “electronic personality” is rejected, as it might disrupt existing legal categories, leading to a legal chimaera. Without a human entity, the work can’t fulfil the originality criterion, which in France refers to the “imprint of the author’s personality” and similarly in the European Union, denotes an “intellectual creation unique to its author”, both necessitating a human presence.

The link to a human author in copyright law seems to be an international requirement
suggested by the Berne Convention.

If literary and artistic property rights are chosen, determining which specific rights apply (copyright, sui generis rights) becomes essential. Also, the definition of the author (indirect author, work without an author?) must be clarified.

Some argue no protection is required, and the “opt out” would fall under the “common by design” regime.

While awaiting legislation specific to works produced by generative AI, it’s worth noting emerging case law in this field. Notably, the US District Court for the District of Columbia’s decision in Thaler vs. Perlmutter on 18th August 2023, which ruled that copyright doesn’t apply to creations made by AI tools, even if they’re trained by human intelligence.

Such discussions on highly current topics raise genuine legal questions. The rise of new technologies requires the legislature’s keen attention and continuous updates to stay relevant. It’ll be fascinating to see future measures and laws adopted to further regulate these smart new inventions.

To find out more about generative AI, read our article Generative AI: Balancing Innovation and Intellectual Property Rights Protection or visit WIPO Magazine and Blog Modérateur.