A senator is worried about parliamentarians IT security

Written by Dreyfus18/05/2020

Jérôme Bascher, the republican Senator of Oise (LR party) expressed his concerns in the report to the Senate No. 82 (2019-2020), on October 22, 2019 : ″Parliamentarians IT security is close to zero″

It is primarily a matter of distinguishing between institutional functions and the IT practices of parliamentarians themselves. While the former are relatively well protected, since they benefit from assistance such as that provided by the Anssi (national agency for the security of information systems), the latter are a source of great IT insecurity.

IT insecurity factors related to the workforce

1. Having its own IT equipment

The workforce is a key element in IT security. Each parliamentarian is free to have their own equipment (Huawei or Apple telephone), yetinsecurity can arise from their exchanges and from the means of communication they use. In fact, mobile instant messaging applications that are likely to be used, go through the GAFA. They are hosted by servers of Amazon web service and not by OVH, for example, which could potentially be an efficient French server. This could be countered by the argument that Amazon Web service is also based in France,

2. Not enough awareness among senators

While the Parliament benefits from the Trojan horse attacks detecting systems on institutional sites, the level of IT security among parliamentarians is still very low.

In 2018, the Senate’s IT security systems intercepted more than 30,000 high-risk contents. Senator Bascher assures that security services experience at least 2 or 3 cyber attacks per week.

Only wiling senators are aware of the importance of IT security. Senator Bascher pointed out : “I’ve never had a virus in my life, because I’m careful,”. Among the risks that public authorities may incur, appears the so called “facing”, that is,the creation of a fake Internet page that could be an apology for terrorism, that French channels Public Sénat and LCP-AN, whose credits are included in public authorities mission, can suffer from. It is a bit reminiscent of the past attack against the channel TV5 Monde a few years ago, which has since had to make considerable investment efforts to pay for its protection.

In addition, an increaseof requests that makethe site inaccessible – hasto be considered,

Cyber attacks against public authorities are now undeniable, as evidenced by the cyber attacks that hit Estonia in 2007, the German Bundestag in 2015 and, to a lesser extent, the Senate, in 2011.

Implementation of solutionsto reinforce the parliamentarians IT security

1. The current IT protection system

Senator Bascher points out that, 10% of the IT budget in France is spentonsecurity. A program administeredby the Ministry of Defence consisted in recruiting cyber-combatants, however there is a protection imbalance since the Elysée had its own network, which is not the case for the Parliament. Senator Bascher claims that the budget designated to cybersecurity should be increased.

2. A mechanism to be reinforced

The primary objective would be to improve the parliamentarians equipment and make them more aware of IT risks.

According to the Senator, it would also be necessary to reinforce the resources of the Anssi, which is currently the only entity that deals with all the organs of power.

Public authorities are therefore at the heart of the strategic and decision-making challenges of Western democracies, as a result of which, they became the main target of IT attacks. This is all the more true in the election period, as demonstrated by the 2016 American presidential election. It’s time to strengthen the parliamentarians IT protection.

A Complainant who claims an old domain name must demonstrate its use in order to justify prior rights

Written by Dreyfus12/05/2020

Source: WIPO, Arbitration and Mediation Center, Jan. 22, 2020, No. D2019-2992, Cyberplay Management Ltd v/ WhoisGuard Protected, WhoisGuard, Inc./DIREX NV and Johann Mayer.

The Maltese company Cyberplay Management holds a gaming license for the purpose of operating an online casino. The latter owns the European trademark “Loki”, deposited on January 10, 2017 and registered on 6 September 2017, as well as the domain name <loki.com>, registered in 1992 and currently operated for online casino services. Said Company filed a UDRP Complaint before the WIPO Arbitration and Mediation Center against the domain names <lokicasino16.com>, <lokicasino17.com>, <lokicasino18.com>, <lokicasino19.com> and <lokicasino.com>, with the prejudice that they infringe its rights. Indeed, they associate the “Loki” trade mark with the term “casino”, which refers to its activity. The domain name <lokicasino.com> had been registered on May 16, 2016 and the other four domain names on January 11, 2017 (one day after the registration of the Complainant’s trademark,).

At the time the Complaint was filed, the Respondents were using these domain names in connection with an online casino. The Complainant considers that the Respondents registered and used the domain names in bad faith. The Respondents, for their part, claim that they never had knowledge of the applicant and its trademark. In addition, the Respondents have provided several screenshots, taken from the WayBack Machine website databases (archive.org) of the history of the Complinant’s website, showing the latter has never used the domain name <loki.com> for casino activities prior to the current period. For example, in 2006, it referred to a site allowing the user to find all types of events near their location.

The expert ruling on the case concludes that the complaint must be rejected, since the applicant did not provide evidence showing it was the holder of trademark rights for the sign “LOKI” at the time of registration of the disputed domain names. The trademark application was filed after the registration of the domain name <lokicasino.com > owned by the Respondents. Furthermore, in regard to the law on unregistered trademarks (right of use), the Complaint does not submit any evidence of use of the sign “LOKI” in connection with the services of an online casino. Thus, it is important to recall that in order to prosper in a UDRP proceeding, it is imperative for a Complainant to submit evidence establishing, in particular, the registration and use of a domain name in bad faith. In this case, the Complainant failed to provide such evidence. This decision also shows the growing importance of the archives proposed by WayBack Machine, which the judges now tend to accept as evidence (subject to justifying a bailiff’s report).

UDRP procedure. The bad faith complainant: when the chances of success are so low that the applicant should not have taken action

Written by Dreyfus11/05/2020

Source: WIPO, Arbitration and Mediation Center, Jan. 30, 2020, No. D2019-2937, Scalpers Fashion, S.L. c/ Dreamissary Hostmaster

The Spanish company Scalpers Fashion is active in the fashion industry. It is the owner of numerous trademarks incorporating the “Scalpers” sign, including the European Union trademark “Scalpers” No. 6748578, registered on September 29, 2008. The company has filed a UDRP complaint before the WIPO Arbitration and Mediation Center against the domain name <scalpers.com>, claiming that it infringes its rights. The domain name was registered on September 15, 1997, by the Respondent Dreamissary Hostmaster, who is in fact a natural person, a U.S. citizen and the holder of a substantial number of domain names featuring dictionary words. The domain name at issue was exploited to generate pay-per-click revenues by leading to sponsored links referring to the sale of tickets. At the time the complaint was filed, the domain name in question resolved to a parking page.

The Complainant submits that the Respondent intends to take undue advantage of its reputation in fashion and to disrupt its business. In addition, the Complainant submits that the large sums proposed by the Respondent in various attempts t negotiate are evidence of his bad faith. Indeed, the Respondent allegedly offered initially $150,000 and then $195,000. Finally, the Complainant considers that the Respondent’s bad faith is manifested by the registration of more than 100 domain names, for him to be able to resell them for a profit.

The Respondent contends that he registered and used the domain name <scalpers.com> because of the definition of the word “scalper”: a person who buys tickets at the normal price and then resells them at a high price when demand is high and available seats are scarce. In addition, the latter requires the expert to conclude to reverse domain name hijacking.

The Complainant’s position was not followed by the expert. The expert considers that the domain name was neither registered nor used in bad faith. Indeed, the Respondent had registered the domain name more than 10 years before the Complainant’s alleged date of first use of the “Scalpers” trademark. In such circumstances, there was no basis to conclude that the Respondent targeted the Complainant’s mark, which was not in existence at the time the Respondent registered the disputed domain name. As regards the use of ???, the expert also concluded that there was no bad faith, since the Respondent had used the domain name for the meaning of the word “scalpers”. The expert ruling on the case indicates that the complaint should be dismissed. In addition, he stated that the complaint was filed in bad faith by the Complainant, and was intended to deprive the Respondent of ownership of his domain name. Indeed, several facts contribute to the expert’s position: the domain name was registered by the Respondent long before the Complainant owned a trademark right in the Scalpers sign; the UDRP Complaint was filed after two unsuccessful attempts to purchase the domain name from the Respondent; and the Respondent’s counsel notified the Complainant that the complaint should be withdrawn due to the manifest impossibility of establishing bad faith.

The Complainant clearly should have known that the complaint could not succeed. Thus, it should be borne in mind that the UDRP procedure is not a one-way tool. The aggrieved Respondent may attempt to reverse the proceedings to obtain a decision against the Complainant. Here, the lack of chance of success was particularly blatant, as the domain name predates the trademark rights of Scalpers Fashion.

The rise of phishing in the midst of the coronavirus crisis

Written by Dreyfus07/05/2020

Source: Bank Info Security, Feb. 11, 2020

The global health crisis caused by the coronavirus is a favorable context for phishing techniques. Indeed, many organized gangs of cybercriminals are pretending to be health organizations by using fake domain names. As a result, they send an e-mail pretending to be a health-related entity, in which they ask the recipient to click on a link and enter or confirm a login and password. For example, cybercriminals therefore send phishing e-mails containing domain names similar to those used by the Centers for Disease Control and Prevention. For example, cybersquatters have incorporated the domain name “cdc-gov.org” which is similar to the official domain name “cdc.gov”.
Thus, these malicious e-mails encourage users to click on a link that looks like it contains information related to the issues related to the coronavirus. In fact, Internet users are redirected to a fake website where they have to enter a username and password. In other cases, cybercriminals send phishing e-mails looking like they originate from the World Health Organization, inviting users to a link to download a document on security measures against the spread of the virus. Of course, this is not the case and users are redirected to a pop-up screen asking for a username and a password. It should be noted that some cybercriminals adopt a different tactic by posing as entities linked to the world of economics, such as shipping companies or manufacturing industries. The coronavirus crisis can have an impact that extends beyond health concerns. Hence, it is necessary to be doubly careful about the extension of these phishing campaigns, alert may be raised for example by e-mails containing numerous spelling mistakes.

The <.eu> extension against Brexit

Written by Dreyfus06/05/2020

Source: EURid, registry of the <.eu> extension

The United Kingdom parted from the European Union on January 31, 2020. As a result, the United Kingdom and the European Union entered into a transitio period, a period that has been announced to last till December 31, 2020. During this period, UK residents are still entitled to register and renew names in <.eu>.

However, once this period expires, they will no longer be able to register domain names with the <.eu> extension, nor to keep those they already hold, unless they comply with the requirements. The EURID originally detailed a comprehensive plan that was supposed to be implemented from November 1, 2019, the date when the United Kingdom was due to leave the European Union. It will finally apply at the end of the transition period, although no precise deadlines have yet been set. Once the transition period ends, only the following persons are entitled to register domain names in <.eu>: a citizen of the European Union, regardless of his/her place of residence; a natural person who is not a citizen of the Union European but is a resident of a Member State; a company established in the Union; or an organization established in the Union, without prejudice to the application of national law.

Thus, for already registered domain names, registrants will be able to update their contact details in an attempt to maintain their assets. In particular, they will have to indicate a country code of citizenship corresponding to a Member State of the European Union of 27 regardless of their residence or establish an entity legally established in one of the eligible Member States of the European Union of 27 or the EEA. All registrants who do not comply with these eligibility rules will see their domain names cancelles such the domain names will then be available for registration to all.

As non-compliant domain names will be withdrawn, it is appropriate to carry out a thorough analysis of registrants’ domain name portfolios to see whether any of their registrations is at risk.

Registries and artificial intelligence

Written by Dreyfus05/05/2020

A number of national top-level domain name registries such as the English registry Nominet have begun to use artificial intelligence to prevent abusive domain name registrations. Each registry uses its own system to suspend registrations if they believe there is suspicious activity on an IP address or if the identity of the applicant cannot be verified.

Ongoing assessment of the identity of the registrant thus helps reducing domain name infringements.

Association between blockchain and domain names

Written by Dreyfus24/04/2020

Domain names appear to be a fertile ground for innovators related to blockchain technology.

Domain names and blockchain meet around the launch of the new extension “.luxe”, which contrary to what one might think was not created for the luxury industry (which already has its extension “.luxury” launched in 2014). The Ethereum foundation, whose aim is to promote blockchain technology, has entered into a partnership with the Minds + Machines (MMX) registry to create a new use for domain names, making “.luxe” the equivalent for cryptocurrency of what a classic extension represents for the IP address.

This association thus makes the IP addresses for the “.luxe” extension more intelligible.

Indeed, holders can link their domain name composed of the “.luxe” extension to their Ethereum account to replace their 40 characters identification number and make it easier to remember and use.

The reform of the tax regime for patentable products: “the French-style IP BOX“

Written by Dreyfus17/04/2020

The 2019 Finance Act harmonizes French and European tax rules in order to best promote the investment of patentable creations and inventions. We are talking about the French IP Box.

Thus, the taxation regime for the products of patents and similar industrial property rights is brought into line with OECD provisions.

While Irelandwas the first country to set up this system (1973), other countries followed suit, such as Belgium, China and, more recently, the United Kingdom (2013).

The principle allows companies to benefit from a tax advantage on their intellectual property assets with a tax rate that amount to 10% instead of 33% previously.

Eligible assets

The assets that are eligible for this plan are:

Patents and patentable inventions
Certificates of utility
Plant variety certificates
Copyrighted software

To be eligible, inventions must have been filed. Taking into account that the regime is open to software protected by copyright. It should also be added that this plan is applicable to annual net income calculated after deducting research and development expenses. The aim is to encourage research and development efforts in relation to the overall effect, i.e. in relation to all the investments that the company can make.

To be eligible for the reduction rate, the company will have to provide several elementsto establish its file such as:

Eligible assets
The rule for determining the protection of the proportion of net income taxable at a reduced rate
The method for allocating research and development expenses.

This makes it possible to monitor the company’s expenses and, above all, to justify the request for a reduction in the tax rate. It will be necessary to submit this file to the tax authorities under penalty of a 5% penalty.

The tax rate

The regime consists in deducting first the proceeds of sale and concession as well as research and development expenses and then, in a second step, calculating from this deduction the net result in order to obtain the net result of the assets on the basis of the Nexus ratio.

What is the Nexus ratio?

The idea is to limit “the preferential regime in proportion to the part of the expenditure relating to intellectual property. »

This is how the OECD defines this ratio. This is intended to sanction patents acquired and research and development costs subcontracted to affiliated companies. It should be noted that research and development costs in third party companies will not penalize the Nexus ratio. This ratio will be calculated on a cumulative expenditure basis.

Some consider this ratio a “not irrefutable presumption.”

Conclusion

The advantage of this regime is that it will encourage companies to their research and development in France and produce quality intellectual property assets that generate income.

Webinar April 7, 2020: Internet and Compliance (part 1)

Written by Dreyfus15/04/2020

Webinar : Internet and Compliance (part 1)

The rules of the game have changed,

strategies to protect the company and its leaders.

The legal, regulatory and fiscal constraints (resulting in particular from the Sapin 2 Law, the LCEN or the EU
Directive of 23 October 2019 on the protection of whistleblowers) that weigh on companies are increasingly rigorous. Companies must implement a governance policy capable of minimizing their responsibility and exposure to their customers, shareholders and the competent authorities.

Among the aspects to be considered in the context of this compliance are domain names. While they are an undeniable corporate asset, they are also vectors of risk: phishing, fraud against the president, fake sites, identity theft, forged e-mails, and so on.

In the event of a breach, they can also damage the reputation of the company and its managers, resulting in a loss of customers. It is therefore imperative to put in place the appropriate strategies to anticipate the dangers, react effectively in the event of an attack and ultimately protect the company.

The current situation linked to the coronavirus epidemic is increasing the risks, with the number of frauds increasing considerably while companies are disorganized and vulnerable.

We propose to analyse these issues with you, sharing our experience. In particular, we will be able to answer the following questions:

– What are the obligations of companies with regard to compliance?

– What are the risks to be anticipated?

– What strategies should be implemented to do so?

– What are the control points?

– What levers should be implemented to react effectively in the event of a proven breach?

UDRP Procedure: abuse of right or, when the complaint is brought in bad faith

Written by Dreyfus09/04/2020

Advice Group is an Italian company founded in 2006 and specialized in marketing. It is based in Turin but has offices in Rome, Bari and subsidiaries in Bulgaria, Kosovo, Portugal, Colombia and Peru.

Having noted the registration of the domain name <advicegroup.com> by a third party, the company turns to the WIPO Arbitration and Mediation Center for its transfer. The domain name was reserved in 2014 by Michele Dionia of Macrosten LTD, located in Cyprus. The domain name resolves to a page of commercial links and suggests that the name may be for sale (Internet users can make an offer).

The Respondent did not respond to the complaint.

The expert acknowledges the likelihood of confusion between the disputed domain name and the applicant’s Italian semi-figurative trademark, “A Advice Progressive Marketing Thinking”.

However, he decides not to rule on the issue of legitimate interest, referring to his observations on the issue of bad faith. Nevertheless, he makes several observations on the legitimate interest, in favor of the Respondent: the terms that make up the domain name are generic and the Respondent did not make active use of the name, he simply let the registrar promote its services and included a message advising Internet users to contact the registrant for the purchase of the name.

The expert also obviously did some research on his part, which he is not bound to do, since he notes that there are many companies called Advice Group throughout the world.

Concerning bad faith, the expert insists on the fact that at the time of the registration of the name, the applicant had not yet registered a trademark. The filing took place nine months after the reservation of the name in question and the obtaining of rights, two years later! Nothing suggests that the Respondent had the Complainant in mind when registering this domain name consisting of dictionary terms. Moreover, the fact that Internet users could propose the purchase of the name does not mean that the aim of Macrosten LTD was to resell it at a high price to Advice Group.

Thus, not only is the complaint rejected, but the expert also decides to qualify the complaint as a case of “reverse domain name hijacking”, i.e. it is considered that the complaint was filed with the sole purpose of depriving the domain name holder of the domain name. Here, the Complainant accused the Respondent of cybersquatting even though no evidence to that effect was provided and the name, consisting of generic terms, predates the Complainant’s trademark registration.

It should be remembered that proving the bad faith of a registrant when the domain name consists of generic terms is difficult. It is essential to show that the registrant had the applicant’s trademark in mind. In the present case, it can be assumed that even if the Complainant’s trademark had been older, this would not have been sufficient to ensure the success of the complaint. The setting up of a site similar to that of the Complainant or for the same activities, or contact made by the registrant are elements that make possible to constitute a relevant case . Here, the Complainant had no evidence to justify his position.

Dreyfus firm, an expert in trademark law, can help you by offering you unique online trademark management services.

law