Canada: Cybersquatters, Gripe Sites And Dispute Resolution Procedures: Mitigating Risks To Your Brand Posed By The Web And Social Media

Last Updated: December 2 2011
Article by David R. Street

Prepared for FEI Canada, SME Conference 2011: Driving Growth and Expansion
Concurrent Session IV
Risk Mitigating Strategies for SMEs
Thursday November 10, 2011


Companies spend large amounts of time, effort and money in developing and promoting their brands. The Internet has played a key role in expanding the power of brands by providing countless new ways to market a brand. At the same time it has made it much easier for others to profit from another company's brand through infringement and misuse and for others to disparage a brand, tarnish its image and impair its value. In this paper I discuss three areas of risk to your brand posed by the Internet. They are the domain name system, gripe sites which are a special case of a domain name system issue and social media. In each case after identifying the problem and risks I offer some suggestions for mitigating the risks. From the perspective of understanding the risks, it doesn't matter so much what your level of engagement is with the Internet, but rather the overriding importance of continuously monitoring the Internet for anything where your brands or your company are discussed or referred to whether in favourable terms or negative terms. It's not only relevant to the consumers shopping for goods and services on the Internet but also to the very high proportion of consumers who report conducting product research on the Internet before making any purchase from retailers and other businesses.

Brand protection is mainly through the use and application of the law of trade-marks. A brand in the broadest sense of the term will almost always involve at least one trade-mark and often several trade-marks. The expression brand tends to be the term more commonly used in business although lawyers prefer to use the term trade-mark. In this paper I use the terms interchangeably.

Part 1 – Brand Protection by Protecting and Managing Domain Names

The growth of the Internet and its use of domain names pose one of the greatest challenges to the protection of brands and trade-marks. Domain names have become the primary means for consumers to find brand owners. An understanding of domain names is important to understand the threat they pose and how to protect brands and trade-marks from domain name abuse in the form of infringement, dilution and other misuse by third parties.

How the Domain System Works

The internet connects computers by using the Internet Protocol (IP) address system. Each computer is assigned a unique number such as 452.216.784.391. Since humans are not good at remembering strings of numbers domain names are used to associate IP addresses without the need to remember long strings of numbers. It is operated by a non-profit organization known as the Internet Corporation for Assigned Names and Numbers or ICANN.1

The Parts of a Domain Name

We all know that a web address looks like this For brand and trade-mark owners it's the parts after the www that are the most important. The ".com" portion or the right most portion after the last period is known as the top-level domain or TLD. The TLD determines the register on which the domain name is listed.

The part to the left of the TLD is the second-level domain. This portion of the domain is where most domain name disputes arise and the allegation is usually that the second-level domain name infringes another party's trade-mark. There can also be third level domains which are alphanumeric strings proceeding the period before the second-level domain.

Top-Level Domains

There are two types of top-level domains; country-code top level domains referred to as ccTLDs and generic top-level domains referred to as gTLDs.


ccTLDs are two letter extensions that are intended for specific countries or territories. Every one will be familiar with the ccTLD for Canada which is .ca. There are currently 250 ccTLDs.


Generic top-level domains have three or more characters that are not country or territory specific. The most popular of these is .com. gTLDs are further broken down into sponsored and unsponsored TLDs. The current unsponsored TLDs are .biz, .com, .info, .name, .net, .pro and .org. Sponsored gTLDs are specialized domains sponsored by private agencies or organizations for specific usage and are restricted to specific communities. The current sponsored gTLDs are .aero, .asia, .cat, .coop, .edu, .gov, .int, .jobs, .mil, .mobi, .museum, .tel and .travel.

The organization responsible for the creation and delegation of TLDs is the Internet Assigned Numbers Authority or IANA. IANA is part of ICANN. IANA assigns an operator for the TLD and the operator allocates domain names and maintains a register of all domain names registered under that TLD. If you register a domain you get an exclusive right to use the domain for a fixed period of time but it is not actual ownership. Domain names are issued on a first-come, first-served basis and you have to pay an annual fee to maintain a registration.

There are more than 1,000 independent registrars accredited by ICANN to sell domain names in many different TLDs.

Cybersquatters, Typosquatters and Domain Snipers

Cybersquatting is the practice of acquiring a second-level domain name which includes a well known trade-mark or brand or closely resembles that trade-mark with the hope of benefiting from the goodwill that attaches to the brand or trade-mark. This often occurs when a company focuses on certain TLDs and leaves other valuable TLDs available for registration by others. Sometimes a company inadvertently permits a domain name registration to lapse. There are "domain sniping" programs that notify a third party when a domain name expires and may even carry out a registration for the third party. Typosquatting is really one kind of cybersquatting as it involves acquiring domains that include some kind of often repeated typographical error in spelling of either the trademark or the domain. There are different ways a cybersquatter or typosquatter tries to make money. They may sell the rights to the domain to the trade-mark owner. They may use the domain to sell competitive or counterfeit products or to set up a page with advertisements from which revenue is derived on a pay per click basis.

A recent study by the Corporation Services Company reported that the most common prefix registered is 'www' so for example the domain name would be ''.

The most common suffix registered is 'online' so for example the domain would be ''.2

What Can You Do

If you determine that someone has acquired a domain that incorporates one of your trademarks, there are a number of options that can be taken.

1. The owner of the domain can be approached to see if they will agree to transfer the domain to your company for a modest sum that would include at least the cost of registering and maintaining the domain. You may want to have a third party approach the domain holder if you're a well known company in an effort to keep the price from escalating. This can often be the quickest solution. Once acquired you may simply wish to warehouse the domain if it's a variation on the one you actually intend to use in order to prevent others from acquiring it. It's been reported that the top 50 companies in the Fortune 500 have on average 6,000 domain names registered, most of which are held for blocking purposes.

2. All gTLDs and most ccTLDs have a policy in place to regulate disputes over domain names within a TLD. The Canadian Internet Registration Authority (CIRA) is the registry for the .ca top-level domain. Its dispute resolution policy is known as the CIRA Dispute Resolution Policy or CDRP. It is modeled on the ICANN Uniform Dispute Resolution Policy or UDRP which applies to the .com, .net and .org TLDs. A key requirement of the CDRP is that a complainant must meet a Canadian presence requirement.

If the domain holder refuses to sell or demands an excessive price then the next course of action would be to file a complaint under the applicable dispute resolution procedure for that domain. Disputes are decided based on what is referred to as a resemblance test which looks only at the degree of similarity between the domain name and the trade-mark. Identical domain names are assumed to be confusing. In Canada "complainants have consistently won about 80% of disputes."3

Complaints under the CDRP are decided based on documentary evidence and arguments in writing. There are no hearings at which oral testimony or oral arguments can be made. Beginning in 2012 all submissions must be in electronic format. Most decisions are rendered within 60 days. If a complainant is successful, the domain name will be cancelled or transferred to the complainant although a 30 day period is allowed to take the dispute to court. Either party may challenge a decision in court. Costs are approximately $4,000 for a default panel of three members. If the parties agree to a single panellist, the cost is $1,750.

3. A formal court proceeding in Canada alleging infringement under the Trade- Marks Act is always an option but takes considerably more time and expense than a voluntary transfer between the parties at a reasonable cost or a complaint under one of the dispute resolution policies discussed above.

New TLDs: New Opportunities and Risks For Brand Owners

In 2010 there were 250 ccTLDs and about 22 gTLDs. As of January 12, 2012 ICANN will accept applications for new gTLDs. Companies will have the opportunity to own and control their own TLD instead of dealing with third party owned and operated TLDs like .ca and .com. There will be countless new opportunities for branding and marketing. For example, an applicant could set registration criteria for the new TLD so that registration would be exclusive to your company only. There could be new TLDs for .dell, .IBM, .rogers, .toyota.

At the same time there will be new opportunities for fraud, counterfeiting, and infringement. There may be a large increase in confusion among online consumers. Policies and programs for domain name registration, brand monitoring and enforcement will need to be changed and updated.

The new TLCs are not for the faint of heart. In making an application, you're not simply requesting a domain name but you are applying to create and operate a registry. The initial application fee is US $185,000 and the annual fee is US $25,000. The initial window for applications will close on April 12, 2012 although future rounds are to occur once some experience is obtained with the first round of applicants.

Part II - Gripe Sites: What Are They and How To Deal With Them

A gripe site or criticism site is generally a domain that's registered by a dissatisfied consumer that includes along with a well known trade-mark a derogatory term such as "sucks". There is one for example called There's even a site called that collects links to gripe sites. The issue that arises in these disputes involves balancing the right of free speech and the rights associated with a trademark. Where a trade-mark owner comes upon a gripe site the first issue is to determine if either the CDRP or the UDRP applies. If the UDRP applies, the decisions suggest that a genuine cyber griping site about a complainant whose trade-mark forms part of the domain can give rise to a legitimate interest in the domain name sufficient to defeat the complaint of a trade-mark owner. However, if the domain name is not being used as a legitimate gripe site but is left "parked" as a click through revenue generator, or is used to sell products, a complainant will likely succeed.

In the single reported case under the CDRP, the complainant succeeded in obtaining the website where the only difference was that the registrant used the .ca TLC whereas the complainant used .com. There was no derogatory term added to the trade-mark name and there was no commercial use by the registrant. Under the UDRP, there's a greater chance a complaint will be dismissed regardless of whether there's a derogatory term added to the trade-mark, as the registrant will be considered to have a legitimate interest in using the trade-mark as part of the domain name of a criticism site if such use is fair and noncommercial.4

One of the things you probably shouldn't do if you encounter a gripe site is ask your lawyer to send out a cease and desist letter. Invariably once it's received, the griper will post the letter on the gripe site and the dispute escalates. Consider other alternatives first.

Another reason for monitoring the Web is the early detection of gripe sites. If the site is the work of an individual who was unhappy with a product or service, the first line of defence should be to contact the person involved and see if their complaint can be resolved. If that can be done, the site may be taken down voluntarily before it gains traction with others.

This is another area where registering domain names containing your trade-mark with common derogatory terms as a means of blocking others from getting them is a worthwhile and not all that expensive.

Part III - Brand Protection Problems And Solutions With Social Media

One of the most significant developments in the evolution of the Internet in recent years has been the creation and explosive growth of what is referred to as social media. Everyone will have some knowledge of the big ones which are Facebook, Twitter and LinkedIn but there are many others. They have changed the way people interact. As a measure of their size and potential impact consider the following statistics.

Facebook claims to have more than 800 million active users. Twitter is reported to have more that 175 million users with over 140 million tweets written every day. LinkedIn is reported to have more than 120 million members. With those numbers they can't be ignored and they shouldn't be because they provide enormous new opportunities to market and promote brands. There is a dark side however as there are also many new opportunities to infringe trade-marks and disparage brands.

Some Of The Problems

Usernames and Profiles

As with domain names one of the key problem areas is the adoption of a social media username that is identical or similar to a brand name or trade-mark. There is virtually no control over the adoption of social media usernames. As long as it's unique, in the sense that no one has already been issued that username, a username will be issued to an applicant on a first come first serve basis. The person obtaining such a username is then free to post content either good or bad about your brand while appearing to be an official or authorized person. Celebrities, athletes and to a lesser extent politicians have all had problems with persons adopting usernames that suggest they are a particular person when they're not.

It's not merely usernames however because registrants may make references to your brand in their profiles and in various postings such as in a tweet posted on Twitter. One of the issues not fully resolved is when does use of a brand name or trade-mark in social media amount to use of a trade-mark in the legal sense that constitutes infringement.


Problems with social media can and do often arise with your own employees. There are many reasons why every company needs to have a policy on the use of social media by its employees. While not directly related to brand protection a key issue is what sort of access will be permitted by employees during working hours for business use and for personal use. Are employees authorized to post `on social media and if so what are the guidelines for appropriate content? Do you require approval before any pages affiliated with your company are created or content of any kind is posted? If references are to be made about clients or customers there should be a requirement for consent to be obtained. Many companies have some form of confidentiality agreement with their employees. Employees may need to be reminded that nothing they post on social media should be in violation of their confidentiality obligations. Examples should be given about what is acceptable to post and what is not acceptable. One guideline I've heard suggested is not to post anything on social media that you wouldn't also post on a billboard. The policy on social media needs to be brought to the attention of employees by inclusion or referencing it in written employment agreements, posting it on the companies intranet and including it as part of the training for new employees. Social media policies need to be regularly reviewed and updated because this is an area that is constantly evolving.

Licensees and Franchisees

Another area often overlooked is with distributors, sales agents and franchisees all of whom are usually licensed to use your trade-marks in the context of selling your products and services or for carrying on business as a franchisee. You should address in all those agreements what kind of use these licensed users may make of your trade-marks in their social media which should likely include a requirement that they have a policy on social media for their employees. Another key term would be to require the deletion of any pages referencing your brand once the licence agreement or franchise agreement is terminated.


1. If you encounter a username in social medial that incorporates one of your trademarks one of the first steps to be taken is to review the terms of use posted on the social media site. These companies all have their own intellectual property in the form of trademarks and copyright and are sensitive to unauthorized use and infringement. Facebook for example has two separate forms for filing a complaint, one for alleging trade-mark infringement and another for alleging copyright infringement. One of the problems however is there is no uniformity in these terms of use and no common dispute resolution process such as there is with the UDRP and CDRP in the context of domain names. Each site's policy must be reviewed and then observed if a complaint is to be prepared and submitted.

2. Communicate directly with the infringer to see if they will voluntarily give up the username.

3. Another solution, more in the nature of a proactive preventative measure, is the registering of usernames on the most prominent of social media sites for trade-marks and some of their variations in order to prevent others from acquiring them.

4. As with domain name issues, you always have the option of commencing a legal action alleging trade-mark infringement. Such actions can be time consuming, expensive, and not very quick to a resolution. There's also uncertainty as to when does use of a trade-mark in social media constitute use that amounts to infringement in the legal sense.

Hackers and Social Media

Hackers love to gain access to social medial accounts because then they can distribute malware from what is a trusted source. In noting that it had recently improved its security, Facebook reported recently that in one day it had blocked 600,000 attempts to hack into the accounts of Facebook users. Another recent report indicated that 30% of small and medium enterprises have had their social media accounts compromised and malware spread on their systems.

One of the reasons social media is vulnerable to hacking is because of poor password practices. I'm sure we all dislike passwords because we have too many and it's hard to remember them especially when we're expected to change them regularly. Commentators have indicated that a high proportion of social media users use the same password for each of their social media accounts. This is not desirable because it means that a hacker who discovers one password can access all of your social media accounts. It's critical in this area to use strong passwords, consisting of a minimum of eight characters with a combination of letters and numbers and to change them every three to four months. Appropriate password use is another issue that should be part of the social medial policy at your company.

Return on Investment

All businesses will want to minimize their costs of monitoring and protecting their brands online. It's likely that not all infringements need to be pursued, only the most egregious ones and the ones that will have the highest visibility. If you spend time and money on monitoring the internet, register appropriate domain names and social media user names including ones for blocking purposes and take steps to enforce your rights as a trade-mark owner, is there anything out there to help you calculate a return on your investment. There's nothing that I'm aware of. There are a number of programs to help collect and analyze data on web traffic and other activity on the Internet but nothing that purports to measure the ROI for efforts at monitoring and enforcement. It may be however that doing nothing is not a choice. Brands, trade-marks and domain names are valuable assets and if appropriates steps aren't taken to protect those assets their value will be diminished as will the value of the businesses that own them.


In summary, in order to mitigate the risks to your brand, there are four things you should be doing.

First, monitor the Internet for everything about your company and your products and services. Hire one of the companies that perform monitoring services if you don't have in-house expertise.

Second, register and monitor your trade-marks in every country where you're doing business or expect to be doing business in the near future. Generally speaking a registered trade-mark will trump a domain name and a social media username that incorporates the trade-mark.

Third, register and monitor your trade-marks as domain names and social media usernames.

Fourth, establish a social media policy for your company and your employees and require your licensees and franchisees to have one also.



2.""An Analysis of the Most Infringed Terms within Domain Names" a White Paper of Corporation Service Company

3 "Dealing with Cybersquatters" by Michael Erdle prepare for Osgoode Professional Development Centre program Protecting Your Brand on the Web and in Social Media held on September 26, 2011 at page 8.

4 "Gripe Sites and Dispute Resolution Proceedings" by Shane Hardy a paper prepared for Osgoode Professional Development Centre program Protecting Your Brand on the Web and in Social Media held on September 26, 2011.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

David R. Street
In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:
  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.
  • Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.
    If you do not want us to provide your name and email address you may opt out by clicking here
    If you do not wish to receive any future announcements of products and services offered by Mondaq you may opt out by clicking here

    Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

    Use of

    You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


    Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

    The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


    Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

    • To allow you to personalize the Mondaq websites you are visiting.
    • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
    • To produce demographic feedback for our information providers who provide information free for your use.

    Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

    Information Collection and Use

    We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

    We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

    Mondaq News Alerts

    In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


    A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

    Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

    Log Files

    We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


    This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

    Surveys & Contests

    From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


    If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


    From time to time Mondaq may send you emails promoting Mondaq services including new services. You may opt out of receiving such emails by clicking below.

    *** If you do not wish to receive any future announcements of services offered by Mondaq you may opt out by clicking here .


    This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

    Correcting/Updating Personal Information

    If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

    Notification of Changes

    If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

    How to contact Mondaq

    You can contact us with comments or queries at

    If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.

    By clicking Register you state you have read and agree to our Terms and Conditions