One of these days I’m going to write a book “Business for Hackers”. There will be an entire chapter on “trademarks”. The following incident is a good example how hackers totally misunderstand what’s going on.
The tl;dr is this: Companies have little discretion in trademark disputes. Arm doesn’t want to be enforcing their trademarks, the law forces them to. ICANN’s stupid rules on trademarks forces companies to take an agressive stance on domain-names. The thing to be outraged against is the law.
The Facts
The facts here are that Azeria wrote a book about “ARM Assembly” and registered an associated website domain “arm-assembly.com” to promote the book. The company Arm™ sent her hosting provider a cease-and-desist letter. Her hosting provider appears to have disabled her domains with “arm” in the name, and also temporarily disabled her azeria-labs.com website.
I can’t find any details on how she handled it, like hiring a trademark attorney. She’s apparently transferring the possibly-infringing names to Arm, and creating a new “leg-assembly.com” instead.
Why you need a lawyer
The problem starts with understanding law. Instead of reading how the law works, people try to reverse-engineer it. They look to how similar cases turned out, and theorize principles what must have happened. They then apply the principles to the new case. Such reverse-engineering produces ludicrous results.
It’s especially flawed because principles they devise to explain old cases are chosen to achieve a desired result in this new case. Instead of looking at all cases, those that might be detrimental to their position, they cherry-pick cases prejudiced to provide the best outcome for the current case.
For example, this tweet imagines that it might go the same way as the Jack Daniels court case involving a dog toy called Bad Spaniels that looked like a Jack Daniels bottle.
That’s why you need to hire a lawyer. It’s not because trademark law is so complicated that you can’t understand it. It’s because you (and your friends) are so biased that you won’t understand it. Instead of learning trademark law dispassionately, you’ll twist what you learn to conform to your desired conclusion. Your lawyer isn’t biased this way, having learned trademarks before they encountered your case.
A fundamental principle of law is that otherwise similar cases can be decided completely different based on small differences. You can’t use one case to determine the outcome of another, without considering all these small details. People who do cite cases try to ignore the inconvenient details. Cases help us understand principles, which is why they are cited so often. But it’s the principle that comes first and the case second. That’s quite different from starting with court cases and reverse engineer what principles might’ve been in play.
By the way, the answer your lawyer will probably give you is that you can fight it, but it’ll cost money. Sadly, the answer to many such questions isn’t about who is right or wrong according to the law, but whether it’s worth the fight.
Trademark Law
The original tweet refers to this as a dispute over copyright. It’s not. It’s over trademarks.
There are four general types of intellectual property law. What you think you know about one does not apply to the others.
copyrights
trademarks
patents
trade secrets
Here is the thing you need to know about trademarks: trademarks holders are required by law to defend them.
This is different from copyrights or patents. If somebody is infringing those, but not causing any trouble, then you can ignore them. This doesn’t diminish your ability to go after other people who infringe your copyrights/patents later.
Trademarks are different. If you let one inconsequential person use your trademark, then it means if someone of consequence starts abusing your trademark in a similar way, you can’t stop them. It doesn’t mean you’ve completely lost your trademark, only that you’ve lost the ability to defend it in that one small area.
The behavior of Arm’s lawyers is driven almost entirely by imagining what real infringers will argue if they don’t go after Azeria.
There’s no hard-and-fast rules. It’s more like boiling a frog. For any popular trademark there are a ton of people trying to push as far as they can go infringing it. Each allowed use then encourages the next to go a bit further, until stopped. Therefore, trademark defenders are encouraged to be aggressive about it, spending more effort than they technically need, to avoid this creeping effect.
Take “aspirin” as an example of a lost trademark. It was a famous trademark by the Bayer corporation who had most of the market for acetylsalicylic acid in the United States. During WW II, they couldn’t defend the trademark, so competitors started selling their own “aspirin”. As a result, it’s no longer trademarked in the United States, but continues to be trademarked in Germany. If you don’t defend your trademark, you effectively lose it.
Not all uses of a name are infringing. There are plenty of books mentioning “ARM” in their titles. (I’m not going to say why, it’ll tempt you to reverse-engineer some principles). There are lots of place people can put ‘arm’. I put ‘ARM’ in the title of this blogpost.
I mention this because the original tweet wonders if they are concerned about the book or the domain-name. The book is (probably) fine. It’s other concerns, namely using the domain-name, that provoke Arm’s actions.
Domain-names are a special case
Domain-name disputes are a wholly separate area of trademark law. When you hire your trademark lawyer, you need to make sure that they understand this section of the law and have experience with it.
Firstly, there is the U.S. anti-cybersquatting law. Azeria lives in Germany (and hosts in Germany) so I’m not sure how applicable it is, or whether Germany has something similar. The cease-and-desist letter appears to cite no law. I’m pretty sure the lawyers didn’t know which country she was located in, either, or which specific laws apply.
Secondly, there’s the ICANN UDRP - the official dispute resolution policy. You can read this policy for yourself to determine where arm-assembly.com fits within their descriptions.
By default, ICANN’s rules are simply that you can’t have a trademark in a domain name. You can’t have mac-repair.com, though you can have mac-address.com (when it refers to MAC addresses, which aren’t Macintosh related). If you intend the name to refer to the trademarked things, it’s just not allowed.
But it’s not as simple as that. Promoting her book isn’t trademark infringing, and there’s a good chance Azeria might win. I’ve read a bunch of cases on the UDRP website showing how disputes were resolved, and I’d give it a 50%/50% chance.
It does seem UDRP is biased toward trademark holders (and against Azeria). On the other hand, maybe not — it wouldn’t cost Azeria much of anything to defend herself, and there are no penalties for losing the dispute. The cost is born entirely by the trademark holder.
Phishing
A lot of domains are due to deliberate trademark infringement, but a lot are due simply to phishing, where trademark infringement is a side effect. For every big company, attacks are constantly registering domains with your name either to attack you, or attack those who might trust you.
Big companies parter with other firms, including DNS monitoring companies, simply to defend their name against phishing attacks.
Seeing it from Arm’s perspective
As mentioned above, trademark laws encourages a company to defend its trademarks aggressively. Among the activities is challenging domain-names. It appears that only the domain-name is the object disputed here, not the overall used of “arm”.
Arm is constantly challenging domains with their trademarks. Here’s a few examples, with names like arm-holding.com (phishing), arm.click (cybersquatting), many that are clearly trademark infringement, and armcompute.com (similar to this case) which I think isn’t actual trademark infringement.
In their decision in favor of Arm Limited over armcompute.com, WIPO simply agreed “the Respondent could not have been unaware of the fact that the disputed domain name he chose could attract Internet users in a manner that is likely to create confusion for such users with the Complainant”. They didn’t even look at the website content.
While Arm is pressured to aggressively defend its trademarks, its got a lot of discretion here. I’d agree they are being more aggressive than needed according to the law. But as I mentioned above, the law encourages this.
But the problem is that the lawyers in charge of defending trademarks simply don’t understand why anybody needs to use their trademarks in domain names. They just can’t conceive of this ever being legitimate. Moreover, they can’t conceive of it being a great harm: just pick a different domain name. They are bewildered by all the social-media fueled outrage directed at them. It’s not like they killed puppies or something, they simply asked for something harmless. They even bend over backwards to ask nicely.
We can’t argue with Arm lawyers, but maybe we can find somebody else at Arm, like their PR/marketing department, or their CEO. This doesn’t work.
You can’t ask PR, for example. Their only response is “no comment”. It’s a legal case, and PR can never respond to legal cases without permission from legal, who never gives it. Almost nobody can got above the lawyers in a company, except maybe the CEO, and even then it depends upon the case.
You can’t ask the CEO. They are going to just defer to the lawyers. CEOs don’t understand trademark law, other than the fact that they have to pay lawyers to defend trademarks, that it’s not optional.
Finding somebody reasonable in a company is like “vuln disclosure” in the cybersecurity community. Hackers find ways to break into products and notify vendors of this, so that the bugs can be fixed. But vendors have no process for dealing with this, nobody assigned to the problem. For example, hackers pass bug reports to tech support, who then reject the hacker because they aren’t a customer (tech support only supports customers). Only when the hacker releases an exploit that other malicious hackers use to cause lots of damage, and those customers complain, will the problem now fit within the existing processes.
It’s not that the vendor was evil here ignoring a bug, it’s just that they had no process for dealing with this situation. Whoever you contact at the company, they won’t know how to deal with it, and won’t know who is responsible for it (because nobody is). It’ll get passed around from person to person then dropped.
The same is true here. Arm, as a company, is being more aggressive than they need to be, but there’s no individual empowered to fix the situation, who can see when the lawyers have gone to fire. It’s not PR, not marketing, not the CEO, not the lawyers.
You imagine this should be otherwise, but remember, 99% of such cases are actually infringement, people trying to infringe Arm’s trademarks. Despite being clearly infringing in ways that Azeria isn’t, everyone has the same argument that they aren’t actually infringing. This leads to a situation where nobody listens to why you think you need their trademark in your domain-name.
The community
The reason I’m writing this is partly due to this tweet. I feel attacked.
Many are taking the strategy that if they express enough toxic outrage on social media they can eventually reach somebody at Arm.
That’s fine. It’s how social media is supposed to work. Sometimes it’s the only way to make obtuse big companies listen.
But somehow the toxicity spills over to people like me who are in the infosec community, but who disagree. As far as I can tell, Arm is behaving like every other trademark holder, and is doing so because the law pressures them into it. I don’t necessarily agree with how they respond to such pressures, but that doesn’t mean they are outrageously “wrong”.
That tweet isn’t without good reason, though. Infosec is full of rock-stars like Azeria who have toxic trolls on both sides, both supporters and antagonists. As far as I can tell, she’s only done good work on Arm assembly, so I have no idea why anybody be an antagonist — except that rock-stars breed them. Not matter how innocent a tweet mentioning the rockstar is, their toxic supporters will attack that tweet, engendering toxicity on the other side. Both sides then justify their own toxic behavior by pointing to the other side’s toxic behavior. Female rockstars appear to have even more a problem, as their toxic opponents seem to always use misogynistic tropes.
So the above tweet is mostly accurate. There are a lot of trolls. It’s just that honest disagreement is also possible. Also, I’d suggest that there’s trolls on both sides.
What Azeria should do
I have no idea. I’m confused why she’d hand over the domains, but that just means I’m ignorant of the details, not that she’s making the wrong decision. It’s also the adult thing to simply move on from the conflict instead of causing a fuss.
I’m not so adult and I like fusses. I’d challenge. Partly, it’s because I think the I understand trademark issues, having been involved in a lot of disputes over the years, on both sides. Partly, it’s because I have more money to do so. Mostly, it’s because I’m less of an adult, and am looking for a fight.
As far as I can tell, this is really more a UDRP issue, just about the domain-name rather than trademarks in general. I think the costs and penalties (for the loser) are such that I think there’s really no risk in defending the domains. I may not win, but it won’t hurt me to lose.
I don’t. I think chances are equal that a UDRP mediator would favor Arm, but that means 50% chance they’d favor me. Even if it’s 90% vs 10% I’d lose, I’d still fight.
In any case, before doing any of this, I’d pay a lawyer to advise me. I’ve been involved in a lot of trademark cases, so I think I understand things well enough, but I still wouldn’t trust my judgement. I hate to say this, because I hate that idea that the solution for poor people that they need to spend thousand of dollars in response to every cease-and-desist notice, but it’s often true. When lawyers themselves get in trouble, they always hire their own lawyers to defend them. They know that somebody who acts as their own lawyer has an idiot for a client.
Bonus: Apple
As I said, Arm is behaving unexceptionally here. It’s how all big companies response to trademark issues.
Apple is the world’s biggest brand, and hence, has the trademarks that people are trying hardest to infringe. They have teams of lawyers and contract additional companies to them defend their trademarks. They are famous for “bullying” people over trademarks.
It has guidelines for how not to infringe their trademarks. They list examples, like “ipodmart.com”, of domains you shouldn’t register or face their ire.
It’s incredibly ironic, Apple Computer violated Apple Music’s trademark. As you’ll recall, “Apple” was the name of the Beatle’s music company. They eventually settled the trademark dispute when Steve Jobs promised he’s do nothing with music. Then 20 years later, he created the iPod, and the debate flared up again. Now I have an “Apple Music” app on my iPhone.
They were less diligent in the early days. For example, there’s a Mac repair shop called macmedics.com, and macrepair.com, and mac-repair.com, and a large number of other companies with “mac” in their name. Their guidelines have an entire section specifically on the Mac trademark. I think these various Mac repair websites are in violation of Apple’s rules. But, as far as I can tell, these are all old domain names that predate ICANN’s policies, so are grandfathered in. Also, Apple allows some of them if they are an authorized Apple reseller/repair shop.
I figure Apple is the litmus test to see what you can get away with. Nobody spends more defending trademarks than Apple, so if somebody has Apple trademarks in their names, you might go look why.
Be angry at the rules
Trademark law exists the way it does for very good reasons, as people are constantly trying to infringe “just a little bit” on trademarks. I don’t like the power big companies have, but at the same time, I’m not sure if things can be improved.
ICANN’s domain-name rules, however, are evil. DNS is basic infrastructure and shouldn’t be involved in censorship. A company like “arm” shouldn’t have either the ability or duty to squelch every domain containing the tree letters ‘a’, ‘r’, and ‘m’. I can understand in the early land-rush days of the dot-com era, companies late to the web found squatters extorting them for domain names. But that motivation has passed. In today’s world, your trademark should not give you rights to every domain-name that might contain that trademark.
Conclusion
As a business person, I see things from Arm’s point of view. They are behaving exactly as every holder of a popular trademark. It doesn’t mean then can’t behave better, that there isn’t legitimate criticism here, only illegitimate outrage.
I resent the idea that I must join in toxic outrage, that like most outrage, is based mostly on ignorance of how things work. The more you understand how the world works, the less outrage you feel.