Practical Steps to Protecting Your Legal Aid Organization from Cyber Piracy

(Click here to print this protocol as a PDF.) See also: How to Take Action Against Cyber Piracy.

Every program will face issues with protecting its intellectual property. With the Internet, intellectual property is routinely threatened by cyber squatters posing as your legal aid organization to an unknowing user base. Mail and telephone book scams that feature “legal aid-like” entities offer equally deceptive practices to your client community.

While these protocols may not insure you against having to deal with such deceptive practices, they will minimize your exposure to them and prepare you for swift and effective response that will benefit your program and reduce client confusion. We recommend your program consider these simple protocols and adopt them as part of your administrative policies.

Protect your website. It is your online identity and storefront.

Most legal aid programs have strong name recognition in their communities. Even those that have recently changed their names are often still found under the generic term “legal aid”. Online users trying to find legal help will be hard-pressed to distinguish your program from deceptive counterparts, especially if name recognition is not applicable. A critical part of preventing cyber piracy practices is to protect your program’s website(s) and your statewide website.

Keep your domain name registration up-to-date. It is much easier to prevent problems than address them once revealed. Predatory groups seek out lapsed domain registrations to snatch up and hold hostage. Legal aid organizations can be susceptible to this threat if there is turnover in technology staff or other extenuating circumstances. To prevent your domain name from lapsing:

Keep all domain registration information among your organization’s important documents.
Make sure that the e-mail address provided to the organization with which you registered your domain will go to multiple parties within your organization. Many sites setup an admin email (i.e. admin@yoursite.org) that goes to multiple recipients, as a backup in case one person is not available. Additionally, consider setting up automatic renewal. That way, your organization will receive notification of the renewal and will need to take action only if the credit card or other method of payment is no longer valid.

Purchase popular variations of your domain name. The easiest way to deter a thief is to simply lock the door. The same is true for your online identity. To safeguard your identify, make sure your program takes steps to “close the door” on open domain names that are similar to yours.

Register all applicable names of your organization to prevent easy squatting. (Registering additional names can cost as little as $6 per name. You can use companies like 1and1 or Dotster for domain hosting that is affordable and easy.) Identify what URLs you currently own. Consider (and brainstorm) alternative names of those URLs that partners or clients may use to reach you. For example, if your program name is Legal Aid Society of Big State, you may own the URL www.legalaidbigstate.org. Consider the other URLs, such as: “legalaidofbigstate.org, LAOBS.org, and bigstatelegalaid.org”. Similarly, if your program has changed its name or merged to become a different program in the last 15 years, consider purchasing URLs of the older names and their variations. All of these URLs can point to your current site, but at least you will own it and can control where users will be trafficked. For all domains on the list, include variations that are misspelled. Lastly, for all domains in the list, purchase all like names with variations in the address i.e., .org, .com, .net. You may also include .us, which is gaining in use.

Identify and keep a list of URLs that are or should be property of your program. Include when purchased, who the registration company is, how much each costs, date of renewal, person responsible, administrative email and password to view account, back-up persons receiving notifications, and a copy of domain registry report (e.g., found at http://www.whois.net/) with a date that shows these domain names and ownership. (Who Is.Net allows you to input your domain names and view who owns it. We recommend that you print this annually or PDF to keep in a paper or electronic file for your records.

Monitor your online presence. Monitoring your online presence is a proactive – and consistent -- activity. There is more than one account of a program who actively monitored their presence, but in the span of a two month hiatus found a new threat had arisen in that short time. Assign the responsibility to a staff person and articulate the expectation on approach and frequency of monitoring. We recommend that at least once a month, monitoring approaches should include at a minimum the following practices:

If there are domains you do not own that are similar in nature, abbreviations of your name, or contain other addresses like .com or .net, type those addresses in. If any produce any website that is either posing as a legal aid program or offering other inappropriate content, complete a Who Is domain search and document the date of purchase, name and address of owner, and contact information.

Query at least Google (and ideally these search engines -- Yahoo, MSN, and AOL) for your organization’s name and variations of the name to ensure no one is using it improperly. For example, if your organization’s name is Legal Aid of Big State, search for “Legal Aid of Big State, Big State Legal Aid, Big State Legal Services, and Big State Free Legal Help.” Print or otherwise document the search results on the first page. Note the sponsored links and assess if any that are not your organization show up as your organization’s name. Consider expanding your search Web 2.0 applications like YouTube, MySpace, and Facebook. For any violators, click to their website to document their services and advertising market. Document their contact information and review their ownership information on Who Is.

Purposely misspell your website’s URL to check for “typo squatting” piracy. Make sure these misspelled URLs do not take users to an alternative website owned by a cyber squatter.

Set up an ongoing query mechanism for clients on your website. Include a survey or “Report Fraud” link on your website to allow users to note how they found your site and/or other similar sites they may have had problems with.

Protect Your Name Offline, Too.

Annually check your White and Yellow pages to assess what other organizations locally may be posing as a legal aid entity. Contact directory assistance every six months to ask for “Legal Aid” and your program name to see where you are routed. For any businesses found that are not your program, document contact number, owner, address, and date of business with the local business or commerce department.

Purchase Your Protection “Insurance” -- Register Your Trademarks

Registering a trademark can create a presumption that you are the owner of that mark and provide greater legal protection against unauthorized use. It is like an insurance policy. You pay for the mark, but if there is an action, your claim will be easier to pursue and you will have remedies available to you.

Trademark law governs the use of trademarks by individuals and legal entities to identify their goods or services and to distinguish those goods or services from those sold or provided by others. Your organization may be able to trademark its “service mark” (i.e., Pine Tree Legal Assistance, Illinois Legal Aid Online) to distinguish it from other organizations providing services. Common legal aid names may also be trademarked with limited protections.

The cost of trademark can be $325 - 375 per application. If you find a cyber squatter, a trademarked name will have more remedies available to protect the name and demand that the squatter cease and desist. In addition, monetary remedies may be available.

Utilize the pro bono assistance provided through the NTAP Cyber Piracy Project, funded by the Legal Services Corporation, to register your trademark with the United States Patent and Trademark Office. (More information about this program can be found in our LStech Resource Center Cyber Piracy Section.)

Know How to Take Action Again Fraudulent Practices

What are Your Legal Remedies? Organizations that face competitive businesses that are posing as their legal aid entity have several remedies available to them, including

(a) requesting voluntary transfer of the name or business entity,

(b) initiating a Uniform Dispute Resolution Proceeding with the Internet Corporation for Assigned Names and Numbers (ICANN),

For more information on each of these, visit http://www.lsntap.org/CyberPiracy_Take_Action

What are Your State Bar Options? If the businesses are local and run by lawyers, state bar associations and compliance arms may be effective in pursuing alternate approaches to disbar or put the offending party on professional probation, in addition to paying remedies. Read Remedies for Action, which compiles information presented by Will Hornsby at the ABA to discover what ethical rules might apply to your situation.

Resources and Other Related Material

For more information, see http://www.lsntap.org/bookshelf?tid=123&name=Cyber%20Piracy.