UDRP & URS

When Online Privacy Trumps Full Disclosure in a UDRP Dispute

author portrait

January 26, 2015

By slevy

Sometimes the owner of a domain is not who you think they are, like in this UDRP case where online privacy proved greater than the need to share all the details of the dispute.

Sometimes a sketchy cybersquatter will try to hide their identity by listing the name Mickey Mouse in the Whois record of an infringing domain.  But sometimes they’re far more malicious and have other motives for listing false information.

Why Was Online Privacy Necessary?

In a recent decision listed as ITG Software Solutions, Inc. v. [Redacted],the disputed domain iitgcan.com was registered by someone “to defraud Complainant’s customers while posing as the CEO of Complainant’s Canadian branch…” Apparently the true domain owner here used someone else’s name, address, and phone number for the Whois record in an attempt to avoid being tracked by both the Complainant and the police.

Due to the risk this posed to the person listed, the Panel decided not only to redact their name from the title of the decision but decided that the entire decision should remain unpublished.

This is a very rare use of UDRP ¶ 4(j) which requires that “[a]ll decisions under this Policy will be published in full over the Internet, except when an Administrative Panel determines in an exceptional case to redact portions of its decision.”  There have been a very small number of prior cases in which panels omitted personal information from the decision in an attempt to protect the respondent, a victim of identity theft, from any further injury. In the iitgcan.com case, the named but unsuspecting Respondent apparently consented to a transfer, wanting nothing to do with this fight, and so the Panel decided to “forego the traditional UDRP analysis and order the immediate transfer of the domain name.”

This brief decision mentions the Panel’s conclusion that the Respondent is the victim of identity theft but gives no further details. Perhaps the true domain owner had set up a fake bank account in the victim’s name and was using the domain in an effort to get email recipients to deposit funds into that account.  We’ll likely never know.

If This Was a Less Malicious Case, Would the Domain Have Held Up to the UDRP Test?

This Panel is to be congratulated for exercising its discretion to protect the online privacy of the named Respondent. But part of me is curious as to whether, in a real dispute, the domain iitgcan.com would have been found to be confusingly similar to the ITG trademark:

  • There have been other cases involving trademarks buried within a domain: For example, flexapro.com was found not confusing with the Lexapro trademark and peopleincasinos.com was not confusing with the Philip Plein mark.
  • The iitgcan.com domain resolves to a parked GoDaddy page with no pay-per-click links, so the website content doesn’t clearly convey a connection with Complainant.

However, the confusion standard in the UDRP is quite low and the use of the domain to impersonate the Complainant, most likely via email, could influence this factor. Hey, if a Respondent intends for its domain to cause confusion why should we disagree?

Share on Social

Author portrait

About slevy