As those of you who have participated in one of our recent anti-cybersquatting webinars have heard, new rules went into effect for the UDRP as of July 31. While the changes are mostly technical, the ones I consider most important are designed to prevent what has come to be known as “cyberflight.”
What is Cyberflight?
This rather esoteric term has been defined by a UDRP Panel as, “an attempt to avoid or delay judicial or UDRP proceedings by changing domain registration details or registrars after learning of a complaint.” The typical scenario is that a UDRP complaint is filed and, before the registrar can lock the disputed domain (as it’s required to do during the pendency of the dispute), the respondent transfers ownership of the domain to someone else in an attempt to avoid enforcement. Sometimes the registrar is a bit shady and tips off the respondent before the domain is locked and sometimes the respondent is very clever and makes sure that the newly-transferred domain resolves to a website that is defensible under the UDRP (e.g., a fair use such as comment or criticism of the asserted brand).
A case I filed a few years ago, against the domain Nikedunk.com, involved a scenario where the owner of the domain transferred it to another person right after it received the emailed complaint. Luckily, the domain owner was rather unsophisticated – it had tried this exact same strategy before using the exact same transfer recipient. As such, I was able to argue that it had engaged in cyberflight and should be maintained as the official Respondent in the case. The Panel agreed and ultimately ordered that the domain be transferred to the Complainant.
In another, more recent case involving the domain key-systems.cc, the registrar, upon being informed of the complaint and instructed to lock the domain, explained that the domain was actually not registered and was freely available for the Complainant to register. Noting that the domain still had another six months to go before its expiration and calling the registrar’s actions “highly suspect”, the Panel determined that the registrar was actually itself the domain owner and had quickly canceled the domain once it received the complaint. It ordered that the domain be transferred stating “[w]hile in this case the Panel is not aware that the disputed domain names have been registered to a new owner, the Registrar’s conduct is consistent with cyberflight, and seems to be calculated to avoid or delay proceedings under the Policy.”
What’s Different Under the New UDRP Rules?
Nearly two years ago, the ICANN Board of Directors approved changes to the UDRP rules that are meant to avoid or at least reduce the problem of cyberflight. Under the old rules, a complaint was filed and the brand owner was required to serve a copy to the domain owner and the registrar at the same time as it was submitted to the dispute provider. At that point, the complainant crossed its fingers and hoped that the registrar was both compliant and quick in locking the disputed domain before the respondent had a chance to spirit it away through transfer to someone else.
The new rules no longer require that the domain owner be served with the complaint at the time of filing. Under the new UDRP Rule 4(a), a complainant merely needs to file the complaint with the dispute provider; the dispute provider then sends a request to the registrar to lock the disputed domain. The registrar has only two business days in which to act and confirm to the provider that the domain lock has been applied. The registrar is specifically prohibited from notifying the respondent of the dispute until after the domain is locked. The registrar must also make any update to the domain’s ownership information within these two days. This could involve removing privacy protection and revealing the true owner’s identity, as many helpful registrars do in these situations.
Only after the provider receives confirmation of the lock may it then formally serve the complaint to the respondent. At this point, the respondent is not able to transfer or change the ownership information for the domain, and so it must squarely face the UDRP complaint. Of course, this all presumes that the registrar will comply with the new rules and not pull some shady move to undermine the dispute process. I’m quite hopeful that this will be extremely rare since the new rules are very clear and failing to follow them could lead to a registrar getting into hot water with ICANN or even losing its accreditation.
Closing One More Loophole for Cybersquatters
So, will these changes cure all the problems associated with UDRP enforcement? Certainly not. In fact, cyberflight is already quite rare (I’ve only experienced it once in nearly 300 complaints). However, its effects can be costly to a complainant or even devastating to a case if done expertly. These rule changes should improve the UDRP process as they go a long way towards closing one more loophole for cybersquatters.
- How Fast Flux DNS is Hurting Brands and How It Could Affect UDRP - October 19, 2017
- Is Nominative Fair Use of Domain Names OK For a Business That Is Related to a Brand? - May 15, 2017
- How Did 2016 Domain Name Squatting Disputes Expand UDRP Thinking? - February 23, 2017