Lessons from historical Uniform Domain Name Dispute Resolution Policy decisions
This is an Insight article, written by a selected partner as part of WTR's co-published content. Read more on Insight
For counsel not yet familiar with the Uniform Domain Name Dispute Resolution Policy, this chapter provides a high-level overview of the policy, as well as its historical and present-day context. For even the most veteran practitioners, this chapter offers insights and lessons learned over the past 19 years.
The Uniform Domain Name Dispute Resolution Policy (UDRP) procedure will turn 19 years old in August 2018. Since its adoption, it has earned and maintained a place as an essential and effective online enforcement tool for brand protection counsel across the globe. UDRP cases continue on an upward trend year after year, and overall complainant success rates consistently remain around 85% overall (see World Intellectual Property Organisation (WIPO) data on total number of cases per year and case outcome by year(s) (breakdown)). Despite its age and widespread geographic use, there are important nuances to the UDRP that even the most veteran brand enforcement counsel might not yet know. For counsel not yet familiar with the UDRP, this chapter provides a high-level overview of the policy, as well as its historical and present-day context. For even the most veteran practitioners, this chapter offers insights and lessons learned over the past 19 years.
Abridged policy history
The UDRP was developed in the late 1990s in response to the commercialisation of the Internet and subsequent widespread cybersquatting. Cybersquatting refers to the bad-faith registration and use of a third party’s trademark as a domain name. WIPO, at the behest of the United States, convened an extensive international consultation to consider solutions to the problem. Among its final recommendations was the UDRP, a “quick, efficient, cost-effective” and “uniform administrative dispute-resolution procedure” that required domain name holders “to submit to the administrative procedure only in respect of allegations that they are involved in cybersquatting, which was universally condemned… as an indefensible activity that should be suppressed” (WIPO, “The Management of Internet Names and Addresses: Intellectual Property Issues”, April 30 1999). Following a formal policy development process, staff reports and public comments, the UDRP was adopted as consensus policy by the Internet Corporation for Assigned Names and Numbers (ICANN) and then implemented on October 24 1999.
UDRP complainants must prove by a preponderance of evidence that:
- the domain name is identical or confusingly similar to their trademark;
- the registrant has no rights or legitimate interests in the domain name; and
- the domain name was registered and is being used in bad faith.
Uncommon, yet undisputed, factual circumstances that evidence rights or legitimate interests include any:
- good-faith offering of goods or services through domain names;
- nominative or descriptive, non-commercial fair use of trademarks; or
- identity between domain names and the personal or trade names of their registrants.
Common factual circumstances that evidence bad-faith registration and use include any:
- long-term passive holding of domain names;
- failure to respond to cease and desist letters;
- false or fictitious domain name registration data;
- attempt to sell or auction domain names to third parties;
- malicious conduct, including malware, botnets, spam or phishing;
- offer to sell domain names to trademark owners in excess of out-of-pocket costs;
- association with pornography, gambling or illegal conduct that will tarnish the trademark;
- established pattern of bad-faith domain name registrations targeting famous trademarks; or
- attempt to misdirect internet traffic for commercial gain, including through pay-per-click advertisements.
Remedies available under the UDRP are limited to either domain name cancellation or transfer to the complainant.
In order to file a UDRP complaint, all complainants must agree to submit to the jurisdiction of courts sharing either the principal office of the domain name registrar or the address of the domain name registrant. Either party may submit the dispute at any time for independent resolution or essentially as a means of de novo appeal to a court of competent jurisdiction.
Importantly, the UDRP does not apply in country-code top-level domain names, in the absence of explicit adoption by each country-code registry operator. It does not apply to post-domain paths (ie, everything past the top-level domain name in uniform resource locators). It also does not apply to subdomains or third-level domains, in the absence of an independent contract between the purveyor of such domains and a dispute resolution service provider.
It costs either $1,300 or $1,500 to file a UDRP complaint involving a single domain name, depending on the dispute resolution provider, with increased fees based on additional domain names. Cases are generally decided within 30 calendar days from the date the complaint is filed.
Numerous early panel determinations under the UDRP remain some of the most cited cases today (see WIPO data on the 25 most cited decisions in complaints and the 25 most cited decisions in responses). The following cases are frequently cited:
- Telstra Corporation Limited v Nuclear Marshmallows (WIPO D2000-003, February 18 2000) remains the UDRP case most frequently cited by complainants. It confirmed that bad faith can be inferred from passive domain name holding, particularly when it is coupled with other factors such as active attempts by the registrant to conceal its identity or the failure of the registrant to correct false registration data.
- Veuve Clicquot Ponsardin, Maison Fondée en 1772 v The Polygenix Group Co (WIPO D2000-0163, May 1 2000) remains the second most frequently cited UDRP case by complainants. It confirmed that a domain name can be “so obviously connected with such a well-known product that its very use by someone with no connection with the product suggests opportunistic bad faith”.
- Oki Data Americas, Inc v ASD, Inc (WIPO D2001-0903, November 6 2001) is also frequently cited by complainants, even though Oki Data’s complaint was ultimately denied. It set forth an often-cited test for assessing the legitimacy of third-party trademark use by resellers, distributors or service providers, for instance for second-hand sales or repairs in domain names that tend to add descriptive terms like ‘parts’ or ‘repairs’. In order to establish legitimate use, registrants must actually offer the goods and services at issue, use the site to sell only the goods and services at issue, prominently disclose their relationship to the brand owner and avoid multiple domain name registrations that serve to preclude registration by the brand owner or others.
- Guerlain SA v Peikang (WIPO D2000-0055, March 21 2000) is also frequently cited by complainants. It examined the entire portfolio of 24 domain names owned by the registrant, and concluded that 14 were easily recognisable as third-party trademarks. Thus, it inferred that the registrant’s “real business is to register third parties, trademarks as domain names thereby preventing bona fide trademark owners from doing business on the Internet under the trademark names” and “in order to sell them for profit”.
- Madonna Ciccone, p/k/a Madonna v Dan Parisi and ‘Madonna.com’ (WIPO D2000-0847, October 12 2000) is also frequently cited because it offers a treasure trove for UDRP citations. First, with respect to putative descriptive fair use, it held that “the statement that ‘madonna’ is a word in the English language” without any nexus between the dictionary definition and the registrant’s sexually explicit website “is no more of a defense than would be the similar statement made in reference to the word ‘coke’”. Second, it explained why website disclaimers are insufficient to dispel bad faith – they “may be ignored or misunderstood by Internet users”, and they “do nothing to dispel [inevitable] initial interest confusion”. Third, it sustained dilution claims, “[e]ven though complainant produced sexually explicit content of their own”, because the registrant’s website content “may be contrary to her creative intent and standards of quality”.
- Zero International Holding GmbH & Co Kommanditgesellchaft v Beyonet Services and Stephen Urich (WIPO D2000-0161, May 12 2000) is a UDRP case frequently cited by respondents. It established that good-faith legitimate use can include personal and professional email and file transfer operations. More controversially, it also opined on weak or less distinctive marks, as they relate to “common English word[s]” and numerous third-party trademark registrations.
In addition to seminal principles from some of the earliest and most frequently cited UDRP determinations, a number of more subtle – yet equally important – takeaways have been established by UDRP panels over time:
- Bad-faith domain names that contain multiple trademarks belonging to different parties, such as GOSPORT-NIKE.COM or GUCCI-IPADCASE.NET, are actionable under the UDRP. As a precaution in order to avoid cancellation and subsequent bad-faith reregistration, brand enforcement counsel should obtain in advance, and include in their complaint, consent from any third-party trademark owners to transfer these domain names (Bayerishe Motoren Werke AG v Gary Portillo (WIPO D2012-1937, November 29 2012)and Guccio Gucci SpA v Brenda Hawkins (WIPO D2013-0603, June 14 2013)).
- Serial cybersquatters have in the past attempted to obfuscate the UDRP through claims that their domain names are subject to receivership and are under court-ordered control. Brand enforcement counsel should diligently investigate any such claims, especially where the domain names are being monetised in bad faith. UDRP panels will generally render determinations rather than terminate or suspend proceedings. However, additional follow-up with domain name registration authorities may be necessary to either dispel such claims or establish disposition of any legitimate receivership action (Yahoo! Inc v Whois Agent, Whois Privacy Protection Service, Inc/Domain Vault, Domain Vault LLC (WIPO D2015-0500, May 5 2015)).
- Both registration and use in bad faith are required elements under the UDRP. However, UDRP panels have always recognised limited exceptions to that rule where the domain name registration dates might have priority over the trademarks at issue. At present, bad-faith anticipation of trademark rights remains actionable in a number of contexts, such as corporate mergers and intent-to-use trademark applications, because panellists recognise that cybersquatters watch the news and monitor trademark applications in order to register opportunistic domain names (Madrid 2012, SA v Scott Martin-MadridMan Websites (WIPO D2003-0598, October 8 2003)).
- In certain cases, the use of robot exclusion standards (eg, robots.txt) to retroactively prevent archives of website content has been held to constitute indicia of bad faith under the UDRP. While brand enforcement counsel should generally collect all relevant evidence before any enforcement action, robot exclusion standards are relevant where they are used to prevent access to incriminating website content, especially in response to a cease and desist letter (Stena Line Travel Group AB v Domain Vault (WIPO D2015-1207, November 12 2010).
Next-generation rights protection mechanisms
Numerous policy development initiatives have examined and extrapolated from the UDRP. For example, the UDRP served as the foundation for a few novel trademark rights protection mechanisms created through policy work that led to the unrestricted introduction of more than 1,000 new generic top-level domain (gTLD) names since 2012 by ICANN. Brand owners who were engaged in this policy development process came to two early and important realisations:
- Existing dispute resolution processes were insufficient to address applications for and the operation of new gTLD names in bad faith; and
- An exponential increase in the number of second-level domain names necessitated a faster and cheaper option than the UDRP in order to address clear-cut cases of bad-faith domain name registration and use.
Accordingly, they helped to design and implement the following mechanisms:
- The Legal Rights Objection (LRO), which was intended to permit brand owners to challenge new gTLD applications that infringe or dilute their trademark rights. The applicable elements under the LRO borrowed heavily from the UDRP, placing primary emphasis in LRO disputes whether the applicant exhibited good or bad-faith intent in its application.
- The Post-Delegation Dispute Resolution Procedure (PDDRP), which was intended to permit brand owners to challenge affirmative conduct by registry operators that either induces infringement or dilution by registrants or causes the new gTLD string itself to infringe or dilute their trademark rights. Again, similar to the UDRP, the elements under the PDDRP hinge upon the bad faith of the registry operator.
- The Uniform Rapid Suspension System (URS), which was intended to provide brand owners with a faster and cheaper means to address clear-cut cases of cybersquatting. The elements of the UDRP and the URS are essentially identical, although the only remedy offered under the URS is the suspension of the domain name until it expires.
Unfortunately, while the policy work to develop these mechanisms was well intentioned, the effectiveness and utility of each mechanism ultimately fell victim to antithetical stakeholder interests. For example, unlike the UDRP, these mechanisms feature a heightened, sometimes clear and convincing, burden of proof. Also unlike the UDRP, these mechanisms feature multiple, often superfluous methods of appeal. Finally, unlike the UDRP, unconventional exculpatory clauses are explicitly baked into these mechanisms, such as that the “sale of traffic (connecting domain names to parking pages and earning click-per-view revenue) does not… constitute bad faith” and the “registry operator is not liable… solely because [it] knows that infringing names are in its registry”.
It is not surprising that the uptake of these next-generation rights protection mechanisms has been extremely slow and in some cases non-existent. Comparisons between the UDRP and these next-generation rights protection mechanisms truly lend credence to the old cliché, “they don’t make ‘em like they used to”.
Future challenges and opportunities
ICANN stakeholders are presently engaged in a retrospective review of all new gTLD rights protection mechanisms. On conclusion, which is scheduled for 2018, they plan to turn their attention to an unprecedented policy review of the UDRP.
Many brand owners, registrars and registry operators view this policy review as a purely defensive exercise, since the UDRP consistently works well to help remedy cybersquatting, as well as help insulate domain name registration authorities against liability or wasteful subpoenas and litigation. Conversely, domain name speculators, civil society advocates and academics view this policy review as an opportunity to either tear down the UDRP completely or at least enfeeble its effectiveness in a similar fashion to the aforementioned next-generation rights protection mechanisms.
Brand enforcement counsel worldwide should consider this policy review as a call to action to defend the UDRP. Anyone can participate in this initiative, at any time, as either a member (with full email and teleconference participation rights) or an observer (with read-only email rights). They need simply email [email protected] with a request to join the “review of all rights protection mechanisms in all gTLDs policy development process working group” and select either membership or observer status.
1200 17th Street NW
Washington DC 20036
Tel +1 202 759 5850