Brand Protection Today Article 6: Making the Most of the UDRP

Brand Protection Today – A Series from InfoLawGroup

At InfoLawGroup, we recognize that communication technology is changing at a furious pace and the need to protect brands is greater and more complicated than ever. We deal with these issues in our daily practice and are sharing insights in this multi-part series on Brand Protection. Please subscribe HERE to receive InfoLawGroup Insights.

Brand Protection Today

Article 6: Making the Most of the UDRP

by W. Scott Blackmer

Welcome back to our ongoing series on brand protection! Previously, we have discussed selecting your mark, tools to monitor and protect your mark, running your brand protection program, assessing potential challenges in the market, and what to do when you discover infringement.

That last article touched on one particular threat that we will explore a little further here: domain names that imitate your mark online. Those are a problem because they can divert traffic from your sites; they can tarnish the reputation associated with your brand; they can be used to defraud your customers and serve as tools for phishing attacks using fake websites and emails. And if you do not take action to enforce trademarks, you can lose trademark protection as a matter of law.

You could sue for trademark infringement or bring an action under the Anti-Cybersquatting Consumer Protection Act (“ACPA”) – if you can get jurisdiction. The offending domain name may be registered through a foreign registry and registrar, and if the defendant cannot be identified or is outside the US, jurisdiction would be difficult to establish. In any case, litigation will be costly and time consuming. Fortunately, there is a relatively straightforward solution to simply take control of the dangerous domain name in many cases: UDRP.

ICANN (the international body that coordinates Internet addressing systems) recognized the problem with cybersquatters exploiting domain names designed to mimic trademarks and created the Uniform Domain Name Dispute Resolution Policy (UDRP) back in 1999. UDRP is an online dispute resolution mechanism that ICANN requires all domain name registrars to incorporate in their registration agreements for domain names in the .com, .net, .org, .biz, and other generic Top-Level Domains (“gTLDs”). All of the newer gTLDs (such as .shop, .online, and .site) are also required to use the UDRP. Dozens of country code domains (“ccTLDs”), such as .co and .tv, which are controlled by government authorities, also refer to the UDRP in their registration agreements. For other ccTLDs, such as .uk, .eu, .cn and .中国, a variation of the UDRP applies. Those variations can be significant in some cases. For example, the Chinese CNNIC Dispute Resolution Policy includes a statute of limitations: complaints cannot be filed once two years have passed since a .cn domain name was registered.

The UDRP is contractual, grounded on the registration agreement, so it does not depend on the parties’ location or nationality. It is a mandatory ADR (alternative dispute resolution) procedure, but it does not preclude either party from exercising other legal options, and the UDRP decision is not binding on courts. It does not involve proving or collecting money damages. The complainant trademark holder can only request one of two remedies: cancel the domain name or transfer it to the complainant. (In practice, complainants seldom ask for cancellation, because the respondent or someone else could simply register the domain name again.) If the complainant prevails, the order is directed to the registrar (who can be found, even if the registrant is absent or fake!). The entire proceeding is normally wrapped up in about two months, entirely online.

ICANN has approved a handful of UDRP dispute resolution services, and each has its own rules. The fee structures are different but not wildly divergent (expect to pay about $1500 in fees for a single-panel proceeding, more if you request a three-person panel). Each has strict word and time limits and rules about language and translation. By far the most frequently employed dispute resolution service is WIPO, the World Intellectual Property Organization (a UN body based in Geneva), which publishes its decisions and helpful resources such as the “WIPO Jurisprudential Overview” organized around recurring topics. Citing the Overview and its “leading cases” is a leg up for any lawyer drafting a complaint, and overlooking the Overview is a good way to miss a glaring deficiency that will stand out to an experienced case manager, staff lawyer, or panelist for one of the dispute resolution services.

In addition to WIPO, UDRP cases involving gTLDs are handled by the Forum (formerly known as the National Arbitration Forum), the Canadian International Internet Dispute Resolution Centre, the Czech Arbitration Court Arbitration Center for Internet Disputes, the Asian Domain Name Dispute Resolution Centre, and the Arab Center for Domain Name Dispute Resolution. Disputes involving many of the ccTLDs are handled by WIPO, but some are handled exclusively by a national dispute resolution service. A leading example is .uk, where dispute resolution is handled by Nominet, which also manages the .uk registration services.

It was originally thought that cybersquatting would be a temporary phenomenon that would die down as the Internet matured. Not so. Cases have actually been on the rise. WIPO alone passed the 50,000 mark in November 2020, disposing of that many UDRP complaints, involving more than 91,000 domain names, since the launch of the UDRP two decades earlier. WIPO announced that 2020 was its busiest year ever.

Attacks on trademark holders have become more sophisticated in many instances. Instead of using a simple misspelling of COCA-COLA to misdirect Internet users to a porn site or pay-per-click advertising portal (which is so 2010), the trend has been toward more subtle misappropriations such as mounting seemingly authentic sites to harvest email addresses, account numbers, and other personal data, or using domain names for email phishing and fraud scams. For example, in an email address on a smartphone or laptop screen, the little dot over the “e” in <jdoe@trustėdbrand.com> may not be noticed, but that is a different domain name than <trustedbrand.com>. Or the scammer may use the domain in .co instead of .com. Some recipients will not realize the message is not genuinely from the company whose mark the domain name imitates. And the fraudster can set up a website or social media page using the same domain, copying logos and other content from a genuine page, to reinforce the impression of authenticity in case the recipient checks further. In some of my recent cases, the fraudulent messages have ranged from attempts to collect personal bank account numbers to directions for suppliers to deliver goods to a “new” warehouse address or instructions to business customers with “recently changed” wire transfer information for payments.

From statistics furnished by dispute resolution services, it appears that more than 90% of the filed complaints result in transfer of the disputed domain names, either by decision or settlement -- probably because they are usually fairly obvious instances of cybersquatting or careless domain name investing, where the respondent does not bother to resist the complaint. Easy, right?

Not necessarily. It always matters to investigate properly and present the complaint thoroughly. As a panelist who has decided nearly 400 UDRP cases (for both WIPO and the Forum), I have seen many failed complaints, and some that should never have been brought and simply wasted the client’s money. Frequently, these resulted from mindlessly applying US litigation practices to the very different context of a UDRP proceeding.

This experience can be summarized in a few UDRP Do’s and Don’ts:

• Do select a dispute resolution forum and follow its rules. Time and money are wasted having incomplete or improper submissions returned for amendment.

• Do make sure you satisfy all three requirements for a UDRP complaint (the complainant has the ultimate burden of proof on all three and does not win with a “default judgment” even if the domain name registrant submits no response):

  • The disputed domain name is “identical or confusingly similar” to a trademark in which your client has rights. Pick the right party as a complainant and establish its rights. Show that your client is a licensee, if it is not the owner of the registered mark. If the mark is not registered, make sure you submit sufficient documentation to establish common law rights. Establish that the claimed mark is still in use; otherwise, you will be vulnerable on the first and third elements of the complaint (standing and bad faith). (In a recent case, the complaint was grounded on a live trademark registration, but that mark could not be found anywhere on the complainant’s website and apparently had not been used for years; it was hard for the complainant to argue seriously that the domain name was registered recently in an effort to “target” this trademark.)

  • The respondent has no rights or legitimate interests. It can be tough to prove a negative, but the caselaw effectively shifts the burden to the respondent on this point once the complainant makes out a prima facie case. Still, you can be embarrassed on this second element of the UDRP complaint if you don’t do your homework. If the respondent is a present or former contractor or business partner, for example, the UDRP claim may be part of a larger dispute over the business and the domain name, and you must anticipate the arguments the respondent may advance about the parties’ respective interests and document your case solidly. It won’t look like simple “cybersquatting,” and the panel may be tempted to defer to a judicial resolution. In most cases there is no prior connection between the complainant and respondent, but you need to carefully examine what is known of the respondent and any website associated with the domain name. Is there a claimed trademark or trade name? Has the domain name been used for an authentic pre-existing business with a relevant business or product name? Is there a credible argument for nominative fair use by a reseller or distributor, or for a fan site or criticism site? Is the domain name descriptive, and the site was genuinely used in a relevant manner? If you find any of these facts are present, you must think carefully about pursuing a UDRP claim and anticipate how you could build the strongest case to argue that the more probable reason for selecting the domain name was to create a false impression of an association with your client, at least as a matter of “initial interest confusion” in attracting Internet users to the respondent’s site. It would help, for example, if the respondent’s website were relatively undeveloped, with weak evidence of either genuine business or noncommercial “fair use” activity, and if the respondent obscured its true identity or mimicked features of the complainant’s website to add to the likelihood of confusion.

  • The respondent registered and used the domain name in bad faith. This third element of the UDRP requires inferring improper motives both at the time the respondent acquired the domain name and subsequently at some time in using the domain name. That can be difficult to establish in cases where the complainant brings a UDRP action many years after the domain name was first created, or where the domain name was apparently registered by someone with a proper purpose -- a website developer or employee, for example, or a business with a similar name – who is now misusing the domain name to extract a payoff from the complainant. (Note that this difficulty does not arise under the domain name dispute resolution policies for some of the ccTLDs, such as .uk, .eu, and .br, because they require establishing bad faith only in the registration or use of the domain name, as opposed to proving bad faith in the registration and use of the domain name. What a difference a word makes!)

In every UDRP case, you must look for evidence that the respondent was aware of the complainant and the trademark at the time of acquiring the domain name, attempted to sell the domain name for an exorbitant price or used it to redirect traffic to the respondent’s own commercial site or simply to sell third-party advertising, sought to disadvantage a competitor, or perhaps used the domain name for deceptive or unlawful purposes such as a phishing scam. Check the Internet Archive’s Wayback Machine for versions of websites previously associated with the domain name, or historical WhoIs records to track changes in the domain name ownership. Even if nothing has been done yet with the domain name, you may be able to argue for a presumption of bad faith under the “passive holding” doctrine, especially if the trademark is highly distinctive and well-established.

A caution: be very careful if it turns out that the respondent had the domain name before the trademark was established; on its face, it appears impossible in that case for the respondent to have acquired the domain name in a bad-faith effort to exploit your trademark. There are some circumstances where you might nevertheless make out a UDRP claim, but they are rare; you have to prove that the respondent registered the domain name to attack a trademark that did not yet exist, perhaps with evidence of publicity or insider knowledge about a new mark and a pending registration application. Otherwise, filing a UDRP complaint that looks impossible on its face opens the complainant to a finding by the panel of “reverse domain name hijacking” (RDNH). This does not carry any additional penalty beyond dismissal of the complaint, but it may cast doubt on the complainant’s credibility in later UDRP (and possibly court) proceedings. A complainant in a US federal action under the Anti-Cybersquatting Consumer Protection Act may actually be liable for money damages if the court finds RDNH – one respondent won a $100,000 award – and there are reported settlements following UDRP findings of RDNH.

• Do consult the WIPO Jurisprudential Overview, the best single research source on UDRP decisions, and cite it in WIPO proceedings. More limited resource guides are available for the other dispute resolution services. National trademark laws and the ACPA are sources for the UDRP and may be cited where relevant, but the decisions are ultimately made on the basis of the UDRP itself.

• Don’t treat the complaint and response like “notice pleading” in US courts. In most cases, these documents and their evidentiary attachments are the only submissions the panel will see. You may ask for permission to submit a supplemental filing to address new facts or a new argument that could not reasonably have been anticipated (and you definitely should do that, promptly), but it is entirely in the panel’s discretion to accept or reject that supplemental filing. There is no discovery or motions procedure as such, and there is almost never a hearing. Whatever case you have to make, you should make in the complaint or response. This is meant to be a swift, online, documentary ADR proceeding, not US-style discovery, motions, and trial. So … there is absolutely no excuse for throwing around phrases such as “on information and belief.” None. The panel cannot do anything with the statement that follows that phrase. There will be no subsequent depositions or hearings. If you don’t have the necessary facts yet, don’t file the complaint. Submit the facts that you have, explain what inferences can fairly be drawn from those facts, and argue why the probabilities are in your favor. Full stop. For US lawyers, consider the UDRP complaint most analogous to a summary judgment motion, not a litigation complaint. And in this kind of action, you must win on summary judgment, or your case will be dismissed.

• Do read the UDRP decisions in your cases carefully, and use them as guides for choosing and crafting future UDRP complaints. Most decisions are four or five pages long, emphasizing just a few key points. The panels are looking for very specific indicators that the complainant has trademark rights, that the domain name is confusingly similar, that the respondent possesses or lacks legitimate interests, and that the respondent displays bad faith or does not. Yet most complainants submit 100 pages or more of attachments, many tangential or of very limited relevance, to support complaints that often manage to miss key points necessary to ground their case (such as precisely when the respondent likely acquired the domain name, and how widely the complainant’s mark was used at that time, especially if the respondent is in another country). Simply looking at recent, relevant decisions gives a good impression of what panelists consider essential.

With this in mind, you and your UDRP counsel can more efficiently pull together the needed factual materials to test and prepare the most difficult UDRP element in a case, which is typically bad faith. Then you can file where that makes sense, with strong prospects of success and without wasted effort.

Originally published by InfoLawGroup LLP. If you would like to receive regular emails from us, in which we share updates and our take on current legal news, please subscribe to InfoLawGroup’s Insights HERE.