Case shows the limits of cybersquatting dispute policy.
Capital One (NYSE: COF) has lost a cybersquatting dispute it filed against someone who registered a domain name after a massive data breach was disclosed this summer.
The company filed the dispute under the Uniform Domain Name Dispute Resolution Policy (UDRP) against CapitalOneDataBreach(.)com, a domain that was registered on July 30. That’s about two weeks after the breach hit the news. Capital One filed the dispute one week later, on August 6.
At the time, the registrant of the domain hadn’t started using the domain name yet.
The domain registrant, a Georgia man, said that he registered the domain with no specific intention to monetize the Disputed Domain Name. He saw the media reports of the data breach, and he thought he could provide to the public information about the breach “…and maybe run ads or sometime later or redirect traffic to [his] business website.”
The admission that he might run ads or profit from the site was a silly one to make, yet the panel noted that he is not yet running ads on the site. After receiving the complaint, the man created a simple website about the data breach that does not include ads.
Panelist Kendall C. Reed of National Arbitration Forum determined that this case is one of potential nominative fair use. While Capital One jumped on the registrant’s admission that he might run ads on the site, Reed noted:
The Panel disagrees. Respondent did not say that he would do these things, only that he thought he might, and as noted above, he has not followed through with these thoughts. What Complainant states is a certainty is actually a mere possibility.
This case shows how it can be difficult to file a UDRP against a newly-registered domain name; a registrant can make the defense that has plans for the site that haven’t been put into action yet because it takes time to create a website.
Reed suggested that Capital One can refile the case should the domain owner add ads to the website.
Capital One has a pending case against the owner(s) of other data breach domains. When I visited those, I saw ads or got a malware notification, so Capital One might win that dispute.
Ravi says
Hi Andrew…
“This case shows how it can be difficult to file a UDRP against a newly-registered domain name; a registrant can make the defense that has plans for the site that haven’t been put into action yet because it takes time to create a website.”
I also think that Panelist way of thinking is also a key factor in this case.
hope other panelists keep this case in mind when they are in this type of issues (for that matter in any UDRP case) so that they can think of “could/would/should” scenarios and how important they can be in deciding the judgement.
By the way I also think registrant is lucky in this case…very lucky!
Thanks,
Ravi.
C.S. Watch says
The Lanham Act’s ACPA exists to forestall targeting of a domain name which is, at the most, confusingly similar to a precise brand. This breach of our property rights is allowed only because trademark law serves the greater good: to save consumers’ search time.
Trademark law and the ACPA exist solely to serve consumers, not mark holders, a fact which corporate lawyers have been trying to bastardize and obfuscate from the outset.
We the taxpayers do not pay for our courts so that parasites can undermine our own market economy.
And we certainly don’t pay for our courts so Capital One can undermine free speech, whistleblowing, and consumer safety.
These ‘silencing’ complaints are Capital One’s MO: https://domainnamewire.com/2017/01/18/interesting-udrp-involving-capital-one-reviews-domain-name/#comments
To our benefit, the data breach was reported everywhere, and with every magazine and news clip and blog and radio segment one will find ads.
C.S. Watch says
*targeting ‘via’