Attorney John Berryhill analyzes an interesting UDRP case.
Once in a while a UDRP dispute is almost more interesting because of who, instead of what, is involved. The decision in Help-Aetna(.)com is one of those cases.
On its face, you would think this is one of the bread and butter UDRP disputes which make up most of the caseload. Aetna, the Complainant, is a well-known US insurance company, and they are represented in this case by Attorney Doug Isenberg, the author of the highly-regarded GigaLaw blog on internet law issues. Additionally, over the last year, Mr. Isenberg has published a series of “Masterclass” YouTube videos focusing on the UDRP in particular. So, unless someone is sending aid to volcano-threatened Sicilians, it would be difficult to believe this case would result in anything other than a transfer.
The panel is highly distinguished as well. The three panelists are Mr. Christopher Gibson, the author of more than 200 UDRP decisions. He is joined by Mr. Brian Winterfeldt, a leading intellectual property attorney and president of the ICANN Intellectual Property Constituency among other distinguished positions; and by Mr. Martin Schwimmer, the lanky, erudite Harvard-educated author of The Trademark Blog.
The first sign of trouble is the suspiciously-named Respondent, “Whois Privacy Service / Manager Knowbe4” shows up represented by, uh-oh, Wilson Sonsini, perhaps the first name in Silicon Valley IP circles.
It turns out that the domain registrant is a NASDAQ-listed IT security company which “employs a library of content for use by its corporate customers in simulated phishing attacks”. Among the assets it uses, apparently, are decoy domain names appropriate to the industry sector of the corporation which has engaged the Respondent as a client.
So, at bottom, the domain name is not used for any purpose to capitalize or exploit Aetna’s mark, or divert their customers. The fact that the Respondent uses the domain name in connection with a commercial service in some way is not relevant to the fact that no one is running around calling this an Aetna brand service. In fact, because the name is owned by a security company and used in their specifically targeted tests, it is not as if these phishing emails are out in the wild doing harm of any kind.
But, knowing these facts after seeing the UDRP Response, the Complainant pressed on with a supplemental filing. There has, in fact, been one case on this same fact pattern – Facebook v. Wombat Security Technologies, WIPO Case D2020-3218 – in which several domain names such as facbook-login(.)com etc., were used for a similar purpose by a company now known as the “Security Awareness Training” arm of Proofpoint Inc.. In the Wombat case, Facebook was represented by Hogan Lovells, and the Respondent was represented by UDRP heavy-hitter firm Pattishall, McAuliffe, so there was no lack of solid argument on either side. The solo panelist, Mr. Robert Badgely, redefined “bad faith” to include “good faith” through the magic of legal alchemy, finding, “[T]he concept of “bad faith” within the UDRP does not necessarily carry with it malice or ill motives” despite the fact that it is nearly universally considered to be the “intent” or “mens rea” element of the UDRP.
There has been some additional history to the Wombat case, however. WIPO does not, in general, indicate UDRP disputes which have died and gone to heaven in a court somewhere. To be fair, there is no feedback loop by which WIPO would know that. By the same token, WIPO is selective about which cases will receive a mention on a page of “selected” UDRP-relevant court decisions. That said, it is always the job of counsel to know what they are doing. As it turns out, WIPO D2020-3218 was further litigated as Proofpoint Incorporated v. Facebook Incorporated, Case No. 2:21-cv-00226 in the US District Court for the District of Arizona (the location of GoDaddy), and was terminated just last week by voluntary dismissal, since it appears that the parties came to their senses upon the realization that a decoy name used for legitimate security testing does not infringe anyone’s mark any more so than training store employees how to spot shoplifters stealing luxury goods.
Unlike single-member panel UDRP proceedings, a three-member panel proceeding requires what is usually a collection of thoughtful experts to actually confer on the outcome. Simply put, it is more likely that members of a three-member panel are going to find unchallenged assumptions or unsupported conclusions in their own initial positions as a consequence of conferring among one another.
Oddly, it does not appear that the Complainant, Respondent or Panel were even aware of the Wombat case, despite the fact that it had attracted some attention and a few raised eyebrows when it came out last year. The Panel notes that the “case presents an interesting question” but there is no apparent awareness that the identical question had been raised before, and even taken to litigation. This may be a function of the lack of adequate indexing of UDRP decisions generally, along with the fact that very few IP practitioners keep track of UDRP minutiae since, if IP disputes were Olympic sports, the UDRP would be a mud wrestling contest in a seedy bar on the other side of town. Drop by and buy me a drink sometime.
In any event, this Panel took the appropriate view under the narrow criteria of the UDRP, which is intended for clear-cut cases of abuse, finding:
“As to Complainant’s assertions of confusion arising from Respondent’s use of the Domain Name, to continue Complainant’s analogy – were a security company to simulate a bank robbery to promote its services, it might show poor judgment, and it might cause harm leading to some sort of liability, but if it simply never robbed the bank, it didn’t commit the sort of wrong covered by a bank robbery statute.”
So, yet again, we have two fairly identical UDRP fact patterns and two diametrically opposed results with no cross reference. Since, aside from the working memory of UDRP-obsessives, there are few good indices of UDRP decisions, none of the Complainant’s counsel, Respondent’s counsel, nor any of the three panelists, appear to have been aware that the identical question had been asked and answered a year ago. One would assume with confidence that Wombat would have been cited, to be directly contradicted. But, due to the dynamics of three-member UDRP panels, and the narrow class of clearly abusive domain registration for which the UDRP was intended, the result may well have been the same even if on-point precedent had been considered – at least for the purpose of expressly rejecting it.
Thank you John for this very interesting and insightful blog. An interesting UDRP case and a great analysis on lack of case cross referencing.
Great article John.
Many would say that each case stands on its own and that no one case or group of cases is supposed to set precedent under the UDRP. The UDRP they would argue is not law and therefore precedents could not be established.
I do not subscribe to that theory. Every case does have unique facts that is true. But whether one cites the WIPO Overview or whether one follows past decisions, there is a consensus view on most issues that most panelists should and usually do follow. And when you have 3 member panels there is a better chance that one if not all of them know and understand past decisions and Consensus views.
But when you have only 1 past decision at one provider you are right. It is nearly impossible to find let alone cite to that case. And WIPO does not cite to any Forum cases and rumor is that WIPO Panelists are discouraged from citing other Providers cases (though Forum Panelists are freely allowed to cite WIPO decisions). All of that is to say that until you get a fair number of cases on a particular issue, precedent or a Consensus view is hard to establish (let alone find).
If The ICANN PDP working group reviewing the UDRP is comprised of members of the community that truly want to improve the UDRP as opposed to bickering about whether IP Rights should be strengthened or weakened, or whether the UDRP should exist or not, perhaps the issue of precedent could be addressed. However, if the policy group is comprised of policy wonks that are not truly knowledgeable practitioners (on all sides), and instead is more concerned with being representative of the ICANN stakeholder groups “which itself is an artificial construct”, important issues like these will never be addressed.
I appreciate your thoughtful and fascinating blog. Many prospective students are required to fill out many forms while applying to schools and universities, including those for financial aid, housing, and scholarships. Students who are seeking college funding frequently submit scholarship essays with their applications. Visit https://newyorkspaces.com/how-to-write-a-scholarship-essay-about-why-you-deserve-it/ because you deserve this scholarship essay. This is an extremely serious task. What you should specifically state is why you deserve this award.