Revenge and Domain Name Seizure: CIRA Allows Transfer of Registration of Domain Names Used for Personal Attacks

In March 2014, a single member Canadian Internet Registry Association (CIRA) panel allowed the transfer of two domain names which consisted, in both cases, of the personal names of people involved in a dispute with an unsatisfied former customer. The decision of the panel could preserve individual privacy rights online. It also serves to protect the reputation of the people who were involved (allegedly in unfavourable, distasteful and aggressive ways) in the Registrant’s campaign against Manulife Financial Affinity Markets. However, the decision shows serious shortcomings in the policy which provides the framework for domain name disputes in Canada.

 

The aforementioned decisions show how awkwardly the CIRA dispute resolution framework functions when applied to a new situation: a complaint based on the bad faith use of a personal name as a domain name. The CIRA domain name Dispute Resolution Policy (CDRP) typically contemplates complaints based on financial interests rooted in valid trade-mark rights, not simply in the valid personal interests of complainants. This situation is unfortunate, as these types of proceedings may become more frequent in the future.

Background: Revenge on the Internet

The two decisions, heard together, involve two Complainants - a Vice President working in Client Relations at Manulife Financial Affinity Markets and a lawyer acting as General Counsel for the same company - and a single Registrant, a former customer of the Complainants’ employer.

The Registrant (who took no part in the proceedings) was unhappy with certain decisions made by Manulife which may have cost him money. In response to his dissatisfaction with the company, and with the Vice President in particular, he registered the Vice President’s personal name as a domain name, and threatened to use the domain to harm the Complainant’s reputation.

At the time of the complaint, the domain name had resolved to a website which displayed pornographic images. The Registrant also allegedly promised to drop by the Vice President’s home to discuss the matter, and made other comments which were described by the Panelist as “threats” which “had a personal tone.”

In response, the lawyer working for Manulife sent the dissatisfied customer an email addressing the registration of the domain name and advising him that a visit to the Vice President’s house would be treated as a trespass. The issue was not resolved, and the Registrant soon registered another domain name, this time using the personal name of the lawyer. He threatened to provide personal information about her and her family on the new website.

The email exchanges between the Registrant and the lawyer, while not publicly available, were described by the Panel as “angry and condescending.” Exchanges between the lawyer and the dissatisfied customer apparently included statements by the customer that the Internet was a “dangerous place,” and carried the implication that information included on the website about the lawyer and her children could cause them harm.

Both the General Counsel and the Vice President filed complaints against the former customer on 13 November 2013, seeking to have the domain name transferred to avoid further threats and potential damage to their reputations.

The Policy, the Law and the Problem of Personal Names

The CIRA Dispute Resolution Procedure (CDRP) can allow for the transfer of ownership of a domain name registration under paragraph 3.1 where

  1. The Registrant’s dot-ca domain name is confusingly similar to a Mark in which the complainant had Rights prior to the date of registration of the domain name and continues to have such Rights;
  2. The Registrant has no legitimate interest in the domain name (as described in the CDRP); and
  3. The Registrant has registered the domain name in bad faith (also as described in the CDRP)

The term “Mark” also has a specific definition under paragraph 3.2 of the CDRP. This definition closely tracks definitions in ss. 2 and 4 of the Trade-marks Act (RSC, 1985, c T-13), in that it requires that the Mark be used for the purpose of distinguishing one’s goods and services from those of another.

Both the CDRP and the Trade-marks Act are concerned about preserving the use of one’s personal name from protection, in order to enable people to honestly conduct business under their actual names. However, both the Act and the CDRP address this defensively:

  • The Trade-mark Act provides that a Mark is not registrable if it is primarily merely the name or surname of an individual who is living or who has died within thirty years of an application (under s. 12(1)(a)).
  • The CDRP protects the ability of Registrants to operate websites under their own name in subparagraph 3.1(b), where the personal name of the Registrant constitutes a “legitimate interest” under subparagraph 3.4(e).

Neither the CDRP nor the Trade-marks Act recognize a form of rights which arise from one’s personal name outside the use of that name for the purpose of distinguishing one’s goods and services from another. Essentially, the CDRP lays out a procedure for protecting the commercial interests of trade-marks or trade names, and minimizes those protections where the Registrant of a domain name operates a website that is, in fact, his or her name (or a name by which he or she is commonly known).

Under the CDRP, as under the Trade-marks Act, a personal name can be used to block or reduce the scope of protection afforded to a Mark, but cannot necessarily be used as a sufficient basis to give rise to trade-mark-like rights on its own. To establish rights, the crucial factor is the presence of distinctiveness in the context of commercial activity, not the legal name of persons involved in a proceeding.

Solving the Problem Using the CDRP

The approach taken by the CDRP and the Trade-marks Act leads to a problem. In order to obtain relief under the CDRP, a person whose name has been registered in bad faith as a domain must prove that his or her name is a “Mark” using the same kind of evidence and reasoning that he or she would use to prevent his or her name from becoming a “Mark” under the Trade-marks Act.

The CDRP was not written to protect the personal or reputational interests Complainants may have in registered domain names. Even though this problem may be an issue which needs to be addressed, and which poses a substantial problem that should be resolved in the interests of public policy, the situation which the CDRP was meant to address is in fact more narrow. The CDRP protects the valid commercial interests of firms or people operating under a distinctive name. It does not explicitly protect other valid, personal interests individuals may have in registered domain names.

The panel reasoned around this problem by positing that certain kinds of professionals use their personal names in the promotion of their services, and as the professionals in question have promoted their services under this personal name, that name has effectively acquired distinctiveness. In this manner, “professionals treat personal names as trade names or trade-marks.” Thus, the decision of the panel seems to closely track a s 12(2) “acquired distinctiveness” argument for allowing a mark which is barred from registration under s 12(1)(a) and (b).

Problems for the Future

Here, it would have been unacceptable to the Panelist (and most likely to the public at large) to allow the Registrant to continue abusing the domain name system in this manner. However, the Panelist was confined within the parameters of a policy that was ill-equipped to solve disputes of such a personal nature. Using the restrictive definitions of the CDRP, the Panelist achieved the best outcome by avoiding the deficiencies of the CDRP entirely, and holding that the Complainants had common law trade-mark rights in their personal names. Yet the decision shows that the policy itself contains a major flaw, and the workaround may have unintended consequences in the future.

For instance, if a private individual is not part of a professional class in which a member uses his or her name to promote a service, does that mean this person cannot use the CDRP to transfer a domain name registered in bad faith for the purpose of spreading sensitive, personal information about that individual on the Internet?

In addition, if a Registrant provides evidence that a large number of professionals share a name with a complainant, would this mean that the complainant cannot prevent the bad faith registrant from maintaining control of the domain name and continuing to operate a hate site, since for that professional the name lacks sufficient distinctiveness?

Libel laws and privacy laws may help fill in some of the gaps, but unlike the administrative proceedings offered by CIRA, civil actions are often prohibitively expensive for private individuals. Ultimately, the new realities of the Internet era show that the CDRP may have been too narrowly drafted – and there are legitimate needs which the policy may not address.

David Bowden is an IPilogue editor and a JD Candidate at Osgoode Hall Law School.