question_mark-118x150A recent UDRP decision raised an interesting issue regarding how to proceed when the Respondent’s name is part of an identity theft scheme and the real domain registrant is unknown. In Morgan Stanley v. John Doe the dispute concerned the domain name <> and the trademark MORGAN STANLEY.
Morgan Stanley filed the UDRP and once the listed Registrant (according to the available WHOIS information) was contacted, that person informed Morgan Stanley and the National Arbitration Forum (“NAF”) that it had been the victim of identity theft, it did not own the domain and had no interest in the action other than to keep his/her name out of the action so their privacy was not further violated.

The arbitrator, Mr.Charles K. McCotter, Jr., duly noted that: “[t]he disputed domain name is registered and in use by the actual registrant and holder of the domain name who under a fake identity is taking advantage of Complainant’s trademark.” The arbitrator then ensured that the actual (unknown) Registrant was the subject of this case.

This all seems very straightforward – you have to hold the person or entity that registered the domain name as the party responsible for it. However, what happens when you don’t know who the actual Registrant is? Here, the arbitrator really did all he could do, pointing out that the domain name <> is plainly similar to the registered mark, and that there was no basis for asserting that the unknown Registrant had rights in the name MORGAN STANLEY.

However, with respect to the “bad faith” element, the decision stated that the Registrant “had a history” of registering domains names which included trademarked properties, and had actual knowledge of the MORGAN STANLEY mark. This seems inapposite. How could the arbitrator know this if the Registrant was unknown? If the arbitrator did know something about the actual Respondent, whether via information presented by Morgan Stanley or the NAF, it seems odd that it was not specifically mentioned. It could be that the victim/listed Registrant in the case was also tied to other fraudulent domain registrations that included trademarks (as listed by the arbitrator) like  DUPONT, FEDEX, GOOGLE, and WALT DISNEY that were perpetrated by the unknown Registrant, but it is unclear if there was actual evidence of such activity (or what the actual domain registrations were), or if this was just a simple mistake.

The decision does note at the end of the similarity, rights and bad faith analyses that “[a]s the named Respondent is a victim of identity theft, the identity theft is evidence […] pursuant to Policy ¶ 4(a).” This is important for trademark holders to be aware of if they are faced with similar circumstances regarding a cybersquatter. However, in terms of establishing a strong precedent for future panels and parties to consider when faced with cases of identity theft and fraudulent domain registrations, it would have been clearer if the arbitrator had focused his discussion on this from the outset. ..