Introduction
Consider 2 scenarios: one, you wanted to set up a website with your name, but it was “unavailable” as it had already been registered by someone else; two, you came across a website that impersonated your identity or your company’s goodwill, and it was carrying out dubious activities online. In both scenarios, you would want either for the website to cease or be somehow given to you. You could of course consider bringing the matter to court. But, as you would soon realise, you might not be able to figure out who the imposter is. Further, going to court could be costly and time-consuming. So the question is, is there a better way of dealing with online imposters?
Domain Name Dispute Resolution (DNDR)
DNDR is an expedited administrative dispute resolution mechanism designed for resolving domain name disputes. A domain name dispute occurs when a party (the Complainant) is contesting against a current domain name holder (the Respondent) over the rights to a domain name on the grounds that the latter has infringed its intellectual property right. This can be initiated by a complainant filing the requisite request to a DNDR provider accredited by the Internet Corporation for Assigned Names and Numbers (ICANN), which is the body tasked with the responsibility of ensuring the stable and secure operation of the Internet's unique identifier systems.
Understanding the basics
It pays to briefly understand how we browse the internet and some terminologies relevant for determining the appropriate DNDR procedure.
Domain name and IP address
A domain name is an internet address. To get to a website, one would simply enter the domain name in the web browser. So, to access The Legalholics, simply type in <thelegalholics.com> and press “enter”.
However, the issue is that our computers do not actually understand what is being entered. This is because humans and computers recognise a domain name differently. We recognise it by its name; computers by its IP address, which is a string of numerical numbers. Here is an example:
The Domain Name System (DNS) was developed to solve this issue. It works by translating a domain name into an IP address. Thus, when we enter a domain name in the browser, the DNS will resolve the domain name to its IP address which then allows the computer to communicate with the internet server and retrieve the matched webpage. This is important because while we can certainly enter “74.125.68.102” to look for Google (try it!), it makes practical sense to do it just by entering “google.com”.
Top Level Domains (TLDs)
The diagram above is a bird’s eye view of the different terminologies surrounding what we colloquially call a “link”, or a URL. For the purposes of this article, we will only be focusing on TLD, gTLD and ccTLD.
Who are the imposters?
Online imposters have attempted to register domain names that are identical to a household brand or name, with an ulterior motive. Some common examples include:
Cybersquatting
This is where a domain name is registered by a person having no rights to the trademark with the intention of later selling it off for profit. For example, in Malaysia, cyber-squatters have attempted to pre-emptively register popular domain names such as <apple.com.my>, <wechat.com.my> and <taobao.com.my> despite them not having legitimate rights to those names.
Typo-squatting
This is where a misspelled domain name of a well-known website is deliberately registered to catch unsuspecting web users who make typographical mistakes when entering a URL. These users are then led to fake websites set up to steal their personal data. Common examples include <zaaraa.com>, <gooogle.com>, <amozon.com>, etc.
Phishing
Similar to typo-squatting, phishing involves the registration of a domain name that is confusingly similar to a genuine website. Masquerading as legitimate entities, these fake websites trick internet users into opening an email, a text message, or a URL designed to steal personal data, load malicious malware, or even launch a ransomware attack.
Domain name dispute resolution
Depending on the type of TLD, a domain name dispute may be resolved in accordance with the relevant procedure that provides for different remedies:
We will discuss the more commonly used procedures: the UDRP and MYDRP, for the resolution of gTLD and ccTLD (.my) disputes, respectively.
UDRP
In Malaysia, UDRP proceedings may be submitted to the Asian Domain Name Dispute Resolution Centre (ADNDRC). It is one of the 5 providers in the world approved by ICANN to administer such proceedings. The ADNDRC operates its Kuala Lumpur office in Malaysia through the Asian International Arbitration Centre (AIAC).
Unlike litigation or commercial arbitration, these proceedings do not involve in-person hearings. This is unless the tribunal (the Panel) directs otherwise in exceptional circumstances. A Complainant may initiate a UDRP proceeding by submitting a complaint in accordance with the UDRP Policy and the UDRP Rules. Within a stipulated time, the Respondent may respond to the complaint accordingly. Failing which, the Panel will decide the dispute based upon the complaint. The entire proceedings take a maximum of 45 days to be completed and the fees (barring the fees for a representative, if any) are fixed by the relevant DNDR provider.
The grounds on which such a complaint can be made are that:
the domain name is identical or confusingly similar to a trademark in which the complainant has rights;
the Respondent does not have legitimate interests in the domain name; and
the domain name has been registered and is being used in bad faith
An example can be seen in Petroliam Nasional Berhad v Cornelius Malloy, Case No. AIAC/I/ADNDRC-595-2018. The disputed domain name in question was <careers-petronas.com>. The Panel found that the Respondent, a U.S. citizen, had registered the disputed domain name to trick internet users into paying upfront payments in relation to potential alleged interviews with Petronas. It also observed that the word “Petronas” did not reflect the Respondent’s name and that the Respondent had not had any trade mark rights over the name even in his home country. As such, it considered that the Respondent had intended to disrupt, discredit and embarrass the business of the Complainant. Accordingly, the disputed domain name was ordered to be cancelled. A more recent example can be seen in the NAF administered case of Google LLC v Ben Ghosh, Claim no. FA2003001888606. There, the disputed domain name <googlecoronavirus.com> was ordered to be transferred to the Complainant.
MYDRP
The Malaysian Network Information Centre (MYNIC) is the sole administrator for web addresses that end with .my in Malaysia. It has appointed the AIAC to offer domain name dispute resolution services concerning the .my ccTLD.
The proceedings are largely similar to those in the UDRP. The administration of the dispute is pursuant to MYNIC’s own set of Policy and Rules, which again, are largely similar to those of the UDRP, albeit with some minor additions like an opportunity to file a reply by the Complainant. There are no in-person hearings, and a complaint must be submitted and responded to, failing which the Panel will decide on the basis of the complaint. The proceedings take about 60 days to be completed and the costs (barring fees for a representative, if any) are fixed by MYNIC.
If the Panel finds that the disputed domain name satisfies the requisite thresholds, it may order that the disputed domain name be transferred or cancelled. An example can be seen in the cases of Apple Inc. v Eppies Internet, Case No. RCA/DNDR/2008/12 and Telekom Malaysia Berhad v Derick Ng/CA Merchant Services Sdn Bhd, Case No. AIAC/DNDR-807-2020. In both cases, the contested domain names <apple.com.my> and <streamyx.my> were ordered to be transferred to the Complainants, respectively.
Conclusion
The ease with which a domain name can be registered has no doubt given rise to many domain name infringements, and hence domain name disputes. The importance of having a swift, inexpensive and effective dispute resolution mechanism in this domain, such as the UDRP and MYDRP, cannot be understated. DNDR not only allows a rightful owner to reclaim his intellectual property rights, but it also protects web users from accessing potentially hazardous websites. It remains to be seen just how effective it is in the long run, as more TLDs are being added to the internet. As for now, it will give online imposters a run for their money.
References
Apple Inc. v Eppies Internet, Case No. RCA/DNDR/2008/12
Tencent Holdings Limited v Thai Amulet Technology, Case No. KLRCA/DNDR-503-2017
Alibaba Group Holding Limited v Microit Technology (M) Sdn. Bhd., Case No. RCA/DNDR/2012/28
Petroliam Nasional Berhad v Cornelius Malloy, Case No. AIAC/I/ADNDRC-595-2018
Telekom Malaysia Berhad v Derick Ng/CA Merchant Services Sdn Bhd, Case No. AIAC/DNDR-807-2020
AIAC’s Guide to Domain Name Dispute Resolution
Uniform Domain Name Dispute Resolution Policy, paras 3, 4
Rules for Uniform Domain Name Dispute Resolution Policy, paras 3, 4, 10, 13
MYNIC’s Domain Name Dispute Resolution Policy, paras 3, 5, 12, 17,
Rules of MYNIC’s Domain Name Dispute Resolution Policy, paras 4, 6, 15, 17
Comments