Privacy/proxy services carry no per se stigma of nefarious purpose, although when first introduced circa 2006 there was some skepticism they could enable cybersquatting and panelists expressed different views in weighing the legitimacy for their use. Some Panels found high volume registrants responsible for registering domain-name-incorporating trademarks. Others rejected the distinction between high and low volume as a determining factor. WWF-World Wide Fund for Nature aka WWF International v. Moniker Online Services LLC and Gregory Ricks, D2006-0975 (WIPO November 1, 2006) expresses the consensus, namely that use of these services “does not of itself indicate bad faith; there are many legitimate reasons for proxy registration services”). Panels now see the services as factors among others; without more, their use cannot reach the threshold of abusive registration but there was sufficient concern in the ICANN community to investigate the issue and come up with terms to tether the services.

The current Registrar Accreditation Agreement at Section 3.14 (2013) and the Specification on Privacy and Proxy Registrations located at the bottom of the RAA (2016) address the respective responsibilities of registrars and services. The earlier Accreditation Agreements 2001 and 2009 did not address the issue and the Privacy and Proxy Accreditation Program referred to in Section 3.14 is (as of December 2016) yet to be implemented. However, pending the implementation registrars and services are governed by the Specification.

Registrants’ responsibilities, on the other hand, are typically spelled out in the respective services’ agreements. As with registration agreements, registrants who sign up for the services must warrant and represent that their domain names are not unlawful and if challenged the personal and contact information maintained by the services will be produced upon request “to resolve any and all third party claims, whether threatened or made, arising out of Your use of IDP Domain, or take any other action which Backend Service Provider deems necessary” (from Name.com ID Protection Service Agreement, sec. 5).

The action deemed necessary, is to disclose the beneficial holder and its contact information when requested in connection with a UDRP proceeding. When the provider receives the information from the registrar it informs complainant who is given the opportunity of amending the caption to include the real party in interest. Occasionally, the real party in interest (the licensee from a proxy) is unknown.

While privacy once disclosed is not an issue it nevertheless plays a role in determining bad faith. This is illustrated in Teva Pharmaceutical Industries Ltd. v. Teva Pharm, CAC 101326 (ADR.eu December 5, 2016). Respondent (who did not appear) registered <tevapharms careers.com> using a privacy service but it provided false information about its name and address, namely it registered under the name of “TEVA PHARM”. The Panel concluded it did this “on purpose”: “It shows that the Respondent [identified as ‘Susan Fowler’] intended to appear as being the Complainant when sending emails to third parties.” The Panel held that

using a false name spoofing Complainant’s name . . . as a first and last name to register the disputed domain name, and using Complainant’s address in the U.S. headquarters as its residential address is additional evidence of bad faith registration and use.

Respondent falsifying its identity is as close to a per se violation as can be found in a UDRP claim. In Federated Mutual Insurance Company v. David Michael / Acounting, FA1611001703578 (Forum December 12, 2016) (<fedmic.com>) it appeared to the Panel that “Respondent has utilized a privacy shield in a manner which materially adversely affects or obscures the facts of this proceeding” which supports a finding that “Respondent has registered and used the disputed domain name in bad faith under Policy ¶ 4(a)(iii).” As in Teva, Respondent defaulted in appearance.

Respondent appeared and argued in Coolmath.com LLC v. PrivacyGuardian.org / Aamir Munir Butt, cool math games, D2016-2203 (WIPO December 4, 2016) that its <coolmath-mathgames.com> domain name was distinguishable from the trademark and legitimate but the Panel found it “it inconceivable that the Respondent came up with the Domain Name and the content of the website to which the Domain Name is connected without knowledge of the Complainant.” In fact, knowledge is implicit in Respondent’s inclusion of a “notice/disclaimer ... which expressly recognizes the existence of the Complainant.” Respondent argued that “the presence of the notice/disclaimer is ‘evidence of [its] lack of intent to divert consumers/viewers’” but of course this is upside down thinking; the presence of a disclaimer on a website competing for attention is by definition infringing.

The last three examples involved the abusive use of privacy services. Proxy services are different in that proxies are the registered holders and nominal beneficial owners of domain names; users are licensees at least in a formal sense but in actuality, they are the real party in interest. The attempt to separate registrant and user by anonymizing it is illustrated in IDR Solutions Ltd. v. Whois Privacy Corp, D2016-2156 (WIPO December 12, 2016) (<jpedal.org>). In this case, Complainant lost control of its domain name by inadvertently failing to renew and the dropped domain name was immediately registered to a proxy who uses it “for what appears to be a website in French regarding Internet marketing, and technology. Respondent has only been identified as a ‘proxy service’ and the underlying identity of Respondent has not been revealed.” The Panel “notes that Complainant is active in software and technology and Respondent’s website (assuming it would be legitimate) under the Domain Name also appears to be connected with that field.” For these reasons

The Panel is persuaded that it cannot be mere coincidence that purchase of the Domain Name which has been used consistently for 14 years and suddenly available is not a deliberate purchase in which Respondent was unaware of Complainant and its use and mark.

Interestingly, the Panel rested the final phase of its decision on a balancing of rights to supplement the inference that Respondent was aware of Complainant and its mark:

The Panel also finds relevant the relative weighing of the harms to the parties. Complainant being deprived of the Domain Name after 14 years of consecutive use whereby important trademark rights have accrued through no apparent error of its own suffers a much greater harm than Respondent (assuming for argument’s sake that he would be acting in a bona fide manner) being deprived of the Domain Name that appears to have been used for a matter of weeks.

The Panel may have hammered in the extra nail because inadvertent lapses of domain names incorporating weak marks are vulnerable to appearing respondents who persuasively explain their registrations. As it happened in IDR Solutions there was no appearance and no persuasive reason to support legitimacy (really the licensee’s legitimacy!)

But there are always factual patterns that favor respondent even with well-known trademarks. They are rare, and one of the reasons for dismissing the complaint turns on the Policy’s limited jurisdiction. The Complainant in Adobe Systems Incorporated v. Albert Sole, Photoshopcaribe / Domains By Proxy, LLC, D2016-0582 (WIPO May 13, 2016) served a cease and desist notice for <photoshopcaribe.com>. The Respondent answered the notice and then (for unexplained reasons signed up with a proxy service). Complainant argued that this supported its claim for bad faith registration and use but the Panel disagreed:

in light of the Respondent’s reply to the cease and desist notice in which the Respondent[‘s] identity and that of his company, together with the latter’s status as registrant of the disputed domain name are clearly stated ... it cannot therefore have been with intent to obscure the identity of the registrant of the disputed domain name in order to prevent measures being taken by the Complainant as has been alleged.

Respondent prevails, however, not because it persuasively argues a right or legitimate interest but because the claim is outside the jurisdiction of the UDRP forum:

In any event, this case strikes the Panel as one which the Policy is ill-suited to resolve given that it is not a clear case of abusive cybersquatting and that there are apparently competing legal interests at its essence which are subject to the domestic laws of the Dominican Republic. These would be more appropriately raised and better suited to a determination in the courts of that country. Either or both of the Parties are free to take this dispute to a relevant forum. The present finding does not seek to influence any such subsequent proceedings, should they be raised.

For the right reasons, registrants cannot be faulted for buying privacy. The services provide a genuine need but they are ultimately accountable and that’s why by contract they have the final say when their clients are challenged to disclose their identities.