Although much has been made of the EU General Data Protection Regulation (GDPR)’s impact on whois records for domain name registrations, the truth is that these records have been frequently falsified by unscrupulous cybersquatters for years.
A decision in a case filed by Facebook under the Uniform Domain Name Dispute Resolution Policy (UDRP) makes this clear. The domain name registrant’s identity: “te5gfh gtfghbfh”.
While it is possible that a registrant could have just about any name, the panelist in Facebook’s UDRP case apparently saw this name as nothing more than a haphazard, nonsensical sequence of characters randomly typed on a keyboard — though the panelist put it more politely. The UDRP decision simply says that the name “gtfghbfh” “is obviously false.”
(The disputed domain names in the Facebook UDRP case were <facebook-item.com> and <facebook-messages.com>. According to the UDRP decision, the unknown registrant used them in connection with an “obvious phishing scam.”)
Fake registrant information is certainly frustrating to trademark owners, because it often makes identification of real registrants impossible. Plus, it’s contrary to domain name registrants’ obligation under ICANN’s Registrar Accreditation Agreement to “provide accurate information.”
Fortunately, the presence of such false information typically won’t adversely impact a trademark owner’s ability to prevail in a UDRP case. Indeed, in the Facebook decision, the panelist cited the false information as one factor supporting the UDRP’s bad faith element.
The Facebook decision is not unusual. UDRP cases have been filed against registrants with such identities in the whois database as “dsfgsdfgsdfgdsfg” (the decision says that “the most probable and logical conclusion that may be drawn is that [the name is] fictitious”); and “vddfwees qqweadsgg”.
And, in one particularly informative decision in 2013 — involving a domain name registrant identified as “DFASDF ASDF“ — the panelist wrote:
The Respondent is registered only by a series of letters which have no particular meaning. A registrant for a domain name should be an identifiable individual or a corporation constituted under the laws of some jurisdiction. The jumble of letters here denotes neither.
In the Panel’s view, registrars should be vigilant to ensure that registrants of domain names are either a recognizable individual or a corporate personality. Otherwise, it makes it impossible for a trademark holder to commence any action – against blatant infringers – other than through recourse under the Policy which may not always provide sufficient relief against a counterfeiter.
Unfortunately, more than five years later, nothing has changed.