By Steve Levy
We often see UDRP decisions published online, laying out the details of who did what and why. But what happens when the named Respondent in a case isn’t actually the bad actor? This is where things can get a little complicated and it brings up a question: should the named respondent’s identity be redacted in these published decisions?
Imagine this scenario: A company files a UDRP complaint because someone registered a domain name that infringes on their trademark. The dispute provider gets the Whois record from the registrar (which shows who owns a domain), and there’s a person’s name listed. So, the Complainant lists that person as the respondent in the amended complaint. Sounds straightforward so far, right?
But here’s the twist: sometimes, the true owner of the domain name has deliberately used someone else’s identity in the Whois record. Maybe it’s an old acquaintance, a random person they found online, or even a completely fabricated identity. The actual, innocent person whose name is listed as the Respondent suddenly finds themselves embroiled in a UDRP dispute, completely unaware of, and uninvolved in the domain’s registration or use. On the other hand, there have been rare instances of wily cybersquatters falsely claiming identity theft or of having no connection with a disputed domain name in the hopes of avoiding their name being published in an adverse UDRP decision.
This can be a real pickle. On one hand, the UDRP process is designed to be transparent. Publishing decisions helps build a body of precedent, educates others, and aims to promote good behavior in the domain name space. Redacting names might seem to go against that transparency.
However, consider the potential harm to a truly innocent party. Their name is now publicly linked to a domain dispute, potentially appearing as a cybersquatter. This could have real-world consequences from reputational damage to simply being associated with something they had no part in. It’s a classic case of mistaken identity, but with a digital footprint.
Some might argue that the named respondent still has to prove their innocence, and that the transparency of the system outweighs the individual’s privacy in this context. But is it fair to ask an innocent party to go through that hassle, especially where there is reliable evidence clearly pointing to their identity being misused? And what happens if the Respondent never even receives notice of the complaint or isn’t aware that it even has the option to request redaction of its name? This was the situation in a recent decision where the Panel decided to name the individual, despite evidence of identity theft and a response from the individual stating that it had no knowledge of the disputed domain name. The Panel stated that “[i]n the instant case, there has been no request in the Complaint to redact any portion of the decision, nor has there been a Response or an Additional Submission from the Respondent in question.”
In these specific situations, where there’s clear evidence that the named respondent is a victim of identity misuse, whether that evidence was provided by a responding individual or by the Complainant, as a Panelist I lean towards redaction. The purpose of naming a respondent is to hold the true owner of the domain name accountable for its actions. If the named party isn’t the true owner, then their public identification typically serves no just purpose and can, in some instances, cause undue harm. Finally, unless gamesmanship by a cybersquatter seeking to avoid responsibility is suspected, an individual who actually makes the effort to respond and assert non-involvement shouldn’t be penalized for not realizing that they have the ability to request redaction.
In the end, it’s a delicate balance between transparency and protecting legitimately innocent individuals. As the digital landscape continues to evolve, so too must our approaches to these kinds of ethical dilemmas in online governance.