In brief:
- Individuals and companies have the responsibility not only to comply with terms of use of the .ae domain laid down by the domain name Administrator, but also to comply with the policies of the Registrar with whom they register.
- There are several routes available to seek to redress of online identity infringement. Firstly, there are administrative measures which can be utilised, via either the Administrator or the Registrar (either of which are able to revoke certain rights of domain name registrants). Secondly, action may be initiated under the aegis of the Arbitration and Mediation Center of the World Intellectual Property Organization (“WIPO”) in Dubai under the UAE Domain Name Dispute Resolution Policy and its corresponding Rules, along with the WIPO Supplemental Rules, which provide a judicial basis for resolution. Perhaps to be pursued in cases where administrative measures perhaps prove to be insufficient.
- In the ever-expanding cyberspace, there is consequently increasing litigation over domain name disputes. Registrars are increasingly becoming embroiled in these lawsuits on multiple fronts, despite having complied with their own policies under rules laid down by the Administrator, thus adding nuance to arguments made by aggrieved parties in support of their cases.
Is your identity safe in the virtual world?
Since the beginning of 2020, the commercial necessity for having a virtual identity has gained significant ground with traditional as well as digital businesses, as they forge ahead with adopting a new ‘virtual culture’, despite the potential risks this may pose. Hadef & Partners is increasingly involved in advising on complex litigation matters over digital ‘assets’ such as virtual identities.
The UAE’s domain name administration (the Administrator) was established by the UAE Telecommunications and Digital Government Regulatory Authority (“TDRA”). It is the Administrator’s domain name policies which provide the mechanism for aggrieved parties to seek redress from the misappropriation or illegitimate use of their name or identity online. These policies govern the use of the .ae domain name and include a:
- Domain Name Eligibility Policy;
- Registrant Warranties Policy;
- Complaints Handling Policy;
- UAE Domain Name Dispute Resolution Policy; and
- Rules for the UAE Domain Name Dispute Resolution Policy.
In addition to these, each Registrar of a .ae domain name is obligated by the TDRA to implement its own policies, which must conform with the Administrator’s policies and terms of use, binding itself and its registrants to function within the ambit of such policies. In addition, at the time of applying for registration of a .ae domain name, registrants must enter into terms of use with the Registrar, empowering the Registrar (where applicable) to take action against an impugned domain name.
The Administrator’s policies recognise the importance of an application for registration of a domain name to have been made in good-faith and empower the Administrator to act at any time if any of a registrant’s warranties, which are required to be given on an application for a registration, are found to be untrue or misleading.
The Registrar is responsible for handling complaints regarding the registration of a .ae domain name, as well as possible breaches within the purview of its own policies and terms of use, as well as those governing its relationship with the Administrator.
The Registrar is empowered to independently act upon a complaint, and may revoke the registration of a domain name which it finds has been registered and/or is being used against its policies and/or its own terms of use with registrants. We have also seen that Registrars have, on numerous occasions, taken additional remedial measures of their own volition, by adopting policies for dealing with suspected abuse of a domain name registered with them. The types of Registrar policies or terms that may be invoked in such circumstances include their:
- Abuse Policy;
- Customer End User Agreement; and
- Standard Terms and Conditions.
As a further, subsequent avenue to redress, perhaps to be deployed in case the Registrar and/or the Administrator is unable or otherwise not minded to take action, an aggrieved party has the option to invoke the UAE Domain Name Dispute Resolution Policy and follow the procedures provided in its corresponding Rules to institute proceedings under the patronage of the Arbitration and Mediation Centre of WIPO in Dubai. The availability of this route to resolution may prove invaluable, where, for example, pursuant to the discretion afforded to each of the Registrar and the Administrator under the UAE Domain Name Dispute Resolution Policy and each of their own policies, the Registrar and/or the Administrator refrains from taking action. We have seen that this is especially so where the matter of ownership of the name/identity is in contention, and as the parties attempt to establish their own rights over the domain.
It is worth noting that at this stage, the Arbitration and Mediation Centre of WIPO’s own, internal rules come into play and would be read along with the Administrator’s rules and policies. For the purpose of these proceedings, WIPO has promulgated Supplemental Rules for the UAE Domain Name Dispute Resolution Policy. It has also provided for certain formats and modalities to be followed, which align with the internationally recognised Uniform Domain Name Dispute Resolution Policy (“UDRP”), approved by the Internet Corporation for Assigned Names and Numbers (“ICANN”). While the UDRP mostly provides the procedure for disputes regarding intellectual property rights associated with domain name registration, the UAE Domain Name Dispute Resolution Policy has a wider application such that it also provides a method of redress for a .ae domain name registered in bad faith, fraudulent/abusive use of a .ae domain name, and any use in violation of the law.
In a recent case, a major media buying and placement service provider discovered that its identity had been misappropriated in a bid to gain monetary benefits. The perpetrators had applied for personal loans for multiple individuals with a leading UAE bank, claiming that such individuals were employed by our client. Emails falsely confirming their employment by our client were sent to the bank from an email address with a .ae domain, which read as [actual HR staff’s name]@[client name].ae. Supposed ‘verification certificates’ (which were forged on letterhead purporting to be that of our client, along with fake seals and false signatures) were transmitted. During our investigation and on review of the evidence, various aspects of the scam were unearthed, which centered around issues of both forgery and domain name misappropriation.
The Disputes Resolution Department at Hadef & Partners pursued both of these aspects for our client, initiating criminal proceedings under the UAE’s Penal Code for the forging of documents and client credentials, as well as claims before the TDRA under the regulatory policies of the UAE’s domain name administration.
In order to initiate proceedings on behalf of our client seeking the revocation of the registration of the contravening domain name in this case, we accordingly first instituted complaints invoking the Administrator’s and Registrar’s policies. We brought the matter to the knowledge of both the Administrator and the Registrar, and we petitioned for investigation into the matter under both of their sets of policies.
With the Administrator being empowered by the TDRA to uphold the integrity of the .ae domain, and noting that each .ae domain name registrant must provide various warranties on an application for a registration (both with the Registrar as well as the Administrator), we cited provisions of both the Administrator’s and the Registrar’s policies, and were able to draw upon the registrant’s warranties in this case to seek to exhibit the registrant’s violation of the terms on which it had been provided registration of the domain name in question.
Whilst in our case the claim was specific to the revocation of a .ae domain name on the grounds that our client’s identity had been hijacked and use of its domain abused, causing harm, in the amplifying expanse of cyberspace and consequential numerous possible ways of falling victim to misuse of digital identities, it pays to be alive to the various routes to remedy and recovery, should you need them.
We expect to see an increasing number of parties whose virtual identities are misappropriated, and, with that, more and more Registrars with whom relevant domains are registered becoming embroiled in litigation over domain name disputes. Although their participation may be fundamental to aggrieved parties in order to safeguard their identity, this does create a challenge for Registrars who are potentially faced with having to defend multiple law suits to which they have been enjoined, regardless of them having complied with the terms and policies within which they operate.
If you would like more information on this topic and Dispute Resolution, or have any questions, please contact Karim Mahmoud, Partner, Dispute Resolution, Taher Abdeen, Partner, Dispute Resolution, Victoria Woods, Partner, Head of Commercial, James Dunne, Head of Trade Marks and Brand Protection or Abdul Hannan, Associate, Dispute Resolution.