The Complainant is Meta Platforms, Inc., United States of America (“United States”), represented by Tucker Ellis, LLP, United States.
The Respondent is Domain Administrator, See PrivacyGuardian.org, United States / Frederick Armstrong, United States.
The disputed domain name <facebook-security-alert.com> is registered with NameSilo, LLC (the “Registrar”).
The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on November 20, 2021. On November 22, 2021, the Center transmitted by email to the Registrar a request for registrar verification in connection with the disputed domain name. On November 22, 2021, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the disputed domain name, which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on November 23, 2021, providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on November 26, 2021.
The Center verified that the Complaint together with the amended Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).
In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on November 26, 2021. In accordance with the Rules,
paragraph 5, the due date for Response was December 16, 2021. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on December 20, 2021.
The Center appointed Gregory N. Albright as the sole panelist in this matter on December 30, 2021. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.
The Complainant operates the Facebook social networking website and mobile applications, and alleges that it owns the exclusive rights to the FACEBOOK trademarks and service marks. Three registrations for the FACEBOOK Mark in the United States are shown below.
Mark |
Jurisdiction |
Filing Date |
Reg. Date |
Reg. No. |
|
U.S. |
2005-02-24 |
2006-07-25 |
3,122,052 |
|
U.S. |
2006-06-29 |
2010-11-23 |
3,881,770 |
|
U.S. |
2010-10-07 |
2013-11-26 |
4,441,540 |
The Complainant also owns international trademark registration and European Union Trade Mark registrations for the Facebook Mark, some of which are shown below.
Mark |
Jurisdiction |
Filing Date |
Reg. Date |
Reg. No. |
FACEBOOK (Stylized) |
AL, AU, BA, |
2010-05-23 |
2010-07-16 |
1075094 |
|
EU |
2010-06-03 |
2010-12-17 |
009151192 |
|
EU |
2011-03-01 |
2011-11-02 |
009776618 |
The Complainant also owns the domain name <facebook-security.com>, created on April 4, 2014.
The disputed domain name was registered on December 9, 2020. At the time of filing the Complaint, the disputed domain name resolved to an inactive page.
The disputed domain name is confusingly similar to the FACEBOOK Mark
The disputed domain name, which adds the descriptive terms “security” and “alert” to the Complainant’s Facebook Mark, is confusingly similar to the Complainant’s FACEBOOK Mark. The disputed domain name misappropriates all the textual components from the Complainant’s Facebook Mark, such that an ordinary Internet user who is familiar with the FACEBOOK Mark would, upon seeing the disputed domain name, think an affiliation exists between that disputed domain name and the Complainant and/or its FACEBOOK Mark.
Numerous WIPO panels have held that the addition of a descriptive term to a complainant’s mark fails to distinguish a domain name from the mark. See Facebook, Inc., Instagram, LLC, WhatsApp Inc. v. Osbil Technology Ltd, WIPO Case No. D2018-2906 (finding <instagramsecurity.info> confusingly similar to the INSTAGRAM mark because it reproduced the mark plus the addition of the descriptive word “security,” and the descriptive word did not remove the otherwise confusing similarity between the domain name and the mark; Facebook Inc. v. Kristjan Eichler, WebExpress LLC / Arvuti LLC Paris, WIPO Case No. D2015-2299 (“addition of a generic term does not necessarily distinguish a domain name from a trademark”).
The Respondent has added the descriptive terms “security” and “alert” to the Complainant’s FACEBOOK Mark to form the dispute domain name <facebook-security-alert.com>. Accordingly, the disputed domain name reproduces the Complainant’s exact FACEBOOK Mark and adds descriptive words. The descriptive words do not prevent the confusing similarity between the domain name and the mark, especially as the words are descriptive of and relevant to the Complainant’s services. Accordingly, the resulting disputed domain name is not sufficiently distinguishable from the Complainant’s FACEBOOK Mark so as to remove it from the reach of the Policy. And neither the hyphens in the disputed domain name, nor the addition of a gTLD, eliminate its confusing similarity.
The Respondent has no rights or legitimate interests in respect of the disputed domain name
A complainant establishes a prima facie case with respect to paragraph 4(a)(ii) of the Policy by a showing that a respondent (1) is not authorized to use the marks, and (2) is not known by a complainant’s marks. Once a complainant asserts a prima facie case against the respondent, the respondent bears the burden of proving that it has rights or legitimate interests in the disputed domain name.
The Complainant has neither licensed nor authorized the Respondent to use the Complainant’s FACEBOOK Mark. Nor does the Respondent have any legal relationship with the Complainant that would entitle the Respondent to use the FACEBOOK Mark. Further, neither the WhoIs data for the disputed domain name nor the corresponding website to which the disputed domain name resolves supports the conclusion that the Respondent is known by the disputed domain name.
The Respondent is not making a bona fide offering of goods or services in connection with the disputed domain name
The Respondent cannot demonstrate any of the factors that would support a legitimate interest in the disputed domain name under paragraph 4(c)(i) of the Policy. The disputed domain name is not currently used. Non-use or “passive holding” of a domain name is not a use in connection with a bona fide offering of goods or services. And there is no evidence of the Respondent’s preparation to use the disputed domain name in connection with a bona fide offering of goods or services.
Nor may the Respondent show legitimate interests under paragraph 4(c)(ii) of the Policy. The Respondent does not appear to be commonly known by the disputed domain name. The WhoIs data for the disputed domain name does not identify a person or company commonly known by the disputed domain name. And in the verification process described above the Registrar identified the Respondent as “Frederick Armstrong” – a name that does not resemble the disputed domain name.
Finally, the Respondent is not making a legitimate noncommercial or fair use of the disputed domain name, within the meaning of paragraph 4(c)(iii) of the Policy. The disputed domain name is being passively held by the Respondent, and non-use is not a legitimate noncommercial or fair use.
The Respondent has registered and is using the disputed domain name in bad faith
It is well settled that the non-use of a domain name that is confusingly similar to a complainant’s mark constitutes use in bad faith. Here, the Respondent has registered a domain name that is confusingly similar to the Complainant’s Facebook Mark. Because the FACEBOOK Mark is so obviously connected with the Complainant and its well-publicized services and mobile application, and the disputed domain name clearly references this mark, the registration and passive holding of the subject disputed domain name by the Respondent – who has no connection with the Complainant – supports a finding of bad faith under the Policy.
In addition, the disputed domain name is confusingly similar to the domain name <facebook-security.com>, owned by the Complainant, and which redirects to “www.facebook.com/security”, a webpage where the Complainant updates Internet users about how to protect their information both on and off the Facebook social media platform. Although the Respondent is passively holding the disputed domain name at present, it could be used in future to redirect Internet users and present a security risk to them.
The Respondent did not reply to the Complainant’s contentions.
Paragraph 4(a) of the Policy requires the Complainant to prove that: (i) the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights; (ii) the Respondent has no rights or legitimate interests in respect of the disputed domain name; and (iii) the disputed domain name has been registered and is being used in bad faith.
Paragraph 4(b) of the Policy elaborates some circumstances that shall be evidence of the registration and use of the domain name in bad faith. Paragraph 4(c) sets out various circumstances which, if found by the Panel to be proved based on the evaluation of all the evidence presented, shall demonstrate that the Respondent has rights or legitimate interests in the disputed domain name.
The Complainant has shown that it established trademark rights in the FACEBOOK Mark long before the Respondent registered the disputed domain name. The Panel also finds that the Complaint has established confusing similarity between the FACEBOOK Mark and the disputed domain name.
The disputed domain name consists of the FACEBOOK Mark with the addition of the terms “-security,” “-alert,” and “.com.” “The applicable Top Level Domain (“TLD”) in a domain name (e.g., “.com”, “.club”, “.nyc”) is viewed as a standard registration requirement and as such is disregarded under the first element confusing similarity test.” WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”), section 1.11.1.
The Panel also finds that disputed domain name is confusingly similar to the FACEBOOK Mark despite the addition of the terms “security” and “alert”. Similarly, the use of hyphens does not prevent a finding of confusing similarity. “While each case is judged on its own merits, in cases where a domain name incorporates the entirety of a trademark, or where at least a dominant feature of the relevant mark is recognizable in the domain name, the domain name will normally be considered confusingly similar to that mark for purposes of UDRP standing.” WIPO Overview 3.0, section 1.7. Here, FACEBOOK is a famous trademark; as such, it is the dominant feature of the disputed domain name.
Finally, “security-alert” is an apt phrase that one might expect to be associated with the Complainant’s business. When added to the FACEBOOK Mark it may increase, rather than dispel, confusing similarity because of the likelihood that users will wrongly associate the disputed domain name with the Complainant. See Facebook Inc. v. Kristjan Eichler, WebExpress LLC / Arvuti LLC Paris,
WIPO Case No. D2015-2299 (collecting cases); WIPO Overview 3.0, section 1.8. Notably, the Complainant has shown that it does, in fact, own the domain name <facebook-security.com>.
The first element of paragraph 4(a) of the Policy is satisfied.
“While the overall burden of proof in UDRP proceedings is on the complainant, panels have recognized that proving a respondent lacks rights or legitimate interests in a domain name may result in the often impossible task of “proving a negative”, requiring information that is often primarily within the knowledge or control of the respondent. As such, where a complainant makes out a prima facie case that the respondent lacks rights or legitimate interests, the burden of production on this element shifts to the respondent to come forward with relevant evidence demonstrating rights or legitimate interests in the domain name. If the respondent fails to come forward with such relevant evidence, the complainant is deemed to have satisfied the second element.” WIPO Overview 3.0, section 2.1.
Here, the Complainant asserts that it has not granted the Respondent any license or other authority to use the Complainant’s FACEBOOK Mark. The Complainant has also made out a prima facie case that the Respondent does not have any other rights or legitimate interests in respect of the disputed domain name. The Respondent has not come forward to claim any such rights or legitimate interests and the disputed domain name is not being used in any manner.
And since “security-alert” is an apt phrase that one might expect to be associated with the Complainant’s business, as discussed above, the risk of implied affiliation, contrary to fact, cannot constitute fair use. See WIPO Overview 3.0, section 2.5.1.
The second element of paragraph 4(a) of the Policy is satisfied.
The disputed domain name was registered on December 9, 2020, after the Complainant had established rights in the FACEBOOK Mark. Particularly given the fame of the FACEBOOK Mark, it may be inferred that the Respondent registered the disputed domain name with knowledge of the Complainant’s FACEBOOK Mark, and with the objective of creating a false association with the Complainant, or with conscious disregard of the Complainant’s trademark rights.
The Panel also finds that bad faith use despite the Respondent’s passive holding of the disputed domain name. “From the inception of the UDRP, panelists have found that the non-use of a domain name (including a blank or “coming soon” page) would not prevent a finding of bad faith under the doctrine of passive holding. While panelists will look at the totality of the circumstances in each case, factors that have been considered relevant in applying the passive holding doctrine include: (i) the degree of distinctiveness or reputation of the complainant’s mark, (ii) the failure of the respondent to submit a response or to provide any evidence of actual or contemplated good-faith use, (iii) the respondent’s concealing its identity or use of false contact details (noted to be in breach of its registration agreement), and (iv) the implausibility of any good faith use to which the domain name may be put.” WIPO Overview 3.0, section 3.3.
Here, the Complainant’s FACEBOOK Mark is distinctive and well known. The Respondent did not submit any response to the Complaint in this proceeding. The Respondent used a privacy service to shield his identity. And, finally, the Respondent did not respond to the Complaint and suggest how the Respondent might make a plausible good faith use of disputed domain name. The totality of relevant circumstances supports a finding that the Respondent registered the disputed domain name and is passively holding the disputed domain name in bad faith.
The third element of paragraph 4(a) of the Policy is satisfied.
For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the disputed domain name <facebook-security-alert.com> be transferred to the Complainant.
Gregory N. Albright
Sole Panelist
Date: January 13, 2022