By now you’ve probably heard of Snapchat. But if you are not among its growing core base of users between 13 and 23 years of age (probably a good deal younger than you, constant reader) there’s a good chance you are not a Snapchat user. Snapchat is, as they said once upon a time, all the rage with the kids. It’s a social messaging mobile app that allows users to send photos and videos — “Snaps” — to groups of friends, which can be viewed on the recipient’s mobile device only for a very limited time. It’s a mashup of text messaging, Internet chat, and video streaming that seems tailor-made for the Generation Z crowd.
The Snapchat Hack
These days, being the new cool social app in the room is like painting a target on your back. In December 2013, after the revelation of a security vulnerability and subsequent “mitigation” of the vulnerability implemented by Snapchat, Snapchat was hacked to the tune of 4.6 million stolen usernames and phone numbers. The purpose of the hack, ostensibly, was to “raise public awareness” and to “put public pressure on Snapchat” to fix the vulnerability.
Registration of Snapchatcheck.com
A few days after the hack, in January 2014, someone — widely believed to be Bourne Technologies, but officially a registrant hidden behind a privacy service and identified only as “Private Registrant / A Happy Dreamhost Customer”– registered the domain name snapchatcheck.com, and launched a website at www.snapchatcheck.com, where Snapchat users could check to see whether their personal data had been leaked in the Snapchat security breach. Other than a short description of its purpose and a search box, the simple, single-page site (which remains active as of the date of this post) contained little else except for a small Snapchat logo and copyright notice featuring a link to Bourne Technologies’ website.
Snapchat’s UDRP Complaint
Nearly a year after the domain name was registered and the site launched, and perhaps after unsuccessful attempts to shut down the website and/or obtain the snapchatcheck.com domain name via other means, Snapchat filed a Uniform Domain Name Dispute Resolution Policy (UDRP) complaint with the National Arbitration Forum (NAF) in order to wrest the domain name from the hands of its registrant.
A UDRP dispute is an arbitration proceeding before an independent Panel — in this case, a single-panelist Panel — and typically administered either by the World Intellectual Property Organization (WIPO) or the NAF. Registrants of nearly all top-level domains (.com, .org, and so forth) agree to be bound by the UDRP or similar dispute resolution procedures in their domain name registration agreements, which are intended to be low-cost processes for addressing cybersquatting and other bad-faith domain name registration and use. A successful UDRP complainant is awarded the subject domain name (cancellation of the domain name is available in the alternative, but this rarely requested — it’s generally to the complainant’s benefit to control the domain name post-dispute).
To prevail in a UDRP proceeding, the complainant must satisfy three “prongs,” which Snapchat argued as follows:
- The snapchatcheck.com domain is identical or confusingly similar to Snapchat’s SNAPCHAT trademark;
- The registrant does not have any rights or legitimate interests in the snapchatcheck.com domain name; and
- The registrant has registered and used the snapchatcheck.com domain name in bad faith.
To support the second prong, Snapchat argued that the registrant was not providing any bona fide services under the subject domain, and that the use of the well-known SNAPCHAT mark and logo constituted an attempt to deceive users into believing that the website was provided by or otherwise affiliated with Snapchat, which use was not a legitimate use of the domain name. Further, Snapchat argued that this unauthorized trademark use, along with the link to Bourne Technologies’ website (which revealed the motive to be commercial in nature), demonstrated that the domain was registered and then used in bad faith.
The registrant, perhaps confident in its legal position, didn’t bother to respond. While a good-faith registrant typically benefits from setting forth a defense, all UDRP complaints are evaluated on their merits, and automatic default judgment is generally unavailable.
The Panel’s Decision
The NAF Panel issued its decision in January 2015. Even absent a response by the registrant, the sole Panelist was unconvinced by Snapchat’s arguments. While the first prong was easily satisfied, the Panel conducted its own research outside of the written record, learned of the Snapchat hack, and determined that the registrant was making “a legitimate noncommercial or fair use of the domain name (without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue),” and that the registrant had “established…legitimate rights in the domain name.”
As for the third prong, the determination that the registrant had rights or legitimate interests in the domain invoked a presumption that the domain was not registered or used in bad faith. Without addressing Snapchat’s specific arguments, the Panel determined that the circumstances as a whole simply didn’t support the conclusion that the snapchatcheck.com domain was registered and used in bad faith. As the three elements of the UDRP were not satisfied, relief was denied.
What Comes Next?
The UDRP does not provide for an administrative appeal process. Thus, if Snapchat wishes to pursue the matter further, it will probably commence a civil action under the Anticybersquatting Consumer Protection Act (ACPA), 15 U.S.C. § 1125(d), which would probably include various other trademark claims under the Lanham Act. To our knowledge, no such dispute has been instituted — yet. Snapchat could also offer to purchase the domain from the registrant (if it hasn’t already). In any event, if you’re a Snapchat user still concerned about your personal info in the wake of the Snapchat hack, the www.snapchatcheck.com remains available!