A recent domain name decision under ICANN’s Uniform Domain-Name Dispute-Resolution Policy (UDRP Policy), captioned Bin Shabib & Associates (BSA) LLP v. Hebei IT Shanghai ltd c/o Domain Administrator, found reverse domain name hijacking, under some rather interesting, if not questionable circumstances. The Rules that govern the UDRP Policy define Reverse Domain Name HiJacking as "using the Policy in bad faith to attempt to deprive a registered domain-name holder of a domain name." 

What caught my eye was the three-member panel’s use of the ill-fated "knew or should have known" phrase in finding the requisite "bad faith" for hijacking; a phrase well-known to those who follow the trademark fraud case law and appreciate that recently this same "should have known" standard was flatly rejected by the Court of Appeals for the Federal Circuit (CAFC) in In re Bose, as being nothing more than a test for simple negligence. For more on the In re Bose decision, see here and here.

The Bin Shabib & Associates three-member panel, assigned by NAF, was unpersuaded that complainant had proven common law trademark rights in the acronym BSA (under the first UDRP element), so it declined — as unnecessary — to make any findings on the second and third elements under the UDRP, namely, the "lack of legitimate interest" and "bad faith" elements. Despite making no findings on either of these two key elements, the panel held as follows:

Also, the Panel finds that Complainant knew or should have known that it was unable to prove that Respondent lacks rights or legitimate interests in the disputed domain name or that Respondent registered and is using the disputed domain name in bad faith. Based on the foregoing, the panel finds that reverse domain name hijacking has occurred. See NetDepositVerkaik v. Crownonlinemedia.com, D2001-1502 (WIPO Mar. 19, 2002) (“To establish reverse domain name hijacking, Respondent must show knowledge on the part of the complainant of the Respondent’s right or legitimate interest in the Domain Name and evidence of harassment or similar conduct by the Complainant in the fact of such knowledge.”); see also Labrada Bodybuilding Nutrition, Inc. v. Glisson, FA 250232 (Nat. Arb. Forum May 28, 2004) (finding that complainant engaged in reverse domain name hijacking where it used “the Policy as a tool to simply wrest the disputed domain name in spite of its knowledge that the Complainant was not entitled to that name and hence had no colorable claim under the Policy”) (emphasis added).

A couple of curious points are worth discussion. First, putting aside for a moment the dubious "should have known" standard of bad faith, how can complainant be guilty of "bad faith" — sufficient for hijacking — in failing to appreciate that it had no chance of proving the very two elements for which the panel made no findings? Second, neither of the quoted parentheticals go far enough to support the quoted  "should have known" standard; instead, both speak only of actual knowledge.

As it turns out, however, there is some prior WIPO panel support for the "should have known" standard in finding "bad faith" sufficient for reverse domain name hijacking. Nevertheless, in each of these decisions, the panels made findings on all three UDRP elements before finding "bad faith" and ruling in favor of a claim for reverse domain name hijacking, see here, here, and here.

So, what do you think? Is the "should have known" standard defensible in reverse domain name hijacking decisions? If not, what about gross negligence? How about reckless disregard? What is the appropriate level of culpability? Does it even matter, or is a hijacking finding "of little import" to most complainants?