International Information Systems Security Certification Consortium (ISC)2 v. Davis, Sita & Company, P.A.
Claim Number: FA1212001476681
Complainant is International Information Systems Security Certification Consortium (ISC)2 (“Complainant”), represented by Fatima Lahnin of Carmody &Torrance, LLP, Connecticut, USA. Respondent is Davis, Sita & Company, P.A. (“Respondent”), represented by David E. Weslow, Washington, D.C., USA.
REGISTRAR AND DISPUTED DOMAIN NAME
The domain name at issue is <cisspclasses.com>, registered with GoDaddy.com LLC.
The undersigned certifies that he or she has acted independently and impartially and to the best of his or her knowledge has no known conflict in serving as Panelist in this proceeding.
R. Glen Ayers served as Panelist.
Complainant submitted a Complaint to the National Arbitration Forum electronically on December 19, 2012; the National Arbitration Forum received payment on December 19, 2012.
On December 19, 2012, GoDaddy.com LLC confirmed by e-mail to the National Arbitration Forum that the <cisspclasses.com> domain name is registered with GoDaddy.com LLC and that Respondent is the current registrant of the name. GoDaddy.com LLC has verified that Respondent is bound by the GoDaddy.com LLC registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On December 20, 2012, the Forum served the Complaint and all Annexes, including a Written Notice of the Complaint, setting a deadline of January 9, 2013 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@cisspclasses.com. Also on December 20, 2012, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax, to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
A timely Response was received and determined to be complete on January 9, 2013.
A timely Additional Submission was received from Complainant and determined to be complete on January 14, 2013.
A timely Additional Submission was received from Respondent and determined to be complete on January 18, 2013.
On January 21, 2013, pursuant to Complainant's request to have the dispute decided by a single-member Panel, the National Arbitration Forum appointed R. Glen Ayers as Panelist.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that the National Arbitration Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2.
Complainant requests that the domain name be transferred from Respondent to Complainant.
A. Complainant
1. Complainant is a global, not-for-profit organization that was formed in 1989 to develop an accepted industry standard for the information security practice.
2. Complainant uses the CISSP mark to recognize individuals who have attained certification as a “Certified Information Systems Security Professional,” designates individuals with the ability to develop information security policies, standards, and procedures as well as manage the implementation process across an enterprise.
3. Respondent’s <cisspclasses.com> domain name is confusingly similar to Complainant’s CISSP mark.
4. Any argument that Respondent may make regarding the use of an inconspicuous “disclaimer” should be rejected for the purposes of confusing similar analysis.
5. Respondent is not commonly known by the <cisspclasses.com> domain name.
6. The disputed domain name resolves to a website which purports to provide training classes, rendering the content provided at the resolving website in competition with Complainant.
7. In an e-mail response to a cease and desist letter, Respondent offered to sell the <cisspclasses.com> domain name to Complainant.
8. Respondent was “overwhelmingly likely” to have been aware of Complainant’s rights in the CISSP mark at the time of Respondent’s registration of the <cisspclasses.com> domain name and to have chosen that domain “with the objective of creating a likelihood of confusion with the Complainant’s mark as to the source, sponsorship, affiliation or endorsement of the website resolving at the disputed domain name.”
9. Respondent engages in commercial activity through its website at the disputed domain name by purporting to provide training classes for a fee.
10. Respondent “knew or should have known that CISSP was a protected trademark and knew or should have known that the Complainant is genuinely known for providing certification and training” at the time of the <cisspclasses.com> domain name’s registration.
11. Respondent’s inclusion of a disclaimer of affiliation with Complainant on Respondent’s website is insufficient to preclude bad faith registration and use.
B. Respondent
1. Respondent, a CPA firm, offers a variety of accounting, management consulting, tax preparation and financial management services to individuals and small businesses, and has provided these services for nearly two decades.
2. Respondent also provides IT certification training (including the CISSP certification among others) through its Academy of Computer Education a/k/a ACE a/k/a Trainace.com. It its Response, respondent states that “Davis, Sita & Company, P.A. and its Academy of Computer Education will be collectively referred to as ‘Respondent.’”
3. Respondent registered the <cisspclasses.com> domain name on June 11, 2010.
4. Respondent’s addition of the descriptive term “classes” to Complainant’s CISSP mark in the formation of the <cisspclasses.com> domain name represents Respondent’s “nominative fair use of the CISSP mark.”
5. Respondent has used the <cisspclasses.com> domain name for over two years to promote its CISSP training classes.
6. CISSP training classes simply cannot be identified without using the CISSP mark and it is absolutely necessary to use the CISSP mark to describe Respondent’s CISSP classes. Respondent is using only so much of the CISSP mark as is necessary to identify Respondent’s CISSP classes.
7. The website displayed by Respondent at <cisspclasses.com> bears Respondent’s name, “Academy of Computer Education,” and bears no resemblance to Complainant’s website. Complainant appears to also make use of a logo or design version of the CISSP mark on its website, and Respondent has made no use of that design mark.
8. Respondent’s website accurately reflects Respondent’s status as an independent provider of CISSP training classes. Respondent’s website does not suggest sponsorship or endorsement by Complainant, and instead includes a disclaimer indicating that the website is in no way affiliated with Complainant.
9. In the past three years, Respondent has provided CISSP exam preparation classes for approximately 300 people.
10. Training classes for this certification are provided by a wide range of third parties due to the scope of material covered by the exam.
11. Complainant’s only assertion under UDRP ¶ 4(a)(iii) pertaining to alleged bad faith at the time of registration of the domain name is that Respondent ‘was overwhelmingly likely to have been aware of the Complainant’s trademark.’
12. Complaint in this proceeding represents a clear instance of reverse domain name hijacking.
13. Although UDRP Rule 3 requires Complainant to certify that the Complaint is complete and accurate, Complainant in this case has carefully avoided providing:
a. any discussion of Respondent’s identity as a reputable professional services firm;
b. the nature of the website and CISSP classes provided by Respondent through use of the disputed domain name;
c. any acknowledgment that it was Respondent who first contacted Complainant concerning a potential business relationship; and,
d. only after Respondent declined Complainant’s unfavorable business terms did Complainant initiated this proceeding.
C. Complainant’s Additional Submission
1. Respondent is not associated with the “Academy of Computer Education,” and all of Respondent’s assertions regarding the business of the Academy of Computer Education should be ignored. To the extent Mr. Sita may have some joint financial interest in this entity, those facts do not allow Respondent to dispense with corporate formalities in order to avoid the Complaint. Not only did Complainant create and develop CISSP certification, but part of its business is dedicated to training individuals seeking to obtain CISSP certification. Complainant offers CISSP review seminars through Classroom, LiveOnLine, and Private On-Site training.
2. Respondent’s “legitimate” accounting business, plus its “interest” in using the CISSP mark, does not equal a “legitimate interest” pursuant to UDRP ¶ 4(a)(ii).
3. There is no evidence that Respondent offers any CISSP classes that might give it a legitimate interest in the CISSP mark other than Respondent’s own conclusory statements.
4. Even if Respondent was doing business as “Academy of Computer Education,” it still would not have a legitimate interest in the CISSP mark because it would be competing directly with Complainant using a confusingly similar domain name.
5. Respondent’s website purports to offer CISSP preparation classes, but under its “CISSP Info and Resources” heading Respondent’s website links to several third-parties, including Complainant.
6. The <cisspclasses.com> domain name does not appear to offer the services of Academy of Computer Education, but instead, directs users to a variety of vendors, of which the Academy of Computer Education is perhaps one. The disputed domain directs parties interested in preparing for the CISSP certification examination, not to Respondent, and not even to Academy of Computer Education, but to yet another third party website: <www.quickcert.com>. A recent press release by <cisspclasses.com> states that “Users can click the ‘Get Class Info’ link and within minutes be in touch with a local training company who can provide a proposal for on-site or open enrollment CISSP training.”
7. The Academy of Computer Education purported to offer training in preparation for the CISSP certification under its <trainace.com> domain for three years before Respondent registered the <cisspclasses.com> domain name, suggesting that Respondent registered the disputed domain in response to the “lackluster results” of offering the CISSP class at <trainace.com>.
8. Respondent’s reliance on Educational Testing Services (ETS) v. Morrison Media LLC, D2006-1010 (Dec. 5, 2006) is misplaced, because in that case the respondent was clearly identified by name and address at the top of each webpage, and the respondent had also published books bearing the same title as the disputed domain prior to the dispute.
9. Respondent’s reliance on the fair use doctrine also fails, because New Kids on the Block v. News Am Publ’g, Inc., 971 F.2d 302, 308 (9th Cir. 1991), forbids any use of a mark that would suggest sponsorship or endorsement by the trademark holder. Respondent’s disclaimer of association with Complainant is insufficient because it does not identify with whom the site is affiliated.
10. Had Respondent joined Complainant’s affiliate program it would have been authorized to limited use of Complainant’s marks, but Respondent’s inquiry into this program was not genuine.
D. Respondent’s Additional Submission:
1. Complainant has not attempted to justify its presentation in the Complaint of only selected information regarding Respondent’s use of <cisspclasses.com> domain and Respondent’s pre-dispute dealings with Complainant, which violates UDRP Rule 3.
2. In contrast to Complainant’s unsworn attorney argument in Complainant’s Additional Submission, Respondent has provided a sworn declaration from Ralph P. Sita, Jr. CPA confirming that Respondent uses the disputed domain name to promote its IT certification training provided under the names Academy of Computer Education, ACE, and Trainace.com.
3. The implications of Complainant’s arguments are that any domain name registrant could be found to have violated the UDRP if the registrant has not filed a “d/b/a” form with a local government regarding the operation of the domain name in question. Neither UDRP Policy nor UDRP precedent supports this notion, nor should they.
4. Contrary to Complainant’s statement that Respondent has not provided any CISSP training classes, Respondent has provided CISSP classes for approximately 300 people in the past three years. See Sita Decl., ¶ 11.
5. Respondent uses Quickcert content to provide training classes, and there is nothing nefarious about an informational link from <cisspclasses.com> to <quickcert.com>. Complainant’s attempt to depict this informational link as a redirection of visitors to third-party websites for the provision of training classes by such third-parties is evidence of Complainant’s bad faith in the pursuit of this proceeding.
6. Complainant’s argument that there can be no fair use of the CISSP mark other than use by Complainant and its designees conflicts with the limitations of Complainant’s U.S. federal certification mark registration. Respondent is allowed to make a nominative fair use of Complainant’s mark, and has been for several years.
7. Complainant’s registration of the CISSP mark with the USPTO (Reg. No. 2,045,256 registered March 18, 1997) is a certification mark, meaning that Complainant is itself barred from using the mark under U.S. Patent and Trademark Office, Trademark Manual of Examining Procedure, § 1306.01(a), which provides that:
“A certification mark may not be used, in the trademark sense of ‘used,’ by the owner of the mark; it may be used only by a person or persons other than the owner of the mark. That is, the owner of a certification mark does not apply the mark to his or her goods or services and, in fact, usually does not attach or apply the mark at all.”
8. Consumers will understand that Respondent’s CISSP classes are not being
provided by Complainant, because Complainant cannot provide those services through the use of the CISSP certification mark.
9. Respondent’s reverse domain hijacking claim is also supported by the following aspects of Complainant’s Additional Submission:
a. Complainant’s arguments related to the corporate structure of Respondent and Maryland state regulations pertaining to “d/b/a” filings are clearly irrelevant to a UDRP proceeding, and must have been presented for an improper purpose.
b. Complainant falsely mischaracterizes the nature of Respondent’s website by suggesting that Respondent’s informational link to <quickcert.com> is indicative of bad faith.
c. Complainant’s argument that Respondent operates in direct competition with Complainant is clearly controverted by the statutory restrictions on Complainant’s certification mark, and suggests that the certification mark may be invalid.
The Panel finds that the Complainant has made a prima facie showing under all three elements of the UDRP.
Factually, the Complainant has shown that it holds a mark, CISSP; certainly, the domain name is identical to or confusingly similar. Respondent barely bothers to attempt to rebut these facts, asserting only a defense of “fair use.”
While Respondent does not dispute the allegations that it is not known by the domain name and that it does not have any rights in the name, it asserts both “fair use” and that it has made a bona fide offering of goods and services.
As to the latter, using the mark as part of the domain name is neither fair use nor a bona fide offering of goods and services. The domain name decisions are clear as to the last point. Factually, the fair use allegations depends upon a line of U.S. Circuit Court of Appeals cases saying that use of a mark is permitted if it is the only way to identify the goods or services being offered. For example, “USED CHEVROLET PARTS.” Here, a domain name like “classesleadingcertificationincomputersecurity.com” would certainly work, without the use of the mark.
A finding of “bad faith” here is more difficult. The offer to sell, for instance, was made after receipt of a cease and desist letter, and merely stated that Respondent would make an offer; the offer was never made; the Complainant never followed up.
However, in the industry, and given Respondent’s use, CISSP is certainly a well-known mark of which Respondent had notice at the time it registered the domain name. The disclaimer used by Respondent is not sufficient, factually.
The usage and circumstances must generate, therefore, a finding of “bad faith.”
Respondent did raise the issue of a “certification mark,” which Complainant cannot itself use; these marks are used only by third persons. See U.S. Patent and Trademark Office, Trademark Manual of Examining Procedure, §1306.01(a).
This was not raised in the initial Response. It was inserted in the last submission, where the Respondent “suggests” that the registration of the certification mark was or is now invalid and may be cancelled.
If this factual statement is correct, that appears to be a matter beyond the UDRP process. Respondent may direct this issue to the USPTO or the courts.
Finally, these findings do not support a claim of reverse domain name hijacking.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
Complainant claims rights in the CISSP mark pursuant to Policy ¶ 4(a)(i) based on its registration of the mark with the USPTO (Reg. No. 2,045,256 registered March 18, 1997). The registration of a mark with the USPTO is sufficient to confer rights in the mark under Policy ¶ 4(a)(i). See Bloomberg L.P. v. Johnston, FA 760084 (Nat. Arb. Forum Oct. 25, 2006) (finding that the complainant had established rights in the BLOOMBERG mark through registration with the United States Patent and Trademark Office). Complainant has established rights in the CISSP mark for the purposes of Policy ¶ 4(a)(i) through its registration of the mark with the USPTO.
Complainant has shown that Respondent’s <cisspclasses.com> domain name is confusingly similar to Complainant’s CISSP mark within the meaning of Policy ¶ 4(a)(i). The disputed domain name includes Complainant’s entire mark, while adding the generic term “classes” and affixing the generic top-level domain (“gTLD”) “.com.” Neither the addition of generic terms nor the affixation of a gTLD is sufficient to create a unique, wholly distinctive domain name under Policy ¶ 4(a)(i). See Sutton Group Fin. Servs. Ltd. v. Rodger, D2005-0126 (WIPO June 27, 2005) (finding that the domain name <suttonpromo.com> is confusingly similar to the SUTTON mark because the addition of descriptive or non-distinctive elements to the distinctive element in a domain name is immaterial to the analysis under Policy ¶ 4(a)(i)); see also Gardline Surveys Ltd. v. Domain Fin. Ltd., FA 153545 (Nat. Arb. Forum May 27, 2003) (“The addition of a top-level domain is irrelevant when establishing whether or not a mark is identical or confusingly similar, because top-level domains are a required element of every domain name.”). Respondent’s <cisspclasses.com> domain name is confusingly similar to Complainant’s CISSP mark within the meaning of Policy ¶ 4(a)(i).
Rights and Legitimate Interests: Policy ¶ 4(a)(ii).
Complainant has made a prima facie case that Respondent lacks rights and legitimate interests in the disputed domain name under Policy ¶ 4(a)(ii). The burden sifted to Respondent to show it does have rights or legitimate interests. See Hanna-Barbera Prods., Inc. v. Entm’t Commentaries, FA 741828 (Nat. Arb. Forum Aug. 18, 2006) (holding that the complainant must first make a prima facie case that the respondent lacks rights and legitimate interests in the disputed domain name under UDRP ¶ 4(a)(ii) before the burden shifts to the respondent to show that it does have rights or legitimate interests in a domain name); see also AOL LLC v. Gerberg, FA 780200 (Nat. Arb. Forum Sept. 25, 2006) (“Complainant must first make a prima facie showing that Respondent does not have rights or legitimate interest in the subject domain names, which burden is light. If Complainant satisfies its burden, then the burden shifts to Respondent to show that it does have rights or legitimate interests in the subject domain names.”).
Respondent is not commonly known by the <cisspclasses.com> domain name. Respondent is not affiliated with Complainant in any way, nor has Complainant authorized Respondent to use its CISSP trademark or to register the disputed domain name. The WHOIS information identifies respondent as “Davis, Sita & Company, P.A.,” which Complainant claims to bear no similarity to the <cisspclasses.com> domain name in any way. Finally, Complainant asserts that nothing on either the <cisspclasses.com> website or the website of Davis, Sita & Company, P.A. indicates that Respondent is commonly known by the <cisspclasses.com> domain name. However, as set out above in the findings, this issue was rebutted by Respondent.
Still, Respondent is not commonly known by the disputed domain name for the purposes of Policy ¶ 4(c)(ii). See Reese v. Morgan, FA 917029 (Nat. Arb. Forum Apr. 5, 2007) (concluding that the respondent was not commonly known by the <lilpunk.com> domain name as there was no evidence in the record showing that the respondent was commonly known by that domain name, including the WHOIS information as well as the complainant’s assertion that it did not authorize or license the respondent’s use of its mark in a domain name).
Respondent’s use of the <cisspclasses.com> domain name cannot qualify as a bona fide offering of goods or services under Policy ¶ 4(c)(i) or a legitimate noncommercial or fair use under Policy ¶ 4(c)(iii). Complainant asserts that the disputed domain name resolves to a website which purports to provide training classes, rendering the content provided at the resolving website in competition with Complainant.
The bulk of UDRP precedent indicates that resolution of a disputed domain name to a site featuring competing products or services does not satisfy either Policy ¶ 4(c)(i) or Policy ¶ 4(c)(iii). See Coryn Group, Inc. v. Media Insight, FA 198959 (Nat. Arb. Forum Dec. 5, 2003) (finding that the respondent was not using the domain names for a bona fide offering of goods or services nor a legitimate noncommercial or fair use because the respondent used the names to divert Internet users to a website that offered services that competed with those offered by the complainant under its marks). Respondent’s use of the <cisspclasses.com> domain name does not constitute a bona fide offering of goods or services under Policy ¶ 4(c)(i) or a legitimate noncommercial or fair use under Policy ¶ 4(c)(iii).
The Panel also finds that Respondent’s assertion, in this regard, of the doctrine of “fair use” must fail, notwithstanding Circuit level cases concerning the need to identify goods and services; those cases rely on “necessity.” Factually, Respondent failed to show “necessity.”
Registration and Use in Bad Faith: Policy ¶ 4(a)(iii).
Complainant argues that Respondent’s bad faith registration and use of the <cisspclasses.com> domain name is evidenced by its offer to sell the domain. Complainant claims that in an e-mail response to a cease and desist letter, Respondent noted that it would ‘create a website valuation and make a reasonable offer at which your client can purchase the website.’ The Panel does not find that this response is evidence of bad faith; as set out above, Respondent never made any calculation and never followed up, and neither did Complainant.
Certainly, Respondent was “overwhelmingly likely” to have been aware of Complainant’s rights in the CISSP mark at the time of Respondent’s registration of the <cisspclasses.com> domain name and to have chosen that domain “with the objective of creating a likelihood of confusion with the Complainant’s mark as to the source, sponsorship, affiliation or endorsement of the website resolving at the disputed domain name.” Respondent engages in commercial activity through its website at the disputed domain name by purporting to provide training classes for a fee. The impetus for Respondent’s registration and use of the <cisspclasses.com> domain name was to create confusion as to Complainant’s affiliation or association with the disputed domain name, allowing Respondent to use this confusion for its own pecuniary gain. The Panel considers Respondent’s registration and use of the <cisspclasses.com> domain name to evidence an attempt to attract Internet traffice for commercial gain, constituting bad faith under Policy ¶ 4(b)(iv). See Luck's Music Library v. Stellar Artist Mgmt., FA 95650 (Nat. Arb. Forum Oct. 30, 2000) (finding that the respondent engaged in bad faith use and registration by using domain names that were identical or confusingly similar to the complainant’s mark to redirect users to a website that offered services similar to those offered by the complainant).
Complainant further contends that Respondent “knew or should have known that CISSP was a protected trademark and knew or should have known that the Complainant is genuinely known for providing certification and training” at the time of the <cisspclasses.com> domain name’s registration. Complainant’s registration of the CISSP mark may establish Respondent’s constructive notice of Complainant’s rights in the mark, constructive notice has typically been found to be insufficient to support a finding of bad faith under Policy ¶ 4(a)(iii). See BMC Software, Inc. v. Dominic Anschutz, FA 1340892 (Nat. Arb. Forum Oct. 6, 2010) (determining that constructive notice will usually not support a finding of bad faith). Here, Respondent’s use of the <cisspclasses.com> domain to offer certification classes which directly compete with those offered by Complainant evidences Respondent’s actual knowledge of Complainant’s rights in the CISSP mark. The Panel may conclude that Respondent’s actual knowledge of Complainant’s mark at the time of the contested domain’s registration establishes Respondent’s bad faith registration and use of the domain pursuant to Policy ¶ 4(a)(iii). See Radio & Records, Inc. v. Nat'l Voiceover, FA 665235 (Nat. Arb. Forum May 9, 2006) (finding that there are reasonable grounds to infer that Respondent had actual notice of Complainant's rights in the mark, and therefore registered the disputed domain name in bad faith, since Complainant's magazine covers an industry towards which Respondent's services are marketed).
Respondent’s inclusion of a disclaimer of affiliation with Complainant on Respondent’s website is not determinative in this case. The disclaimer is insufficient to preclude bad faith registration and use, because by the time Internet users view the disclaimer, the users will have already been diverted to Respondent’s site. The purpose of Respondent’s improper trademark use will have already been achieved. Respondent’s use of a disclaimer, then, does not mitigate a finding of bad faith under Policy ¶ 4(a)(iii). See Ciccone v. Parisi, D2000-0847 (WIPO Oct. 12, 2000) (“Respondent’s use of a disclaimer on its website is insufficient to avoid a finding of bad faith. First, the disclaimer may be ignored or misunderstood by Internet users. Second, a disclaimer does nothing to dispel initial interest confusion that is inevitable from Respondent’s actions. Such confusion is a basis for finding a violation of Complainant’s rights.”).
Reverse Domain Name Hijacking
The facts do not support a finding of reverse domain name hijacking.
Note
The issues raised by Respondent concerning this mark, which is asserted to be a “certification mark,” were not raised until the Respondent filed its Additional Submission. Complainant did not respond. Given the point in time at which this issue was raised, and the allegations that this UDRP proceeding could result in a termination of the mark, the Panel has determined not to consider the issue. Resolution of the issue of termination is for the USPTO and the courts, not a UDRP panel.
Having established all three elements required under the ICANN Policy, the Panel concludes that relief shall be GRANTED.
Accordingly, it is Ordered that the <cisspclasses.com> domain name be TRANSFERRED from Respondent to Complainant.
R. Glen Ayers, Panelist
Dated: February 3, 2013
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page