Région Ile-de-France v Il De France LTD
WIPO Case No. DGE2024-0001
•01-07-2024
ARBITRATION
AND
| MEDIATION CENTER |
ADMINISTRATIVE PANEL DECISION
Région Ile-de-France v. Il De France LTD
Case No. DGE2024-0001
1. The Parties
The Complainant is Région Ile-de-France, France, represented by Lexing Alain Bensoussan Avocats,
France.
The Respondent is Il De France LTD, Georgia.
2. The Domain Name and Registry
The disputed domain name <iledefrance.ge> is registered with Caucasus Online LLC (the .GE Registry).
3. Procedural History
The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on April 16, 2024. On April 17, 2024, the Center transmitted by email to the.GE Registry a request for registry verification in connection with the disputed domain name. On April 19, 2024, the .GE Registry transmitted by email to the
Center its verification response, disclosing registrant and contact information for the disputed domain name which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on April 21, 2024, providing the registrant and contact information disclosed by the .GE Registry, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on April 25, 2024.
The Center verified that the Complaint together with the amended Complaint satisfied the formal
requirements of the .GE Domain Name Dispute Resolution Policy (the .GE Policy), the Rules for .GE Domain
Name Dispute Resolution Policy (the .GE Rules), and the WIPO Supplemental Rules for .GE Domain Name
Dispute Resolution Policy (the Supplemental Rules).
In accordance with the .GE Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the
Complaint, and the proceedings commenced on April 25, 2024. In accordance with the .GE Rules,
paragraph 5, the due date for Response was May 15, 2024. The Respondent did not submit any response.
Accordingly, the Center notified the Respondent’s default on May 16, 2024.
page 2
The Center appointed Andrew D. S. Lothian as the sole panelist in this matter on May 21, 2024. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the .GE Rules, paragraph 7.
On June 17, 2024, the Panel issued Procedural Order No. 1 to the Parties. This noted that the Complainant attack caused by the domain name <defrance.fr> to the disputed domain name <iledefrance.ge>, or any other evidence of bad faith registration and use, noting that conclusory allegations will not suffice. The Respondent was invited to comment upon any such submission by June 27, 2024 and the Decision due date was extended to July 1, 2024.
had made an argument that the registration and/or use of the disputed domain name is linked to a cyber
attack caused by the domain name <defrance.fr>, which attack and domain name are further discussed in
the factual background section below. Said Procedural Order requested that on or before June 22, 2024, the
On June 21, 2024, the Complainant replied to Procedural Order No. 1. The Respondent did not provide any comments in advance of the related deadline.
4. Factual Background
The Complainant is a French local authority, and is an entity with legal personality governed by public law. It exercises certain powers devolved by the French State over part of French territory and is legally and financially autonomous. Previously known as the “Région Parisienne”, its present name dates back to a law of May 6, 1976.
The Complainant is the owner of French Registered Trademark No. 3385919 for a semi-figurative or device and word mark ILE DE FRANCE consisting of an eight pointed star beside the words “îledeFrance” in a red colored stylized typeface, where the first and last words are in a bolder typeface, filed and registered on
October 10, 2005 in Classes 16, 35, 36, 37, 38, 39, 41, and 42. Notably, said mark is registered in respect of
education, training, telecommunications, computer terminal communications, telecommunications and
electronic messaging services via Internet networks, publishing computer data for use on computer
networks, leasing access time to a database server center, and other goods and services. The Complainant
is also the registrant of the domain name <iledefrance.fr>, registered on March 11, 2001. Said domain name
is used to provide access to the <monlycee.net> service, a digital workspace or collaborative portal for
secondary schools (“Espace Numérique de Travail” or “ENT”) accessed by way of the URL
<ent.iledefrance.fr>. The Complainant’s trademark is displayed at the top of the login page for the said
workspace, which had a total of over 1.5 million accounts on December 14, 2023, covering pupils, parents,
teachers, staff, and guests.
The disputed domain name was registered on December 23, 2020, and currently points to a blank web
server index page. The Complainant produces evidence showing that an SSL certificate was issued for the
said website on February 13, 2024, expiring on May 14, 2024. When the Panel visited the said website on
May 23, 2024, there was no SSL certificate associated with it, suggesting that the certificate observed by the
Complainant had not been replaced following its expiration. [1] Little is known about the Respondent, which
has not participated in the administrative proceeding. Based upon the Complainant’s researches, the
Respondent’s organization and contact details appear to be false.
page 3
The Complainant produces various press articles and a criminal complaint showing that its ENT was subject to a cyber attack on Wednesday March 20, 2024. The attack appears to have followed the use of a domain name in the “.fr” country-code Top Level Domain (“ccTLD”) (<ledefrance.fr> (a typo of the Complainant’s
domain name without the leading “i”), registered on November 12, 2023) to publish a clone of the February 21, 2024 until its discovery by the competent authorities. The subsequent cyber attack resulted in high school students receiving a threat of terrorist activity in their establishment via one or more compromised accounts, together with a graphic video featuring an execution. The reports indicate that specialized investigation services were subsequently mobilized in response to the attack.
On or about March 21, 2024, the Complainant brought a complaint before the AFNIC registry under the SYRELI procedure regarding the domain name <ledefrance.fr> (Complaint Case No. FR-2024-03852). On the same date, the Complainant made a criminal complaint to the competent authority in respect of various offenses allegedly committed during the said cyber attack. On May 17, 2024, AFNIC forwarded its decision on the said SYRELI complaint, which ordered transfer of said domain name to the Complainant.
On April 24, 2024, a French national was sentenced by the competent authority in respect of various crimes connected to the said cyber attack including fraudulently collecting personal data and using the same to access the Complainant’s ENT. There is no evidence before the Panel showing that the sentenced person can be directly linked in any way to the registration or use of the disputed domain name in the present case.
The Complainant considers that the preparations for use of the disputed domain name by way of the SSL certificate suggest that it may be linked to the attempted compromise of its systems.
5. Parties’ Contentions
A. Complainant
The Complainant contends that it has satisfied each of the elements required under the .GE Policy for a transfer of the disputed domain name.
Notably, the Complainant contends that the disputed domain name identically reproduces the word element
of the Complainant’s trademark, and matches the Complainant’s domain name (absent the Top-Level
Domain, which is a technical element).
The Complainant asserts that the registrant information for the disputed domain name is visibly strange and that no trace of the registrant entity can be found from a Google search. It adds that the registrant organization information revealed by the Registrar is a rough imitation of the Complainant’s official name and returns no results on a Google search, with or without the given address. It also notes that the named entity is not identifiable in the databases of the Georgia Corporations Division according to a search dated April 24, 2024. The Complainant concludes that the passive holding of the disputed domain name cannot constitute a bona fide offering of goods and services or a legitimate noncommercial or fair use.
The Complainant notes the recent activation of the SSL certificate in respect of the webspace associated with the disputed domain name and submits that this indicates that the registrant wishes to activate a website. The Complainant links such activation to the recent cyber attack due to the proximity in time and asserts that the activation of the said SSL certificate was in preparation for another cyber attack.
In answer to Procedural Order No. 1, the Complainant made the following additional contentions and comments:
The Complainant references the SYRELI complaint and the criminal complaint, and their respective outcomes, as described in the factual background section above. The Complainant notes that “at this stage” it is not possible to demonstrate that there is a link between the Respondent and the author of the cyber
page 4
attack, since the Respondent has hidden its true identity. The Complainant reasserts that the proximity in time of the activation of the SSL certificate in respect of the disputed domain name tends to suggest a link between the Respondent and the accused individual who admitted being the perpetrator of the cyber attack,
and at least suggested the preparation for a fraudulent attack upon the Complainant to collect personal data.
The Complainant submits that the name of the Respondent directly evokes, in a fancy language, the
Complainant’s official and protected name, evidencing bad faith.
The Complainant concludes that the passive holding of a domain name that reproduces the official and reputed name of the Complainant by a person who has hidden its true identity (or worse, provided a false identity) is a serious indication of bad faith, it being noted that on a computer keyboard with the Azerty layout, the letters “ge” and “fr” are physically close to one another, adding that an inactive site under the disputed domain name is reputationally damaging to the Complainant.
B. Respondent
The Respondent did not reply to the Complainant’s contentions.
6. Discussion and Findings
A. Identical or Confusingly Similar
The first element of the .GE Policy functions primarily as a standing requirement. The standing (or threshold)
test for confusing similarity involves a reasoned but relatively straightforward comparison between the
Complainant’s trademark and the disputed domain name. WIPO Overview 3.0, section 1.7.
In the present case, the Panel notes that both the disputed domain name and the Complainant’s mark refer to a geographical term. In the context of the first element of the similarly worded UDRP, these are considered in the WIPO Overview 3.0, section 1.6, which notes that such terms, used only in their ordinary geographical sense, except where acting as a trademark, would not as such provide standing to file a UDRP case. Here, however, the Complainant has registered the term as a trademark.
| observed that “where the complainant owns a device or figurative registered trademark where the only word | That is not entirely the end of the issue. The Complainant’s mark is semi-figurative in nature. It has been and noting that the panel in that case also considered it relevant that the geographical term had not been disclaimed in the relevant registrations. |
| Here, the Complainant asserts that its semi-figurative trademark relates to digital education services and the Panel observes that the geographical term has not been disclaimed. Nevertheless, the Panel notes that the Complainant’s educational services are provided by virtue of it being the municipal authority responsible for education in the French region concerned. There is no suggestion, for example, that the Complainant | |
| provides digital education services under the ILE DE FRANCE mark to consumers of such services in any location other than the municipality for which it is responsible. Given this observation, the Complainant’s services appear to be tied to the named geographic region and thus are more likely to create “a goods-place association in the minds of consumers” rather than “an association between the goods and the trader itself” ((Zermatt, supra). |
page 5
It appears doubtful to the Panel, in light of the above analysis, that the Complainant would be able to avail itself of the exception to the general rule described above, such that it could establish standing in respect of the geographical term and ultimately prevail on the first element. However, given the Panel’s finding under the third element of the Policy, the Panel does not require to reach a final determination on the first element assessment.
B. Rights or Legitimate Interests
The requirements of paragraph 4(a) of the Policy are conjunctive. A consequence of this is that failure on the part of a complainant to demonstrate one element of the Policy will result in failure of the complaint in its entirety. Accordingly, in light of the Panel’s findings in connection with the third element under the Policy, no good purpose would be served by addressing the issue of the Respondent’s rights or legitimate interests in the disputed domain name.
C. Registered or Used in Bad Faith
In contrast to the UDRP, a complainant under the .GE Policy must establish only that the disputed domain name has been either registered or subsequently used in bad faith by the Respondent under the third element of the .GE Policy. The Panel notes that, for the purposes of paragraph 4(a)(iii) of the .GE Policy, paragraph 4(b) of the .GE Policy establishes circumstances, in particular, but without limitation, that, if found by the Panel to be present, shall be evidence of the registration and use of a domain name in bad faith. None of the specific examples apply in the present case.
Generally speaking, a finding that a domain name has been registered or is being used in bad faith requires an inference to be drawn that the respondent in question has registered or is using the domain name concerned to take advantage of its significance as a trademark owned by (usually) the complainant. The major challenge faced by the Complainant in the present case is that the term in the disputed domain name does not reference the Complainant’s mark exclusively or even predominantly but can also refer to a geographic location or region in France. This means that it is likely to be difficult for the Complainant to establish that it is being targeted by the disputed domain name in bad faith in contrast to the possibility that the registrant is merely making such geographic reference.
Here, the Complainant focuses on the Respondent’s passive holding of the disputed domain name, and asserts that it is, or was, being held in readiness for a cyber attack, and notably is linked to the attack recently perpetrated upon the Complainant using a “.fr” domain name. While the disputed domain name currently points to a blank index page, the Panel observes that it appears to be ready for a website to be uploaded at any time. The disputed domain name was registered three years ago. However, the Complainant points out that an SSL certificate was configured for the website only a month before the said cyber attack. In its response to Procedural Order No. 1, however, the Complainant provides no direct evidence linking the disputed domain name to the said cyber attack. The Complainant nevertheless reasserts that the timing of the SSL certificate amounts to evidence of targeting, adding that on the Azerty keyboard, the letters “ge” are close to “fr”, suggesting that the disputed domain name is being used for typosquatting.
Panels have found that the non-use of a domain name, including a blank page, would not prevent a finding of bad faith under the doctrine of passive holding. WIPO Overview 3.0, section 3.3.
Having reviewed the available record, the Panel notes that the Complainant’s mark is not particularly distinctive. As noted above, it represents a geographic area. It is presumably for this reason that the Complainant obtained a figurative trademark, in respect of which the protection, and any distinctiveness,
consists of the representation of the words rather than the words themselves. Given this fact, it must be considered whether the disputed domain name was more probably registered to be a representation of a geographic area within a domain name rather than to target the Complainant via a cyber attack as the
Complainant contends. The Complainant suggests that the timing of the SSL certificate, covering the period of the cyber attack, suggests that the disputed domain name was being readied to support that attack.
page 6
However, it acknowledges in response to the Panel’s inquiry that there is no direct evidence of any link between the disputed domain name and the attack.
The Panel considers that there is insufficient evidence that the activation of the SSL certificate was connected to the cyber attack upon the Complainant. The fact that the disputed domain name indicates a geographic area and does not, in and of itself, necessarily target the Complainant provides a plausible separate explanation for its registration. The disputed domain name points to an index page, suggesting that it has had web/hosting space set up for it at some point and that it is merely awaiting the uploading of content. The next logical step after setting up such web hosting might be for an SSL certificate to be obtained. This applies whether the disputed domain name is being used for good faith purposes of geographic reference or to target the Complainant and is therefore inconclusive in and of itself.
SSL certificates are of their nature time-limited in duration and the fact that a certificate has expired without a
website being uploaded does not necessarily mean that the Respondent must have been intent upon
targeting the Complainant at the material time. Importantly, the registration date of the disputed domain
name (December 23, 2020) is some three years before the cyber attack and does not correspond in any
way, including by any apparent or reasonable proximity in time, to the registration date of the domain name
that was allegedly used in the attack (November 12, 2023). In other words, while criminals may hold domain
names for a period of time before activating them, there is a substantial inconsistency here between the
length of time that the disputed domain name has been held when compared to the length of time for which
the domain name actually used in the attack was held.
The Panel notes that the disputed domain name is prima facie not similar in appearance to the domain name
allegedly used in the cyber attack. The Complainant asserts that the disputed domain name is intended to
be a typographical variant of its own <iledefrance.fr> domain name, observing that the letters “ge” and “fr”
are found close to one another on the Azerty keyboard. This is inconclusive, in the Panel’s view. In the
Panel’s opinion, the letters of the disputed domain name do not naturally fall into a “typo domain” category as
described, for example, in the WIPO Overview 3.0, section 1.9. Furthermore, the alleged typo is not similar
to the typographical variant of the Complainant’s own domain name as found in the domain name asserted
to have been used in the cyber attack (<ledefrance.fr>).
The letters “ge” and “fr” are near one another on the Azerty keyboard but they are not all directly adjacent. Absent evidence that one is a common typo for the other, the Panel does not believe that a user would naturally make the mistake of typing the ccTLD “.ge” instead of “.fr”. While the letters “f” and “r” are directly adjacent (being above/below one another), the letters “g” and “e” are not. This seems to the Panel to make the disputed domain name an unlikely choice for a typo domain that targets the Complainant’s own domain name.
The Complainant asserts that the Respondent has used false contact details, and has been unable to locate the Respondent to the address given, nor to find the Respondent on the appropriate companies registry. Furthermore, the Respondent has not answered the Complaint. The Panel observes that the name of the holder of the disputed domain name does at least suggest an entity name roughly corresponding to the disputed domain name, as might be expected of a registrant which is trying to call to mind the geographic term “Ile de France” rather than necessarily targeting the Complainant or its trademark. Consequently, even if this evidence were held to point in the Complainant’s favor, it does not indicate on the balance of probabilities, either on its own or in combination with the other evidence discussed above, that the Respondent is necessarily linked in any way to the cyber attack perpetrated upon the Complainant or is otherwise targeting the Complainant.
Panels have held that the use of a domain name for illegal activity, here, claimed unauthorized account access/hacking and/or impersonation, constitutes bad faith. WIPO Overview 3.0, section 3.4. However, on the Panel’s analysis of the evidence, the Panel does not consider that the Complainant’s allegations of illegal activity are made out in respect of this particular disputed domain name. Given that the term in the disputed domain name represents a geographic location that may be used for purposes unconnected to the Complainant or its trademark, or to its municipal activities, a more conclusive link to the illegal activities
page 7
complained of would be required than is put forward in the Complaint. The Panel considered that it was reasonable for the Complainant to be provided with an opportunity to adduce direct evidence of the link which it had asserted, notably because the criminal investigation appeared to be ongoing at the time that the
Complaint was filed. Nevertheless, despite the fact that the criminal investigation appears to be concluded and has culminated in the sentencing of an accused person, it is significant for the purposes of the present proceeding that no additional evidence has come to light linking the disputed domain name to the cyber
attack.
Accordingly, having reviewed the record, the Panel finds that the Complainant has not carried its burden in respect of the third element of the .GE Policy and the Complaint fails.
7. Decision
For the foregoing reasons, the Complaint is denied.
/Andrew D. S. Lothian/
Andrew D. S. Lothian
Sole Panelist
Date: July 1, 2024
Panel considers that the principles which have been developed under the UDRP (notably including the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition, (“WIPO Overview 3.0”)) may be applied where appropriate under the .GE Policy. In light of the Complainant’s submission regarding the SSL certificate associated with the disputed domain name, and bearing in mind its expiration date, the Panel considered that it would be useful to visit the website associated with the disputed domain name in order to assist it in reaching its determination. On the topic of the Panel conducting such research, see section 4.8 of the WIPO Overview 3.0.
0
0
0