but now I also think if you deny the complainant has ownership of the name I don't see how the UDRP can be applied considered in the first place.
No.
A couple of things... First off, that panelist's weird fixation with WHOIS privacy is certainly not something we argued in that case. I agree that statement is indeed nuts.
But if you are saying that "if someone is the registrant of a name, you are conceding their right to own it", then the UDRP becomes something of a silly exercise, since that's always true.
To say that someone is in possession of something is not a concession that they are the rightful owner of it. If my neighbor steals something from me and is keeping it in my house, I still would have to get a court order to have someone go in there and get it back.
A UDRP stolen name case works just fine when you can show that the domain name, or the letters constituting the domain name served as more than a domain name per se, but had functioned as a distinctive identifier of whatever the website was purveying.
The UDRP requires proof of three things:
1. Identity or confusing similarity to a mark
2. No legitimate rights or interests in the domain by respondent
3. Registration and use in bad faith
Even in an ordinary UDRP case, no one is conceding the registrant has rights to the domain name. Lack of rights is one of the points the complainant is specifically making.
So, in a stolen name case, as long as you can show something to establish point 1, then points 2 and 3 are pretty easy:
2 - There are no legitimate rights or interests because it is a stolen name.
3 - It has been registered and used in bad faith, because they stole it and won't return it.
The registrants email is the owner regardless of how it got there from a UDRP perspective.
No, and again, the entire point of the proceeding is whether the registrant's ownership is equitably legitimate, provided that there is a trade or service mark at issue.
You might want to review these as well:
<xag.com>
http://www.adrforum.com/domaindecisions/1633946.htm
<holylemon.com>
http://www.adrforum.com/domaindecisions/1008008.htm
Now, this one was a major PITA, since the language of the Proceeding was Chinese:
<apg.com>
http://www.adrforum.com/domaindecisions/1644615.htm
But in that last one, the respondent did show up and essentially claimed that he had bought it fair and square, just as you suggest. Of course, he couldn't show any evidence to the effect of from whom he had bought it. His whole point was that he bought it at an auction at Ename, which is notorious as the registrar of choice for stolen three letter domain names.
I don't see what's difficult to understand here:
I find it shocking that part 1 can be almost removed from the criteria:
No, in each of the cases noted above, part 1 was satisfied. I regularly get inquiries from people whose names have been stolen. In going over the facts with them, the first thing I look at is whether there is a credible claim that the domain name or corresponding string of letters was or was not used as an identifier apart from it being merely a website address. If that's not there, then I will typically refer that person to one of the lawyers who regularly litigates these things in the EDVA. If you look at, for example, the screenshots.com history of eht.com, you can see that it was being used as part of a banner at the top of a news site. In xag.com, it was used in client contact, marketing materials, and a client login page for the consulting services at issue there.
So, from a UDRP perspective, yes, you definitely have to make a plausible showing that the domain name functioned as a mark of some kind. Then, it's all downhill from there, since "lack of legitimate interests" and "bad faith" both directly relate to it being a stolen name.
Normally, the person who stole the name is not going to show up and contest it, since it's not as if they want to identify themselves further.
If you would like to see a stolen name case where both parties were represented by counsel who fully argued the thing out, take a look at finances.com in particular. That case involved a generic word, a claim that the domain name was stolen, and some filings by the Respondent which the Panel viewed with what can mildly be called skepticism. At the end of the day, though, point 1 of the UDRP wasn't established:
http://www.wipo.int/amc/en/domains/decisions/html/2006/d2006-0706.html
Respondent, in a sworn declaration, presents a completely different story. Respondent first spoke with Complainant in September 2005, asking if the disputed domain name was for sale. After an initial refusal, Respondent said he was prepared to offer substantial cash consideration for the domain name. Complainant replied that he would “check with family members” and revert later. “A man who said he was [Complainant’s] father” later called Respondent and said that Complainant and his family would sell the domain name for $150,000 to $170,000. When Respondent offered $120,000, this person agreed. This representative of Complainant sent Respondent a signed Domain Name Purchase Agreement, which Respondent signed and returned. Respondent then wired payment of $120,000 in accordance with the wiring instructions in the Purchase Agreement. Respondent attaches signed copies of this Purchase Agreement and a wire confirmation to the account set forth in the Purchase Agreement.
...
With the Reply Complainant submitted an affidavit of a handwriting expert, who gave his opinion that the purported signature on the Purchase Agreement was manufactured and in fact copied and pasted from the signature on the affidavit that Complainant submitted in support of the Complaint; an affidavit of an expert in international banking, who opined that the purported wire transfer confirmation was incomplete in a number of specific respects; Complainant’s sworn statement that his father died in 1982 and a copy of his father’s death certificate; Complainant’s sworn statement that neither he nor any company in which he had an interest had ever maintained a bank account at the bank or branch specified in Respondent’s purported wire transfer; and Complainant’s sworn statement that he had never had any contact (by email or by telephone) with Respondent.
.....
Complainant’s evidence in this proceeding, however, is not sufficient to demonstrate any use of <finances.com> as the source of his claimed consulting services or any public recognition of his mark or website. Other than his own conclusionary statement, Complainant presents no evidence even that he used the disputed domain name for consulting services or any other purpose, and no evidence that any person knew of his “mark” or associated it with him or his business. Such evidence, if it exists, is surely within Complainant’s control and could easily have been supplied - web page printouts, public advertising, a client’s inquiry, invoices, Google searches, or surveys, for example. As Respondent argues, at best Complainant has shown only his use of <finances.com> as a web and email address. There is no evidence of any person visiting that website or sending or receiving emails from that email address. That alone does not establish trademark rights in <finances.com> sufficient to invoke the Policy.
---------------
The individual concurrences by the Panel are illuminating as to what went on in that case as well.