.nz Dispute Resolution Service
DRS Reference: 516
Security-Assessment.com v Sonya Jane
Key words -
Datacraft (NZ) Limited
Mr Doug Browne
Building 2, Level 1
12 - 16 Nicholls Lane
105 Wellington Street
2. Domain Name/s
security-assessment.co.nz ("the Domain Name")
3. Procedural history
3.1 The Complaint was lodged on 21/06/2010 and Domain Name Commission (DNC), notified the Respondent of the validated Complaint on 24/06/2010. The domain/s were locked on 21/06/2010, preventing any changes to the record until the conclusion of these proceedings.
3.2 There was no response filed by the Respondent.
3.3 The Complainant paid Domain Name Commission Limited the appropriate fee on 22/07/2010 for a decision of an Expert, pursuant to Paragraph 9 of the .nz Dispute Resolution Service Policy ("the Policy").
3.4 Mr Andrew Brown QC, the undersigned, ("the Expert") confirmed to the DNC on 30/07/2010 that he knew of no reason why he could not properly accept the invitation to act as expert in this case and that he knew of no matters which ought to be drawn to the attention of the parties, which might appear to call into question his independence and/or impartiality.
4. Factual background
4.1 Although the Complainant is listed as Security-Assessment.com, the body of the Complaint makes it clear that Security-Assessment.com is a trading name and that the actual legal entity lodging the Complaint is Datacraft (N.Z.) Limited. Throughout this decision, Datacraft is referred to as the Complainant.
4.2 In December 2007, the Complainant purchased an information security consulting business then being carried on by Security-Assessment.com Limited (a company which was incorporated and began trading on 8 April 2003). The acquisition was of the business and not the shares in the company. The Sale Agreement recorded that, as part of its acquisition of the business, the Complainant acquired the Intellectual Property and Goodwill of the business. Amongst the assets and intellectual property rights acquired were the business name Security-Assessment.com, the domain name www.security-assessment.com and certain unregistered trade marks namely:
h Security.Assessment.com Limited
h SA logo
h Security-Assessment.com logo
5. Parties' contentions
5.1 The Complainant states that in February 2006 (some 22 months before it acquired the business) a franchise agreement:
... was entered into to open an Australian branch of Security-Assessment.com. This agreement was between Drazen Drazic ("Drazic Family Trust") and Security-Assessment.com Pty Limited ("made up PB Entity Limited and the trustees of the Benson Family Trust").
After nearly two years of operation in August 2007 the process to discontinue the franchise agreement was started between Security-Assessment.com Pty Limited and the Drazic Family Trust (Drazen Drazic and Miranda Hamilton).
5.2 The Complaint further states that Security-Assessment.com Australia was officially shut down in August 2007 and all rights to the trading name and any trade marks were removed. The ex-employees of Security-Assessment.com Australia went on to form a competitive company in Australia called Securus Global. This offers the same services as the Complainant.
5.3 The Complainant has outlined that in January 2008, a Deed of Settlement and Release was signed between Drazen Drazic as trustee of the Drazen Family Trust and the trustees of the Benson Family Trust and Security-Assessment.com Pty Limited.
"On the 18th February 2008 a letter detailing some of the further points of settlement was then signed and sent to Peter Benson of Security-Assessment.com from Drazen Drazic (in his personal capacity and as a trustee of the Drazic Family Trust) and Miranda Hamilton. The letter confirmed the agreement not to redirect or use the registered domains. And also demonstrates that Mr Drazic registered the Security-Assessment.co.nz domain whilst he was employed by Security-Assessment.com.
5.4 The Complaint attached the letter dated 18 February 2008 from the Trustees of the Drazic Family Trust and Miranda Hamilton addressed to Peter Benson and headed "Security-Assessment.com Pty Limited - Settlement". The letter referred to a Deed of Settlement and Release dated 25 January 2008 (not produced). Several paragraphs of the letter stated
"2. In relation to settlement of the sale of shares in the Company by Peter Benson and the Benson Family Trust to the Drazic Family Trust under the Deed of Settlement & Release:
(b) we undertake to ensure that, for so long as the "security-assessment.co.nz" and "security-assessment.co.nz" domain names (NZ Domain Names) are registered to a SACA Entity (as that term is defined in the Deed of Settlement & Release), the NZ Domain Names remain in a parked state and do not redirect to the website of any SACA Entity;
(c) we undertake to park the "security-assessment.com.au" domain name (Au Domain Name) on or before 1 April 2008 so that it does not redirect to the website of any SACA Entity; ..."
5.5 The Complainant outlines its contentions as to Unfair Registration and in particular that the Domain Name is now in active use and redirecting to Securus Global:
"The security-assessment.co.nz domain has been unfairly registered by Sonya Jane as the registrant has no rights to the trade mark or name being used. The fact that this domain is redirecting to a competitor by registrant Sonya Jane is a clear indication that there is a connection between Sonya Jane and Securus Global.
The registrant Sonya Jane appears to have knowingly given the Registrar false contact information. Repeated attempts have been made to contact Sonya Jane both on the mail address given and telephone numbers. The Fax number is not a FAX number but rather a 0800-RECORD IVR system. Enetica the registrar has been contacted and they have no further or updated details for the registrant and have referred me to the .nz Domain Name Commission. This may indicate that the domain registration details have been falsified to hide the actual registrant's details. With the current redirect in place it perhaps this registration was actually performed by Securus Global or one of its representatives.
Sonya Jane is using the registration of this domain for the purpose of unfairly disrupting the business of Security-Assessment.com and deliberately trying to lure customers away from Security-Assessment.com. Neither Sonya Jane nor Securus Global are permitted or authorised to use the Security-Assessment.com name in connection to their business and know full well that the rights to this domain name belong to Security-Assessment. com.
A further indication of the unfair registration activity of Sonya Jane and Securus Global is the use of domains other then the .co.nz domain. A clear example of this is the registration and use of the security-assessment.com.au domain. This re-inforces that the respondent Sonya Jane and Securus Global are engaged in a pattern of registrations for domains in which all rights including the trading name and trade mark are owned by Datacraft NZ Limited trading as Security-Assessment.com. The security-assessment.co.nz domain forms a part of this pattern. It also indicates that there is a connection/relationship between the two parties."
5.6 The Respondent has not filed any submissions in this proceeding.
6. Discussion and findings
6.1 The Complainant is required to prove that it has met the requirements in paragraph 4 of the Policy namely that:
"4.1.1 The Complainant has Rights in respect of a name or mark which is identical or similar to the Domain Name; and
4.1.2 The Domain Name, in the hands of the Respondent, is an Unfair Registration."
6.2 Paragraph 4.2 specifically provides that:
"The Complainant is required to prove to the Expert that both elements are present on the balance of probabilities"
a. The Rights
6.3 The term "Rights" is defined in paragraph 3 of the Policy as follows:
"Rights includes, but is not limited to, rights enforceable under New Zealand law. However a Complainant will be unable to rely on rights in a name or term which is wholly descriptive of the Complainant's business.
6.4 A preliminary point arises. Under the definition of Rights, a Complainant is unable to rely on "rights in a name or term which is wholly descriptive of the Complainant's business".
6.5 The issue whether a name or term is wholly descriptive is a difficult one. The opening sentence to the definition of Rights makes it clear that Rights "includes ... rights enforceable under New Zealand law".
6.6 Under New Zealand law it is possible to sue on unregistered trade marks either in passing of or in reliance on s9 Fair Trading Act 1986 (misleading or deceptive conduct). Authority establishes that even in respect of unregistered marks of a descriptive nature it is possible to show acquired distinctiveness through use. The New Zealand Court of Appeal in Dominion Rent-A-Car v Budget Rent A Car  2 NZLR 395, 408 noted (per Cooke P with whom other judges agreed) that:
"There is a price to be paid for an eloquently descriptive trade name. Its very descriptiveness tends to make it not truly distinctive of any particular business" (per Cooke P)
6.7 However Cooke P went on to allow that, as a result of usage, descriptive words may in fact become distinctive of a particular business:
"This principle does not altogether rule out the possibility that by usage the descriptive words may become distinctive ... but it means that true distinctiveness is especially hard to establish"
6.8 The second sentence to the definition of "Rights" must therefore be read subject to the first. The restriction on a Complainant relying "on rights in a name which is wholly descriptive of the Complainant's business" will not prevent a Complainant from relying on a name or mark which it can show that, as a result of usage, has become distinctive of its business. In such a case, acquired distinctiveness through use means that the mark is no longer "wholly descriptive". Wadlow states that the burden of proving a secondary meaning is higher in proportion to the descriptive quality of the mark.
6.9 Case law in New Zealand and Australia contains a number of examples where descriptive names have become distinctive through use. In New Zealand, "Diesel & Turbo" was held to be close to the borderline but capable of sustaining an action. "New Zealand Insurance" was held to have acquired a secondary meaning through long use. In Australia the Full Federal Court has held that "Pure & Simple" had become distinctive of the plaintiff as a consequence of 13 years use. Wadlow provides a number of similar examples in the UK Courts.
6.10 The Nominet Policy (from which the New Zealand Policy is drawn) has the same definition of Rights including the "wholly descriptive" exception. Nominet Panels have similarly held that guidance can be taken from passing off cases where rights have been allowed in such descriptive marks as "Beds Direct" and "Mr Chippy", see: Manorgate Limited t/a Direct Flooring v Ian Moffat DRS 02736 (there the disputed domain names included directflooring.co.uk); The Rug Company v Wonderland Rug Company DRS 00370 (on the facts "The Rug Company" held not to be wholly descriptive); Sussex Safetywear v Safetywear And Signs Limited DRS 05506 ("Sussex Safety Wear" found not to be wholly descriptive where there had been 13 years trading).
6.11 As noted earlier, under paragraph 4.2 of the Policy the onus is on the Complainant to show the existence of Rights on the balance of probabilities. A key part of the Complainant's onus of proof in the case of a claim to an unregistered trade mark with descriptive tendencies will be showing that the mark relied on has in fact achieved acquired distinctiveness through use. Relevant factors will include the length of trading under the unregistered mark, recognition of the user's rights to the mark by the trade and/or public and the extent and reach of expenditure on promotion of the mark.
6.12 In this case, the Complainant has no registered trade marks in New Zealand. It is therefore required to show, as at the date of registration of the Domain Name (26 August 2007), that it had a sufficient reputation or awareness in New Zealand (or rights enforceable under New Zealand law) in the unregistered trade marks SECURITY-ASSESSMENT and Security-Assessment.com. Also it is necessary to show that the marks are not "wholly descriptive of the Complainant's business".
6.13 The Complainant describes its business as follows:
"As a company we specialise in information security consulting by providing independent Advisory, Assessment and Assurance services. These services range from Penetration testing, Vulnerability Assessment, Risk, Governance including compliance advice around PCI DSS (Payment Card Industry Data Security Standard)"
6.14 The Complainant's website (which the Expert was invited to view) shows that the services provided by the Complainant also include Application Assurance and that it undertakes security research and development and network architecture reviews.
6.15 The unregistered trade mark SECURITY-ASSESSMENT is undoubtedly towards the very descriptive end of the spectrum of trade marks when considering the services listed in paragraph 6.14 above.
6.16 However I am persuaded by a fine margin that the mark is not wholly descriptive of the Complainant's business and that the Complainant has shown acquired distinctiveness through use in the marks SECURITY-ASSESSMENT and Security-Assessment.com as at the relevant date. Further these marks are identical or similar to the Domain Name:
(a) The predecessor company to the Complainant, Security-Assessment.com Limited, commenced operations in New Zealand in April 2003 and had been operating for four and a half years as at the relevant date;
(b) The December 2007 Agreement produced by the Complainant lists a range of some 27 contracts which Security-Assessment.com Limited then held in New Zealand with major companies, major banks, telecommunications companies, a Government Department and a major national law firm - virtually all predating the relevant date. This is an impressive list of agreements indicating a breadth of operations such that a reputation would certainly have been created in the trading names and unregistered trade marks SECURITY-ASSESSMENT and Security-Assessment.com as a result of use. These contracts transferred to the Complainant on acquisition;
(c) Further, there are services offered by the Complainant as part of its business for which the mark SECURITY-ASSESSMENT is not wholly descriptive. These include security research and development, application assurance and network architecture reviews.
b. Unfair registration
6.17 The Policy provides that Unfair Registration means a Domain Name which either:
"(i) was registered or otherwise acquired in a manner which, at the time when the registration or acquisition took place, took unfair advantage of or was unfairly detrimental to the Complainant's Rights; or
(ii) has been, or is likely to be, used in a manner which took unfair advantage or was unfairly detrimental to the Complainant's Rights."
6.18 The Policy sets out a series of non-exhaustive factors which may evidence that a Domain Name is an unfair registration. The factors include the following:
"5.1.2 Circumstances indicating that the Respondent is using the Domain Name in a way which is likely to confuse, mislead or deceive people or businesses into believing that the Domain Name is registered to, operated or authorised by, or otherwise connected with the Complainant;
5.1.3 The Complainant can demonstrate that the Respondent is engaged in a pattern of registrations where the Respondent is the Registrant of domain names (under .nz or otherwise) which correspond to well known names or trade marks in which the Respondent has no apparent rights, and the Domain Name is part of that pattern;
5.1.4 The Complainant con demonstrate that the Respondent has knowingly given false contact details to a Registrar and/or to the DNC; or ..."
6.19 In the Complaint, the Complainant tends to elide the actions of the Respondent with Drazen Drazic and Drazen Drazic's business Securus Global. The Complainant specifically asserts, as a result of the letter of 18 February 2008 quoted earlier, that it was Mr Drazic who registered the Domain Name. Later there is reference to "the unfair registration activity of [the Respondent] and Securus Global".
6.20 The Expert agrees with the Complainant that para 2(b) of the settlement letter of 18 February 2008 does strongly suggest that the Respondent is controlled by or connected with the writers of the letter Drazen Drazic and Miranda Hamilton. The willingness of those parties to give undertakings that the domain names mentioned (including the Domain Name in issue in this case) would remain in a parked state, does suggest an ability to control them and the Respondent. Further the date of registration of the Domain Name in August 2007 (which coincides with the date the Australian branch closed down) raises suspicions as to the coincidental timing. Finally the fact that the Domain Name now resolves to Securus Global plainly suggests a linkage.
6.21 However it is not necessary for the Expert to reach any final finding on this.
6.22 At the time she registered the Domain Name in August 2007, the Respondent had no apparent rights to or connection with the mark SECURITY-ASSESSMENT. By that stage, the Complainant's predecessor in title had been using the mark and the closely similar mark Security.Assessment.com for four years and had an impressive series of contracts with major businesses, banks and Government departments. The Respondent has not chosen to respond to the Complaint and this factor entitles the Expert to draw appropriate adverse inferences. Any use of the Domain Name at that time by the Respondent would have taken unfair advantage of or been unfairly detrimental to the Complainant's Rights in its unregistered mark. This meets the first limb of the definition of Unfair Registration.
6.23 But this decision can also be founded on the second and independent limb to the definition of Unfair Registration i.e. that the Domain Name "has been ... used in a manner which took unfair advantage of or was unfairly detrimental to the Complainant's rights".
6.24 As at the date of Complaint the Domain Name has been used in such a manner by the Respondent. In particular, the use being made of the Domain Name by (or most likely facilitated by) the Respondent is likely to mislead or deceive visitors to it into believing that the Domain Name is registered to, operated or authorised by or connected with the Complainant (paragraph 5.1.2 of the Policy). The name Security-Assessment had been used for four and a half years by the time of registration of the Domain Name and for over seven years as at the date of Complaint.
6.25 Although the Complainant uses the .com suffix as a key part of its trading name security.assessment.com, it is frequently the case that members of the public seeking a website will try .co.nz first or, will simply encounter the .co.nz Domain Name when doing a search engine search. In those circumstances they will very likely believe on first entering the site that (because of use of the mark SECURITY-ASSESSMENT) it is registered to or operated by the Complainant. By defaulting to a competitor website offering very similar or comparable services, there is a distinct possibility that members of the public may choose to deal with that company to the detriment of the Complainant.
6.26 Even if a visitor to the Domain Name realises after a short time that the Domain Name is not associated with the Complainant, it is nonetheless enough to have been misled in this way. In Trustbank Auckland v ASB Bank (1989) 15 IPR 222, 226 the Court of Appeal stated in relation to s9 of the Fair Trading Act (misleading or deceptive conduct) that it was a breach for a customer to be misled by a trade mark to enter bank premises even though, once in the premises, the customer may learn the real position:
"There seems to us to be no reason why s9 should not protect the public from being led into business premises by being misled as to the ownership of the business. Once a prospective customer has entered, he or she will often be more likely to buy."
6.27 Exactly the same can be said for the Domain Name in this case.
6.28 Given these findings it is not necessary for the Expert to consider other heads of complaint raised by the Respondent notably whether there is breach of paragraphs 5.1.3 or 5.1.4.
7.1 In view of the findings made above the Expert directs that the Domain Name security-assessment.co.nz be transferred to the Complainant.
Place of decision Auckland
Date 17 August 2010
Expert Name Mr Andrew Brown QC
 The Law of Passing Off (3rd edition) Thomson 8-61.
 Theodorus Couwenberg & Son Limited v Diesel Progress NZ Limited (1988) 2 NZBLC 102,976.
 NZ Insurance Co Limited v NZ Insurance Brokers  2 NZLR 40.
 Abundant Earth Pty Limited v R & C Products Limited (1985) ATPR 40-532.
 Wadlow 8-65 - 8-67; see also a list of cases where the claimant failed 8-09 - 8-72.