Google Wins Cybersquatting Dispute

Cybersquatting was all over the press a few years back, not long after businesses discovered what a good website could do for them. It doesn’t make the news very often anymore, but it still happens. Google recently won a near-textbook cybersquatting dispute. The case is instructive for anyone concerned with protecting their good domain name online.

Possessing a very popular and well-known name has its good side and its bad side. It’s a wonderful thing when you’re an online business and everyone knows who you are — to the point of being the first place that many Netizens stop to see where they want to travel on the Information Superhighway. Search engine Google has this distinction, but it carries with it the problem that a lot of people want to ride on its coat tails. In this case, imitation is not exactly the sincerest form of flattery.

So one can imagine that it must have been a relief at the Googleplex to receive the ruling from National Arbitration Forum arbitrator Paul A. Dorf in favor of the search engine. In what has been referred to by the Associated Press as a “typosquatting” dispute, Dorf found that Sergey Gridasov did not have a legitimate right to use four domain names that were each within a letter of Google’s registered domain name. All four illegitimate domain names were registered after Google registered its own name in late 1999.

Sergey Gridasov, who lives in St. Petersburg, Russia, did not respond to Google’s complaint, filed in early May. This meant that the arbitrator could accept all of Google’s reasonable allegations as true. Given that the four Internet domains registered by Gridasov were googkle.com, ghoogle.com, gfoogle.com, and gooigle.com, one can reasonable assume that he was depending on the similarity in names to raise the traffic to his own sites. Gridasov registered the domains through Computer Services Langenbach GmbH, whose website for domain name registration is Joker.com. As of this writing, word of the ruling had not reached Joker.com; it still shows the four domains as belonging to Gridasov. (That will likely no longer be true when this story goes to press). I didn’t visit any of the four sites directly, for reasons I will make clear shortly.

It’s one thing for a person to register their displeasure with a company by purchasing the domain name ThisCompanySucks.com. Even if they vent their ire on the site and encourage others to do the same, there are many who would consider this a form of free speech — though it’s a good bet that large companies with well-paid lawyers aren’t among them (which helps to explain why www.microsoftsucks.com doesn’t exist). Gridasov was doing it simply to raise the traffic on his site. Indeed, according to the Associated Press, he acknowledged as much in an email to him, but claimed that he hadn’t heard any complaints about it until he began to post code on his sites from another company. He claimed in his email that the code wouldn’t cause any trouble.

It doesn’t appear to be that simple, however. On April 26 — just a few short weeks before Google would file its complaint against Gridasov — Finnish company F-Secure filed an advisory on its website about googkle.com. In the advisory, the virus and malware identification company explains that, “If a user opens a malicious website, his/her computer gets hijacked — a lot of different malware gets automatically downloaded and installed: trojan droppers, trojan downloaders, backdoors, a proxy trojan and a spying trojan. Also a few adware-related files are installed.” After going through a lengthy description of what happens when a user visits googkle.com, F-Secure sums up “So as you see, a nice malware package get(s) install on an affected computer: 2 backdoors, 2 trojan droppers, a proxy trojan, a spying trojan (that steals bank-related information) and a trojan downloader.

Was Gridasov a dupe, or was he turning a profit one way or another from hosting the malicious applications on his website? It hardly matters either way. It is certainly not the sort of thing that Google would want its name to be associated with, considering that its own Sergey (Brin) is credited with originating the philosophy at the company that Google should “do no evil.” Given that the domain names also contained links to products that are not related to Google (according to a Reuters story), it seems pretty clear that Gridasov was acting in bad faith. This left the arbitrator with a rather easy decision to make.

The Internet Corporation for Assigned Names and Numbers (ICANN) has a Uniform Domain Name Dispute Resolution Policy that serves as an alternative to trademark lawsuits. It is handled by the National Arbitration Forum, which hears thousands of domain name disputes every year. One can only assume that this huge volume of cases has led to a certain degree of efficiency. The Google decision runs to only seven pages, each one building appropriately on the one before and citing all the right precedents. One could wish that more legally-binding documents were as simple.

When Gridasov signed up for his domain names with Joker.com, he agreed to resolve domain name disputes through ICANN’s policy mentioned above. Within a week of receiving Google’s complaint, the NAF notified Gridasov via email, postal mail, and fax, “to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts…” and gave him until June 8 to respond. When he didn’t respond, the NAF used the same methods to let him know that the case would proceed without his response.

Google made three assertions, which practically go by the textbook as to what a complainant needs to assert and prove in order to obtain relief. They were:

  • That the four domain names were confusingly similar to Google’s.

  • That Gridasov did not have any rights or legitimate interests in the domain names.

  • That Gridasov registered and used the domain names in bad faith.

The search engine giant’s desired relief was to have the domain names transferred to itself.

The first part of the findings proved Google’s rights the Google name. Google filed its registration for its name with the United States Patent and Trademark Office in mid-September of 1999, preceding Gridasov’s earliest registration of his domain names by a little more than three months. Although Google did not receive a registration for its name from the USPTO until January 2004, to quote the decision, “once Complainant’s mark has been registered, Complainant’s rights in the mark date back to the date the mark was originally filed with the USPTO.”

The four domain names differ from Google’s by only one letter. Panelist Paul Dorf notes that “Under the Policy, panels have widely held that the addition of one letter to a mark does not create a distinct domain name.” This establishes the first point, that the domain names are confusingly similar to Google’s.

The second point, that Gridasov had no rights or legitimate interests in the domain names, was only a little bit harder to prove. First of all, Google’s mere assertion that Gridasov had no rights or legitimate interests in the names shifted the burden of proof onto Gridasov, who had not responded to the complaint. The panel could (and, indeed, did) determine from that alone that Gridasov had no rights or legitimate interests in the names. Google went further, though, saying that Gridasov is not commonly known by those names. Google also pointed out the malware and unrelated products issues. The panel makes an important finding that anticipates the third prong of the decision. “The Panel finds the use of domain names that are confusingly similar to Complainant’s mark to attract Internet users to a website that may annoy or harm the users in some way, and that appears to serve no legitimate function, is harmful to Complainant as the users may assume that Complainant has some affiliation with the harmful content.”

Finally, the panel touches on the third thing that must be proved for Google to be granted relief: that Gridasov registered and used the domains in bad faith. Reiterating the malware and product offerings, Dorf went further to state that “The Panel assumes that Respondent earns compensation through its website from third parties by redirecting Internet users via links on Respondent’s websites. Thus, the Panel determines that Respondent’s use of the disputed domain names to benefit through a likelihood of confusion is evidence of bad faith registration…” Dorf adds that “Under the Policy, typosquatting is itself evidence of bad faith registration and use of the disputed domain name and the Panel finds no reason to distinguish Respondent’s use of the practice in this instance.”

Paul Dorf neatly concludes that all three elements required under the ICANN policy have been met, and granted that ownership of all four of Gridasov’s disputed domain names should be transferred to Google. Dorf was chosen as the sole panel member for the case on June 16; the three weeks it took to resolve the case, although unusually fast by some standards, seems about right for something that was apparently this straightforward. One can only hope that the dispute resolution system continues to be this fair and efficient, for all disputants involved.

Google+ Comments

Google+ Comments