Is Google Liable For Typosquatting Domains That Use AdSense?
from the seems-like-a-stretch dept
While I have tremendous respect for the ongoing work that Ben Edelman has done over the years exposing many of the dirty tricks used by spyware and adware vendors, I tend to disagree with his view on trademark law. In the past, Edelman sided with websites that sued early spyware vendors for putting up competing pop up ads, but that was missing the point. The real problem there was the fact that spyware was surreptitiously installed. If people wanted to see competitive ads, that should be their choice, and not a trademark issue. There’s nothing wrong with competitors trying to get your attention if they know you’re looking for a competitor’s product. That’s not a trademark law, so long as there’s no attempt to confuse users into thinking that one product was made by someone else.
Edelman, however, disagrees. And, now, he’s actually suing Google for allowing AdSense ads to be placed on “typosquatter” domains. This lawsuit seems like a longshot. As has been seen in numerous lawsuits over AdSense and trademarks, suing Google is trying to put liability on the wrong party. You could potentially sue the owner of the domain, but even that seems like a stretch. It’s unlikely that anyone arriving at the typosquatted domain will be “confused” into believing they’re at the correct site. They’ll either quickly retype the URL properly, or they’ll click on a link on the site that takes them to the proper site. There’s no actual “confusion” here and it’s difficult to see how there’s any consumer harm. The fact that Google makes money off the practice shouldn’t be seen as illegal at all.
Filed Under: ben edelman, lawsuits, trademark, typosquatting
Comments on “Is Google Liable For Typosquatting Domains That Use AdSense?”
But...
If it’s just one of those annoying pages full of useless ads, I agree, no big deal. If however someone is using one of these sites to hit people with trojans or other malware, which is entirely probable, that puts a different complexion on things.
I do agree that suing isn’t the answer, at least not as a first resort; if I got hit twice by the same bit of malware on different ads, after making a complaint about the first one, it would be another matter. Still, much as I’d like to see service providers be a bit more proactive about this kind of thing, it would help if more people followed the company’s own complaints procedure before hiring a lawyer.
Re: But...
If however someone is using one of these sites to hit people with trojans or other malware, which is entirely probable, that puts a different complexion on things.
Again, there’s simply no way that’s Google’s fault. That’s the fault of the sites that include that malware.
As usual, looking at the world through your own myopic vision – it’s not a problem for you, therefor it’s not a problem for anyone else.
For for education, the biggest problem with typosquatting is that it (a) spread malware/scammer sites and (b) pollutes the domain space, making it harder for the typical user to find stuff. Remember, not everyone is as perfect and as wonderful as you are.
I agree that trademark law should have nothing to do with it, and the correct course is suing for fraud and intent to deceive.
Re: Re:
As usual, looking at the world through your own myopic vision – it’s not a problem for you, therefor it’s not a problem for anyone else.
Um. That’s not what I said.
For for education, the biggest problem with typosquatting is that it (a) spread malware/scammer sites and (b) pollutes the domain space, making it harder for the typical user to find stuff.
Can you explain how either of those would make Google liable? The whole point of the post is whether or not Google is liable, so I’m not sure why you’re discussing a totally different issue (and trying to insult me at the same time for supposedly implying something I did not imply).
If there’s spyware or malware, that’s not Google’s fault. Nor is any so-called “pollution of the domain space” for which you offer no proof.
Not legally wrong, but could be evil
I don’t think that there is anything legally wrong with what Google are doing – at least, as far as the letter goes. As long as they are unaware of what a particular adsense agent is doing, they cant be liable.
But they do profit from the actions of parasites, many of which are far from benign. They can not possibly be unaware of this. They could be doing more, but they are not and collecting a tithe from their inaction, could be evil…
Re: Not legally wrong, but could be evil
How would they know? They don’t actually “audit” any of the sites that run their Google Ads as far as I know. They have no reason to.
That’s like a mugger getting paid to have a billboard over his house saying “free cookies” or something and then mugging you as you come in. You can’t go sue Oreo for what that guy did.
Re: Re: Not legally wrong, but could be evil
So they cant be expected to know when an individual decides to use their service? So what? Google does it’s best to employ some really smart people. Unless you are an idiot, you’ve got to believe that they understand that there are persons that are *using* Google for some shady stuff.
Cookie billboard? It’s closer to a landlord taking the rent, suspecting that a tenant is dealing drugs, but not calling in the cops to bust his arse.
Nothing illegal in that. Not liable in a legal sense. But they are raking in the doe and that could be evil.
Re: Re: Re: Not legally wrong, but could be evil
Unfortunately, law is rarely about good and evil. Law is about responsibility, liability, and avoiding liability.
Suspicion of illegal activity does not make you liable for the illegal activity. Assuming that putting ads up on a site you own is illegal, which it still hasn’t been proven to be.
Re: Re: Re: Not legally wrong, but could be evil
As a landlord, it was much easier to evict the drugs tenants. If the cops came, they would bust the doors down, tear up all the walls, etc and leave the place a wreck and possibly charge you, as landlord, with having a drug house, and possibly seizing the house. Simplest, quickest thing was to evict and get rid of the drug tenants without the expense of rebuilding a house.
Google's role & liability -- the court's view, and the relevant statutory language
Thanks for the thoughtful message.
Let’s put aside the early spyware/adware litigation. That’s a topic for another day.
But on the question of whether Google is liable for the domain registrations of its typosquatting partners: It’s instructive to review what the judge had to say. Remember, the case at issue was filed some 16+ months ago, and Google promptly filed a motion to dismiss, which was denied in relevant part. In the course of the denial of Google’s motion to dismiss, the court explained:
“Google contends that the ACPA cannot apply to it because it does not own or operate any of the allegedly infringing domain names. As noted above and by the parties, the ACPA imposes liability on one who ‘registers, traffics in, or uses’ certain types of domain names. … The FAC [first amended complaint] alleges that Google pays registrants for its use of the purportedly deceptive domain names, provides domain performance reporting, participates in the tasting of domain names, uses semantics technology to analyze the meaning of domain names and select revenue maximizing advertisements and controls and maintains that advertising. Given these allegations, Google’s motion to dismiss the ACPA count is denied.”
See http://docs.justia.com/cases/federal/district-courts/illinois/ilndce/1:2007cv03371/210005/145/ (page 12).
In short: An ACPA claim can properly lie not only against a domain registrant, but also against a domain registrant’s business partners, when such partners participate in the typosquatting project in certain ways (like those described above). This strikes me as entirely appropriate. After all, the ACPA statute prohibits not just “register[ing]” domain names, but also “traffic[ing and] us[ing]” domain names. And for good reason: Congress exactly intended to hold responsible not just domain registrants, but also those who coordinate, fund, and orchestrate typosquatting.
Does this change your thinking?
Separately, as to the #6 “anonymous coward” reply: Somehow Google figured out that when a user requested “bankofdamerica.com” (s.i.c.), the best (most prominent) ad to show was an ad promoting Bank of America. How did Google figure this out? Google’s own statements indicate use of “semantic analysis” — software to read a domain name, parse it, and figure out what a user was trying to do. You say Google doesn’t “actually ‘audit’ any of the sites that run” Google ads. I’m not sure I agree with that claim. But in any event Google certainly has to know where ads are appearing, in order to select the ads that will make as much money as possible. Of course, once Google notices that “bankofdamerica” is very similar to “bankofamerica,” it’s not much to ask that Google then realize that “bankofdamerica” is not an appropriate (or lawful) place on which to show ads.
Re: Google's role & liability -- the court's view, and the relevant statutory language
“How did Google figure this out? Google’s own statements indicate use of “semantic analysis” — software to read a domain name, parse it, and figure out what a user was trying to do.”
From a programmer’s standpoint, let me tell you how that would probably work.
1. Parse the text in the domain name, remove the www and the .com (or .net, etc), and determine the possible combinations of words. In this example, it would find bank, of, and America or bank, of, dame, and rica, or bank, of, and damerica.
2. Parse the remaining text in the web page and make note of each word and how many times is appears. Since the page is inaccessible at this time, I cannot directly show how that would work, but let’s assume that this is a typosquatter and not a site for the Bank of Dame Rica the whois lookup says it is for. If it were for a typosquatter targeting Bank of America, it probably has checking, debit, savings, “Bank of America”, ect on it several time in various places a machine would see it but not humans, ie. metadata, ect.
3. Google now looks at the list of words and how they are ordered (“semantic analysis” being recognizing that “Of all the banks in America, I like this the best.” is different than “I like Bank of America best of all the banks in America.” Computers have a very difficult time understanding word order in text of varying content and quality as the entire internet.) Since some personal site contain AdSence ads, it also checks for misspellings and uses the corrected spelling if no results can be found for the spelling in the page. If you google “bank america”, the two most common words on this hypothetical page once articles, etc are discarded, you will find the number one sponsored link, ie the person that purchased those words, is Bank of America, which is why they are on the page.
The problem Google has here is, the whois lookup says this site is registered to the Bank of Dame Rica. How could Google write a program to determine if a site is legit or not? Assuming such a program is found, how can you be sure it does not have even a single false positive or negative? Also, how can you be sure not one person can create a site that can bypass that filter? Computers cannot currently make that kind of distinction.
Re: Google's role & liability -- the court's view, and the relevant statutory language
In short: An ACPA claim can properly lie not only against a domain registrant, but also against a domain registrant’s business partners, when such partners participate in the typosquatting project in certain ways (like those described above). This strikes me as entirely appropriate. After all, the ACPA statute prohibits not just “register[ing]” domain names, but also “traffic[ing and] us[ing]” domain names. And for good reason: Congress exactly intended to hold responsible not just domain registrants, but also those who coordinate, fund, and orchestrate typosquatting.
Does this change your thinking?
No, it doesn’t change my thinking. I think the statute is wrong. It’s trying to place the liability on a party that isn’t actually responsible. Focus on those responsible, and you’ll get no argument from me. Dragging in business partners because they’re big and an easy target is a cop out.
Somehow Google figured out that when a user requested “bankofdamerica.com” (s.i.c.), the best (most prominent) ad to show was an ad promoting Bank of America. How did Google figure this out? Google’s own statements indicate use of “semantic analysis” — software to read a domain name, parse it, and figure out what a user was trying to do. You say Google doesn’t “actually ‘audit’ any of the sites that run” Google ads. I’m not sure I agree with that claim. But in any event Google certainly has to know where ads are appearing, in order to select the ads that will make as much money as possible.
Knowing what ad to display is TREMENDOUSLY different from knowing that a site is bogus.
An Ill-Fitting Suit
Like Mr. Masnick, heretofore I’ve had the utmost respect for Prof. Edelman’s work. This suit, and his defense of same, pushes him into the “I dunno…” category in my book.
Prof. Edelman uses, in his comment above, bankofdamerica.com an an example:
Prof. Edelman buries in this innocuous sentence two key assumptions:
Neither of those assumptions are remotely true. For example, I guarantee you I can find an attorney who will attest that benedelman.org is dilutive of edelman.com and, by virtue of using benedelman.org to obtain a professorship and speaking honoraria and the like, Prof. Edelman is a typosquatter and should be prosecuted under ACPA. It’s not completely out of the question I could find a jurisdiction with a judge who will agree with this claim. Yet, somehow, a computer is supposed to figure out, on its own, that this claim is ludicrous?
squatting site sometimes not all that obvious
Mike, I disagree with this assertion: It’s unlikely that anyone arriving at the typosquatted domain will be “confused” into believing they’re at the correct site.
I’ve stepped into a harvested squatting site on several occasions before noticing it was not the real site. This happens to me more when I am going to a site unknown to me – so I have no expectations of what it will look like. I figure it out one or two keystrokes in on most occassions. Sometimes I go far enough to click on an external (advertising?) link.
And I am an academic who teaches this stuff.
When I think about my mother surfing the web (or almost anyone’s mother surfing the web), I am confident it is possible for the naive surfer to not realize she has reached a rogue site. She would not pick up on the cues that you and I do – she would just trust she is in the right place and keep on clicking.
Re: squatting site sometimes not all that obvious
“I am confident it is possible for the naive surfer to not realize she has reached a rogue site. She would not pick up on the cues that you and I do – she would just trust she is in the right place and keep on clicking.”
Everything I know about usability leads me to second this.
If you think I’m just condescending to my fellow Web users by thinking that they’re morons, here is my current favorite Web reality check: In a recent study with participants who were selected to be more computer-savvy than the population in general, 24% were unable to figure out how to get to Google when they wanted to run a search as part of the task they were assigned.
No, that’s not a typo. 24%. Of smart people. Could not find their way to Google.
test
I think (Professor) Edeleman has picked the wrong issue.
Assuming he is truly interested in this topic academically, and not commercially.
The issue here is how can a user reach a website representing Trademark Owner (TO) with “zero” chance of reaching a website not representing TO.
Consider the case of 1-800-HOLIDAY where a challenge to 1-800-H0LIDAY was unsuccessful.
How could this dispute easily be avoided?
One way is if you remember the phone number for Holiday Inn, instead of remembering a vanity number. That is, 1-800-465-4329. You might store this in your address book, set up a speed dial entry for it, consult directory assistance to obtain it or even consult a copy of a printed phone directory, looking up “Holiday Inn”.
Ultimately you must dial that number to reach Holiday Inn.
Are computers different?
Let’s see.
If Edelman is serious about operating in the computer law field then I trust he is familiar with UNIX like systems.
I will walk through an example. I am not a UNIX guru. Any user who can type could handle this. In each case, the response times for these queries are a matter of microseconds. With local caching, to the senses it would seem “instantaneous”. All this can be scripted into a one-liner. I’m being verbose for expository reasons.
I am given a name.
“Holiday Inn”
I need a number.
As with looking in a telephone directory, I have to decide how to approach this. For example, should I look up http://www.holidayinn.com or just holidayinn.com? Let’s try those two.
/bin/whois http://www.holidayinn.com
No match for “WWW.HOLIDAYINN.COM”
/bin/whois holidayinn.com
Registrant:
Domain Administrator
Six Continents Hotels, Inc.
3 Ravinia Drive Suite 100
Atlanta GA 30346
US
Which would you pick? I think number two looks like the better choice.
Now let’s check the number.
/bin/host holidayinn.com
96.17.109.50
96.17.109.67
I now have two numbers now. Really no different than the concept of phone numbers for our purposes. I could type these in my browser, like pressing keys on the telephone. But first, the issue: Are they legitimately owned by Holiday Inn? Will these sites represent Holiday Inn or an alleged trademark diluter?
/bin/whois 96.17.109.50
/bin/whois 96.17.109.67
Registrant:
Domain Administrator
Six Continents Hotels, Inc.
3 Ravinia Drive Suite 100
Atlanta GA 30346
US
Type either of these numbers into your browser and you will reach Holiday Inn. When you do that you do not use DNS. As such, you avoid all the scams and security flaws you enjoy researching and writing about.
In short: 1. As an end user, use a local DNS cache with names and numbers you have verified (the pre-DNS the /etc/hosts concept) and 2. Use whois servers.
Most user only visit a small fraction of the sites on the internet. But just for discussion consdider:
How much storage space would a simple local DNS cache (only names + numbers) listing every Internet site available (i.e. billions) consume? I can fit the whole thing on my average, inexpensive laptop. It’s called Moore’s Law. 30+ years of innovation on CPU power since /etc/hosts was abandoned. And gigabytes cost less than .50 cents.
Question: How do you think Google can cache every site on the web?
Answer: More cheaply than you might imagine.
Things are often much more simple than people are led to believe. Using UNIX and understanding Internet hostory will teach you this.
apologies for the typos. luckily this is just a blog. i wonder if i would be as likely to make typos when typing numbers? i.e. where one mistyped digit could have significant consequences. something to think about.
/usr/bin/whois
/usr/bin/host
Here’s a quote from a news website last June:
Meanwhile, Tim Berners-Lee, one of the major forces behind creating the
World Wide Web, said on Friday that the names system had become “mired in
politics and commercial games.”
“It would have been interesting to look at systems that didn’t involve
domains,” Mr. Berners-Lee said.
The point is that few seem to remember the system does not require domain names. They are like vanity phone numbers. They are not essential for the system to work. What is essential is the phone (or, in this case, IP) *number*.
It is perplexing to see the enormous amounts of time, effort and financial capital devoted to research, argue and “remedy” a problem with vanity phone (IP) numbers. It’s called “vanity” for a reason. Meanwhile, as with license plates or myriad other systems, the *number* is the only thing required for the system to work. Why are people presuming consumers will never understand how to look up a phone (IP) number? The simple and easy to use software to do this is included by default on every PC, whether Microsoft, Apple, Linux, BSD, etc.
And now we are wasting the courts’ time with this.
I think we need education not litigation. The first step is learning to use the command line. It is not rocket science.
you could probably fit the whole .com namespace on an average laptop, perhaps with .net or .org, but certainly not all TLD’s
but, for the average user speaking 1-2 languages, addresses for every internet domain, worldwide, would not be necessary.
if you run your own caching DNS server (and/or maintain a hosts file) i think you’ll find the number of unique sites you visit in a lifetime is not that many. you don’t need terabytes or petrabytes to handle your name resolution needs.
i noticed edelman commented on another site that typosquatting is “illegal”. this is coming from a harvard grad?
the acpa is not criminal law.
it is trademark law.
frequently in online forums people incorrectly state that violating a license agreement is “illegal”. now we are extending this hyperbole to trademark law?
if you find domain names confusing, then use IP numbers.
if you don’t like ads, turn off javascript, use a text-only browser, keep your own DNS cache or use your hosts file. if someone is infringing your trademarks, then sue them. if you want to preempt typo names, register them (they only cost $7 each, much less than trademark fees). all easy to do.
but if they’re not your marks, then it’s not your business. the world does not need one more class action lawsuit.
the acpa gives _trademark holders_ a cause of action for infringement of their IP. it creates potential liability for an infringer. (absent zuccharini type outrageous behavior), it makes nothing “illegal”.