Eric,

I think you're right to focus on the numerous intermediaries Claria works with, and to want to talk about the significance of using so many intermediaries in a long chain. But I don't think I tried to "ignore" this question. To the contrary, I presented these facts explicitly, in paragraph four of my text and in the large diagram that follows -- complete with colored arrows to show how money and users get passed around.

I don't think you're right to say my conclusions turn on a relationship strained by the presence of so many intermediaries. My article shows two examples of Claria ads appearing in popups shown by spyware installed without consent. One of my examples (the one you prefer to focus on) entails an unusual four intermediaries between Claria and the nonconsensual-spyware vendor. The other example shows just a single intermediary in that position. In that second example, Claria pays Savings-Card.com to show its ads, and Savings-Card in turn pays notorious spyware vendor KVM Media (whose software is widely installed without consent). I consider this ample basis to conclude that Claria is funding spyware reasonably directly.

You might not like my first example. Fine. Then focus on the second. Using those facts, I don't think it's fair to characterize what I've found as "grammatical sleight of hand." Quite the contrary: Claria has vetted its partners sufficiently poorly that one of its partners buys ad traffic directly from a spyware vendor. That's not the "six contractual relations away" that you repeatedly criticize. (And incidentally I have good reason to think this isn't the only "dirty" Claria BehaviorLink partner. But a laundry list of bad partners, with voluminous screenshots and packet logs, is a project for another day.)

I take your underlying question to be why anyone should care about what I wrote in my recent piece -- and for that matter why I even spent the time to write it. Perhaps I didn't do a good enough job explaining why I think this matters, but I do think it's important.

1) Knowing how and where Claria promotes its own software speaks to the propriety of Claria's installation methods. Claria has sought and claimed legitimacy by proclaiming that users want its software, that users agree to run its software, and that its software is promoted properly, ethically, and in a manner consistent with other vendors. Yet Claria has chosen a set of distribution methods such that its software is advertised in popups shown by spyware that became installed without consent. That's highly notable: It speaks directly to the truth and persuasiveness of Claria's claims of proper installations. Now that Claria has cut back its other controversial installation methods (Kazaa, fake-user-interface banner ads on kids sites, etc.), it's especially timely to look at how Claria continues to get installed today.

2) Knowing how and where Claria shows BehaviorLink ads is of the utmost importance to advertisers and analysts evaluating BehaviorLink. Claria's BehaviorLink recruits advertisers with the promise of showing ads on "a wide range of portal and publisher partners." ( http://www.behaviorlink.com/media/releases/pr050215.html ) That's what Amazon reasonably thought it was buying when it paid Claria for the ad shown in my second example. Yet that's not what Amazon ultimately got; to the contrary, Amazon's ad was shown in spyware-delivered popups. I don't know how Claria views this situation. (They haven't contacted me on this subject, nor been quoted in the press.) We do know your view -- to assign blame to others, i.e to Claria's partners and to their partners, but not to blame Claria itself. You may be right as a matter of law. That said, I doubt Amazon (and other top-tier advertisers who are trying or considering BehaviorLink) will care exactly whose fault it is. For them, it's likely to be a big problem if their ads get shown in spyware-delivered popups; they hate spyware, they know it damages their brands, and they want nothing to do with it, even if they have plausible deniability, even if it's Claria's fault or the fault of some Claria partner. If Claria's bottom is line "buy BehaviorLink, and your ads will appear in spyware-delivered popups, and there's nothing we or you can do about it" then BehaviorLink is likely to have fewer customers than if BehaviorLink is purely virtuous in the ways Claria has previously claimed. I consider it useful and helpful to make sure advertisers have this information available -- especially since Claria isn't likely to provide it to them, and especially since (so far) no one else has bothered to look into this problem.

Incidentally, I find your references to McCarthyism, the holocaust, and witchhunts both unnecessary and inappropriate. Consumers may dislike spyware and adware, and may dislike the vendors who make this stuff. But no one is dying over these issues. Comparing adware to the holocaust does an injustice to the millions of holocaust victims.

Ben Edelman

Finally, someone with a logical anti argument to an irrational rant. Thank you for taking the time to respond to such nonsense. In my opinion Edelman is simply praying upon peoples fears in order to generate traffic to his own website, to hear himself speak and to put his name out there. This guy is worse than a southern Baptist minister on crack during an Easter weekend sermon. Thank you, Thank you, Thank you.

Ben, thanks for the additional explanation. I focused on your first example mostly because it showed quite vividly--using facts that you presented yourself--a point that has bothered me for some time: the extreme tenuousness of the causality chain you consider relevant. (Time permitting, at some future point, I can attack the logic flaws in the second example you discussed in your report.)

With respect to your first example, your first explanation in the comment above makes it a little clearer why you ignored the complexity of the causal chain (your second explanation goes to the other point I didn't try to address). If you're worried that Claria is continuing to do non-consensual installations, then researching their installation process makes sense. But your report didn't do that. You assumed away everything after the ad generated possible interest in the Claria screen saver (You wrote: "A Claria installation obtained through this ad may or may not be "consensual." To reach a conclusion, we'd have to look at what follows when users click the ad -- what they're told about the advertising, privacy, and other relevant effects of installing Claria's software. (Perhaps I'll give these ads a close reading in the future...).").

So what do we learn from your report about Claria's actual installation practices by the simplw fact that a Claria screensaver may have been advertised via a non-consensual installation? Nothing.

Meanwhile, I'm still waiting for the answer to my question, either from you or someone else:

"When is X responsible for an adware vendor’s unauthorized installation, and why?"

Finally, I apologize to the extent that the first version of my post could have been interpreted as analogizing the anti-spyware crowd to Nazis. I didn't say that and, given the number of my family members who were killed by the Nazis, I would never say that. My inclusion of the Niemoller poem appears to have been unintentionally confusing, so I've deleted that (and made a couple of other minor clarifications to that paragraph). I agree completely that an anti-spyware mania won't lead to widespread (or even limited) deprivations of life or liberty, and if I intimated otherwise, I'm very sorry.

Instead, I used the examples of witchhunts and McCarthyism as examples of manias and to show that manias are social defects that can be incredibly damaging both to society generally and people individually. We might legitimately debate if an anti-spyware mania is occurring or, if we agree a mania exists, that the mania is as damaging as I think it. However, if you don't recognize that this situation might be appropriately characterized as a mania, it's possible that you do not recognize that your contributions have the potential to impose adverse consequences on those you target--perhaps justifiably so, but also perhaps unfairly through a taint-by-association smear. If you haven't recognized this potential, then I think you seriously underestimate the power of your words.

Eric.

Edelman has made a career out of presenting an incomplete, half baked story to consumers and anyone willing to give him a platform to preach from. "Sleight of hand" is the best description I've heard yet to describe his 'research', and I hope that people will stop providing him a platform so that he can wither away to become yet another anonymous, hackysack playing college student trying to find another way to save the world.

In working on anti-spam legislation several years ago, a Republican office contacted me very late one night to discuss the idea of making advertisers liable when the knowingly promote their products by illegal spam. There would be a mechanism for consumers to alert companies to the fact that products were being advertised by illegal spam. That idea did not ultimately make it into CAN-SPAM.

But perhaps there should be some advertiser accountability here. Squeezing the money out of invasive or illegal practices will dry up this market.

As for the ad hominem again Ben, come on now. Ben is a tireless worker, and he's exposed a lot of unsavory practices that regulators, self-regulation, and even civil liberties groups haven't been able to discover.

Chris, I'm a little confused. 15 USC 7705(a) does create a liability scheme for some advertisers promoted by spam. There isn't the reporting mechanism for consumers that you describe, but the rest of the statute is exactly what you contemplated.

As far as I know (although I confess that I haven't thoroughly researched it), 7705 is the only situation where Congress has made an advertiser liable for the marketing media provider's actions. Am I missing any?

The statutory intervention is important because while legislators can establish this advertiser liability, finding advertiser liability through common law principles is very, very difficult.

As for the ad hominen attacks, I am fairly uncomfortable with the relevance of some of the prior comments. They are close to the border of what I will tolerate in the comments (and perhaps over the line, although my line isn't so rigid that I can say for certain). What I can say for certain is that I will not tolerate any further comments that are animated by an ad hominen attack on Ben or anyone else. This is not the appropriate forum for such behavior.

Eric.

Ah, you're right! I didn't know that the provision made it into the law!

Your lobbying was more effective than even you realized! :-) Eric.

Thank you very much for this interesting discussion (ignoring the one or other nonsense posts [my pointa view]). I do follow both your blogs on a recent, if not daily basis and I find that you probably are both right. I guess that Eric you are just really looking at it from a 'legal' point of view and Ben from a 'Spyware-warrior' view. Having read through both comments and arguments from your two parties, I guess a more clear writing of the original post by Ben Edelman would have left part of this discussion off the face. However, it is helpful and interesting to have read both points of views.
Both of you can be sure to keep me as a frequent visitor as I regard your writings often as very valuable to my work in fighting spyware/malware and being into the topic. Unfortunately, tho I d love to, I cannot really talk bout the legal point of view, as the German legal system is probably totally different and I am not really into the law thing.
Again thanks for the great blogs and comments from both of you. Keep up the good work.
Regards,

Johannes

I think we can all agree that Ben has been a tireless voice speaking out against spyware, and he's certainly helped to identify a number of important issues. But to nitsuj's point -- one thing to keep in mind is that Ben is not an objective voice in the debate. He's also a consultant to organizations with a significant financial stake in painting specific organizations as the enemy. Ad hominem or not, adware companies are not the only ones who can be rightly accused of engaging in deceptive practice.

O

[quote] Ben is not an objective voice in the debate. He's also a consultant to organizations with a significant financial stake in painting specific organizations as the enemy. [end quote]

Who does he work for and what organizations are you referring to ?

Are you saying that some of his clients (New York Times, National Association of Broadcasters, Washington Post, and the NFL) might want to see the demise of adware companies? Why? Because those companies are also advertising supported organizations and adware companies compete for the same advertising $$$ ? Or What?

Adware scumbag companies like Claria know exactly what they are doing. As alluded to in Goldman's article, they practice what is known as the "six degrees of separation" tactic. I am convinced that they do this knowingly and deliberately. It is akin to money laundering: Put enough layers in between yourself and the guys doing the dirty work, and you'll start to convince people (like Goldman, apparently), that you are doing nothing wrong.

Bollocks to that. Make no mistake -- these folks are clever shysters that are out to make a buck in any way that is technically legally possible, through any legal loophole they can fine. So, when they claim that "we are cleaning up our image," this should be immediately translated as "we are adding more layers between us and the guys that could get us into trouble."

Guillermo, thanks for the comment. Just to be clear, I'm not fooled that some actors use layers/multiple-degrees-of-separation to avoid responsibility. However, as a matter of law, "layering" may make a legal difference; and as a matter of ethics, it may make a difference as well depending on the specific facts.

Mostly, my goal is to figure out the boundaries of acceptable and unacceptable layering. To make any progress on this topic, we need to make this issue explicit and agree on some definitions and norms. Until we do so, everyone will just keep talking past each other.

Eric.

Well, if your stated goal is to simply figure out the boundaries of acceptable and unacceptable layering, you fooled me.

Your rhetoric, labeling anti-spyware researchers as zealots and agitators, and comparing what they are doing to witch hunts, McCarthyism and worse, points to quite a different modus operandi. Rather than simply objectively seeking the limits of current law as it pertains to the adware companies' layering tactics (or even to a hypothetically innocent "one hand doesn't know what the other is doing" situation, which I am convinced is almost NEVER the case, despite your arguments), your vehemence against anti-spyware researchers definitely throws your claim of your being an objective researcher and commentator into serious question.

Look, this is easy. As Edelman says, Claria (among others) use a big laundry list of bad partners, all the while claiming that they themselves are clean as a whistle. You're right -- as a matter of current law, that may make a difference in court. They knowingly exploit all relevant legal loopholes, as I mentioned. As a matter of ethics, though, the painstakingly tortorous logical gyrations that you go through to try to make your point in Claria's favor is utterly laughable. The ethical question is cut and dry, in this case: Claria knows exactly what it is doing, and its list of bad partners is no doubt a long one.

Still scumbags, through and through. Actually, the scumbag factor is even higher now. At least previously, they were more up front about what they were doing. Their recent pathetic attempts to "legitimize" themselves and their claims that they are 100% clean now, all the while simply pushing their bad operations further into the shadows by obfuscation and layering, just make them all the more slimy.

Guillermo, fair enough. I recognize that my post was crankier than my normal post, but as the long list of prior blog posts (attached to the bottom of this blog post) can attest, the "who is responsible for what?" question is hardly a new one. Yet, we seem to be making no progress in addressing the issue analytically (let alone resolving it intelligently), and I've reached the conclusion that this lack of progress can be ascribed in part to the social defect of a mania.

I do disagree with you that anything about this topic is "easy." I think the applicable law is insanely complex, and I think the ethics are complex (and much more nuanced than you do). Because of the respective complexities, we'll never make any progress if we're not even clear which one we're talking about.

That's why I put my question in plain English (as plain as I'm capable of) and in bold: "When is X responsible for an adware vendor’s unauthorized installation, and why?" Of the numerous responses I've seen to my post, your second responses so far comes closest to actually answering that question.

Eric.

Again, this is exactly the way the adware companies want it: insanely complex and "nuanced," as you say. You are playing right into their hands by believing that it is. The more layers of crapola that they can pile onto this, the more seeds of doubt they can sow, the more they can obfuscate and conceal the core issues and cause people to second- and third-guess their initial opinions about their practices, the better. They are getting to be masters at it.

Cut through all of those layers of fat, into the muscle and heart of this thing, and you will virtually always find the same thing: slimy people that will go to any lengths to make a buck. And that means getting their cancerous software onto your computer without your authorization. No one would KNOWINGLY authorize something like this to be on their machine, so the companies utilize two main strategies: (a) ignorance of the user community and (b) concealment through multiple intermediaries.

The ignorance angle works very well. I've witnessed more than one user simply click "YES" or "I AGREE" to a long, complex, or confusing pop-up message or window included in a bundled spyware installation. If I ask the users what they just clicked on, they have no idea. There are SO many users that could not repeat an error message that they just saw, if their lives depended on it. It was just an annoyance that they got rid of. Click, it's gone. No inkling whatsoever of what they just agreed to install.

Combine that with a Claria EULA that is something like 63 pages long and includes the most confusing language possible, complete with clauses that prohibit any removal by using antispyware programs, and you have a successful leverage of computer users' ignorance.

Combine THAT with a massive level of obfuscation and multiple intermediaries, to the point where people like you start to ask questions such as, "When is vendor A responsible for vendor J's unauthorized installation?," and you have a system where vendor A (and probably B, C, D... as well) are laughing all the way to the bank.

Do not be fooled, and do not play into their hands. Cut through the crap and you will see that at its core, this issue IS simple. No one wants this stuff on their computers. If a company puts it on their computers -- even through six degrees of separation -- it is still KNOWING separation, and it is still reprehensible. They know exactly what they are doing, and people like you that give them the benefit of doubt are giving them exactly what they want to hear. It is their best indication that their tactics are working.

[quote]Who does he work for and what organizations are you referring to ?

Are you saying that some of his clients (New York Times, National Association of Broadcasters, Washington Post, and the NFL) might want to see the demise of adware companies? Why? Because those companies are also advertising supported organizations and adware companies compete for the same advertising $$$ ? Or What?[quote]

I'm saying that, when you look at some of the actions being taken against certain adware companies, look a little deeper and you'll see Ben Edelman involved.

NYT, NFL, WP aside, when you see who is being sued and when you see who the law firms have consulting them, you'll understand why his interests are less than objective. Offer "evidence" that confirms the public's opinion and as Eric's post states, you've provided the witch required to satisfy the hunt.

I'll leave it up to Edelman to disclose his other clients.

Ah, but the knife cuts both ways, doesn't it?

Edelman consults for the law firms that are taking action against adware. Goldman defends the companies, like WhenU, that make the adware.

I see Edelman's work as necessary. In his articles, Ben presents his findings in a completely factual, objective manner, simply laying out in explicit technical detail exactly what this rogue software does, the tactics they use, and the confusing and frequently ludicrous EULAs they employ. He doesn't spin this information with his own opinions, because he doesn't have to -- the screenshots, descriptions of installation methods, and the like speak for themselves.

Goldman, on the other hand, blogs like he probably speaks in the courtroom.

A choice example from an article about Eric that I read back in June of this year:

"Perhaps this reporter found the only crackpots in the world who affirmatively, intentionally and voluntarily chose to install spyware/adware on their systems [see update below], but I don't think so. In fact, I think there's a pretty large group of people who went through the exact same thought process.

"As a result, the foundational assumption of most anti-spyware zealots--that "spyware" is, by definition, unwanted--is false. In turn, all arguments predicated on this inaccurate assumption are tainted."

Gotta love the pseudointellectual, hopelessly convoluted and ultimately logically flawed lawyer-speak from this guy.

In short, you are CERTAINLY a "less than objective" analyst if your past clients include companies like WhenU. All of the lawyerspeak just boils down to being so much apologist-speak.

I think we need to be very careful about assuming that any researcher presents facts "in a completely factual, objective manner." Consider the following two alternative headlines:

"Claria Funds and Supports Spyware"
"One Ad for Claria Appeared Via a Non-Consensually Installed Spyware Application"

The latter headline presents the facts. The former headline interpets the "facts," and that interpretation requires some explication about the foundational assumptions of what constitutes "funding" and "supporting." Other than from you, Guillermo, I'm still waiting for that explication.

Eric.

PS FWIW, I appeared in a courtroom only one time in my life--and that was when I legally changed my name.

"I think we need to be very careful about assuming that any researcher presents facts "in a completely factual, objective manner."

Ha, well you should certainly know a lot about that, being that you are a prime example of someone that does not present facts in a completely factual, objective manner. Headlines that include phrases "Adware witchhunts" do not exactly point to objectivity, now, do they? Oy vey.

As for Edelman's headline, Claria DOES fund and support spyware, and you damn well know it. Edelman pointed out the facts in superb detail as to the connections, and the fact that Claria has a large laundry list of intermediaries that uses, all the way down the chain.

It is no use splitting hairs on this one, although I recognize that that is a favorite thing for lawyers to do. If it walks like a duck and quacks like a duck, chances are it is probably a duck. Or in this case, a weasel.

I see your point regarding Eric's interests and Ben's interests. The difference, however, is that Eric's association with companies like WhenU is there for us all to see (if we're willing to take a moment to look for it). Ben's advocacy, however, seems to be something of a secret.

Just as media outlets must disclose their interests in organizations on which they report (i.e., NBC / General Electric & MSFT, or ABC / Disney), we're not well served when an advocate fails to inform us of their personal/financial interests on an issue.

Edelman is proud to tell us he's worked for the Post, Times, NFL, etc., but he'd earn more of my respect if he also included his involvement with law firms engaged in class action lawsuits against the adware companies.

Hi Eric -

Your argument seems to be that Ben Edelman saying "Claria supports spyware" is a.) factually incorrect, and b.) motivated by some sort of motive other than pursuit of the truth (you compare it to odious historical events like Salem Witch Trials and McCarthyism).

If I'm misinterpreting, I apologize, please let me know.

Regarding your assertment a.) - that the statement is factually incorrect, that Claria does not in fact support adware because it is merely working with intermediaries working with intermediaries: So, if I make, say, a designer line of clothes that I contract with a "jobber" to make, who then distributes the work to primary vendors, if those vendors in turn use child labor to make my product, I'm not supporting child labor? How about if I know that eventually it will be made by child labor? Am I less culpable because I hired someone else to do the dirty work? In the international community, it's pretty well accepted if you know or should have known that your product was being made with illegal methods, you're still on the hook. If you remeber your Torts class, there's an idea called proximate cause: What was the proximate cause of the spyware showing up on the desktop, what was the one thing that, had it not happened, the spyware never would have been there? It was the provision of money by Claria to the chain of intermediaries. They knew, or should have known, that their ads would be distributed by spyware. Just because they didn't write the code doesn't reduce their culpability. To me, that's a pretty clear example of support. In fact, I think "Clairia still uses and promotes spyware despite saying they don't", a much bolder statement than "supports," is in fact also accurate.

Regarding statement b.), that Edelman is on a witch-hunt, and has a hidden agenda that drives his writing: Well, first and tangentally, my experience is that people with weak arguments frequently resort to the tactic of using excessively emotionally charged concepts to combat their ideological enemy. I immediately start to question the accuracy and persuasiveness of the whole message. Regarding hidden agendas, I can understand someone's motive for wanting to expose the practices of companies that take advantage of inexperienced computer users to make money, all at the expense of those users' enjoyment and ability to use the Internet. Protect the innocent from the malicious - strong moral idea, I can get behind that. Your motives, however, remain a mystery - I can't come up with a similarly compelling reason to defend Claria. I think it's much more likely that you have a hidden agenda than Edelman.

Anyway, my 2 cents.

Mike

Mike, thanks for your comments.

The characterization that Claria supports/funds spyware is factually ambiguous (because it obscures a whole lot of detail in between points A and Z). Therefore, it is a conclusion about the facts, not a neutral reporting of fact. What I'm trying to do is figure out the appropriate definition of "support."

If we want to discuss legal doctrines like proximate cause in tort law, I'm happy to have that discussion. At least that would provide us a nice doctrine-based grounding for an intelligent characterization of the facts, which is more than we have now. I should hasten to add that turning to "proximate cause" is not a favorable move for spyware opponents. I can think of almost no circumstances where we could characterize the facts reported by Ben in the subject report as meaning that Claria is the proximate cause of a non-consensual installation of spyware.

As for Ben's motives, I didn't opine about those, and frankly I think inquiries into his motives isn't all that relevant to the discussion. Instead, I remain very concerned antipathy and emotional outrage towards "spyware" is creating a mania that clouds our judgment, leading to situations where we eagerly conclude that X is guilty because of some association with some undesirable party. If we're going to avoid such dangerous thinking, we need to rigorously define the standards by which we evaluate guilt or innocence. In contrast, failing to lay out those bases contributes to widespread confusion about who is responsible for what, a serious defect that can have unfortunate collateral effects both for those who may be unfairly targeted and for good social policy-making generally.

Eric.

"Protect the innocent from the malicious - strong moral idea, I can get behind that. Your motives, however, remain a mystery - I can't come up with a similarly compelling reason to defend Claria. I think it's much more likely that you have a hidden agenda than Edelman."

There you go. Hit the nail on the head. Nothing more really needs to be said about Eric, for he is nothing more than an adware apologist with ulterior motives.

I am delighted that the ASC recently released a definition of the term "spyware" that classifies adware as a subcategory of spyware. This is as it should be. No more "but we're not spyware, we're adware" arguments from these weasels. It's all the same crap. Anyone with any common sense can see that, but many times in the law profession it seems that knowledge of law is inversely proportional to common sense.