CDT Report on Adware Advertising
By Eric Goldman
The Center for Democracy and Technology has released “Following the Money: How Advertising Dollars Encourage Nuisance and Harmful Adware and What Can be Done to Reverse the Trend.”
The report details the complex web of relationships between advertisers, agencies, adware vendors and software vendors that can lead to big brand advertisers having their ads unwittingly delivered via adware. This isn’t really news; Ben Edelman (and others) have demonstrated this for some time, and last year PCWorld ran a good article on this very topic.
The real question is: what to do about it? FTC Commissioner Leibowitz’s solution is to shame the advertisers. The plaintiff lawyers are trying to hold the advertisers legally responsible. In its report, CDT offers an alternative: advertisers should adopt and enforce advertising placement policies. Again, this isn’t really new; TRUSTe has launched a “trusted download program” that is designed to serve as a proxy for advertisers’ policies.
The most interesting part of the report is where CDT describes how it contacted 18 advertisers who ran ads via 180solutions. Only 7 replied to CDT. 2 advertisers adopted advertising policies in response to the contact, but the other 5 had policies that were breached by running ads on 180solutions.
Personally, I don’t find this very surprising. It is expensive for companies to monitor vendor behavior/contract compliance in all contexts. Let me offer a personal example.
When I was in-house counsel, I had effectively zero ability to monitor our vendors’ compliance with our contract provisions. I could write the prettiest contract with the terms that we really wanted, but the contract goes into someone’s desk drawer and the terms are effectively forgotten. To overcome this, we would have needed to make monitoring part of someone’s job, but that is a very expensive solution (especially when we were a very small company with too much to do and not enough people to do it).
At the same time, when we were someone else’s vendor, I built and disseminated various charts to outline our promises/responsibilities. However, ensuring my co-workers’ compliance with those responsibilities was difficult/impossible. One of my worst realizations as in-house counsel is that I needed to clone myself and look over the shoulders of each and every employee of our company, because each person’s decisions affected our compliance with our contractual obligations. Clearly, this isn’t scalable, and my efforts to scale using employee education did little to improve the situation.
The lesson I learned, then, is that it’s easy to put policies in place, but ensuring adherence to those policies by employees and third party vendors is hard–perhaps impossible. And there was absolutely no hope of policing third party behavior unless it was someone’s job responsibility.
In the adware advertising context, most advertisers are not going to be willing to incur significant costs to police their vendors. They’d rather pour those dollars into actual advertising, and other media don’t require such costs. So smart advertisers would either (a) redirect their ad dollars into enforcement-free media, or (b) cut corners and minimize/skip the monitoring process. We’ve already seen what most advertisers choose under the current model.
This brings me to my most fundamental confusion about adware advertising. Every advertising-supported media vendor has the capacity to break the law, and yet we don’t expect advertisers to be the policemen of those media. On the contrary, we often want advertisers to subsidize the costs of producing editorial content for the positive externalities created by that content. (See Edwin Baker’s Advertising and a Democratic Press.)
So what’s so unique about adware that we are creating a form of cyberspace exceptionalism? Some adware is legitimately installed and some isn’t; expecting adware advertisers to incur the monitoring/enforcement costs to figure out which is which (especially when there’s no direct relationship) makes no more sense to me than expecting newspaper advertisers to determine if newspapers commit trespass when they deliver their newspapers. For more on this point, see my CNET editorial.