Edelman on “Intermediaries’ Role in the Spyware Mess”

Ben Edelman’s latest post discusses intermediary responsibility for adware. The post details how cash goes from advertisers to advertising representatives (“intermediaries”) to adware vendors to distributors.

The Legal Liability Question

This implicates an essential question: if someone commits an illegal act somewhere in this chain, who is “responsible”? I’ve previously complained that anti-spyware critics have been opaque on this front, generally assuming that everyone in the chain as responsible for everyone else’s actions without acknowledging this assumption expressly. To Ben’s credit, he lays his cards on the table (sort of). He writes:

“Are ad intermediaries responsible when their ads are shown by installation installed improperly? Marquette law professor Eric Goldman thinks not. But the New York Attorney General’s office has repeatedly suggested they might be. My take: Advertiser and intermediary liability is an interesting question of law, well beyond my aspirations for this brief piece. But where ad intermediaries purport to certify or stand behind the quality of the venues where their ads are shown, I’m not receptive to their claims that they can’t do what they’ve promised. Where ad intermediaries merely count advertisement clicks without even claiming to assure traffic quality, the case for blaming intermediaries for improper use of their tracking links may be somewhat weaker (though still cognizable).”

I thought this paragraph helped frame the discussion. Ben freely acknowledges that this post does not address the legal liability question. But if not, then what is it about? We may understand the money trail better, but so what?

When Is Traffic “Legitimate”?

Ben says that some ad networks make “the mistaken assumption that if a user made a purchase, the traffic must have been legitimate.” For this position to make sense, we need to understand exactly what constitutes “legitimate” traffic. I believe Ben takes the position that traffic is illegitimate if it comes from an adware vendor who does not get adequate consent (based on his standards, which may or may not be consistent with legal standards). This definition deserves some careful scrutiny. The way I read it, a consumer who understands how adware works and deliberately clicks on an ad because the searcher finds it useful would still constitute “illegitimate” traffic under Ben’s definition.

Does Google Support Illegitimate Traffic?

Finally, I laughed out loud when Ben pointedly observed that Google pays websites (though AdSense) that, in turn, pay adware vendors for traffic. The joke, of course, is that Google pays AdSense websites for Google’s own traffic! Consider the following sequence of events:

Searcher conducts search at Google =>

Searcher clicks on organic search result =>

Searcher goes to website offering AdSense ads =>

Searcher clicks on AdSense ad =>

Searcher goes to AdWords advertiser’s website

The net effect is that Google pays its AdSense partner for a searcher who Google already had generated.

So why does Google pay for this traffic? Either Google is stupid and should just cut out the middleman, or the AdSense partner offers some value to Google/advertisers in the process, such as filtering or aggregating interested users. If it’s the latter, then adware-sourced traffic is just as legitimate as traffic that originates at Google. (Indeed, the traffic could be effectively identical—in both cases, sourced by the searcher-selected keyword and exposed to some filtering content that sets some expectations for the searcher). Therefore, I simply did not understand how Google is violating its stated policies. As far as I can tell, nothing about traffic to AdSense sites sourced by adware vendors runs contrary to Google’s stated positions.