Winning With Authority by mThink, January 1, 2008 It’s all good – from online advertising being up 25 percent, according to the IAB; to online commerce on the rise 23 percent, according to comScore; to Google search queries that are up 41 percent, per Nielsen//NetRatings. It’s clear that online marketing grew strongly through the first three quarters of 2007. However, as industries grow, so does the attention paid by state and federal legislators, regulatory bodies and enforcement agencies. From the Federal Trade Commission (FTC), to Congress, to state attorneys general, to the courts, those empowered to oversee online marketing took a more active role in 2007. While the focus was more on enforcing existing laws to protect privacy and eliminate fraud than expanding authority, the active deliberations over the government’s role in guiding online marketing indicate that more rules could be on the way. Here is a rundown of the key governmental activities and what they mean to your future. Targeting the Targeters Behavioral targeting, which delivers relevant ads based on consumer interests as determined by prior online activities, is growing in popularity with online marketers, but privacy advocates are calling for government intervention. Marketers’ ability to more closely track – and share – information about likes and purchases will likely lead to a showdown in the courts or the halls of Congress. Privacy groups prompted the FTC – for the first time in seven years – to hold a “town hall meeting” to discuss behavioral targeting and consumer protection. More than a dozen privacy groups either spoke at the November event or issued statements calling for greater FTC oversight of behavioral targeting. Pam Dixon, executive director of the World Privacy Forum (WPF), says more government intervention is needed because the industry has been unwilling to self-regulate, and because it must be made simpler for individuals to prevent their online activities from being tracked. “The oversight has not been there,” Dixon says. Opting out of cookie tracking through a Web browser doesn’t guard against other technologies used in tracking, Dixon notes. The current system for allowing consumers to opt out of being tracked isn’t working. Her organization issued a report criticizing the National Advertising Initiative (NAI) – a group that was formed after the last FTC meeting on targeting – as ineffectual because technology has far surpassed its requirements. NAI has been criticized because of a lack of publicity and public awareness, and because many marketing organizations have not joined the voluntary effort. Advertising.com, DoubleClick.com, Revenue Science.com and Yahoo are current NAI members, and Microsoft and Google submitted applications to join late in 2007. Dixon says technologies such as Flash and Microsoft’s Silverlight have grown well beyond the narrow definition of tracking by cookies as originally set up by the NAI. Deleting cookies and configuring a browser to protect against tracking are too cumbersome for most consumers, she says. According to the WPF report ” … the opt-out is counterintuitive, difficult to accomplish, easily deleted by consumers, and easily circumvented.” The WPF and eight other organizations are calling for the FTC to set up a national “Do Not Track” list, where consumers could opt out of being tracked. The proposed system would require marketers to comply regardless of the technology being used. “It has to be a one-stop shop for consumers … they should not have to opt out individually to different types of ads,” according to Dixon. Alissa Cooper, policy analyst at the nonprofit Center for Democracy and Technology, which joined in the request for a Do Not Track list, says legislative action might also be necessary to create and enforce the list. To make consumers more aware of how they are being tracked, Cooper suggests making the privacy controls in Web browsers more accessible to consumers, and to code information into the ads themselves about the tracking techniques. For example, right-clicking on an ad could provide details about the tracking mechanism and how to opt out, she says. Cooper says marketers have a “tremendous amount of interest in behavioral targeting,” but “it remains to be seen if the cost of building behavioral programs is worth it in the end.” Just days after the FTC meeting took place, the Center for Digital Democracy and the U.S. Public Interest Research Group filed a complaint with the FTC asking for more involvement in regulating behavioral marketing activities. New marketing technologies “have sharpened the precision with which Internet users are tracked and targeted,” including “schemes on the part of both Facebook and MySpace, that make clear the advertising industry’s intentions to move full-speed ahead without regard to ensuring consumers are protected,” according to a letter from the groups to the FTC. Mike Zaneis, the vice president of public policy for the Interactive Advertising Bureau, says a Do Not Track list is unnecessary and would be overly complicated to administer. Zaneis says the online marketing industry is “in near unanimity in opposition,” to the government overseeing a Do Not Track website. Government-imposed protections could “block large swathes of the Internet,” Zaneis says. Sites that personalize e-commerce options or that customize content might be blacklisted under such a system. What Consumers Want Unlike the Do Not Call list, which was set up by the government because of frustrations with telemarketers, Zaneis says there is “not the same outcry from consumers.” Research conducted by the IAB indicates that consumers would be willing to pay to receive more relevant ads, according to Zaneis. One member of the U.S. House of Representatives believes more oversight is needed. Representative Edward J. Markey, a democrat from Massachusetts, urged the Federal Trade Commission to look into targeting practices. “The Federal Trade Commission should promptly investigate the privacy impacts of Internet tracking and targeting techniques to ensure that loss of privacy is not the price consumers must pay to realize the benefits of online commerce,” according to a statement by Markey. IAB’s Zaneis believes that Congress should not draft new privacy laws, as the FTC currently has sufficient authority to enforce existing laws. “The FTC has enough precedent … in defining the rules of the road.” Within days of the FTC meeting, social networks Facebook and MySpace unveiled plans for intertwining data about individuals and their purchases with online advertising that could prompt congressional action or litigation. Facebook’s “Beacon” program was altered in December after an outcry from users. The program originally alerted all of a member’s online friends when a purchase, such as books, CDs or tickets, were made on a partner site. This feature was changed to an opt-in. Similarly, Facebook’s Social Ads puts ads for related products near member’s activities, such as when they rate or purchase music. Some Facebook members have complained that delivering information to friends about purchases has interfered with gift giving, as significant others prematurely found out about holiday and birthday gifts. Political action group MoveOn.org is using the social networking tools of Facebook to protest the behavioral program. MoveOn.org, which has successfully organized members to communicate en masse with their congressional representatives, has formed a Facebook group to petition the behavioral programs for what the group sees as an invasion of privacy. Competing social network MySpace expanded its behavioral targeting program to search member pages for words indicating interest in specific categories (such as music or travel) and enables marketers to target the audience that will see its ads. The European Union is also investigating behavioral targeting practices, and new rules there could ripple across to practices in the U.S. The Article 29 Working Party is consideri ng whether culling data about buying habits and Web-surfing history violates consumer privacy. While U.S.-based sites may not be directly affected, changes in targeting policies could be enacted globally to provide consistent experience to consumers. Government Becoming Adware-Aware The FTC also clamped down on propagators of adware for failing to disclose the less-than-noble intentions of their software. In March, the FTC settled a case against software company DirectRevenue for using unfair and deceptive methods to get consumers to download adware and for obstructing its removal. As part of the agreement, DirectRevenue forfeited $1.5 million in “ill-gotten gains” from adware distribution and agreed to cease and desist from distributing same. As part of the government’s increasing prosecution of adware peddlers, the FBI and the Department of Justice cracked down on a major distributor who was hijacking computers to generate spurious ad revenue. John Schiefer, a former security consultant, pleaded guilty in November to masterminding the installation of adware on 137,000 computers. Schiefer installed the software onto a network of unwitting individuals’ PCs to create a botnet that generated ad revenue and also stole PayPal and bank account information. According to the U.S. Attorney’s office of central California, this was the first prosecution for using a botnet in violation of federal wiretapping laws. The software generated more than $19,000 in revenue from a Dutch advertising company, which had to be refunded as part of Schiefer’s plea bargain agreement. Adware proponents were on the losing end of a significant court battle. In September, software distributor Zango (which the previous year settled an adware case with the FTC) was unsuccessful in arguments before a district court in Washington to prevent software tools company Kaspersky Lab from classifying Zango’s software as posing a potential risk to a person’s computer. “Zango lost big,” says Ben Edelman, a spyware expert and assistant professor at Harvard Business School. Based on the ruling, Edelman says software tool vendors are “inherently protected” from liability in their efforts to protect consumers from adware, spyware and other malicious software. Despite these prosecutions for distributing adware, deceptive advertising software is still abundant, according to Edelman. A suit filed in California in 2006 against Yahoo alleges that the search company distributed popups that were bundled with spyware software, generating allegedly bogus ads, says Edelman, who is co-counsel in the case. The ads were also placed on “parked” domains – websites created by scripts that did meet the criteria of quality content that Yahoo promised its advertisers. A trial date has not been set. Congress Eyes Spyware Legislation While legislators on Capitol Hill did not take action on many of the online marketing and privacy issues that were investigated by governmental agencies or decided in the courts in 2007, two competing anti-spyware bills passed the House of Representatives. In May, the House passed the Internet Spyware Prevention Act of 2007, which focuses on providing funding to the Department of Justice for enforcing laws against spyware and the practice of phishing (fooling consumers into revealing personal data). Less than a month later, the Securely Protect Yourself Against Cyber Trespass Act (SPY ACT) was passed, which gives greater authority to the FTC to seek larger fines, and more broadly defines acts that surreptitiously collect personal information. The IAB’s Zaneis says his organization supports the SPY ACT because it emphasizes greater enforcement of existing laws. The IAB testified in Congress against passage of the SPY ACT because it overemphasizes the requirement for consumer consent and could stifle innovation, according to Zaneis. He says that the Senate has not moved toward developing similar legislation to either House bill, and is unlikely to do so anytime soon. Affiliate marketing expert and blogger Shawn Collins is wary of any spyware legislation that Congress would craft. “My fear is about some comprehensive anti-spyware law that includes harmless cookies,” Collins says. He is concerned about elected officials’ lack of knowledge of online marketing, worrying about laws “written by bureaucrats who never touch a computer.” Spammers Put in the Can No legislation or regulatory action in 2007 addressed the continuing problem of spam, but the existing laws are being enforced more vigorously. The CAN SPAM Act of 2003 was used in the prosecution of “Spam King” Robert Soloway, who was arrested in May for sending billions of spam emails. Also getting busted for spamming were Jeffrey Kilbride of Venice, Calif., and James Schaffer of Paradise Valley, Ariz., who will each spend more than five years in prison. The pair was sentenced in October for spamming AOL customers and others and was asked to return more than $1.1 million. IAB’s Zaneis says he doesn’t expect any legislation in the near future regarding spam because the existing laws are sufficient. “The industry must keep doing what they are doing … now it’s an enforcement issue,” he says. The industry has “stepped up,” and an FTC spam summit meeting in July provided the necessary feedback about what was working and the latest authentication tools that could block spam, according to Zaneis. Florida Takes on Lead Generation An investigation into ringtone sales in Florida could affect affiliates’ lead generation practices across the country. Florida Attorney General Bill McCollum’s office’s investigation of “unfair and deceptive trade practices regarding online ringtone” sales by AzoogleAds resulted in a $1 million settlement from the company and an agreement to change the wording of its advertisements. Ringtones previously described as free, though they required a monthly subscription fee, will have to include language describing the applicable fees, according to the agreement with AzoogleAds. Collins says that due to the lack of self-regulation among affiliates, “it was a positive for Florida to get involved.” Ideally affiliates would set up their own rules regarding lead generation practices, but Collins says no one in the industry has volunteered to fill that role. The FTC is also investigating lead generation practices, with network ValueClick in its crosshairs. John Ardis, vice president of corporate strategy at ValueClick, says the FTC began looking into lead generation in the spring, but only ValueClick’s name was made known because it was the sole public company being investigated. “Lead generation has become big enough in the last year for the FTC to review it, as it should,” according to Ardis. He says that the investigation has “put a cloud over lead generation,” but he hopes that the resulting clear rules from the FTC that will improve consumer confidence and allow lead generation to become “bigger and better.” Filed under: Revenue Tagged under: 21 - January/February 2008, Adware, Features, Lead-gen, Legal, mtadmin, Spam, Spyware