Commentary

Publishers Are Committing Fraud

by David Koretz , January 21, 2010

It has come time for someone to finally call B.S.

There have been countless articles and endless claims by publishers trumpeting self-regulation as the best means for dealing with consumer privacy. Publishers claim they're in the best position to protect their users.

And they are completely full of crap.

The executive suite of nearly every publisher, ad network, and agency is where the problem starts. That's where they strategize on how to capture consumer data, and jockey for position to own the data. They construct complex Terms of Service that attempt to legitimize their raping consumers of their privacy, and bury the TOS on their site, knowing full well that nobody reads them. Then they maximize profits by selling out on privacy the first chance they get.

They prey upon the very people they are claiming to protect.

The very definition of fraud is to knowingly make false statements to mislead someone for financial gain. When you compare the banner of privacy being waved, versus the actual practices of today's online publishers, it is hard to reach any other conclusion.

Obviously not all publishers are guilty, but the practices are far more widespread than our industry would like to acknowledge.

Why Does It Happen?
The origins of the fraud are easy to trace back.

As an industry, we became obsessed with data. Our advertisers started clamoring for better metrics, better targeting, and more data. The real problems started when advertisers began offering to pay premiums in exchange for this data. We could not resist the urge to placate them.

When you provide someone a financial incentive to make the wrong decision, it is not challenging to predict the result.

Robbing Peter to Pay Paul
Perhaps the greatest irony in this situation is that publishers will be the losers long-term.

Our failure to self-regulate is only going to lead to more spectacular examples of breaches of privacy, and force the legislative hammer to overcorrect.

As humans, we are horrible at long-term thinking. Few of us have the willpower to swallow the pill of short-term sacrifice in exchange for long-term gain.

The pledges of privacy around the industry ring hollow. At best, publishers protect user privacy the same way we make our New Year's Resolutions: we have the best of intentions when we make them, but quickly fall back into our old routines.

Privacy Still Matters
We can lie to ourselves and pretend that consumers no longer care about their privacy, or even worse, convince ourselves that privacy no longer matters. Both are huge mistakes.

The reality is that a huge percentage of consumers are still very much protective of their privacy. Ultimately, it all comes down to value. Consumers have proven again and again that they will gladly exchange their privacy if they perceive that the value outweighs the risks, but it is up to them to make that choice.

TechCrunch's Mike Arrington recently weighed in on this issue with his column "Ok You Luddites, Time to Chill Out On Facebook Over Privacy," where he opined, "The fact is that privacy is already really, really dead." Unfortunately, Arrington's got this one dead wrong.

His view that "we don't really care about privacy anymore" presumes that all consumers share a single perspective on privacy. A quick look at recent studies, the reaction by Facebook users to changes in privacy, and even many of the 188 comments on Arrington's own article clearly demonstrate that this is not the case.

More important, the notion that it is okay for Facebook and others to tweak their privacy policies or push us to expose data just because it is in their own best interests is plain wrong. Facebook may have a great product, but with an unparalleled set of user data, the slightest misstep will make the company a lightning rod for an enormous legislative (over)reaction.

Zuckerberg and the CEOs of other large consumer sites need to step up as the champions of privacy. They need to get out in front of the problem, before the government flattens them.

In the Microscope
The scary part is that technology is moving faster than our society can keep up. We do not yet fully understand the ramifications of a perpetually connected society where our exact location, our list of friends, our personal photos and other sensitive data are available for the whole world to see. At the very least, we would be well served to tread carefully.

As the increased legislative interest should not-so-subtly demonstrate, we have a target on our collective asses.

The cold reality is that there is massive friction created when you put companies in charge of protecting user privacy, when they are economically incentivized not to do so.

For the benefit of both society and our livelihoods, someone needs to act.

online publishing

13 comments about "Publishers Are Committing Fraud ".

Check to receive email when comments are posted.

Theresa m. Moore from Antellus, January 21, 2010 at 1:45 p.m.
I think it is not a matter of self-regulation on the part of publishers; it is a matter of self-regulation on the part of users. I generally do not like my personal information to be shopped to a third party, and to that end I choose what to post and what not. I NEVER click on the maps some sites offer. I NEVER post my complete address and even more NEVER post my phone number. Since Google was attacked by Chinese hackers I even removed my photo from my email account. I similarly NEVER post personal photos of friends and family unless they relate directly to my business concerns. I belong to Facebook but much of my personal information is not posted there either. If you shut off the spigot, the water will stop flowing. Everyone else should adopt that philosophy if they want to avoid scammers and spammers. But by the same token, publishers should NEVER post the personal information of their clients to any third party as a matter of confidence. As a publisher myself the only thing contained in my ebooks, for example, is a text version of our contact email address, and our terms of service clearly state that we do not furnish the personal info of anyone to a third party except in the case of a federal subpoena. In which case, I have to have the document in my hand before I relinquish anything. So the best way to mitigate this problem is to "practice safe sex". Don't give anything away.
Reply

Paula Lynn from Who Else Unlimited, January 21, 2010 at 2:17 p.m.

David, your statement of " When you provide someone a financial incentive to make the wrong decision, it is not challenging to predict the result." fits for all sets of humanity. We will all pay dearly for opening the Panorda's box of privacy and privacy protection. Another MacCarthy won't be necessary for blacklisting; Facebook and other online websites will do it for them. Will there have to be a constitutional amendment in order that we do not have to succumb to knocks on our door because of the ignorance we show by posting private matters on line ?

Ari Rosenberg from Performance Pricing Holdings, LLC, January 21, 2010 at 3:11 p.m.

Theresa -- a user gives away information the second they step foot onto a web site. It's not just an email address, or your personal photos, it's your personal behavior being quantified, collected, shared and monetized without you directly choosing for that to happen.

Here below is a long winded way one site explains what they take and who they share it with, all without your chosen consent.

"Collection of Information by Third Parties. Our Site may include third-party advertising, links to other websites, and other content from third party businesses. The content posted by these parties will be reasonably identifiable as coming from a third party. We do not provide any PII to these advertisers, third-party websites, or other businesses, although on occasion we may mutually share non-personally identifiable (e.g., demographic) information to facilitate delivery of relevant advertisements. These third-party websites, businesses, and advertisers, or advertising companies working on their behalf, sometimes use technology to deliver (or "serve") the advertisements that appear on our Site directly to your browser. They automatically receive your IP address when this happens. They may also use cookies, JavaScript, web beacons (also known as action tags or single-pixel gifs), and other technologies to measure the effectiveness of their ads and to personalize or optimize advertising content. We do not have access to or control over cookies or other technologies that they may use, and the information practices of these advertisers and third-party websites or businesses are not covered by this Policy but are covered by their respective privacy policies. Some, but not all, third party advertising companies provide a mechanism to opt-out of their technology. For more information and an identification of advertisers that provide an opt-out mechanism, please click the following: www.networkadvertising.org/managing/opt_out.asp."

We share information with third parties, but only as described in this Section 3 (described above).

* Advertisers and Others. We share non-personally identifiable information with advertisers, service providers, and other persons with whom we conduct business. Similarly, these advertisers, service providers, and other persons may share with us non-PII about you that they have independently gathered or acquired.
* Third Party Services. We contract with affiliated and non-affiliated third parties to provide services to us or to you on our behalf. Examples include providing marketing assistance, providing customer service, sending emails to you, removing repetitive information from customer lists, and analyzing data. These third parties may have access to your PII for use solely in connection with these authorized business activities.

Jon Levy from Hype Circle, January 21, 2010 at 4:09 p.m.

Theresa, You are the exception, not the rule. Most people either don't understand what data will be publicly available, or they have an inherent trust that a large organization like Google or Facebook etc. would not take advantage of them. While I'm with you on how I protect my privacy online, my 72 year old mother doesn't have a clue what she shares when she is on Facebook - much like 95% of the public.

It may be too late, but the only way to ensure some type of consumer protection on this subject is to regulate the Sh*T out of it enforce the rules to the point where C-level execs risk going to jail if they don't keep their companies in line.

Privacy statements are a joke. Teams or lawyers were hired to create ambiguous statements that can easily be twisted to the detriment of the consumer. Companies will find a way to justify breaching their privacy at the drop of a hate if it means securing a large advertiser.

The meltdown of our financial markets last year is proof that regulations are not going to protect consumers against basic human greed when there are no real consequences to the offenders.

I have to agree with David on this - We are in deep trouble here - possibly with no way out. All i can do is try to educate my less tech savvy friends about what they are really sharing when they go online. Unfortunately it's probably too late.

Jonas Halpren from Federated Media, January 21, 2010 at 4:43 p.m.

I do agree, more needs to be done to protect consumers when dealing with personally identifiable info.

I don't think that collecting non-personal info for targeting purposes in an invasion of said privacy.

Consumers also should be more involved and realize that they do give up some right when visiting a website. It is not their inalienable right to do so. Just like flying on a plane, enter private property etc...

The privacy issue is bigger that online publishing, information is traded by banks, retailers, non-profit fundraisers and many other offline activities.

FYI - Both BlueTie & Adventive have privacy policies that allow for the abuses referred to in the article.

Jerry Foster from Energraphics, January 22, 2010 at 3:10 a.m.

It would have been helpful to have used some concrete examples of info we'd like to keep private. For me (and I wish more people), age is private information because being considered "too old" can and does get older people rejected socially online with 20 somethings. Nobody has a "right" to see my birthday online. Sites like Facebook say they won't even let your friends see the year if you don't want them to. But you never had the need to give Facebook your exact birthday anyway. They only want it for marketing purposes. I lie everytime some busybody website or social media site asks me when I was born. The only good thing about them asking is it provides the opportunity to spread disinformation. Everyone should disinform busybody publishers on this data. This only becomes a problem if a site is foolish enough to consider the birthday to be a security question to retrieve a password. I'm like "how the heck should I remember what birthdate I gave to this site".

Nelson Yuen from Stereotypical Mid Sized Services Corp., January 22, 2010 at 11:41 a.m.

I don't think people know what stance to take on this issue because they don't full grasp the ramifications of going in one direction or another. So to put things in context, let's pose another question:

Would we have problems with privacy if Everyone's' information was public?

Do we REQUIRE or would we PREFER government officials and people in power submit to the same standards as the rest of us?

Do we value transparency?

What Facts would you like to keep private?

Everyone's examples are kind of... well invalid. Facts like age, sex, and location (to a certain extent) are not PERSONALLY IDENTIFIABLE Information. (PII for the people that work in the industry.)

So if you wanted to NOT reveal your age out of fear of discrimination, well that's not necessarily an argument to hide your age online right? The discrimination is the issue not people knowing how old you are. In real life you can't really hide your age or prevent people from discriminating against you. And in MY PERSONAL OPINION, that technically implies you would LIE about your age given the opportunity. It's the same with sex.

I think companies like Google and Yahoo are beyond this discussion. Whether they practice what they preach remains to be seen, but the information they collect is technically UNIDENTIFIABLE. They know my age, my sex, where I'm searching from, but none of it is really PERSONALLY IDENTIFIABLE.

Stuart Long from HotFussDesign, January 23, 2010 at 1:15 a.m.

Freedom of speech is far more important than any other consideration mentioned in this article. Wise consumers rely on a multitude of sources for information. If a publisher can't be relied upon they will lose readers and revenue. Let the buyer beware, and let the honest publishers be their guide as the Web continues to evolve and grow. Let freedom ring.

Jerry Foster from Energraphics, January 25, 2010 at 3:34 a.m.

In real life, none of us have our date of birth stamped on our foreheads so why should corporations now do that for us online? For millions of years humans have been trying to hide their true age. There is a $Trillion industry helping humans, mainly women, to appear younger to the world than they really are.

Like Dorian Gray, some of us look 15-20 years younger than we really are (without make-up and plastic surgery). Like Dorian Gray, most of us (male or female) would run with the way we are treated by the opposite sex when we are assumed to be that much younger. Nobody is hurt by being considered a decade younger except those who would otherwise discriminate + those who don't like being ignored by people their own age who are off socializing with a younger adult crowd (the latter are the most active in supporting the idea that it should be illegal to lie about one's age online especially for social purposes).

The Internet tries to smash this 2 million year old reality of "take my word for it" interpersonal interactions. While social media allows us to construct more of the reality people would see of us in real life, there is still the cold, hard "new reality" of busy-body sites like Intelius that are determined to make profits by tattle-taling on how old everyone is. Note that the owner of Intelius is a known criminal who hides his own file.

Without the Internet, people basically had to get their hands on the private documents of people they wanted personal information (like age) on. That mostly required permission (or rooting through the other's glove compartment).

There is an interpersonal Right to Lie (as opposed to corporate right to lie which doesn't exist) - it is an integral part of Free Speech and the Right to Assemble - although it is under attack from both the left and right in the US Congress. Lying becomes a crime only if it causes the other bodily harm (like not saying you have a disease). Google creates a world like that seen in the film "The Invention of Lying". Google is a tattle-tale unless you mess with it.

So no publisher has our tacit permission to reveal our age and other info we consider private to anyone, especially Google (although that doesn't say they don't have a free speech right to hurt the lives of their customers - which is why I always give a false date of birth when I register anywhere).

Tiffany Lyman Otten from Tiffany Otten Consulting, LLC, January 25, 2010 at 10:22 a.m.

I think this article was highly irresponsible. You are slamming "publishers" without clarification, which is then implied to mean all publishers, when it sounds like you really just mean Facebook. Again. As in, here's a clever way to complain about Facebook but pretend we're talking about someone else.

You make no examples other than facebook, and for true publishers, who this MediaPost series is aimed at, this is neither relevant nor does it resonate. Except for having a nice headline that will pick up in Google blaming us all equalaterally for fraudulent activities.

As an example, our company fiercely protects data of our B2B community, and no advertiser (regardless of spend) gets extra info beyond what is obvious about being shared and also explicitly explained in the Privacy Policy right on our homepage (and at the bottom of ANY page on our site). And I've tried - my clients sometimes want additional information, so I ask to see what is possible, and the user side does not reveal it - which I respect, and yes, have potentially turned down dollars as a result of.

And, ours is a B2B community where such sharing is *expected*. From my experience so far, most of our competitors and peers are similar in their approach.
So as a group we're lumped in with aaaaallll the evil out there, when you're really just - like everyone else - mad at Facebook.

This was shameful.

David Koretz from Adventive, Inc., January 25, 2010 at 3:59 p.m.

@Tiffany,

I actually was not referring to Facebook's at all. My only reference to Facebook was actually a response to a TechCrunch column where *they* commented on Facebook's policies.

Further, when you say that I slammed all publishers without clarification you must have missed the sentence where I explicitly said, "Obviously not all publishers are guilty, but the practices are far more widespread than our industry would like to acknowledge."

I stand by what I wrote, and the real-life problems that exist in our market today.

David.

Mike Einstein from the Brothers Einstein, January 26, 2010 at 11:54 a.m.

Fraud you say? Oh, the humanity!

Tim Mccormick from McCormick Fields, February 10, 2010 at 9:58 a.m.

Yes David. Thank you so much for nakedly addressing a seriously-serious issue for alarm.