My name is Don Mathis, and I am the CEO of Epic Marketplace. And I am blogging here to clarify a few issues around our company’s data collection practices. Specifically, a Stanford University graduate student raised concerns regarding a particular practice wherein data was collected in the course of an ad call based on a browser’s history file. He raised these concerns in a blog posted on July 19th. We call this practice Segment Verification, but it is also called “History Sniffing”.
Epic Marketplace has ended the Segment Verification data collection practice. We announced this in a press release that went out on August 4th (it is prominently mentioned in the second paragraph of a press release that was principally discussing our new technology ad serving Platform, here). We also met with and asked the Center for Democracy and Technology (CDT), a consumer advocacy group, and the National Advertising Initiative (NAI), to review our marketing practices and confirmed with them that we are no longer engaged in Segment Verification. Moreover, we are working with Double Verify to confirm our opt-out mechanism and to audit our practices overall. Nonetheless, we feel that a further explanation is appropriate for our clients and the industry at large.
Epic Marketplace, Privacy & Compliance
Before I get into the heart of the discussion, I think it is important to understand who Epic Marketplace is, and the time and effort we have invested over many years to develop world class privacy and consumer protections. Who we are of course impacts what we do and how we think about issues like this.
Epic Marketplace has consistently been recognized as a leader in the online marketing industry and a pioneer in the development of compliance and anti-abuse technology. Epic chairs the Performance Marketing Association’s anti-fraud and anti-abuse subcommittee, and is one of the few digital marketing companies to have received an “A+” rating with the Better Business Bureau. The company is an active member of the Network Advertising Initiative, the Digital Advertising Alliance, and the Interactive Advertising Bureau. Moreover, through the company’s dedicated compliance subsidiary, Online Intelligence, Epic provides crucial assistance to major national brands through online monitoring of their trademarks and copyrighted images. For example, we recently concluded a year-long project for Oprah Winfrey’s company, Harpo Productions, exclusively focused on compliance and trademark protection.
The executive-in-charge of the company’s compliance operations, former FBI Special Agent EJ Hilbert, is widely considered one of the nation’s foremost experts on cybercrime and marketing fraud. Our General Counsel David Graff and our Deputy General Counsel & Chief Privacy Officer Anwesa Paul have years of combined privacy and compliance legal experience, and Anwesa served in the New York Attorney General’s cyberfraud division. Our COO, Charlie Nowaczek, has led compliance initiatives in several digital and online settings, and we built our compliance team with personnel from the cyber unit of the Florida Attorney General’s Office and the integrity assurance teams at Google and Commission Junction, among others. Finally, I began my career at Epic as our Chief Compliance Officer (and COO), and have a background in forensic, technology and internet compliance work; and in critical infrastructure / information security as a Naval Officer on reserve duty and while mobilized in the War on Terror. I was also one of the principal organizers of the Leadership and Ethics Forum at Harvard University when I was a graduate student there.
I can assure you, Epic is committed to playing an active leadership role in privacy protection standards and digital marketing compliance overall.
Segment Verification and Epic Marketplace
Epic Marketplace does not use Segment Verification – or whatever one chooses to call it – as part of our new Platform. When we did use it, it was a component of a legacy ad serving platform. This legacy ad server came from a company that Epic Marketplace acquired last year. The legacy ad server was replaced and decommissioned as part of our long-standing plans to move to our new Platform. When we decommissioned the acquired ad server, the Segment Verification program was also decommissioned.
Following the acquisition mentioned above, we actually ran two ad servers in parallel: the one Epic Marketplace built (the first version was originally launched in mid-2005), and the one we bought as a part of the acquisition. It was the legacy ad server from the acquisition that contained the Segment Verification program. The new Platform – like the Epic Marketplace ad server that we built in 2005 – has no need for such a technology to validate third party data acquisition, a task which is performed by a statistical inference model. For the record, note that our new Platform does not collect any data from browser history.
Given the emerging understanding around the nature and consequence of this practice – and in particular, after our extremely productive discussions with the Center for Democracy and Technology – we are pleased that the transition to the new Platform has provided us the ability to end Segment Verification. Epic Marketplace is now engaging with several industry bodies to help shape the effort to self-regulate on this matter. Also, in the spirit of being responsive to the concerns that have been raised, we are purging any data collected by this program from our databases.
There is one important point that I would like to clarify.
In the original graduate student blog referenced above, there is an allegation that the legacy ad server’s Segment Verification program prevents effective operation of the NAI opt-out cookie in situations where consumers elect to download the opt-out cookie. This is demonstrably and unequivocally false; in fact, the presence of the NAI opt-out cookie effectively prevented the program from collecting browser history information during its operation.
NAI performed an independent review of the operation of the cookie in conjunction with the software. We were able to demonstrate that the opt-out cookie did in fact prevent information collected from the software from being stored in our ad-serving cookies. We also asked Double Verify to audit the opt-out cookie operation, and they have verified that the opt-out cookie works.
In summary…
Fundamentally, we believe this issue boils down to the following: we bought an ad server about a year ago that utilized Segment Verification technology. We don’t use it now. For the period that we did use it, the consumer was afforded an operable means of opting out of it. And we are pleased to have exited the practice.
In the spirit of third party validation, we have already worked with Double Verify to audit our opt-out capability, and we have retained them to audit our ad serving practices overall, now and on a quarterly basis going forward; and we are engaging with them to assist with the OBA self-regulatory “ad choices icon” implementation. As mentioned, we have also worked with the NAI to review our opt-out cookie (and will continue to work with them going forward), and we’ve met with the Center for Democracy and Technology (CDT), a leading digital consumer advocacy group, to explore the issue.
It is our deep belief that Epic Marketplace is not only effective as a partner for its clients, but that we are, in fact, a global leader in promoting consumer protection best practices across our industry.
