Epic Marketplace Named Most Compliant by DoubleVerify

DoubleVerify, the pioneer and worldwide leader in online media verification and compliance, published its 1H 2011 Trust Index last week. Epic Marketplace was named among the most compliant ad networks from January through June, 2011.

As advertisers have increasingly demanded verification to be included with third-party buys from ad networks, exchanges, DSPs and agency trading desks, the Trust Index has provided advertisers with in-depth data about partner compliance and brand safety trends in online advertising.

“The Trust Index has emerged as the industry standard for measuring advertising compliance and is a strong indicator of the positive impact media verification has had in online ad campaigns. Over the past 18 months, we’ve seen the continual decrease in the incidence rate of non-compliance when verification is applied,” said Oren Netzer, CEO of DoubleVerify. “Advertisers, networks and platforms that actively and consistently use verification on all of their campaigns and inventory are experiencing vast improvements in brand protection. This further indicates that online advertising needs to integrate verification on a long-term basis so that trust is permeated throughout the ecosystem.”

Epic Marketplace is pleased to be among the leaders in compliance, and is committed to maintaining their progress and leadership in the area of brand safety.

Responding to Wall Street Journal Article and Releasing “1st round” of Audit Results.

Yesterday, Epic Marketplace was included in a Wall Street Journal article entitled Latest in Web Tracking: Stealthy ‘Supercookies’. In addition, a related blog post was made by the same reporter. Curiously, we were not actually included in the article for the use of ‘Supercookies’ – which we do not use nor have we ever used – but instead for a separate practice most commonly called “history sniffing”.

The parts of the article & blog that reference Epic appear to be based primarily on research that was published by Stanford researcher and graduate student Jonathan Mayer in a blog back on July 19^th. This research received media coverage shortly after the blog was posted, and Epic responded over the course of several weeks in multiple forums including blogs and a press release.

As it pertains to Epic, neither the WSJ article nor the blog appears to report anything new, with the pertinent information either already covered in the media/blogosphere and/or discussed by the company itself in a public forum.

Nevertheless, because the WSJ pieces paint an inaccurate picture of the company in terms of our standards, practices and most importantly character, and because this was done in such a widely-circulated news journal, I want to be responsive here, especially on behalf of the 170 employees of our enterprise. Specifically, I’d like to discuss:

1.        A short distillation of the essential facts of the matter
2.        Our audit results (to date)

(Note also that a few specific points in the WSJ article/blog are factually inaccurate or potentially misleading; I have included responses to these specific points in an appendix below the main body of this post, in order to clarify any misunderstandings).

The essential facts of this matter.

We’ve already laid out our position with regards to the original research (here). Here again is a brief summary of the critical facts:

• We bought an ad server slightly over a year ago, which we ran in parallel with our existing ad server. This acquired legacy ad server used a form of history sniffing; until recently, we did not know that this history sniffing script was operating or even that it existed. Nearly all the senior management staff and technology staff of the acquired company are no longer employed by Epic.

• We shut down this history sniffing (along with the legacy ad server itself) when we migrated to a new technology platform. The new platform was in development for over a year; however, when we learned of the legacy ad server’s history sniffing, we accelerated the transition timeline, completing the launch of the new platform – and the decommissioning of the legacy ad server / history sniffing technology – well ahead of the original schedule.

• In the 4+ weeks since the Mr. Mayer posted his research on July 19^th, we have taken a series of steps to further remediate the situation. In addition to ceasing the history sniffing practice, we have commenced efforts to conduct ongoing audits of our practices to ensure we are in compliance with all relevant standards (see below). We also met with the Center for Democracy and Technology (amongst others), who blogged about the fact that we discontinued the history sniffing practice here.

• To be clear, we believe that history sniffing is inconsistent with digital advertising and consumer privacy best practices and industry self-regulatory guidelines. We do not defend it or justify it, and as we’ve publicly stated, we are pleased to have exited the practice.

Audit results: confirming the facts.

Shortly after the original research was published, we realized that it would be insufficient to discuss this matter without trusted third party validation. Therefore, Epic has engaged DoubleVerify, amongst others, to help confirm the facts. DoubleVerify is a leading source of internet compliance & verification services, an approved compliance vendor for the Digital Advertising Alliance, and has worked closely with the advertising agency and brand community as well as every major ad network and exchange in the sector. So from our perspective, what IS newsworthy – though not in a way which would support the thesis of the WSJ article or their blog – is the first set of results from our audit work. The results are here (PDF).

We are also in the process of engaging with a number of other non-governmental agencies, industry trade groups and consumer watch-dog organizations. Our intent is to confirm every statement we have made about this issue. While this is a time-consuming process and will continue over the months to come, some of the fundamental facts have already been confirmed in the DoubleVerify report. We will continue our work with multiple outside parties well into the future to further confirm and verify our statements regarding this issue and around our practices overall.

Conclusion.

It is fair to report the facts. Epic Marketplace did indeed use a history sniffing script, which we acknowledged several weeks ago. It was an “inadvertent” use (as the article terms it) in that it came from a company we acquired, we did not build it, we did not acquire the company because of it, we did not even know about it until recently, and we do not believe it is appropriate or defensible. Be that as it may, we do accept responsibility for it.

But to the extent that the article creates a net general impression that Epic somehow sought to actively harm consumer privacy or that we were (or are) deliberately and purposefully engaged in some nefarious scheme to profit at the expense of an unknowing consumer, we categorically and emphatically reject that.

We believe deeply that this company should be on the leading edge of protecting consumer privacy – the path not just to long-term sustainability for us and our industry, but at its most fundamental level, the ethically correct imperative. It is painful to have uncovered a practice which is inconsistent with this viewpoint. But we have terminated it, we are working extremely hard to improve and validate our policies and practices, and we will work even harder to justify and warrant industry, client and most importantly consumer trust. This is one statement that we cannot, in the short run, validate with a third party. But we can and will work to demonstrate it over time.

Don Mathis

CEO, Epic Media Group and Epic Marketplace

*******

Appendix: clarifying certain points made in the WSJ article.

• The article wrote:

“Charter and Flixster said they didn’t have a direct relationship with Epic, but as is common in online advertising, Epic’s tracking service was installed by advertisers.”

This is incorrect. No tracking technology of any sort was ever installed anywhere by our advertisers. The advertisements which appeared on Charter and Flixster came from impressions Epic purchased via a “supply side optimizer” company, which acts similarly to an exchange for purchasing inventory.

• The blog writes (and quotes me as saying):

“We have more than 2,500 segments” of information we collect about individuals, said Don Mathis, CEO of Epic Media Group, the company that Mayer found was using code to determine which of 1,500 sites users had visited. “That is part of what enables us as an audience company to differentiate ourselves.” Epic has since discontinued the practice.

This is a misquote; while I did say “We have more than 2,500 segments,” I did not say that we have more than 2,500 segments of information that we collect about individuals. In fact, all of our segments exist to target audiences, not to collect data.

This distinction is important. The concept of an audience segment, e.g. “men between the ages of 18-34”, is the basis on which we (and virtually every other advertising company) reach a defined audience as desired by our advertising clients. With regard to companies that engage in behaviorally-based online advertising, the focus is on aggregating an audience to match to a particular segment; the data which is examined in this case comes from cookies. To be more specific, if my desired audience segment is “men between the ages of 18-34 who appear to be in market for buying a new luxury car”, and I see a cookie that suggests that that consumer might fit that category, I will serve the ad for the luxury car. In digital marketing, the opportunity to get relatively granular in defining an audience is what enables a banner ad, for example, to reach a more targeted audience than a television commercial.

It merits noting that Epic is fully compliant with industry governance regulations in defining our audience segments, as we noted in our interview for this article. We believe the industry regulations are consistent with FTC guidance.

• The blog writes:

Epic argues that the history-stealing technique met the (industry self governance) guidelines because companies (sic … we believe the journalist meant “consumers”) could “opt out” of receiving ads based on the data collected about them.

Actually, no we don’t. Not only do we not defend the practice of history sniffing as a general matter, we do not argue that the “technique” meets any industry self-regulation guideline. What we did say is that, during the time period that the history sniffing script was used by the legacy ad server, a consumer had the ability to opt out of it. Having the ability to opt-out is an important fact, because it meant that the practice of history sniffing was subject to a consumer’s control in the same manner that a consumer could opt out of behavioral advertising.

• The blog writes:

In Epic’s case, the browser-history information continued to be sent after the person had opted out. But Epic says although the information was stored in a “cookie” file, it was not used for online behavioral advertising.

This is incorrect. Here is what we actually wrote verbatim, in a follow-up email to the journalist: “If segment verification were operating, it would operate as follows: Step 1: the script would send a string to the ad server with the segment specified as you demonstrated; Step 2: the opt-out function would examine the cookie to see if the opt-out flag was set to positive; is so (sic; I meant “if so”), no further action occurred, and the data transmission was ignored (i.e., not collected, recorded nor acted upon in any way). If the consumer had not opted out, then the process proceeded to Step 3 (and only Step 3): the ad server would write the segment generated by the script into the rth cookie” (emphasis added).

In other words, while the blog implies that we stored browser history information in a “cookie” file even if the consumer opted out, this is false; we did not. We also had DoubleVerify audit this point explicitly, and communicate their results to the journalist.

• Terminology:

The article refers to the practice in question as “history stealing”, not as “history sniffing”. This may seem a trivial point, but it is not. Language matters; the term “stealing” versus “sniffing”, as it is used here, appears to imply nefarious intent. Moreover, the word ‘stealing’ is generally associated with illegality, whereas the article itself appears to declare that the practice is not illegal (the specific language from the article comes from the opening line of the second paragraph, “The new techniques, which are legal…”).

The term “history sniffing” is much more commonly used to describe the practice, and likely derives from another technique for examining internet traffic known as “packet sniffing”. The Center for Democracy & Technology, the University of California San Diego (who did ground-breaking research on the issue), a number of other organizations and many media outlets – including the New York Times, Forbes, and the Wall Street Journal itself in past articles – refers to the practice as history sniffing. A Google search resulted in 266,000 references to the term “history sniffing” combined with the word “browser,” whereas a Google search for the term “history stealing” combined with the word “browser” turns up 14,400 results.

Note that Epic has called history sniffing, “segment verification”, which we discussed in our first blog on the matter, here. For the record, the point we were making is that the history sniffing script was used to verify purchased 3^rd party data (e.g., BlueKai). In other words, we were differentiating the methodology of history sniffing from the purpose for which the data was used. We felt like this was an important marker of intent: using the data for benign purposes would at least demonstrate that we were not deliberately engaged in violating consumer trust around behavioral targeting.

And while I am by no means defending the history sniffing practice, it does bear mentioning – in part because several sources, including Mr. Mayer from Stanford, suggest otherwise – that, for the period of time that the history sniffing / segment verification script was running, the consumer was afforded an operable means of opting out of it. This too has been verified by DoubleVerify. As we note above, the ability to opt-out meant that the practice of history sniffing was at least subject to a consumer’s control in the same manner that a consumer could opt out of behavioral advertising.

Epic Marketplace: Response to Behavioral Advertising and Tracking Allegations

This past Tuesday, a Stanford graduate student posted an article here allegedly examining Epic Marketplace’s business practices. The posting was, to some extent, a follow-up to an earlier piece (available here), which examined the marketing activities of several ad networks, and suggested that their practices violated various consumer privacy initiatives. Given the nature of these allegations, we felt the need to address them, specifically the ones aimed at our peers and now us.

First and foremost, allegations of this kind – those that involve consumer privacy, online behavioral advertising or compliance issues in general – are taken very seriously by our company no matter who makes them. We believe, as we have for years now, that our company is among the leaders in compliance and we work very closely with the leading industry groups in that regard. When anyone brings to light any issue, whether it is related to “Do Not Track” or any other consumer privacy concerns, we take the time to research the allegations and if necessary, take corrective action immediately.

The Stanford student’s blog purports to examine a practice described as “history stealing”. The use of such a pejorative term obviously reveals a bias; the student seems to believe that the collection of anonymous, non-personally identifiable, browser information somehow constitutes theft. This is an extreme position, to say the least, as this type of data collection occurs in virtually every web transaction. The practice described in the blog, better labeled as “segment verification” (indeed, as admitted in the blog, no URLs or URL history is actually collected) provides companies with a way to measure the accuracy of the data that a company purchases from data vendors without compromising consumer privacy. NO data obtained from segment verification is personally identifiable information (PII), nor is that data ever merged with other data points that are, or may be, personally identifiable.

Furthermore, when the user opts out, all data collection efforts cease. The student erroneously concludes that users are unable to avoid participating in segment verification because the opt-out mechanism does not delete the cookie that exists on the user’s computer. Like many other networks have pointed out already in their responses, this is misleading and inaccurate. When a user opts-out, all further collection of behavioral data from that user stops and existing profile data is deleted, even though the cookie itself is not deleted. The reason for this is simple: these cookies provide important operational information necessary for the delivery of any ad, not just targeted ads.  For example, Epic Marketplace needs this data to determine how many times a particular ad has been shown to a user, and to analyze whether fraudulent activity is taking place. Ironically, in order to give effect to a consumer’s decision to avoid data collection, the cookie has to remain, otherwise advertisers have no way of knowing that that particular consumer has elected to opt-out of that advertiser’s data collection practices.

The business practices at Epic Marketplace are consistent with the NAI’s long-standing definition of what opt-out means.  While many consumer advocates are calling for a much broader implementation of “Do Not Track,” there is no industry consensus on what “tracking” means or what these browser technologies should do.  Currently, the NAI and DAA cookie-based opt out is the industry standard, and Epic Marketplace complies with this approach. By way of background, it should be noted that our legacy network has been named one of the top networks for compliance, as covered in MediaPost here. Epic Marketplace’s privacy practices towards online behavioral advertising are firmly aligned with industry self-regulation efforts which generally allow for the collection and use of anonymous online behavioral advertising data, provided that there is notice and a robust mechanism for opt out.

For more background about how seriously we take all things compliance-related, we have written several pieces previously which point to our commitment in the area of online privacy and compliance spanning several years. You can see our past essays and the work we’re doing in several of our blog posts. For our take on brand safety, please click here. You can view the news about us being named a top network for compliance here.  You can view our response to the Wall Street Journal’s “What they Know” series here.

Finally, years ago, we invested heavily in our in-house compliance team by bringing on highly-acclaimed attorneys as well as a former FBI agent and cyber crime expert. No other company has done this, or taken the precise steps we have, to secure our reputation to our clients, consumers, and those across the industry. More importantly, we took these steps because consumer protection and privacy are at the top of our agenda and corporate fabric. As one of the only accredited companies in our industry with an A+ rating by the Better Business Bureau, we have a vested interest in ensuring the highest standards are met in the course of everyday business. We pride ourselves on being fully compliant, and are actively working towards implementing all self-regulatory principles our industry has adopted in a comprehensive and responsible manner.

We look forward to continuing a healthy, proactive discussion about some of these important topics in the future. We also look forward to continuing to serve our clients, advertisers and consumers in an effective, yet safe and compliant fashion, to which we are accustomed.

Is Your Brand Safe? We Are Making Sure It Is.

Our company is a leader in a recent brand-safety initiative which will give added confidence to our clients that their advertising will be displayed in a brand-safe environment.

As you may be aware, the IAB recently announced the adoption and implementation of its Ad Network & Exchange Quality Assurance Guidelines (QAG). These guidelines enhance control over the placement and context of advertising, build brand safety, and clarify the networks and exchanges marketplace by standardizing the information provided to advertisers. QAG is the only industry-endorsed certification program that exists today.

With an official launch on April 4, 2011, the IAB announced 17 inaugural companies, including ours, that achieved certification. The official announcement is here.

We underwent rigorous training, conducted an intensive internal audit, and assigned a compliance officer to meet the stringent criteria set forth in the IAB’s Quality Assurance Guidelines. We are proud of our compliance and what it means to our customers. We trust that our certification will add to your confidence in working with us.

If you have any questions or would like to know more about what this means to you, please contact your Epic or Traffic Marketplace representative.

We look forward to a continued relationship with our valued clients, and using our IAB QAG certification to increase brand trust across the entire online advertising spectrum.

“How Can You Do Business With ‘Them’?”

The following was written by E.J. Hilbert, President of Online Intelligence.

If you’re in any type of business industry, I’m sure you – in some way, shape or form – have gotten asked that question before, and usually the person asking it reveals various levels of disgust depending on the topic. It has happened to all of us at one time or another and the person asking the question might have various motives for asking it in the manner they do. I figured now was a good time to address it from my perspective, since I’m squarely in the compliance industry and know a thing or two about what makes the online advertising space tick (or not tick, as the case may be).

The old adage that politics make strange bedfellows takes on a new twist in the world of online advertising.  That new twist is a result of “blind” networks and the several degrees of affiliate marketing.

As many of you know, the online ad process can be fairly simple or fairly complex, depending on one’s perspective. A merchant wants traffic to their website but doesn’t want to be constantly buying media so they contract with an advertising network, which has immense scale and efficiency, to drive traffic via display, social media and sometimes, independent affiliate marketers.  In turn, the ad network contracts with publishers and affiliates to drive said traffic. That’s the simple part.

Now for the more complex part. Many times, these affiliates are individuals who buy media or run websites and drive traffic to a merchant via advertisements on their websites. Sometimes, these “affiliates” can also be other networks who have their own affiliates.  In fact, most tracking software used by ad networks allows for up to 5 sub affiliate id’s, meaning the affiliate actually generating the traffic is 5 times removed from the ad network contracted to drive traffic to begin with.

In essence, the contracted ad network does not necessarily know who they are “in bed with”, especially once you’re talking about being 5 levels away. Some networks (or their advertisers or merchants) don’t really care about these “strange bedfellows” as long as they are helping them make money. Sure they claim to check traffic sources comprehensively but …. money is money, to some, and always will be.

For other networks, these “blind” relationships are among the scariest prospects and some invest large amounts of money and man-power in monitoring their network and providing high levels of transparency into traffic sources. These particular networks, the market leaders, the ones continually trying to figure out how to see where the traffic is really coming from and who is behind it, are the saving grace of the industry and are the ones pushing the entire ad stack up, not down.

The Epic Direct Network (EDN) is one such network, and I dare say one of the best, if not the best, at “removing the blindfold” because of our affiliate screening practices and Online Intelligence (OI) software suite. In fact, our software suite is proprietary and among the most powerful set of tools out there today (and that includes any business, not just in online advertising). EDN is committed to understanding the source of all traffic to ensure quality, stop abuse and eliminate fraud – which is good for the entire ecosystem.

At the time of sign up, EDN affiliates are contacted by phone and asked a series of very detailed questions.  Traffic sources are required to be revealed and if an affiliate hides or spoofs their traffic source then they risk being blocked from the network or banned once they are active.  The excuse of, “I can’t tell you my traffic source because you may steal it and cut me out,” does not fly because EDN, for example, does not run in-house accounts.

Once an affiliate is in the network, traffic is continually checked by looking at the click referrer data and then using the proprietary OI tools to scan, spider and scrape the recorded webpage for all ads.  We can then check the creative and links to see the ad network and affiliate id responsible for the ad.

Part of a recent trend has been for questionable affiliates to offer free downloads of pirated software, music, TV shows and/or movies. Once a user signs up or downloads the file they are required to fill out an offer in order to receive a password to unlock the pirated content.  In order to hide this “fringe” (at best) traffic source, the affiliates run traffic through a series of websites with each striping out the click referrer of the site before.

The OI tool suite allows EDN to track-back thru the recorded “click-referrer” sites.  If the affiliates’ ad or creative does not appear on that site, the traffic for the affiliate and sub affiliate can be halted and any planned payments held until the true traffic source is identified.  In other words if you lie to EDN, you will not be paid.

The OI tool suite gives EDN the ability to scan, screenshot and review 75-85% of traffic on a persistent basis. But let’s face it, 85% is not 100%.

This is where we rely on the merchants, advertisers and general public, since there is no “end game”. We want to know when our affiliates are doing it wrong, or when our affiliate’s affiliates are doing it wrong. We guarantee that any complaint received at abuse@onlineintel.com will be investigated immediately and if wrongdoing is discovered, the traffic in question will be voided, the affiliate will not be paid and may be banned from the network as a whole. This is how seriously we take our compliance practices.

We want to make sure our partners – which include the entire advertising stack from advertiser to affiliate – know that we are one of the companies leading the charge for a safe and trustworthy marketplace. We can do most of it ourselves, but we also welcome feedback and real-world examples from others in the industry with a real, vested interest and no axes to grind.

 

E.J. Hilbert is the President of Online Intelligence, a subsidiary of Epic Media Group. He is the former Director of Security Enforcement for MySpace and an eight year veteran of the Federal Bureau of Investigations (FBI) as a Special Agent in their Cyber crimes unit.

Traffic Marketplace Named Top Network for Compliance

Digital media verification company DoubleVerify just released the list of most compliant networks for the second half of 2010. We’re very pleased to report that Traffic Marketplace was among the leaders in compliance and brand safety.

“Compliance and accountability,” according to Oren Netzer, CEO of DoubleVerify, represent “two pillars that are critical in building trust and growing online advertising.”

Traffic Marketplace, and Epic Media Group as a whole, are pleased to again be positioned as market leaders – verified by an expert 3rd party – in this all-important area of online marketing.

For more information, you can read more at Mediapost.

Setting the Record Straight (Again) on Privacy

Most of you are familiar by now with the Wall Street Journal’s “What They Know” series of articles, focused on privacy, data collection and the techniques used to deliver relevant online advertisements to consumers. At Epic Media Group, we applaud all efforts to have an open and thorough review of these critical issues. As one of the few Better Business Bureau accredited digital marketing companies, we have been vocal advocates for protecting consumer data, and for providing education about what we and our industry do, as well as the measures we take to address consumer protection and privacy issues.

The reason we are addressing this topic again is because of the 13^th article in the WSJ’s ongoing series, titled “Your Apps Are Watching You”, published December 18^th. In that article, a (former) employee of ours’ is quoted, and we’d like to correct the record. More importantly, we’d also like to share our perspective on the mobile advertising ecosystem overall.

Correcting Several Misstatements

Before we get into the topic of mobile device (smartphone) advertising, we need to correct a few misstatements that were made in the article about our Traffic Marketplace unit:

• We do not receive or otherwise have access to smartphone Unique Device Identifiers (UDIDs) in the course of our advertising operations. Instead, we rely on mobile exchange service providers to place our advertiser’s messages on mobile devices. Our service providers deploy the technology and capability to target UDIDs … in other words, Traffic Marketplace does not engage in any UDID targeting ourselves.
• Our mobile exchange providers have relationships with mobile applications, and the mobile exchange providers may be supplied with anonymous smartphone app data along with the UDID by the applications.  The providers then further anonymize this non-personally identifiable data and aggregate it into high-level marketing segments based on implied consumer interests, e.g., “soccer moms”.  Note that our primary mobile exchange service provider uses ten (10), very general, segments.
• Traffic Marketplace provides our clients’ ads to our mobile exchange providers, who then serve the ads on mobile applications to the relevant marketing segment.  For example, we would rely on a mobile exchange service to show a diaper ad to their “soccer mom” marketing segment.
• Traffic Marketplace does not have the ability to identify any UDID, and certainly no personally identifiable information, within that high-level mobile marketing segment.

So again, and to be perfectly clear: notwithstanding the comments in the WSJ article, Traffic Marketplace does not see the UDID, does not monitor smartphone users at all (anonymously or otherwise), and does not monitor what a given anonymous smartphone user does with their app.

Traffic Markeplace does benefit from the fact that our mobile exchange service providers have UDIDs passed to them from 3^rd party apps. As mentioned above, we rely on the high-level marketing segments that our service providers create, much like a traditional advertising agency would rely on a television station to tell it what demographic segment watches its channel.

But What About Mobile Device Advertising and Privacy?

So much for our role in the mobile advertising ecosystem. Limited as it is, though, we’d still like to address two major questions which were raised by the WSJ article:

Is the Unique Device ID (UDID) personally identifiable information? The answer is an emphatic NO in the case of any 3^rd party entity that receives it, like an app developer, or a mobile exchange service provider. The WSJ article acknowledges this, although the overall sense of the article seems to imply otherwise. For a UDID to be connected to a consumer’s actual identity would require a connecting piece of information that links the actual person to the UDID. No company in the mobile advertising ecosystem does – or even can – do this today outside of the major smartphone and smartphone operating system providers themselves (who vigorously protect and do not release such data). This merits repeating: the UDID itself does not lead back to personally identifiable information.

Can a smartphone consumer opt out of advertising targeting? The answer is YES. While it is true that the anonymous UDID cannot itself be “turned off”, an increasing number of mobile exchange service providers – including those that we work with – provide an opt-out provision from targeting. This is not yet pervasive in the ecosystem, but proactive efforts by a number of responsible companies (including our partners) are driving towards enhanced adoption of such standard practices. Moreover, consumers can also opt out of location-based targeting directly on their device in many cases.

Responsible Digital Marketing: It Exists

Along with other responsible members of the mobile advertising ecosystem, and digital marketing overall, we believe strongly that consumer trust and a set of robust standards (and standards enforcement) around the safeguarding of consumer privacy are crucial to the long-term viability and health of our industry.  The fundamental covenant of online advertising is that Data, whether collected in the form of UDIDs or in the form of browser cookies and/or pixels, is and must remain anonymous and not tied to any one individual. To be abundantly transparent on this point: we serve ads to devices (a computer, a mobile phone, etc.), but in the process of doing so, we cannot connect such a device to, nor do we know the identity of, any actual person. Period.

Like advertising service companies have done for their clients long before the Internet or the smartphone existed, our job is to help advertisers reach their best potential customers, and to do so responsibly and with a strong duty of care. In digital marketing, we do this by focusing on anonymous and non-personally identifiable data, using pattern / statistical analysis on billions of pieces of anonymous data (or in the case of mobile, relying on a separate company to do such analysis for us). This data analysis on enormously large data sets allows us to reach a more narrow target audience on behalf of an advertiser than, say, is possible on television, or on radio. Indeed, the promise of the digital sector is to enable an advertiser to offer a message to a consumer which is more relevant – and thus less annoying or superfluous – than what she or he might be exposed to in a mass market medium.

As the world becomes increasingly digital, we at Epic Media Group are playing a leadership role in the self-regulation efforts and the standards of conduct promulgated by the industry governing organizations of our sector. We are one of the leading companies pressing for heightened industry-wide compliance efforts.  Moreover, as a company, Epic Media Group has invested substantial amounts in our own internal and external compliance and privacy protection efforts. We, along with many other companies in our industry, work hard to do the right thing, because being responsible stewards of digital marketing is the only viable answer for sustainable commercial success.

– Don Mathis is the President & Co-CEO of Epic Media Group, and is also a ranking Naval Officer currently on reserve duty and with anti-terrorism –  including cyber protection – qualification and experience. He is an honors graduate of Harvard Business School, where he was a principal organizer of the Harvard University Leadership & Ethics Forum. While COO at Epic, he founded the company’s forensic compliance and privacy unit, now a full subsidiary (Online Intelligence) led by a former FBI Special Agent and cyberfraud expert.

Epic Media Group Q&A on AdExchanger

Be sure to check out the in-depth Q&A with Epic’s Art Shaw posted on Adexchanger.com. You can click here to view it.

Coca-Cola and Butterflies

In the online advertising world, the two most misunderstood words are compliance and fraud. Often, the media, advertisers, ad verification companies, and salespeople wield these words in an attempt to influence their audience. The problem is that these words are not universally defined and thus are open to interpretation by those saying them and those hearing them.

A notable example of this phenomenon was an article earlier this week in Mediapost which covers a recent study ranking the top ad networks based on a benchmark of “non-compliance”. The only problem with this is that the standard of compliance was defined completely by the company performing the study, not any recognized standard by any trade organization or government entity. In fact, none of the data presented has been verified by an independent third party.

Without harping on one relatively arbitrary example, the takeaway is this. One of the first steps that must occur to gain positive progress on any issue, be it a squabble between siblings or a systemic issue within an industry, is you must first clearly define the problem and standardize the language around it.

The second step that must occur is having all parties involved use the correct name or terminology when describing the issue so all parties concerned are on the same page.

You don’t get to use a word that conjures a negative or positive image and define it the way you choose to benefit you. People can’t decide that from this day forward when they discuss Coca-Cola, they actually mean butterflies.  The confusion it would cause, particularly when the definition is spread through the media, would be considerable if it was even taken seriously to begin with.

Case in point: when we see reports from entities that say 90% of all traffic on the web is spam. My gut reaction is: what type of spam? Pork shoulder and Ham, Commercial Emails, Pornographic Email, Phishing emails or email people just did not want who then call it “spam”? We have seen the same problem with data validation or verification firms pushing their product by issuing a list of “safe and compliant” partners; which would be fine, but not if they use their own internally modified definition and never share fully share the real criteria of the list.

So let’s take the first step to solve this problem.  It is well documented that issues exist within the online ad world. The issues are in the realm of compliance, fraud and abuse BUT those three words are not all the same.

For the past year, Online Intelligence has used the following “working” definitions to address these three online advertising trouble areas. During the course of several interviews with the Wall Street Journal, MSNBC and other major media outlets about these and a variety of other related topics, I have used these definitions which are widely understood and intuitive to the online advertising audience and I offer them again here:

Compliance

Compliance solely refers to the laws and rules established and passed by the various government, regulatory and industry agencies that govern advertising and consumer trade.  Only if a firm violates the rules set down by a governing body can they be labeled “non-compliant.”

Industry entities may also have an “internal compliance” focus which refers to insuring the entities’ partners comply with internal rules of the company. As such a company who violates the internal rules is in violation but they are not “non-compliant.”

Fraud

To classify the actions of an online player, namely the online marketer (affiliate/independent marketer), online advertiser/merchant or online advertising agency/network, as fraud all five of the following elements must be shown to exist and proof must be provided:

1. A false statement (creative, posting, string, etc) of a material fact,
2. Knowledge on the part of the online player that the statement is untrue,
3. Intent on the part of the online player to deceive the alleged victim,
4. Justifiable reliance by the consumer on the statement
5. Injury to the consumer, advertiser/merchant and/or website owner as a result

Abuse

To classify the actions of an online player, namely the online marketer (affiliate/independent marketer), online advertiser/merchant or online advertising agency/network, as abuse any of the following must be shown to exist and proof must be provided:

1. Knowingly violating the published offer/campaign rules
2. Knowingly violating the affiliate agreement
3. Knowingly violating the advertiser agreement
4. Manipulation of data streams to increase individual profit
5. Manipulation of system methodologies to impact profit
6. Intentionally causing harm to a parties systems, offer or brand
7. Intentionally utilizing a system or method for a purpose of which it was not specifically designed
8. Engaging in activity that, though not expressly prohibited, is commonly held to be unacceptable or cause negative consequences.

By having standardized, universally accepted definitions such as these and in turn using their names with these definitions in mind, the work of solving the issues within the industry can truly be addressed.

Importantly: advertisers should remember that non-converting leads are not always “fraud.”  Data and ad verification services should remember that not following your internal definition does not always mean “non-compliant.” For the media, creative marketing does not always mean “abuse.”

And of course, Coca-Cola does not refer to butterflies.

E.J. Hilbert is the President of Online Intelligence (a division of Epic Media Group)