W3C home > Mailing lists > Public > public-tracking@w3.org > July 2012

Re: ACTION-216 - Financial Reporting "Exceptions"

From: Chris Mejia <chris.mejia@iab.net>
Date: Thu, 26 Jul 2012 19:33:52 +0000
To: David Wainberg <david@networkadvertising.org>, Jonathan Mayer <jmayer@stanford.edu>
CC: "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>, "public-tracking@w3.org" <public-tracking@w3.org>, Nicholas Doty <npdoty@w3.org>
Message-ID: <CC3712F6.2157E%chris.mejia@iab.net>
Brooks— great breakdown, nice work.  Have you examined the other regulatory obligations to reporting on advertising insertion orders— names SOX compliance in the US?  We know these tie back to the impression and the user (without need for PII).  Specific countries in the EU have similar, if not more stringent regulatory requirements; not sure about other jurisdictions.  Btw- any loosening of these requirements will most certainly lead to opening the door for increased fraud (and I mean actual fraud).

Chris


Chris Mejia | Digital Supply Chain Solutions | Ad Technology Group | Interactive Advertising Bureau - IAB

From: David Wainberg - NAI <david@networkadvertising.org<mailto:david@networkadvertising.org>>
Date: Wednesday, July 25, 2012 4:41 PM
To: Jonathan Mayer <jmayer@stanford.edu<mailto:jmayer@stanford.edu>>
Cc: "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com<mailto:Brooks.Dobbs@kbmg.com>>, W3C DNT Working Group Mailing List <public-tracking@w3.org<mailto:public-tracking@w3.org>>, "Nicholas \"Nick\" Doty - W3C" <npdoty@w3.org<mailto:npdoty@w3.org>>
Subject: Re: ACTION-216 - Financial Reporting "Exceptions"
Resent-From: W3C DNT Working Group Mailing List <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Resent-Date: Wednesday, July 25, 2012 4:42 PM

Instead of 'fraud', I'm going to use 'illegitimate'. Jon, assuming that's what you meant by 'ad fraud', can you explain how ad reporting and the prevention of illegitimate activity are very different problems? Advertisers need to confirm they are not being billed for illegitimate imps or clicks. This requires a certain level of detailed reporting. On the server end, detection and prevention of illegitimate activity requires a certain level of data collection. Aren't these two sides of the same coin?

On 7/24/12 7:09 PM, Jonathan Mayer wrote:
Brooks,

I believe you've conflated ad reporting with ad fraud prevention, two very different engineering and policy problems.  I'd be glad to discuss the myriad approaches to fraud prevention without ID cookies.  As for logistics, my understanding is that many industry participants would prefer to have such conversations off-list.

Jonathan


On Tuesday, July 24, 2012 at 2:57 PM, Dobbs, Brooks wrote:

It may be useful to look at your proposal in terms of how well that level of data collection might ensure quality measurements.  By way of example, if the search term "Atlanta Insurance Quotes" goes for hypothetically $60/click could the purchaser of 100 clicks feel confident in $6,000 worth of value if they didn't see  ~100 different cookies, ~100 different IP addresses and a meaningful distribution of UAs?  If they only saw 100 time stamps, 5 discreet abbreviated UAs and "North Georgia" under IP address how would you detect and remove the cost of one user clicking on the ad 5 times (intentionally or not)?

I think we agree that if we leave a system gameable such that with $N of effort a person can derive $N+1 dollars of economic utility, we should expect gaming.  This is a self correcting system because eventually prices drop until, relatively speaking, it is too expensive to game.  If you take away the ability to detect gaming, it becomes very cheap to do so and prices drop accordingly.  As per my comments at the F2F, this is not a behavioral targeting question, this is a question about the general confidence in all financial reporting.

I use CPC here, but you can make similar cases for CPM or CPA.  Counting is trivial.  Determining "non-quality" and removing it from billing is more difficult and has evolved for close to 20 years.

-Brooks

--

Brooks Dobbs, CIPP | Chief Privacy Officer |KBM Group | Part of the Wunderman Network
(Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com<http://kbmg.com>
brooks.dobbs@kbmg.com

[cid:part3.08010003.05040509@networkadvertising.org]

This email – including attachments – may contain confidential information. If you are not the intended recipient,
 do not copy, distribute or act on it. Instead, notify the sender immediately and delete the message.

From: Jonathan Mayer <jmayer@stanford.edu<mailto:jmayer@stanford.edu>>
Date: Tuesday, July 24, 2012 4:57 PM
To: Brooks Dobbs <brooks.dobbs@kbmg.com<mailto:brooks.dobbs@kbmg.com>>
Cc: "public-tracking@w3.org<mailto:public-tracking@w3.org>" <public-tracking@w3.org<mailto:public-tracking@w3.org>>, Nicholas Doty <npdoty@w3.org<mailto:npdoty@w3.org>>
Subject: Re: ACTION-216 - Financial Reporting "Exceptions"

I would encourage participants following this topic to read a blog post on privacy-improved advertising measurement that I co-authored with Arvind Narayanan.

http://webpolicy.org/2012/07/24/tracking-not-required-advertising-measurement/
https://github.com/jonathanmayer/Tracking-Not-Required/tree/master/conversion-measurement

I haven't heard any stakeholder suggest that advertising companies shouldn't be able to measure their ads.  Disagreement arises over *how* advertising companies measure their ads—and, in particular, whether ID cookies should be allowed.

Jonathan


On Monday, July 23, 2012 at 3:29 PM, Dobbs, Brooks wrote:

I was apparently assigned the unenviable task of summarizing the need for financial reporting exceptions.  Please find below a condensed examination of the issue and a broad exception that data used exclusively for financial reporting ought to be out of scope for DNT.


I am cognizant that this is a very broad exception, but I think the basis for discussion is laid out below.   In looking at this I am specifically aware of the danger of creating exceptions which may favor one sales basis over another or indeed one entity over another.



---------------------



Internet based advertising is typically sold based on one of, or a combination of, three bases: 1) CPM – where the billable event is an individual ad serve (though prices are generally quoted in terms of thousands), 2) CPC – where the billable event is an individual click or interaction with the ad unit or 3) CPA – where the billable event is an action or post click activity subsequent and attributable to some interaction with the ad unit.  The dollar value of each billable event generally rises through the above progression and while prices for each vary with other factors, including ad targeting, the specific revenues measured per event are often in the order of the following:  CPM events in the fraction of cents per event, CPC events in the whole dollar per event and CPA events in the 10s of dollars or potentially higher per event.



It goes without saying that it is only the ability for the purchaser to maintain confidence in the quality of the billable event that allows for the value exchange to work, and, as per event prices rise, so does the need for unique events to be associated with supporting data which allows for increased repudiation.  This said, even were the value of unique billable events is relatively low (CPM), the sum of their values may not be low requiring commensurate examination of the underlying quality of each billable event.



A closer look at each form of advertising and the need for quality assurance is below:



- CPM billing contracts may vary, but for the fundamental confidence in the system to be maintained the purchasing advertiser needs to ensure the quality of their ad buy by examining all event level data pointswhich could reasonably allow them to conclude charges where not made to, e.g.: non-human activity or to delivery at times, in places or in contexts outside of agreed upon terms.



- CPC billing is based on the purchaser’s confidence that the quality of the click is sufficient to warrant the relatively high per event expenditure.  To validate this the advertiser needs data showing the event was, for instance: not resultant of a non-human activity and not initiated by a party with ulterior financial motivation.



- CPA billing is often based on the advertiser sharing part of its realized revenue with the supplier of such advertising opportunity.  Unlike CPM and CPC, CPA requires data collection at minimum at two times and two addresses.  At the relatively high per event cost of CPA advertising, the advertiser must feel confident not only that the sale was linkable to a previous ad view through the collection of both post ad serve and ad serve event level data, but further the ability to maintain that offlinecollection of revenues (or lack thereof) can be referenced back to the billing/payment system.



Each of these systems currently utilizes a wide range of event level data to ensure billable quality.  In the US alone, 2011 confidence in these models allowed over 31 billion dollars in advertising and subsequent ad supported services to be provided.   Of note here is that confidence in quality of billable events is distinct from issues of fraud, as most events in need of billing correction do not rise to the level of legal fraud, e.g. a technologist spidering a site and “calling” all resultant CPM ads is not “fraud” on the part of either the technologist or the unknowing website, but is still an event which may be contractually prohibited from billing.  For this reason, exceptions tied to “fraud prevention” are too narrow to maintain confidence in the ecosystem.



Owing to the diversity in techniques used to determinequality, any restriction on the collection and/or use of data which is reasonably stored or processed solely for ensuring the quality of terms of a contract or other agreement as between buyer and seller should not be considered “tracking” and should be out of scope of requirements of a Do Not Track guideline.  Data collected and used under a financial reporting exception, which would otherwise be impacted by this specification, may not be used for any other purpose not covered by this or another exception.



--

Brooks Dobbs, CIPP | Chief Privacy Officer |KBM Group| Part of the Wunderman Network
(Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com<http://kbmg.com>
brooks.dobbs@kbmg.com

[cid:part13.01070806.09020409@networkadvertising.org]

This email – including attachments – may contain confidential information. If you are not the intended recipient,
 do not copy, distribute or act on it. Instead, notify the sender immediately and delete the message.






ATT00001.png
(image/png attachment: ATT00001.png)

ATT00002.png
(image/png attachment: ATT00002.png)

Received on Thursday, 26 July 2012 19:34:50 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:32 UTC