- From: Jeffrey Chester <jeff@democraticmedia.org>
- Date: Tue, 31 Jul 2012 16:30:34 -0400
- To: "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>
- Cc: Tamir Israel <tisrael@cippic.ca>, Shane Wiley <wileys@yahoo-inc.com>, Lee Tien <tien@eff.org>, Craig Spiezle <craigs@otalliance.org>, "'Chris Mejia'" <chris.mejia@iab.net>, 'David Wainberg' <david@networkadvertising.org>, 'Jonathan Mayer' <jmayer@stanford.edu>, "public-tracking@w3.org" <public-tracking@w3.org>, 'Nicholas Doty' <npdoty@w3.org>
- Message-id: <AE0FA3E9-4E56-4456-A73E-34B76082B11D@democraticmedia.org>
Brooks and colleagues. Can you also provide details on how, if at all, new attribution methods, as well as emerging approaches to measurement (viewable impressions) impacts any financial reporting/billing requirements, etc. Thanks Jeff On Jul 30, 2012, at 10:48 AM, Dobbs, Brooks wrote: > Maybe it is helpful to back up and look at what contractually is being > sold (CPM as an example). It is NOT impressions; it is a subset of > impressions and it is confidence in this subset. It is impressions which > have been filtered for quality, where a large part of the filtration > occurs on IP address (and other data as well). > > Allow me to digress into a story. Hypothetically in 1995 I knew someone > who wrote a really bad PERL based adserver for the online newspaper where > he worked. One Friday before he left for the weekend, he failed to make > sure there was enough disk space for logging to make it through till > Monday morning. Predictably, sometime late Sunday evening we ran out of > disk space. Knowing the ads at that time where just in simple rotation, > he "fixed" the problem by copying Saturday evening's logs, adding 86,400 > seconds to each event, and appended this to what I actually had for > Sunday. Okay before you act horrified at the crime perpetrated here, know > that we made about $10-15 in ad revenue from 15 clients for the entire > weekend so billing may have been off by pennies. > > The point here is that sites donšt use homegrown PERL logs anymore and we > aren't talking $10, but the core data is the same. Now we use reputable > 3rd parties who participate in audits that look at things like IP > addresses, cookies and UA combos to make sure no one cooked the books or > has even broken terms of contracts like going beyond frequency caps or > delivering campaigns to wrongly targeted GEO codes. Writing down things > like IP address, cookie, referring URL etc may not prevent sophisticated > log editing but they do raise the likelihood of getting caught by auditors > (or clients with their own logs). If all that is written down is: > > [time], [ad], [event] > 12:01:33, Ad ABC, Impression > 12:03:44, Ad ABC, Impression > 12:07:55, Ad ABC, Impression > > > There is not much to audit, not much to convince anyone that no one > "printed" events and not much to prove that all events were "quality" in > terms of what was contracted for. > > > -Brooks > > -- > > Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the > Wunderman Network > (Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com > brooks.dobbs@kbmg.com > > > > This email including attachments may contain confidential information. > If you are not the intended recipient, > do not copy, distribute or act on it. Instead, notify the sender > immediately and delete the message. > > > > On 7/29/12 3:40 PM, "Tamir Israel" <tisrael@cippic.ca> wrote: > >> Shane, >> >> I have not looked into SOX reporting in detail, but at bottom the >> reporting obligations and internal accountability mechanisms seem >> premised on the need to take reasonable steps to ensure accurate >> reporting of assets/transactions. >> >> So if, for example, you can use jonathan/arvind's algorithm to ensure >> that 5,000 advertisements were served and none violated a frequency cap, >> you should have your transaction record w/out need to resort to unique >> ID (assuming the algorithm can work). >> >> Best, >> Tamir >> >> On 7/29/2012 1:02 PM, Shane Wiley wrote: >>> Tamir, >>> >>> We use unique IDs for both the impression and the individual to >>> validate the transaction. I believe this is where the physical world >>> and digital world diverge a bit. The question is if the grocery store >>> collected a user's loyalty information to discount the price of the good >>> received, are they responsible for saving the loyalty card info with the >>> transaction to prove the discount was fairly and legally applied. I >>> believe the answer is yes but haven't asked our Finance team that exact >>> question before. >>> >>> - Shane >>> >>> -----Original Message----- >>> From: Tamir Israel [mailto:tisrael@cippic.ca] >>> Sent: Sunday, July 29, 2012 9:58 AM >>> To: Shane Wiley >>> Cc: Lee Tien; Craig Spiezle; 'Chris Mejia'; 'David Wainberg'; 'Jonathan >>> Mayer'; 'Dobbs, Brooks';public-tracking@w3.org; 'Nicholas Doty' >>> Subject: Re: SOX Requirements RE: ACTION-216 - Financial Reporting >>> "Exceptions" >>> >>> On 7/29/2012 12:22 PM, Shane Wiley wrote: >>>> (b) if so, does the retention requirement apply to the actual >>>> ad-serving transactional records that are generated by users' >>>> interactions with 3rd-party ad networks/companies? >>>> (Part of what I'm asking is what data/records the companies are >>>> currently retaining because of Sarb-Ox compliance -- and also, I think, >>>> the legal standard that defines the compliance line.) >>>> >>>> [Yes - as this is considered a "receipt" of the transaction as it's >>>> the billed element. It's like asking if a grocery store must keep a >>>> record of each item purchased or if they can simply say a customer >>>> spent X in their store. When ads are sold by impression - each >>>> impression must be retained to prove its validity and to be the actual >>>> record of receipt.] >>>> >>>> (c) if so, must the records contain user- or device-identifying >>>> information, or is that unnecessary? >>>> (Again, the legal standard may be ambiguous, but it would be helpful >>>> to know what that legal standard is.... >>>> >>>> [Alteration of a legal record could be considered "evidence tampering" >>>> and therefore companies tend to stay on the conservative side of this >>>> line.] >>> This is where you lose me. If, as Jonathan and others have suggested, it >>> is possible to confirm the # of transactions without unique IDs, why >>> would the SEC care if you are or are not collecting identifiers? To pick >>> up your grocery store example, no one forces Walmart to force customers >>> to present a drivers license as a condition of cash payments.... >>> >>> Best, >>> Tamir >>> > > > Jeffrey Chester Center for Digital Democracy 1621 Connecticut Ave, NW, Suite 550 Washington, DC 20009 www.democraticmedia.org www.digitalads.org 202-986-2220
Received on Tuesday, 31 July 2012 20:31:28 UTC