Does Google Leverage Market Power Through Tying and Bundling?

Edelman, Benjamin. “Does Google Leverage Market Power Through Tying and Bundling?” Journal of Competition Law & Economics 11, no. 2 (June 2015): 365-400.

I examine Google’s pattern and practice of tying to leverage its dominance into new sectors. In particular, I show how Google used these tactics to enter numerous markets, to compel usage of its services, and often to dominate competing offerings. I explore the technical and commercial implementations of these practices, then identify their effects on competition. I conclude that Google’s tying tactics are suspect under antitrust law.

Resuscitating Monitter (teaching materials) with Wei Sun

Edelman, Benjamin, and Wei Sun. “Resuscitating Monitter.” Harvard Business School Case 915-027, April 2015. (Revised December 2015.) (educator access at HBP. request a courtesy copy.)

After a Twitter API change and policy change block his fledgling startup, solo entrepreneur Alex Holt evaluates his options. Should he double-down with a major investment in new servers, rewriting his app from scratch, and charging users for a service that he had prided himself on offering free? Or give up and admit defeat? Was there any middle ground?

Supplement:

Resuscitating Monitter – PowerPoint Supplement (HBP 916701)

Teaching Materials:

Resuscitating Monitter – Teaching Note (HBP 916007)

Beyond the FTC Memorandum: Comparing Google’s Internal Discussions with Its Public Claims

Disclosure: I serve as a consultant to various companies that compete with Google. That work is ongoing and covers varied subjects, most commonly advertising fraud. I write on my own—not at the suggestion or request of any client, without approval or payment from any client.

Through a FOIA request, the Wall Street Journal recently obtained–and generously provided to the public–never-before-seen documents from the FTC’s 2011-2012 investigation of Google for antitrust violations. The Journal’s initial report (Inside the U.S. Antitrust Probe of Google) examined the divergence between the staff’s recommendation and the FTC commissioners’ ultimate decision, while search engine guru Danny Sullivan later highlighted 64 notable quotes from the documents.

In this piece, I compare the available materials (particularly the staff memorandum’s primary source quotations from internal Google emails) with the company’s public statements on the same subjects. The comparison is revealing: Google’s public statements typically emphasize a lofty focus on others’ interests, such as giving users the most relevant results and paying publishers as much as possible. Yet internal Google documents reveal managers who are primarily focused on advancing the company’s own interests, including through concealed tactics that contradict the company’s public commitments.

About the Document

In a 169-page memorandum dated August 8, 2012, the FTC’s Bureau of Competition staff examined Google’s conduct in search and search advertising. Through a Freedom of Information Act (FOIA) request, the WSJ sought copies of FTC records pertaining to Google. It seems this memorandum was intended to be withheld from FTC’s FOIA request, as it probably could have been pursuant to FOIA exception 5 (deliberative process privilege). Nonetheless, the FTC inadvertently produced the memorandum — or, more precisely, approximately half the pages of the memorandum. In particular, the FTC produced the pages with even numbers.

To ease readers’ analysis of the memorandum, I have improved the PDF file posted by the WSJ. Key enhancements: I used optical character recognition to index the file’s text (facilitating users’ full-text search within the file and allowing search engines to index its contents). I deskewed the file (straightening crooked scans), corrected PDF page numbering (to match the document’s original numbering), created hyperlinks to access footnotes, and added a PDF navigation panel with the document’s table of contents. The resulting document: FTC Bureau of Competition Memorandum about Google — August 8, 2012.

AdWords API restrictions impeding competition

In my June 2008 PPC Platform Competition and Google’s "May Not Copy" Restriction and July 2008 congressional testimony about competition in online search, it seems I was the first to alert policy-makers to brazen restrictions in Google’s AdWords API Terms and Conditions. The AdWords API provided full-featured access to advertisers’ AdWords campaigns. With both read and write capabilities, the AdWords API provided a straightforward facility for toolmakers to copy advertisers’ campaigns from AdWords to competing services, optimize campaigns across multiple services, and consolidate reporting across services. Instead, Google inserted contractual restrictions banning all of these functions. (Among other restrictions: "[T]he AdWords API Client may not offer a functionality that copies data from a non-AdWords account into an AdWords account or from an AdWords account to a non-AdWords account.")

Large advertisers could build their own tools to escape the restrictions. But for small to midsized advertisers, it would be unduly costly to make such tools on their own — requiring more up-front expenditure on tools than the resulting cost-savings would warrant. Crucially, Google prohibited software developers from writing the tools once and providing them to everyone interested — a much more efficient approach that would have saved small advertisers the trouble and expense of making their own tools. It was a brazen restriction with no plausible procompetitive purpose. The restriction caused clear harms: Small to midsized advertisers disproportionately used only Google AdWords, although Microsoft, Yahoo, and others could have provided a portion of the desired traffic at lower cost, reducing advertisers’ overall expense.

Historically, Google staff disputed these effects. For example, when I explained the situation in 2008, AdWords API product manager Doug Raymond told me in a personal email in March 2008 that the restrictions were intended to prevent "inaccurate comparisons of data [that] make it difficult for the end advertiser to understand the performance of AdWords relative to other products."

But internal discussions among Google staff confirm the effects I alleged. For example, in internal email, Google director of product management Richard Holden affirmed that many advertisers "don’t bother running campaigns on [Microsoft] or Yahoo because [of] the additional overhead needed to manage these other networks [in light of] the small amount of additional traffic" (staff memo at p.48, citing GOOGWOJC-000044501-05). Holden indicated that removing AdWords API restrictions would pave the way to more advertisers using more ad platforms, which he called a "significant boost to … competitors" (id.). He further confirmed that the change would bring cost savings to advertisers, noting that Microsoft and Yahoo "have lower average CPAs" (cost per acquisition, a key measure of price) (id.), meaning that advertisers would be receptive to using those platforms if they could easily do so. Indeed, Google had known these effects all along. In a 2006 document not attributed to a specific author, the FTC quotes Google planning to "fight commoditization of search networks by enforcing AdWords API T&Cs" (footnote 546, citing GOOGKAMA-0000015528), indicating that AdWords API restrictions allowed Google to avoid competing on the merits.

The FTC staff report reveals that, even within Google, the AdWords API restrictions were controversial. Holden ultimately sought to "to eliminate this requirement" (key AdWords API restrictions) because the removal would be "better for customers and the industry as a whole" since it would "[r]educe friction" and make processes more "efficient" by avoiding time-consuming and error-prone manual work. Holden’s proposal prompted (in his own words) "debate" and significant opposition. Indeed, Google co-founder Larry Page seems to have disapproved. (See staff report p.50, summarizing the staff’s understanding, as well as footnote 280 as to documents presented to Page for approval in relaxing AdWords API restrictions; footnote 281 reporting that "Larry was OK with" a revised proposal that retained "the status quo" and thus cancelled the proposed loosening of restrictions.) Hal Varian, Google’s chief economist, also sought to retain the restrictions: "We’re the dominant incumbent in this industry; the folks pushing us to develop our PAI will be the underdogs trying to unseat us" (footnote 547, citing GOOGVARI-0000069-60R). Ultimately Holden’s proposal was rejected, and Google kept the restrictions in place until FTC and EC pressure compelled their removal.

From one perspective, the story ends well: In due course, the FTC, EC investigators, and others came to recognize the impropriety of these restrictions. Google removed the offending provisions as part of its 2013 commitments to FTC (section II) and proposed commitments to the EC (section III). Yet advertisers have never received refunds of the amounts they overpaid as a result of Google’s improper impediments to using competing tools. If advertisers incurred extra costs to build their own tools, Google never reimbursed them. And Google’s tactics suppressed the growth of competing search engines (including their recruitment of advertisers to increase revenue and improve advertising relevance), thereby accelerating Google’s dominance. Finally, until the recent release of the FTC staff report, it was always difficult to prove what we now know: That Google’s longstanding statements about the purpose of the restrictions were pretextual, and that Google’s own product managers knew the restrictions were in place not to improve the information available to advertisers (as Raymond suggested), but rather to block competitors and preserve high revenue from advertisers that used only Google.

Specialized search and favoring Google’s own services: benefiting users or Google?

For nearly a decade, competitors and others have questioned Google’s practice of featuring its own services in its search results. The core concern is that Google grants its own services favored and certain placement, preferred format, and other benefits unavailable to competitors — giving Google a significant advantage as it enters new sectors. Indeed, anticipating Google’s entry and advantages, prospective competitors might reasonably seek other opportunities. As a result, users end up with fewer choices of service providers, and advertisers with less ability to find alternatives if Google’s offerings are too costly or otherwise undesirable.

Against this backdrop, Google historically claimed its new search results were "quicker and less hassle" than alternatives, and that the old "ten blue links" format was outdated. "[W]e built Google for users," the company claimed, arguing that the design changes benefit users. In a widely-read 2008 post, Google Fellow Amit Singhal explained Google’s emphasis on "the most relevant results" and the methods used to assure result relevance. Google’s "Ten things we know to be true" principles begin with "focus on the user," claiming that Google’s services "will ultimately serve you [users], rather than our own internal goal or bottom line."

With access to internal Google discussions, FTC staff paint quite a different picture of Google’s motivations. Far from assessing what would most benefit users, Google staff examine the "threat" (footnote 102, citing GOOG-ITA-04-0004120-46) and "challenge" of "aggregators" which would cause "loss of query volumes" to competing sites and which also offer a "better advertiser proposition" through "cheaper, lower-risk" pricing (FTC staff report p.20 and footnote 102, citing GOOG-Texas-1486928-29). The documents continue at length: "the power of these brands [competing services] and risk to our monetizable traffic" (footnote 102, citing GOOG-ITA-05-0012603-16), with "merchants increasing % of spend on" competing services (footnote 102, citing GOOG-ITA-04-0004120-46). Bill Brougher, a Google product manager assessed the risks:

[W]hat is the real threat if we don’t execute on verticals? (a) loss of traffic from Google.com because folks search elsewhere for some queries; (b) related revenue loss for high spend verticals like travel; (c) missing opty if someone else creates the platform to build verticals; (d) if one of our big competitors builds a constellation of high quality verticals, we are hurt badly

(footnote 102, citing GOOG-ITA-06-0021809-13) Notice Brougher’s sole focus on Google’s business interests, with not a word spent on what is best for users.

Moreover, the staff report documents Google’s willingness to worsen search results in order to advance the company’s strategic interests. Google’s John Hanke (then Vice President of Product Management for Geo) explained that "we want to win [in local] and we are willing to take some hits [i.e. trigger incorrectly sometimes]" (footnote 121, citing GOOG-Texas-0909676-77, emphasis added). Google also proved willing to sacrifice user experience in its efforts to demote competing services, particularly in the competitive sector of comparison shopping services. Google used human "raters" to compare product listings, but in 2006 experiments the raters repeatedly criticized Google’s proposed changes because they favored competing comparison shopping services: "We had moderate losses [in raters’ assessments of quality when Google made proposed changes] because the raters thought this was worse than a bizrate or nextag page" (footnote 154, citing GOOGSING-000014116-17). Rather than accept raters’ assessment that competitors had high-quality offerings that should remain in search results, Google changed raters’ criteria twice, finally imposing a set of criteria in which competitors’ services were no longer ranked favorably (footnote 154, citing GOOGEC-0168014-27, GOOGEC-0148152-56, GOOGC-0014649).

Specialized search and favoring Google’s own services: targeting bad sites or solid competitors?

In public statements, Google often claimed that sites were rightly deprioritized in search results, indicating that demotions targeted "low quality," "shallow" sites with "duplicate, overlapping, or redundant" content that is "mass-produced by or outsourced to a large number of creators … so that individual pages or sites don’t get as much attention or care." Google Senior Vice President Jonathan Rosenberg chose the colorful phrase "faceless scribes of drivel" to describe sites Google would demote "to the back of the arena."

But when it came to the competing shopping services Google staff sought to relegate, Google’s internal assessments were quite different. "The bizrate/nextag/epinions pages are decently good results. They are usually well-format[t]ed, rarely broken, load quickly and usually on-topic. Raters tend to like them. …. [R]aters like the variety of choices the meta-shopping site[s] seem… to give" (footnote 154, citing GOOGSING-000014375).

Here too, Google’s senior leaders approved the decision to favor Google’s services. Google co-founder Larry Page personally reviewed the prominence of Google’s services and, indeed, sought to make Google services more prominent. For example: "Larry thought product [Google’s shopping service] should get more exposure" (footnote 120, citing GOOG-Texas-1004148). Product managers agreed, calling it "strategic" to "dial up" Google Shopping (footnote 120, citing GOOG-Texas-0197424). Others noted the competitive importance: Preferred placement of Google’s specialized search services was deemed important to avoid "ced[ing] recent share gains to competitors" (footnote 121, citing GOOG-Texas-0191859) or indeed essential: "most of us on geo [Google Local] think we won’t win unless we can inject a lot more of local directly into google results" (footnote 121, citing GOOGEC-0069974). Assessing "Google’s key strengths" in launching product search, one manager flagged Google’s control over "Google.com real estate for the ~70MM of product queries/day in US/UK/De alone" (footnote 121, citing GOOG-Texas-0199909), a unique advantage that competing services could not match.

Specialized search and favoring Google’s own services: algorithms versus human decisions

A separate divergence from Google’s public statements comes in the use of staff decisions versus algorithms to select results. Amit Singhal’s 2008 post presented the company’s (supposed) insistence on "no manual intervention":

In our view, the web is built by people. You are the ones creating pages and linking to pages. We are using all this human contribution through our algorithms. The final ordering of the results is decided by our algorithms using the contributions of the greater Internet community, not manually by us. We believe that the subjective judgment of any individual is, well … subjective, and information distilled by our algorithms from the vast amount of human knowledge encoded in the web pages and their links is better than individual subjectivity.

2011 testimony from Google Chairman Eric Schmidt (written responses to the Senate Committee on the Judiciary Subcommittee on Antitrust, Competition Policy, and Consumer Rights) made similar claims: "The decision whether to display a onebox is determined based on Google’s assessment of user intent" (p.2). Schmidt further claimed that Google displayed its own services because they "are responsive to what users are looking for," in order to "enhance[e] user satisfaction" (p.2).

The FTC’s memorandum quotes ample internal discussions to the contrary. For one, Google repeatedly changed the instructions for raters until raters assessed Google’s services favorably (the practice discussed above, citing and quoting from footnote 154). Similarly, Page called for "more exposure" for Google services and staff wanted "a lot more of local directly into search results" (cited above). In each instance, Google managers and staff substituted their judgment for algorithms and user preferences as embodied in click-through rate. Furthermore, Google modified search algorithms to show Google’s services whenever a "blessed site" (key competitor) appeared. Google staff explained the process: "Product universal top promotion based on shopping comparison [site] presence" (footnote 136 citing GOOGLR-00161978) and "add[ing] a ‘concurring sites’ signal to bias ourselves toward triggering [display of a Google local service] when a local-oriented aggregator site (i.e. Citysearch) shows up in the web results" (footnote 136 citing GOOGLR-00297666). Whether implemented by hand or through human-directed changes to algorithms, Google sought to put its own services first, contrary to prior commitments to evenhandedness.

At the same time, Google systematically applied lesser standards to its own services. Examining Google’s launch report for a 2008 algorithm change, FTC staff said that Google elected to show its product search OneBox "regardless of the quality" of that result (footnote 119, citing GOOGLR-00330279-80) and despite "pretty terribly embarrassing failures" in returning low-quality results (footnote 170, citing GOOGWRIG-000041022). Indeed, Google’s product search service apparently failed Google’s standard criteria for being indexed by Google search (p.80 and footnote 461), yet Google nonetheless put the service in top positions (p.30 and footnote 170, citing GOOG-Texas-0199877-906).

The FTC’s documents also call into question Eric Schmidt’s 2011 claim (in written responses to a Senate committee) that "universal search results are our search service — they are not some separate ‘Google product or service’ that can be ‘favored.’" The quotes in the preceding paragraph indicate that Google staff knew they could give Google’s own services "more exposure" by "inject[ing] a lot more of [the services] into google results." Whether or not these are "separate" services, they certainly can be made more or less prominent–as Google’s Page and staff recognized, but as Schmidt’s testimony denies. Meanwhile, in oral testimony, Schmidt said "I’m not aware of any unnecessary or strange boosts or biases." But consider Google’s "concurring sites" feature, which caused Google services to appear whenever key competitors’ services were shown (footnote 136 citing GOOGLR-00297666). This was surely not genuinely "necessary" in the sense that search could not function without it, and indeed Google’s own raters seemed to think search would be better without it. And these insertions were surely "strange" in the sense that they were unknown outside Google until the FTC memorandum became available last week. In response to a question from Senator Lee, asking whether Google "cooked it" to make its results always appear in a particular position, Schmidt responded "I can assure you, we’ve not cooked anything"–but in fact the "concurring sites" feature exactly guaranteed that Google’s service would appear, and Google staff deliberated at length over the position in which Google services would appear (footnote 138).

All in all, Google’s internal discussions show a company acutely aware of its special advantage: Google could increase the chance of its new services succeeding by making them prominent. Users might dislike the changes, but Google managers were plainly willing to take actions their own raters considered undesirable in order to increase the uptake of the company’s new services. Schmidt denied that such tampering was possible or even logically coherent, but in fact it was widespread.

Payments to publishers: as much as possible, or just enough to meet waning competition?

In public statements, Google touts its efforts to "help… online publishers … earn the most advertising revenue possible." I’ve always found this a strange claim: Google could easily cut its fees so that publishers retain more of advertisers’ payments. Instead, publishers have long reported — and the FTC’s document now explicitly confirms — that Google has raised its fees and thus cut payments to publishers. The FTC memorandum quotes Google co-founder Sergey Brin: "Our general philosophy with renewals has been to reduce TAC across the board" (footnote 517, citing GOOGBRIN-000025680). Google staff confirm an "overall goal [of] better AFS economics" through "stricter AFS Direct revenue-share tiering guidelines" (footnote 517, citing GOOGBRAD-000012890) — that is, lower payments to publishers. The FTC even released revenue share tiers for a representative publisher, reporting a drop from 80%, 85%, and 87.5% to 73%, 75%, and 77% (footnote 320, citing GOOG-AFS-000000327), increasing Google’s fees to the publisher by as much as 84%. (Methodology: divide Google’s new fee by its old fee, e.g. (1-0.875)/(1-0.77)=1.84.)

The FTC’s investigation revealed the reason why Google was able to impose these payment reductions and fee increases: Google does not face effective competition for small to midsized publishers. The FTC memorandum quotes no documents in which Google managers worry about Microsoft (or others) aggressively recruiting Google’s small to midsized publishers. Indeed, FTC staff report that Microsoft largely ceased attempts in this vein. (Assessing Microsoft’s withdrawal, the FTC staff note Google contract provisions preventing a competing advertising service from bidding only on those searches and pages where it has superior ads. Thus, Microsoft had little ability to bid on certain terms but not others. See memorandum p.106.)

The FTC notes Microsoft continuing to pursue some large Google publishers, but with limited success. A notable example is AOL, which Google staff knew Microsoft "aggressively woo[ed] … with large guarantees" (p.108). An internal Google analysis showed little concern about losing AOL but significant concern about Microsoft growing: "AOL holds marginal search share but represents scale gains for a Microsoft + Yahoo! Partnership… AOL/Microsoft combination has modest impact on market dynamics, but material increase in scale of Microsoft’s search & ads platform" (p.108). Google had historically withheld many features from AOL, whereas AOL CEO Tim Armstrong sought more. (WSJ reported: "Armstrong want[ed] AOL to get access to the search innovation pipeline at Google, rather than just receive a more basic product.") By all indications Google accepted AOL’s request only due to pressure from Microsoft: "[E]ven if we make AOL a bit more competitive relative to Google, that seems preferable to growing Bing" (p.108). As usual, Google’s public statements contradicted their private discussions; despite calling AOL’s size "marginal" in internal discussions (p.108), a joint press release quotes Google’s Eric Schmidt praising "AOL’s strength."

A Critical Perspective

The WSJ also recently flagged Google’s "close ties to White House," noting large campaign contributions, more than 230 meetings at the White House, high lobbying expenditures, and ex-Google staff serving in senior staff positions. In an unusual press release, the FTC denied that improper factors affected the Commission’s decision. Google’s Rachel Whetstone, SVP Communications and Policy, responded by shifting focus to WSJ owner Rupert Murdoch personally, then explaining that some of the meetings were industry associations and other matters unrelated to Google’s competition practices.

Without records confirming discussion topics or how decisions were made, it is difficult to reach firm conclusions about the process that led the FTC not to pursue claims against Google. It is also difficult to rule out the WSJ’s conclusion of political influence. Indeed, Google used exactly this reasoning in critiquing the WSJ’s analysis: "We understand that what was sent to the Wall Street Journal represents 50% of one document written by 50% of the FTC case teams." Senator Mike Lee this week confirmed that the Senate Committee on the Judiciary will investigate the possibility of improper influence, and perhaps that investigation will yield further insight. But even the incomplete FTC memorandum reproduces scores of quotes from Google documents, and these quotes offer an unusual opportunity to compare Google’s internal statements with its public claims. Google’s broadest claims of lofty motivations and Internet-wide benefits were always suspect, and Google’s public statements fall further into question when compared with frank internal discussions.

There’s plenty more to explore in the FTC’s report. I will post the rest of the document if a further FOIA request or other development makes more of it available.

How to Launch Your Digital Platform: A Playbook for Strategists

Edelman, Benjamin. “How to Launch Your Digital Platform: A Playbook for Strategists.” Harvard Business Review 93, no. 4 (April 2015): 90-97. (Reprinted in Launch a Start-Up That Lasts, Harvard Business Review OnPoint, Winter 2016.)

Official abstract:

The ubiquity of Internet access has caused a sharp rise in the number of businesses offering platforms that connect users for communication or commerce. Entrepreneurs are particularly drawn to these platforms because they create significant value and have modest operating costs, and network effects protect their position once established–users rarely leave a vibrant platform. But these businesses also raise significant start-up challenges. Every platform starts out empty. Platforms need to immediately attract not only many users but also multiple types of users. For example, it’s not enough that many customers want to book taxis by smartphone. Drivers must also be willing to accept smartphone bookings. Harvard Business School professor Ben Edelman has been studying the dynamics of platform businesses and the strategies for launching them for 10 years. In this article he draws on research on dozens of platform sites and products to offer a framework for building a successful platform business. It involves asking five basic questions: (1) Can I attract a large group of users at once? (2) Can I offer stand-alone value to users? (3) How can I build credibility with customers? (4) How should I charge users? (5) Should my platform be compatible with legacy systems?

Informal introduction:

For online platform businesses, customer mobilization challenges loom large. The most successful platforms connect two or more types of users—buyers and sellers on a shopping portal, travelers and hotel operators on a booking service—and a strong launch usually requires convincing early users to join even before the platform reaches scale. Customers find Skype worth installing only if there are people on the platform to talk to. Who would join PayPal if there were no one to pay? Every platform starts out empty, making these worries particularly acute. For multisided platforms, which need not only many users, but many users of different types, the risk is even greater. It’s not enough for a car-dispatch platform to have a large base of customers who want to book rides by smartphone. It also needs drivers willing to accept those bookings.

Often, a platform’s designer has a workable plan once it achieves an early critical mass of users. If a service had drivers, it could attract passengers, or vice versa. And when we look at the myriad platforms that have overcome these hurdles, it can be easy to assume solutions will present themselves. In fact success is far from guaranteed, and many startups fail at this crucial stage. In an article in next month’s Harvard Business Review, I offer strategies to guide entrepreneurs through this challenge.

Markets with Price Coherence

Edelman, Benjamin, and Julian Wright. “Markets with Price Coherence.” Harvard Business School Working Paper, No. 15-061, January 2015. (Revised March 2015.) (Supplement to “Price Coherence and Excessive Intermediation.”)

In markets with price coherence, the purchase of a given good via an intermediary is constrained to occur at the same price as a purchase of that same good directly from the seller (or through another competing intermediary). We examine ten markets with price coherence, including their origin and outcomes as well as concerns and policy interventions.

Whither Uber? Competitive Dynamics in Transportation Networks

Edelman, Benjamin. “Whither Uber? Competitive Dynamics in Transportation Networks.” Competition Policy International 11, no. 1 (Spring-Fall 2015).

Transportation Network Companies offer notable service advances–but do they comply with the law? I offer evidence of some important shortfalls, then consider how the legal system might appropriately respond. Though it is tempting to forgive many violations in light of the companies’ benefits, I offer a cautionary assessment. For one, I note the incentives that might result, including a race-to-the-bottom as a series of companies forego all manner of requirements. Furthermore, the firms that best compete in such an environment are likely to be those that build a corporate culture of ignoring laws, a diagnosis that finds support in numerous controversial Uber practices. On the whole, I suggest evenhanded enforcement of applicable laws, with thoughtful changes implemented with appropriate formality, but no automatic free pass for the platforms that have recently framed laws and regulations as suggestions rather than requirements.

Bitcoin: Economics, Technology, and Governance

Böhme, Rainer, Nicolas Christin, Benjamin Edelman, and Tyler Moore. “Bitcoin: Economics, Technology, and Governance.” Journal of Economic Perspectives 29, no. 2 (Spring 2015): 213-238.

Bitcoin is an online communication protocol that facilitates virtual currency including electronic payments. Since its inception in 2009 by an anonymous group of developers, Bitcoin has served tens of millions of transactions with total dollar value in the billions. Users have been drawn to Bitcoin for its decentralization, intentionally relying on no single server or set of servers to store transactions and also avoiding any single party that can ban certain participants or certain types of transactions. Bitcoin is of interest to economists in part for its potential to disrupt existing payment systems and perhaps monetary systems as well as for the wealth of data it provides about agents’ behavior and about the Bitcoin system itself. This article presents the platform’s design principles and properties for a non-technical audience; reviews its past, present, and future uses; and points out risks and regulatory issues as Bitcoin interacts with the conventional financial system and the real economy.

A Closer Look at IronSource Installation Tactics with Pat*

In public statements, IronSource promises to "empower software" through "faster" downloads, "smoother" installations, and increased "user trust." It sounds like a reasonable business — free software for users in exchange for advertising.

Yet a closer look at IronSource installations reveals ample cause for concern. Far from facilitating "user trust," IronSource installations are often strikingly deceptive: they promise to provide software IronSource and its partners have no legal right to redistribute (indeed, specifically contrary to applicable license agreements); they bundle all manner of adware that users have no reason to expect with genuine software; they bombard users with popup ads, injected banner ads, extra toolbars, and other intrusions. It’s the very opposite of mainstream legitimate advertising. We are surprised to see such deceptive tactics from a large firm that is, by all indications, backed by distinguished investors and top-tier bankers.

In the following sections, we present two representative IronSource bundles, then offer broader assessments and recommendations.

An IronSource-Brokered "Chrome Browser"

Install a "Chrome Browser" and you wouldn’t expect a bundle of adware. But that’s exactly what we found when we tested an IronSource bundle by that name.

IronSource snares users who are searching for Google Chrome IronSource snares users who are searching for Google Chrome

IronSource landing page repeatedly presents Google's Chrome trademark and logo, giving little indication that users have reached an independent installer. IronSource landing page repeatedly presents Google’s Chrome trademark and logo, giving little indication that users have reached an independent installer.

Installer also lacks any branding of its own, giving little indication that users have reached an independent installer. Installer also lacks any branding of its own, giving little indication that users have reached an independent installer.

IronSource's installer presents a series of screens like this, each touting a separate bundled adware. Eventually a user might notice something amiss -- but no 'cancel' button lets a user reverse the entire process. IronSource’s installer presents a series of screens like this, each touting a separate bundled adware program. Eventually a user might notice something amiss — but no "cancel" button lets a user reverse the entire process.

In testing on October 31, 2014, we began with a Google search for "download google chrome." A large ad promised "Download Google Chrome – Downloadb.net" (title) with details "New Google Chrome(R) 35 Version. Google Chrome 2014. Install Today! Chrome is still fast and loaded with new standard support. -PC Mag". Sublinks below the ad elaborated: "Download the New Version – Get the Latest Chrome(R) – 100% Free Installation". Thus, nothing in the text of the ad gives any suggestion that the ad would take a user to a third party rather than to genuine Google software. The display URL, "google-chrome-install.downloadb.net", might alert sophisticated users — but "downloadb.net" is generic enough that the warning is minimal, and bold type focuses attention on "google-chrome" (matching the user’s search terms).

The resulting landing page did not show anything amiss either. The landing page uses Google’s distinctive Chrome icon twice, as well as the large-type label "Google Chrome." On our standard 1024×768 test PC, no on-screen text offered any logo, any company name, or any product name other than Google Chrome.

We clicked the "Download Free" button to proceed, then run the resulting installer. After a perfunctory first screen (still without any affirmative indication that the software is not a genuine Google offering), the installer began to tout third party software. The installation solicitation was strikingly deceptive. First, the window’s two headings were "Google Chrome" and "Make your selection to continue", plus it repeated the distinctive Google Chrome icon at top-left. Notably, no large type indicated that the software is anything other than genuine Google software. Furthermore, the large scroll box on the right offered the bold-type heading "END USER LICENSE AGREEMENT" — more naturally understood to be a EULA for Chrome, the software the user requested and the software the user expected to receive. Small type at top-left mentioned "Astromedia new-tab add-on," but this could easily be overlooked in light of user expectations, prior statements, window headings, icon, and the EULA box heading. Nor did the bottom disclosure cure the problem: The bottom text mentioned Astromedia only in the second line of a disclosure where it is more likely to be overlooked. In addition, the disclosure’s links (to a EULA and privacy policy the user purportedly certifies having read and accepted) lacked any distinctive color or underline, so users are unlikely to recognize them as links. As a result, users have no reason to know that they are (purportedly) accepting lengthy external documents.

Next, the installer pushed another program, "Framed Display." The screen followed the same template critiqued in the prior paragraph, including deceptive headings, deficient disclosures, and unlabeled links. Moreover, the program name "Framed Display" is itself deceptive — a generic name, a combination of two standard words without secondary meaning, which gives no serious indication of the program’s function, origin, or even the fact that it is third-party software unrelated to Chrome.

The installer then touted two further programs, RegClean Pro and DriverSupport. These at least appeared with logos in the top-left, which might help some users realize that they are being asked to install third-party software. But like the prior screens, these both linked to (and asked users to agree to) contracts presented only via links not formatted as such. Both offers still appeared within a window entitled "Google Chrome," continuing the false suggestion that these programs are affiliated with or endorsed by Google.

Seeing the logos for RegClean and DriverSupport, some users might realize that they have received something other than Google Chrome. But the installer lacked a "Back" button to let a user return to prior screens and revoke the acceptances previously (purportedly) granted.

The install video shows the full install sequence, culminating in various popups, new programs, changed browser settings, and other interruptions. The computer becomes noticeably slower, and most users would find the computer much less useful. In fact we found 2,478 new files created as well as 2,465 registry values created — quite an onslaught. Among the most urgent problems is that, as best we can tell, a user cannot remove the DriverSupport’s window from the screen except by killing the process with Task Manager.

In a remarkable twist, the installer pushes the user to install additional software even after the main installation is complete. In particular, after the user receives the four offers described above, the installer runs a 30+ second download of the various programs to be installed. (In the video, this is 1:16 to 1:50.) The user then sees a "Finish" button. But far from ending the installation solicitations, "Finish" brings a solicitation for yet other adware, MyPCBackup. At the conclusion of an installation and after pushing a button labeled Finish, users naturally and reasonably expect only perfunctory final tasks, not requests to install more unrelated advertising software. Furthermore, the on-screen disclosures say nothing of adware, pop-up ads, or tracking of users’ browsing; and the links to EULA and privacy policy again lack any labeling to alert users that they are clickable. On the whole, users are poorly positioned to evaluate this offer, understand what they are asked to accept, or provide meaningful acceptance. Nor is this installer alone in presenting other solicitations after installation; we’ve seen other IronSource installers try the same scheme.

This bundle constitutes both software counterfeiting and trademark infringement. Contrary to the title of the initial ad and the large-type heading in every screen of the installer, this is not the genuine "Google Chrome" installer that Google provides; rather, it’s a wrapper with all manner of other software from third parties unaffiliated with Google. At every step, the installer features Google’s distinctive "Chrome" brand name and logo with no statement that Google authorized their use. And the installer redistributes Chrome despite a clear admonition, within the standard Chrome Terms of Service, that "You may not … distribute … this Content [Chrome] (either in whole or in part) unless you have been specifically told that you may do so by Google… in a separate agreement." The installer offers no suggestion, and certainly no affirmative statement, that Google has provide any such permission. Indeed, in a telling twist, we found that the installer never even showed the Chrome Terms of Service, contrary to Google’s standard requirement (implemented in all genuine Chrome installers) that users accept the ToS before receiving Chrome.

This bundle is also an objectively bad deal for consumers. A consumer seeking Chrome can easily obtain that exact program, on a standalone basis, without any bundled adware, toolbars, popups, injections, or other extra advertising or tacking. The installer adds nothing of genuine value to users; it delivers only the software that its adware partners pay it to deliver, and the partners pay to have their software delivered to users only because they correctly anticipate that users would not seek to install adware if it were not foisted upon them.

Although the IronSource company name appears nowhere in the installer’s on-screen displays, numerous factors indicate that this is indeed an IronSource installation. For example, installation temporary files include multiple references to "IC", and registry keys were created within the hierarchy HKEY_USERSSIDSoftwareInstallCore. (InstallCore is the IronSource service that provides adware bundling and adware installation.) Other temporary files were created within folders with prefix "ish******", "is**********", and "is*******", best understood as abbreviations for IronSource. Furthermore, while each installer connected to different hosts to obtain installation components, each installer’s hosts included at least one with an IP address used by IronSource (according to standard IP-WHOIS). Host names followed a pattern matching longstanding IronSource practice (as previously reported by, e.g., Sophos), including hosts called cdneu and cdnus, exactly as Sophos reported.

Moreover, it seems that some of the bundled adware is itself made by IronSource. For example, the Astromenda browser plug-in stores its settings in a Windows Registry section entitled SoftwareInstallCore — a fact most logically explained by Astromenda being made by IronSource’s InstallCore.

The Nonexistent "Snapchat Windows" App that Delivers Only Adware

Snapchat fans often wish for a Windows client. No such software exists, but that doesn’t stop an IronSource bundle from claiming to offer one, and thereby bombarding interested users with a variety of adware.

IronSource snares users who are searching for Snapchat. IronSource snares users who are searching for Snapchat.

IronSource landing page repeatedly presents Snapchat's trademark and logo, giving little indication that users have reached an independent installer. In fact there exists no genuine 'Snapchat for PC' software, and IronSource's bundle is most notable for delivering adware. IronSource landing page repeatedly presents Snapchat’s trademark and logo, giving little indication that users have reached an independent installer. In fact there exists no genuine "Snapchat for PC" software, and IronSource’s bundle is most notable for delivering adware.

In testing, we searched for "Snapchat Windows" and clicked an ad claiming to provide the "Latest 2014 PC version" of "Snapchat." The resulting landing page correctly describes Snapchat but says nothing of any bundled adware. Meanwhile, a prominent "McAfee SECURE" Logo purports to certify the trustworthiness of the site, notwithstanding the problems that follow. (We discuss McAfee’s strange role, both flagging this installation and simultaneously certifying it, at the end of this article.)

We clicked "DOWNLOAD NOW" and proceeded to the installer. The first install screen said nothing of any bundled adware. The subsequent screens (second, third, fourth, fifth, sixth) had the same problems detailed above, including lacking distinctive branding for the unrelated third-party software that’s touted, lacking distinctive format on links to contracts users purportedly accept, and lacking back buttons to serve users who realize something is amiss and want to change their mind. Additional shortcomings in this installation:

  • As we repeatedly demonstrated in the install video (1:35 to 1:47, 2:34, 2:47, 3:01), even if a user does click to activate the license, the installer remains superimposed always-on-top in the foreground, thereby blocking a user’s effort to read the document the user is purportedly accepting.
  • For one bundled program (video at 2:19 and 2:29), the agreements are hosted on an inoperational server, which completely prevents any attempt to read them.
  • The text of the installation disclosures is illogical. For example, the disclosure for MyPCBackup adware advises the user to "Click ‘Play’ on the video to see what MyPCBackup can do for you" — but no video or play button is shown.

This installer bundles even more software than the fake Chrome installer detailed above. We found the fake Snapchat bundling Astromenda, Framed Display, RegClean Pro, MyPCBackup, and Weatherbug.

As far as we can tell, the installer never actually provides Snapchat software. Rather, the installer provides unrelated software called BlueStacks (a program which lets users "install" and use Android apps on Windows PC). It’s no surprise that the installer doesn’t provide a Snapchat Windows app, since none exists. Yet this omission undermines the entire value proposition promised to the user. Notably, BlueStacks is itself freely available, without bundled adware.

Similar Installations

We have seen numerous similar installations. These installs share many factors:

  • They grab the attention of users searching leading search engines for common software including popular commercial applications like Adobe Reader, Chrome, Firefox, Flash, Internet Explorer, and Java as well as open source software such as 7zip, GIMP, and OpenOffice.
  • Often, the installations significantly overstate the need for the installation or the benefits it can provide. For example, some installation solicitations falsely claim that a media player is out of date or, as in the Snapchat example above, even promise software that does not actually exist.
  • They use generic domain names (our examples of downloadb.net and downloadape.org are typical) with no affirmative indication that they are not the official distributors of the specified software. Quite the contrary, their text, images, and layout suggest that they are the authoritative sources for the software they promise.
  • They fail to disclose the presence of bundled adware until midway through the download process, and they almost always lack "back" buttons to let a user reverse course once the bundled adware becomes apparent.
  • They fail to disclose the true identity of the companies behind the installs, including using domains with limited or no contact information, as well as domain Whois with privacy protection.

Ultimately, these bundled installations provide users with nothing of genuine value beyond the adware-free installs easily available from the original developers. They are a source of widespread user complaints on software discussion forums, as users with so much adware systematically report that their computers are slow and unreliable.

IronSource’s Responsibility

By all indications, IronSource has the right and ability to control these installations. Installation code is obtained from IronSource servers; the installer EXE acts as a bootstrap, downloading configuration and components at runtime. Indeed, the IronSource installer architecture entails all "creative" materials (such as installation text and images) hosted on IronSource servers, letting IronSource easily accept or reject configuration details.

IronSource is likely to blame third party "partners" for most or all of the defects we have listed, but our analysis indicates that IronSource is importantly responsible. First, IronSource’s servers and systems create the installation bundle; IronSource can easily refuse to create deceptive installations, including refusing to create bundles with names matching well-known software such as "Chrome." Moreover, by IronSource’s own admission, its systems select and optimize the offers presented to users: "InstallCore improves install completion rates by about 32%" with "customized installers [that] reinforce branding and user trust," optimized through "the installer A/B testing tool to continuously improve results." IronSource even indicates that its own staff design installations: "Every branded installer is backed by dedicated graphic designers and a team of UI/UX specialists [who] adjust and continually make improvements that drive more installs." And IronSource itself brokers the relationships between "premium advertisers" (making adware) and software publishers using IronSource installers.

Meanwhile, the apps at issue entail self-evident counterfeiting. It is widely known that Google does not allow third parties to bundle its Chrome browser with adware, and that there is no such thing as a Snapchat Windows app. Even the barest of examinations by IronSource staff would have revealed these implausible titles for the respective installers — red flags that the installations are not what they claim to be.

IronSource’s installers are "bootstraps" that check with an IronSource server before beginning an installation. (IronSource explains that its "installation client downloads in real-time a list of offers" to present to a given user.) By removing or modifying installer configuration files on an IronSource server, IronSource can disable any installer it determines to be deceptive or otherwise improper — even months after that installer was created. Thus, IronSource can easily block further installs using the deceptive practices we have flagged here, as well as similar practices by other installers.

Notably, IronSource’s involvement meets the common law tests for both contributory and vicarious liability, wherein a company is liable for the actions of its partners. Contributory liability arises when a company knows of illicit acts and when it assists in those acts. Here, IronSource surely knows of illicit conduct (including counterfeiting) both because it is obvious and because consumers and rights-holders have complained. IronSource’s knowledge of deceptive installation disclosures is even clearer because by all indications IronSource systems optimized or even designed the installation disclosures. As to IronSource’s assistance, note that IronSource helps partners by entering into agreements with adware providers to be paid to install their software, bundling adware into installers, and designing and optimizing installers. IronSource thus satisfies the tests for contributory liability. Meanwhile, vicarious liability arises when a company has the power to prevent illicit acts and when it benefits from those acts. Here, IronSource can stop the deceptive installations because each installation checks with IronSource servers to obtain adware to be presented to users, which gives IronSource with an easy opportunity to disable an installer. IronSource benefits from the installations because it retains a portion of the payment from adware vendors. IronSource thus also satisfies the test for vicarious liability. In addition, of course, IronSource might itself be directly liable for those acts that it does itself, e.g. designing or optimizing deceptive installations.

TRUSTe Trusted Download Violations

IronSource has sought and obtained TRUSTe Trusted Download certification, which claims to assure that software is "safe" so that users "feel more secure" and proceed with installations. Trusted Download requires compliance with numerous rules, and our inspection reveals that IronSource falls short.

For one, TRUSTe Trusted Download rules specifically prohibit "induc[ing] the User to install, download or execute software by misrepresenting the identity or authority of the person or entity providing the software." See rule 14.g. IronSource might argue that if any such misrepresentation occurred, it was made by an IronSource distributor, publisher, or other partner, but not by IronSource itself. But rule 14.j disallows certified software from being included in any bundle with software engaging in violations of any portion of rule 14. So even if it was IronSource’s partners who violated rule 14.g, their violation put IronSource in violation of rule 14.j.

Furthermore, TRUSTe Trusted Download requires disclosures that go well beyond what these installs actually provide. For example, rule 3.a.i.2 requires "prominent link[s]" to all reference notices providing full terms and conditions, whereas the examples above show links not labeled as such (without distinctive color or underlining), and thereby prevent users from recognizing the links as such. We also question whether IronSource partners’ changes of user browser configuration (home page, toolbars, etc.) satisfy the requirement of 3.a.i.1.A-D.

Here too, IronSource might argue that its distributors, publishers, or other partners are responsible for these violations. But Trusted Download rules specifically speak to a company’s responsibility for its partners’ disclosures. See rule 9. Under rule 9.a, IronSource is required to establish contractual provisions in agreements with partners to assure compliance with TRUSTe’s rules. Under 9.d, IronSource must demonstrate to TRUSTe that it has an effective process for assuring compliance. Under 9.e, IronSource must itself monitor compliance and report any known noncompliance to TRUSTe; failure to report is itself a violation.

A further violation comes from IronSource’s detection of virtualization environments where its software may be tested. Trusted Download rule 2.c.viii requires that certified software be compatible with virtualization tools such as VMware to facilitate testing. In contrast, IronSource systematically declines to show adware offers — its raison d’être — when running in virtualization environments. If TRUSTe tested IronSource using VMware, TRUSTe staff would see none of IronSource’s deceptive installation solicitations, and they would reach a mistaken assessment of IronSource’s purpose and effect.

We have forwarded these violations to TRUSTe and urged TRUSTe to revoke the certification of IronSource. Given the nature and scope of the violations, we suggest revocation without permission to reapply. TRUSTe’s distinguished members and Trusted Download founding supporters (including AOL, Verizon, and Yahoo) wouldn’t want to be associated with a company engaged in software counterfeiting, trademark infringement, adware bundling, and the other practices we have presented.

Violations of Other Industry Rules for Software Practices

Beyond TRUSTe, several key firms and industry groups offer standards for software practices. IronSource installations systematically fall short.

For example, Google’s Software Principles require "upfront disclosure" of the programs to be installed and their effects, whereas these IronSource installations disclose the programs one at a time — the very opposite of "upfront." Furthermore, Google’s "keeping good company" principle disallows bundling an app with others that violate Google’s principles and simultaneously blocking any IronSource attempt to deflect responsibility to others. Meanwhile, Google’s AdWords Counterfeit Goods policy prohibits any attempt to "pass [something] off as a genuine product of [a] brand owner," thereby disallowing IronSource installations that claim to be Google, Snapchat, or the like. Google’s AdWords Misrepresentation policy requires that an advertiser "first provid[e] all relevant information and obtain… the user’s explicit consent" (emphasis added) before prompting users to begin a download, whereas these IronSource installations include no such disclosures on landing pages and disclose bundled apps one by one during the installer. Other Google requirements ban deceptive domain names and display domains as well as unauthorized distribution of copyrighted content, which also occur here. We see strong arguments that IronSource installs fall short of each of these requirements.

Microsoft’s Bing has similar Editorial Guidelines, which these installations similarly violate. For example, Microsoft’s intellectual property guidelines disallow promoting counterfeit goods and further disallow copyright infringements (such as redistribution of another company’s software without its permission). Microsoft’s misleading content guidelines prohibit deceptive suggestions about a site’s relationship with a product provided by others and requires an explicit disclosure of that fact. Microsoft further limits use of brands and logos which tend to give a false sense of authorization. Microsoft’s software guidelines add special rules for installations including requirements for the timing and substance of disclosures, and Microsoft specifically bans adding additional software to a package produced by someone else. We see strong arguments that IronSource installs fall short of each of these requirements.

Facing these and other requirements, it’s hard to see how IronSource could claim to comply. In response, Google and Microsoft should ban IronSource from advertising through their respective search engines. They should enforce that ban both through diligent checks and through "cease and desist" orders advising IronSource and its partners and affiliates not to attempt to buy advertising through intermediaries or other company names.

The Role and Responsibility of Investors

IronSource’s efforts to date have relied on significant support from investors. Specific investors apparently decline to be listed (perhaps anticipating unwanted scrutiny like this article). But the Wall Street Journal reports that JP Morgan and Morgan Stanley are serving as bankers and raised $80 to $100 million in August 2014. IronSource reportedly plans an IPO for 2015 with anticipated valuation of $1.5 billion.

We wonder whether investors fully understand IronSource’s activities, users’ distaste for adware, and the lurking risks if users, software rights-holders, search engines, and others seek to block IronSource’s activities. Suppose, for example, that Google banned all IronSource installations from advertising in AdWords — a reasonable decision based on the deceptive installations flagged here. A few large losses like this could put a major crimp in IronSource’s plans.

Interest from investors also opens IronSource to new forms of vulnerability and accountability. A decade ago, notorious adware vendor Direct Revenue succeeded in raising significant funds from investors, some of whom later found their computers running Direct Revenue adware. In a notable email, Barry Osherow of TICC sought personal assistance from Direct Revenue CEO Joshua Abram in removing unwanted Direct Revenue adware. In another, a consumer complained to Insight Partners about their funding of Direct Revenue. Insight’s Ben Levin passed the message on to managing director Deven Parekh who instructed that Insight be removed from Direct Revenue’s web site. Deven specifically worried that “all I need is Bob Rubin getting this email,” referring to the former Secretary of the Treasury who later became a special limited partner at Insight. (These emails and hundreds of others became publicly available when the New York Attorney General sued Direct Revenue and released selected business records.) In my view, these investors were correct to worry that their adware would attract unwanted public scrutiny, and that risk remains for current adware investors.

Co-author Edelman has updated his Investors Supporting Spyware page to list IronSource and known information about its investors and bankers.

Next Steps

IronSource boasts that its installation service "installs better" in that it "improves install completion rates by about 32%." IronSource attributes increased installations to solving technical problems. But another plausible reason for more installs is that IronSource and its partners resort to exceptional deception including disguising their software as coming from others, presenting disclosures that are at best incomplete, and otherwise pushing the limits in foisting advertising software few users would willingly accept. In that context, a higher installation rate is nothing to celebrate; more installs just mean more users infected with unwanted adware.

To bring an end to these practices, a natural first step is to enforce existing rules for advertising standards and practices. Having established Trusted Download to check for this kind of misbehavior, TRUSTe is particularly well positioned to take action based on the violations detailed above. TRUSTe should at least revoke its erroneously-granted certification and perhaps also post an affirmative statement of noncompliance. Google and Microsoft should similarly ban these IronSource installations from their respective search engines.

Computer security companies appear to have at best partial success at detecting both IronSource and the additional programs that IronSource bundlers install. For example, on December 15, 2014, Mozilla blocked the Astromenda Search Addon (included in both bundles presented above) from being installed into any Firefox browsers, reporting that "This add-on is silently installed and is considered malware, in violation of the Add-on Guidelines." That said, IronSource quickly moved to pushing new toolbar, this time labeled Vosteran, with similar functionality. As of the posting of this article, Vosteran has not been blocked by Mozilla. For a broader assessment of security companies’ assessment of IronSource software, we used VirusTotal to check detections of the fake Snapchat installer described above. VirusTotal reported just 14 of 54 security programs detecting it as unesirable software. For example, McAfee detected it, but Microsoft and Symantec did not.

We are particularly struck by McAfee’s inconsistent approach to IronSource software. On one hand, as we note above, McAfee was one of a minority of security vendors that detected IronSource’s fake Snapchat app, so if a McAfee user attempts to install the app, a warning will protect the user. That said, McAfee SiteAdvisor’s online safety tool inexplicably fails to detect downloadape.org, the site hosting the installer. (Disclosure: co-author Edelman previously served as an advisor to SiteAdvisor, but has had no connection to the product or McAfee since 2010.) In addition, as we note above, the fake Snapchat landing page features a prominent "McAfee SECURE" logo which purports to certify the trustworthiness of the site. Once McAfee’s software flagged the app as untrustworthy — correctly, in our view — we think SiteAdvisor’s page should have been updated and any McAfee SECURE certification should have been rescinded.

We and others have been fighting adware for more than a decade. But with capable and well-funded adversaries like IronSource pushing adware through new and creative tactics, there’s ample work left to do.

* – Pat participated as an equal coauthor but prefers to be listed only with his first name.

Reinventing Retail: ShopRunner’s Network Bet (teaching materials) with Karen Webster

Edelman, Benjamin, and Karen Webster. “Reinventing Retail: ShopRunner’s Network Bet.” Harvard Business School Case 915-002, August 2014. (Revised March 2015.) (educator access at HBP. request a courtesy copy.)

ShopRunner considers adjustments to improve its online shopping service which offers no-charge two-day shipping as well as easy returns and other conveniences. Competitors’ diverse pricing models and ancillary benefits raise questions about how to structure and price ShopRunner’s offering. Meanwhile, an investment from Alibaba presents new opportunities in China but risks distraction from the core business.

Teaching Materials:

Reinventing Retail: ShopRunner’s Network Bet – Teaching Note (HBP 915023)

Risk, Information, and Incentives in Online Affiliate Marketing

Edelman, Benjamin, and Wesley Brandi. “Risk, Information, and Incentives in Online Affiliate Marketing.” Journal of Marketing Research (JMR) 52, no. 1 (February 2015): 1-12. (Lead Article.)

We examine online affiliate marketing programs in which merchants oversee thousands of affiliates they have never met. Some merchants hire outside specialists to set and enforce policies for affiliates, while other merchants ask their ordinary marketing staff to perform these functions. For clear violations of applicable rules, we find that outside specialists are most effective at excluding the responsible affiliates, which we interpret as a benefit of specialization. However, in-house staff are more successful at identifying and excluding affiliates whose practices are viewed as “borderline” (albeit still contrary to merchants’ interests), foregoing the efficiencies of specialization in favor of the better incentives of a company’s staff. We consider the implications for marketing of online affiliate programs and for online marketing more generally.