Who, if anyone, should be liable when online advertising
causes the computers of website visitors to become infected with malware? This
past week the
Doubleclick ad network, owned by Google, was found to be injecting malware to
visitors of major websites including Amazon.com and Youtube. While this is
far from the first case of Malvertising, the tactics deployed in the latest
campaign show significant advances in how criminals are exploiting online
advertising networks for their own gain.
Online advertising makes up a significant portion of
revenue for many web properties, but the process of selling ad-space is typically
not done by the content providers themselves. A number of online brokerages,
like Doubleclick, facilitate the purchase, delivery and payments of online
advertising. This brokerage process makes it easy for content providers to gain
a revenue stream by simply setting up an account which specifies the types of
ads display and by including a small code snippet in their site design to
accept the delivery of said ads. A problem arises for the ad-networks, content
providers and consumers, when nefarious individuals use vulnerabilities in the
ad-networks to inject malware into the computers of people who are served these
ads.
While it’s in the business interests of the ad-networks to
have the proper controls in place to weed out malware injections, it’s the
consumers who unfortunately pay when those controls fail. As it stands today there is no
easy remedy for consumer reimbursement for malware removal from either the
ad-networks or the content providers delivering the infected ads. Other
than taking steps to block online advertising using tools like, Adblock Plus, modifying their computers hosts
file, or simply not visiting website displaying ads, there unfortunately is
very little that can be done.
With online advertising being a primary driver of the
Internet as we know it today, is this something that the markets can handle on
their own without government regulation?
