The Vanishing Click-Fraud Case
A detective novelist might call it The Mystery of the Vanishing Click-Fraud Case.
It began on Mar. 10, 2004, when a computer programmer from Oak Park, Calif., named Michael Anthony Bradley arrived at Google's (GOOG) offices for a prearranged meeting with the company's engineers, according to a criminal indictment filed two years ago in the U.S. District Court in San Jose. Bradley, then 32, proceeded to demonstrate new software, dubbed "Google Clique," designed to generate false clicks on Google ads. Bradley claimed his program could force Google to pay millions of dollars on false clicks and threatened to release it to others unless Google paid him approximately $150,000, according to the indictment.
Law enforcement, tipped off earlier, taped the meeting from the room next door and soon arrested Bradley. It appeared Bradley would become the first person criminally prosecuted for charges related to click fraud, the Achilles heel of the Internet-advertising industry, which costs marketers as much as $1 billion a year (see BusinessWeek, 10/2/06, "Click Fraud").
Google Backs Down
But on Nov. 22, the U.S. Attorney's Office quietly dismissed charges against Bradley. The prosecutors, who had announced the arrest and indictment of Bradley in press releases, refused to discuss why they dropped the case. Defense attorney Jay Rorty declined to comment or make his client available. Attempts to reach Bradley weren't successful. A Google spokesman issued a vague statement: "We continue to work closely with law enforcement in many areas, including click fraud. Individual cases may or may not be pursued by law enforcement at their discretion."
Why did a seemingly strong criminal case simply vanish? A key culprit may have been Google's own unwillingness to cooperate with prosecutors, according to people familiar with the case.
There is little about Google's business that is more closely guarded than the issue of click fraud. Company officials say they take the issue seriously and have zero tolerance for fraudsters who generate bogus clicks on ads in order to profit. The search giant says it detects most fraudulent clicks before advertisers are ever billed and that industry concerns are overblown. But Google won't discuss specifically how it detects bad clicks or what percent it deems fraudulent, only that it's "less than 10%," saying such information could be helpful to would-be scam artists.
"A Black Box"
Critics contend that such secrecy is problematic, because Google and its competitors also make money on fraudulent clicks. Here's how it works: Hundreds of thousands of advertisers that market on Google's search engine also let Google distribute their ads to other Web sites. When an ad is clicked on a partner site, both Google and the Web site operator split the revenue and the advertiser is charged. If such a click is bogus, and gets through the search company's filters, Google still profits, at least in the short run—leaving some in the industry suspicious of its efforts to combat fraud. "Google is a black box," says John Linden, chief technology officer at Think Partnership, an interactive advertising agency.
Whatever the reason, the silence makes prosecutors' jobs harder. In order to prove charges stemming from extortion and click fraud, legal experts say Google would have to pull back the curtain on how it quantifies and grapples with the issue. For instance, prosecutors trying to prove click fraud would have to show specifically how and why clicks allegedly generated by Bradley were deemed fraudulent.
Meanwhile, charges for extortion could open the door to closely held data about the size of this issue for Google. Many industry estimates have put the click-fraud rate at 10% to 15% of all clicks. Google has called the estimates inflated, but won't disclose its own figure.
"You can't charge extortion unless you explain what you're being extorted over," says Peter Henning, a law professor at Wayne State University and a former Securities & Exchange Commission attorney. "You have to show the economic harm being done."
Mum's the Word
By all appearances, Google faced a difficult dilemma. It could risk divulging information about its approach to click fraud and help make a case against Bradley, who faced a maximum penalty of 20 years in prison, according to a Justice Dept. press release. Or, Google could keep its efforts to detect and quantify click fraud a secret, which could allow Bradley to go unpunished.
Google appears to have taken the latter path, which may have several consequences. Would-be fraudsters still have to guess at how Google sifts out bogus clicks. But allowing an alleged scheme to brazenly conduct click fraud to go unpunished could embolden other fraudsters. In addition, it could undermine the confidence of advertisers, who foot the bill for fraudulent clicks.
After all, prosecutors didn't just have Bradley's alleged extortion attempt. They also had detailed descriptions of Google Clique from a Web site allegedly operated by Bradley, according to the indictment. Among the site's statements: "…we have been able to generate in excess of $30,000 per month using Google Clique across 10 [Google] Adsense accounts." Adsense is Google's offering that displays ads on partner Web pages.
Marketers are already anxious about fraud. A study by the Search Engine Marketing Professional Organization (SEMPO) slated for release on Dec. 4 found that 71% of advertisers are "worried" about click fraud, or describe it as a "moderate" or "significant" problem. That's down slightly from a year ago, but still a sizable issue.
Another concern for Google could be its future ability to bring law enforcement to the table on click-fraud issues. If Google was unwilling to cooperate this time, prosecutors may be less willing to press charges in the future. "The next time this comes up, are prosecutors going to listen to you again?" asks Wayne State's Henning.
If that's the case, more was lost in the case of Michael Anthony Bradley than just one alleged perpetrator.