In a court case running since 2007 Australia’s High Court judged Google not responsible for the content of paid ads it presented after an end user’s search request. In the example Reuters gives a car sales company presented itself under the name of a car brand, thus misleading the end user. The Australian Competition and Consumer Commission (ACCC) deemed this misleading advertising by Google and stared a court case. The High Court judged differently.

The eternal question

The question that everything boils down to is: can a consumer (agency) expect from an Internet company to vet each and every customer application. E.g. must Google check each website it shows a link to or that it presents actively before hand?; or on the same level, must she check the built-in security of this website beforehand?; must a domain name registration company check on (the person or organisation behind) each domain name that is requested?; how about each IP address block application?, etc.? The answer is most likely no, as this lays an immense burden on the respective companies. A burden the end user is not prepared to pay for at this stage.

On the other hand, cyber insecurity goes hand in hand with the easy access cyber criminals get through the lack of vetting and protection and costs run high for those inflicted.

Misleading advertising

In this case the ACCC should have contacted and warned or fined the misleading car sales company and not Google, as Google never actively promoted the content this company presented, but presented an advertised and paid for link to this website. Probably the ACCC has done so.

Important questions following the case

I do not know the case in depth, but do have questions to follow up on. What if Google had been actively warned of the misleading advertising and did not respond? Would that change this outcome? Would the mere conduit like verdict of the court still hold up? What about actively advertised adds that lead to websites with malicious code inserted? Through a hack or directly. What if she had been warned for this and did not act? Of course in the final question we go way beyond misleading advertising.

And please do not just read Google here only, but any website running banners, links and adds!

Economics

There is no advantage in moving fast and cleaning up individual acts. Money is made and a costumer, also the malicious one, can move to any competitor any time. In the practice of every day often nothing changes until a policeman or regulatory agency turns up, there is not much of an incentive to change behaviour. A lost customer is a lost customer and a new one for others.

Window of opportunity

Criminals on the Internet act through windows of opportunity on offer. Just like a car door that is unlocked or a window left open attracts a criminal, an unchecked domain name and an insecure website offer opportunities for digital thieves. In other words there is a clear need for a discussion on limiting the window of opportunity without hindering business development and how to ensure a level playing field within countries, the EU, the world. Fact is, and I’m speaking from first hand experience here, if a criminal is hindered enough in his fraud schemes, he’ll move elsewhere. Even on the Internet.

Google has looked at the ramifications of the question behind the court case says Reuters:

“Google has since changed the way it displays its sponsored links in Australia, now clearly labelling them as advertisements on top of search results.

A Google search for Honda Australia on Wednesday displayed paid ads for Honda Australia’s website.”

A good thing, as no matter the outcome of the court case, there are lessons to be learned here for all involved, as Google’s acting shows.

Conclusion

The value of the Australian court case is that there is a general verdict on responsibility on the Internet for presented adds, although it gives nothing but an indication for other countries. It does not offer intrinsic security for misleading advertising and worse. In other words there are some questions left after this verdict in the face of cyber security.

The question the Internet world and governments need to face is, who is made responsible for inducing responsible action if something is clearly wrong? Self regulate or regulate (self regulation)? A fundamental choice is needed.