Sen. John McCain took aim at Google and Yahoo this morning during a Senate hearing on malicious online advertising, stating the companies "have a responsibility to help protect consumers from the potential harmful effects of the advertisements they deliver." The Arizona Republican also indicated the responses of the online ad giants during the hearing will compel him to push harder for legislation protecting consumers against malicious ads.
A Senate report published in conjunction with this morning's Permanent Subcommittee on Investigations hearing suggested ad industry self-regulatory efforts to prevent ads that disseminate viruses and enable cyber attacks are insufficient.
"The consumer is the one party involved in online advertising who is both simultaneously least capable of taking security precautions and forced to bear the vast majority of the cost when security fails. For the future such a model is untenable," said Mr. McCain.
The subcommittee report on "Online Advertising and Hidden Hazards to Consumer Security and Data Privacy" called the efforts of industry trade groups Network Advertising Initiative and Digital Advertising Alliance "limited," noting self-regulations are typically intended to support privacy rather than addressing security breaches.
In its testimony, non-profit group Online Trust Alliance said its research showed malvertising increased over 200% in 2013 reaching more than 209,000 incidents which generated around 12 billion malware ad impressions. Representatives of Google and Yahoo indicated their own internal numbers showed malicious ads were less pervasive.
"Ronald Reagan used to say that facts are stubborn things," said Mr. McCain, calling Google's and Yahoo's claims "a little disturbing." He added, "This heightens my motivation to reinvigorate legislation that we had tried before."
In its testimony, the Federal Trade Commission endorsed enactment of a federal data-security and breach-notification law, in addition to calling yet again for congress to give the commission authority to slap civil penalties in response to data-security breaches. Senator Carl Levin, D-Mich., is among lawmakers supporting the FTC in its request for stronger authority.
The Senate report, which represents interviews with ad networks, exchanges, data brokers, the FTC, self-regulatory groups and consumer advocates, implied that industry self-regulation is biased towards industry. "The self-regulatory bodies prioritize industry representatives over consumer advocates in the standard-setting process," noted the report.
In fact, the report said scanning technologies used by large networks like Google and Yahoo and other digital ad players are "increasingly ineffective." There is a "lack of accountability within the online advertising industry," stated the report.
The Digital Advertising Alliance came under fire from Mr. Levin, who asked DAA Managing Director Lou Mastria why the industry does not offer consumers an opt-in for behavioral advertising, rather than the standard opt-out approach provided by the DAA's privacy program.
"Why not change the code to give them that option?" he asked.
Mr. Mastria indicated that making such a decision is not under DAA's purview.