Yesterday, the U.S. Senate Permanent Subcommittee on Investigations held a hearing on “Online Advertising and Hidden Hazards to Consumer Security and Data Privacy.”  The hearing was based on a year-long investigation into a broader set of issues related to consumer privacy and security on the Internet, which narrowed over time to focus specifically on the online advertising industry and the problem posed by “malvertising,” or advertisement-based malware, which cybercriminals can use to target consumers through online advertising.

The hearing was accompanied by a report jointly authored by Subcommittee Chairman Carl Levin and Ranking Member John McCain.  The report, which focused on the problem of malvertising, highlighted recent malware attacks channeled through well-known websites such as YouTube (owned by Google) and Yahoo!.  The report presented four major recommendations for limiting the risk to consumers posed by malvertising: (1) establishing better practices and clearer rules to prevent online advertising abuses; (2) strengthening security information exchanges within the online advertising industry to prevent abuses; (3) clarifying specific prohibited practices in online advertising to prevent abuses and protect consumers; and (4) developing additional “circuit breakers” to protect consumers once malvertising attacks are discovered.

 

In his opening statement at the hearing, Senator McCain suggested that consumers bear a heavy burden as a result of these malware attacks, to which he claimed even the most technologically savvy consumers are vulnerable.  He also suggested that website publishers that unwittingly host these ads face challenges in protecting the visitors to their sites, because online advertising is typically placed through complex advertising networks over which the publishers lack direct control.  Senator Levin echoed these difficulties in his opening remarks, noting that weak links in the complex chain of actors in the online ecosystem “can be exploited although consumers have done nothing other than visit a mainstream website.”

The hearing consisted of two witness panels.  The first panel consisted of Alex Stamos, Chief Information Security Officer at Yahoo! Inc.; George Salem, Senior Product Manager at Google Inc.; and Craig Spiezle, Executive Director, Founder, and President of the Online Trust Alliance.  Many of the questions addressed to this panel involved the late-2013 and early-2014 malvertising attacks channeled through the Yahoo! and Google websites.  The second panel consisted of Maneesha Mithal, Associate Director, Division of Privacy and Identity Protection of the Federal Trade Commission, and Lou Mastria, the Managing Director of the Digital Advertising Alliance, who focused on potential government-regulatory and industry self-regulatory responses to the challenge posed by malvertising.

A variety of potential approaches to the problem of security with regard to online advertising arose during the course of the two-hour hearing.  Senator McCain repeatedly mentioned the Commercial Privacy Bill of Rights Act of 2011, a bill he introduced in conjunction with then-Senator John Kerry during the 112th Congress that would have developed a regulatory framework under the Federal Trade Commission to establish comprehensive protection of personal data for individuals.  The “safe harbor” provision in that proposed bill, which would shield companies that chose to take effective steps to protect consumer security and privacy, was also referenced in Senator McCain’s opening statement.  Senator Levin suggested an alternative approach, which would require website publishers to notify government regulators when malware attacks or other similar breaches occurred.  Others, including Senators Ron Johnson and Claire McCaskill, touched on the need for voluntary information sharing among website publishers to assist each other in identifying and preventing malvertising attacks, a recommendation also made in the joint report by Senators Levin and McCain. 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Yaron Dori Yaron Dori

Yaron Dori has over 25 years of experience advising technology, telecommunications, media, life sciences, and other types of companies on their most pressing business challenges. He is a former chair of the firm’s technology, communications and media practices and currently serves on the…

Yaron Dori has over 25 years of experience advising technology, telecommunications, media, life sciences, and other types of companies on their most pressing business challenges. He is a former chair of the firm’s technology, communications and media practices and currently serves on the firm’s eight-person Management Committee.

Yaron’s practice advises clients on strategic planning, policy development, transactions, investigations and enforcement, and regulatory compliance.

Early in his career, Yaron advised telecommunications companies and investors on regulatory policy and frameworks that led to the development of broadband networks. When those networks became bidirectional and enabled companies to collect consumer data, he advised those companies on their data privacy and consumer protection obligations. Today, as new technologies such as Artificial Intelligence (AI) are being used to enhance the applications and services offered by such companies, he advises them on associated legal and regulatory obligations and risks. It is this varied background – which tracks the evolution of the technology industry – that enables Yaron to provide clients with a holistic, 360-degree view of technology policy, regulation, compliance, and enforcement.

Yaron represents clients before federal regulatory agencies—including the Federal Communications Commission (FCC), the Federal Trade Commission (FTC), and the Department of Commerce (DOC)—and the U.S. Congress in connection with a range of issues under the Communications Act, the Federal Trade Commission Act, and similar statutes. He also represents clients on state regulatory and enforcement matters, including those that pertain to telecommunications, data privacy, and consumer protection regulation. His deep experience in each of these areas enables him to advise clients on a wide range of technology regulations and key business issues in which these areas intersect.

With respect to technology and telecommunications matters, Yaron advises clients on a broad range of business, policy and consumer-facing issues, including:

  • Artificial Intelligence and the Internet of Things;
  • Broadband deployment and regulation;
  • IP-enabled applications, services and content;
  • Section 230 and digital safety considerations;
  • Equipment and device authorization procedures;
  • The Communications Assistance for Law Enforcement Act (CALEA);
  • Customer Proprietary Network Information (CPNI) requirements;
  • The Cable Privacy Act
  • Net Neutrality; and
  • Local competition, universal service, and intercarrier compensation.

Yaron also has extensive experience in structuring transactions and securing regulatory approvals at both the federal and state levels for mergers, asset acquisitions and similar transactions involving large and small FCC and state communication licensees.

With respect to privacy and consumer protection matters, Yaron advises clients on a range of business, strategic, policy and compliance issues, including those that pertain to:

  • The FTC Act and related agency guidance and regulations;
  • State privacy laws, such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Virginia Consumer Data Protection Act, and the Utah Consumer Privacy Act;
  • The Electronic Communications Privacy Act (ECPA);
  • Location-based services that use WiFi, beacons or similar technologies;
  • Digital advertising practices, including native advertising and endorsements and testimonials; and
  • The application of federal and state telemarketing, commercial fax, and other consumer protection laws, such as the Telephone Consumer Protection Act (TCPA), to voice, text, and video transmissions.

Yaron also has experience advising companies on congressional, FCC, FTC and state attorney general investigations into various consumer protection and communications matters, including those pertaining to social media influencers, digital disclosures, product discontinuance, and advertising claims.