In a Senate subcommittee hearing held Thursday to delve into a newly released report on online advertising and data privacy, Sen. John McCain (R-AZ) gave representatives from Google and Yahoo no quarter. “Suppose some individuals on Yahoo became victims of malware that accessed their bank accounts and took their money. Will Yahoo reimburse them?” McCain asked Yahoo Chief Information Security Officer Alex Stamos.
“We believe that criminals are liable for their actions,” Stamos replied.
“So you as the vehicle have no liability?” McCain countered.
“We work very vigorously to protect our users,” Stamos said.
“But you have no liability,” McCain pressed.
McCain and Sen. Carl Levin (D-MI), leaders of the Permanent Subcommittee on Investigations of the Homeland Security & Governmental Affairs Committee, issued their findings yesterday, charging that self-regulatory bodies such as the Digital Advertising Alliance (DAA) do not adequately address consumer security. The report, “Online Advertising and Hidden Hazards to Consumer Security and Data Privacy,” recommends tighter regulation of the online advertising industry by the Federal Trade Commission and closer scrutiny of who’s placing ads by networks such as Google and Yahoo.
Stamos and Google Senior Product Manager George Salem attempted to inform McCain, the ranking minority member of the subcommittee, that specific data about so-called “malvertising” was still spotty, and that it’s often impossible to determine which individuals are infected with viruses. Salem declared that all ad networks Google deals with had been verified by the company, and that much of the malvertising emanated from criminal elements that successfully masquerade as reputable private companies. When Stamos noted that malware attacks were so widespread that it’s difficult to have accurate data, McCain shot back, “Oh, so you have no accurate data. That’s good!”
The Yahoo and Google witnesses were tossed a life preserver by Wisconsin Republican Ron Johnson, who had a different spin on the criminal liability issue. “Say that someone gets in a cab that has safeguards, but a criminal forces his way in and the passenger gets robbed. Is the cab company liable for that criminal activity?” asked Johnson, who made the point that networks like Yahoo and Google that survive on advertising have a huge incentive to police online data fraud.
“What can government do better than what these private companies can do?” Johnson posited. “My concern is that we’ll enact some legislation with the best of intentions that takes [Yahoo’s and Google’s] eye off the ball by making them comply with regulations.”
Missouri Democrat Claire McCaskill thought that the answer lay in ad networks and marketers doing a better job explaining the terms of Internet usage to consumers. “Part of the problem is that consumers were not brought along early enough in the process to realize that what they’re getting for free comes at the price of advertising. You have to inform them properly about the bargain they’re striking,” she said, aiming her comments at Stamos and Salem. “What would the cost [of the Internet] be if we were to remove advertising? Has anyone tried to quantify that so people would know what they’re getting?”