“Malvertising”: The Hidden Hazards to Consumers’ Online Security and Data Privacy

Online SecurityToday the Senate Permanent Subcommittee on Investigations of the Committee on Homeland Security and Governmental Affairs held a hearing on “Online Advertising and Hidden Hazards to Consumer Security and Data Privacy.” The hearing, and accompanying investigation report, focused specifically on online advertising and the “data collection processes and security vulnerabilities that have inflicted significant costs on Internet users and American businesses.” The Subcommittee calls this malicious phenomenon “malvertising.”

Today’s hearing heard testimonies from five witnesses in the online advertising field, including representatives from both Yahoo! Inc. and Google Inc. Other representatives included an online self-regulatory organization, an online advertising expert, and an official from the Federal Trade Commission. Senator John McCain, Ranking Member of the Subcommittee and head of the investigation, offered opening remarks. Integral to his remarks was the idea that “consumers who venture into the online world should not have to know more than cyber criminals about technology and the Internet in order to stay safe.”

According to the Subcommittee’s report, “[t]he Internet as a whole, as well as all the consumers who visit mainstream websites, is vulnerable to the growing number of malware attacks through online advertising. While there are many other significant vulnerabilities on the Internet, malware attacks delivered through online advertising are a real and growing problem.” In fact, a recent study released by the security firm Symantec found that “more than half of Internet website publishers have suffered a malware attack through a malicious advertisement.”

Following its investigation the Subcommittee offered six main findings on online advertising:

  1. “Consumers risk exposure to malware through everyday activity[;]
  2. The complexity of current online advertising practices impedes industry accountability for malware attacks[;]
  3. Self-regulatory bodies alone have not been adequate to ensure consumer security online[;]
  4. Visits to mainstream websites can expose consumers to hundreds of unknown, or potentially dangerous, third parties[;]
  5. Consumer safeguards are currently inadequate to protect against online advertising abuses, including malware, invasive cookies, and inappropriate data collection[;]
  6. Current systems may not create sufficient incentives for online advertising participants to prevent consumer abuses.”

Article formerly posted at https://www.hsdl.org/blog/newpost/view/malvertising-the-hidden-hazards-to-consumers-online-security-and-data-privacy