The Senate Homeland Security & Governmental Affairs Permanent Subcommittee on Investigations released a report on May 14, 2014, regarding the security of online advertisements. Entitled “Online Advertising and Hidden Hazards to Consumer Security and Data Privacy,” the report concludes that “the [online advertising] industry contains significant vulnerabilities that cyber criminals have used to initiate malware attacks against consumers, often without the consumers even having clicked on an advertisement.” During the course of its investigation, the bipartisan subcommittee learned that criminals have found methods to circumvent malware scanning processes, target vulnerable consumers and place malware on consumers’ computers and mobile devices through online ads.

The findings of the report state that consumers face exposure to malware throughout the course of their usual activity on the internet. Furthermore, the report found that the complexity of online advertising practices impedes industry accountability for malware attacks, and that self-regulatory bodies have not adequately ensured consumer security. Based on its findings, the report recommends four specific actions:

  1. Establish better practices and clearer rules to prevent online advertising abuses;
  2. Strengthen security information exchanges within the online advertising industry to prevent abuses;
  3. Clarify specific prohibited practices in online advertising to prevent abuses and protect consumers; and
  4. Develop additional “circuit breakers” or checkpoints to ensure malicious ads are intercepted before reaching consumers.

On May 15, 2014, the Subcommittee held a hearing on the findings of the report. Subcommittee Chairman John McCain (R-AZ), who spurred the report, stated in the hearing that “this review is needed to provide greater clarity on what is required of advertising companies to ensure consumer safety, and who should be held responsible when an advertisement harms consumers.” Witnesses at the hearing included representatives from Google and Yahoo, the Federal Trade Commission and online advertising industry trade groups.

Last week, Google and Yahoo launched a new initiative, Trust in Ads, with the goal of protecting consumers from malware hidden in online advertisements. Despite their new initiative, Sen. McCain criticized the two companies, saying they did not do enough to prevent harm to consumers from such malware.

Online privacy and data security is an issue Sen. McCain has been actively involved with for many years. In the 112th Congress, he was the lead co-sponsor to a data privacy bill introduced by then-Senator John Kerry (D-MA) that contained provisions relating to online tracking of consumer habits. Sen. McCain previously served as Chairman of the Senate Commerce Committee which has oversight over online advertising issues.

A number of senators at the hearing, including Sen. Ron Johnson (R-WI), opposed Sen. McCain’s calls for new legislation to address this issue, arguing that Congress and federal regulators are not agile enough to regulate online ads, and that web giants such as Google and Yahoo are in a better position to self-police the industry. The senators also argued in favor of a set of industry-developed best practices for protecting consumers from malicious ads.