Senators Warn Feebly Regulated Ad Data Is Being Exploited By Governments Worldwide
from the too-profitable-to-care dept
Back when the whole TikTok hysteria was taking root, we noted how people were generally obsessing over the wrong things. Yes, there are concerns about what a Chinese company does with your data. But there was nothing TikTok was doing that was particularly unique in an adtech sector that’s massively complex, sees little meaningful regulatory oversight, isn’t big on the whole ethical behavior thing, operates in many countries with no real internet privacy laws, and is comprised of thousands of foreign and domestic app makers, data brokers, telecoms, tech giants, and others — all dashing toward a hugely profitable trough.
Last week, a bipartisan coalition of lawmakers warned that this entire ecosystem is being exploited by governments around the world. There’s simply so much data being collected, and efforts to secure this data (if you hadn’t noticed from the steady parade of hacks, breaches, leaks, and avoidable fuck ups) aren’t particularly consistent:
“This information would be a goldmine for foreign intelligence services that could exploit it to inform and supercharge hacking, blackmail, and influence campaigns,” a letter signed by Senators Ron Wyden, Mark Warner, Kirsten Gillibrand, Sherrod Brown, Elizabeth Warren, and Bill Cassidy, reads. The lawmakers sent the letter last week to AT&T, Verizon, Google, Twitter, and a number of other companies that maintain advertisement platforms.”
The Senators seemed particularly concerned about “bidstream” data, which offers detailed insights into users and is collected by a long list of companies during the ad auction process, even if said companies don’t win the bid for that particular ad placement. Much like location, clickstream, and other data, bidstream data is then being sold to pretty much any idiot with a nickel, with nothing in the way of meaningful oversight, the lawmakers warned:
“Few Americans realize that some auction participants are siphoning off and storing ‘bidstream’ data to compile exhaustive dossiers about them. In turn, these dossiers are being openly sold to anyone with a credit card, including to hedge funds, political campaigns, and even to governments,” the letter continued.”
Granted as the steady parade of location data scandals routinely show, bidstream data is just a tiny part of this messy ecosystem. And the US government is itself part of the problem. Israeli surveillance companies Rayzone and Bsightful routinely sell this data. Companies like Venntel also sell this data, frequently to US government agencies like ICE. Experts warn that Congressional oversight into this arena is long overdue given the potential for widespread abuse:
“This is a deeply problematic practice when Western governments are abusing the data flows, and it becomes a national security emergency when these same global advertising companies are not vetting their own partners,” Zach Edwards, a researcher who has closely followed the supply chain of various sources of data, told Motherboard in an online chat.
“It’s long overdue for Congress to begin asking the largest tech companies in the world tough questions about their real-time-data-breach technology that underpins global advertising auctions and user data supply chains,” Edwards continued. “Every time a person loads a website or a mobile app, it’s likely that their data is being shared with at least dozens of companies, and when that user is interacting with an app or site with banner ads, typically several thousand companies could be receiving data about that visit in order to give those companies ‘the opportunity to bid to show ads to that user.'”
The US government’s love of ad data as a way to tap dance around warrants reduces any incentive for meaningful oversight of the sector, which is why “investigations” routinely end with few meaningful changes. When you have a universe of connected industries and governments all happily exploiting a single market and lobbying against meaningful change, it begins to make more sense why the US can’t even pass a basic internet privacy law. But it also shouldn’t be hard to see why obsessing exclusively about TikTok (which wound up being more about cronyism than privacy and security) was a waste of time in broader context.