Security news that informs and inspires

Lawmakers Ask FTC to Investigate Data Brokers

By

A group of Congressional lawmakers urged the Federal Trade Commission to investigate ad-tech companies and data brokers who collect and sell consumers’ personal information.

In a letter to FTC Chairman Joseph Simmons, the Senators and Representatives asked the agency to look into whether real-time bidding violated federal laws barring unfair and deceptive business practices. RTB refers to an auction process used in online advertising to decide whose ad is displayed to the user. Hundreds of advertisers take part in the auction and they can all access location data, device identifiers, and general details (such as age and gender) about the potential viewer, even though only the auction winner’s ad will actually be displayed.

Most people do not realize that “companies are siphoning off and storing that ‘bidstream’ data to compile exhaustive dossiers about them,” the letter said. The information is then sold by these data brokers to political campaigns, government agencies and others, without user knowledge or consent.

There have been reports of law enforcement agencies getting information about individuals without first obtaining a warrant or judge order. At least one data broker—Mobilewalla—used “location and inferred race data” to profiled people who likely participated in Black Lives Matter protests, the letter said. Location data acquired in RTB has been used to track people to their places of worship, Rep. Yvette Clarke (D-NY) and Federal Communications Commissioner Geoffrey Starks said in a separate statement.

“This outrageous privacy violation must be stopped and the companies that are trafficking in Americans’ illicitly obtained private data should be shut down,” the lawmakers wrote in the letter.

Hundreds of companies take place in these auctions, which occur in the fraction of a second before the ad is displayed, but the lawmakers said some of these companies are taking part just to harvest data and aren’t interested in delivering ads at all.

“There is no effective way to control these tools absent intervention by regulators and Congress,” the lawmakers argued. “Technological roadblocks, such as browser privacy settings and ad blockers, are routinely circumvented by advertising companies.”

The market for user data, especially location, is highly lucrative, and very few people realize how much information is being collected and packaged to other companies. Companies the user has never interacted with—never visited the site, downloaded the app, or clicked on the ad—may still have detailed information about the user.

“As the letter explains, advertising companies have recklessly allowed personal data, specifically data generated for the purpose of deciding where to place advertisements, to be monetized and siphoned into massive dossiers on Americans and where they exercise their rights to worship and protest,” Clarke said in her statement. “That’s not just alarming; it’s dangerous.”

The fact that people have no idea which companies hold their information was highlighted when Acxiom had a massive data breach of 1.6 billion records back in 2003. Most Americans affected in that breach had likely never heard of Acxiom or known how their information had wound up with that database company in the first place.

The letter was written by Sens. Ron Wyden (D-Ore.), and Bill Cassidy (R-La.) and signed by Sens. Sherrod Brown (D-Ohio), Maria Cantwell (D-Wash.), Edward Markey (D-Mass.), and Elizabeth Warren (D-Mass.), as well as Reps. Anna Eshoo (D-Calif.), Ro Khanna (D-Calif.), Zoe Lofgren (D-Calif.She ), and Yvette Clarke (D-N.Y).