Skip to Content
Global News Select

U.S. Senators Ask Digital-Ad Auctioneers to Name Foreign Clients Amid National-Security Concerns — Update

By Patience Haggin 

A bipartisan group of lawmakers is asking questions about the inner workings of digital advertising amid worries the industry's user-targeting capabilities could pose a threat to national security.

When anyone loads a webpage, a digital-ad auction occurs in seconds to determine which personalized ads the person will see. During that auction, the user's personal data -- including location, browsing history and demographic details -- may be sent to hundreds of companies bidding on the ad slots. The barriers to join these auctions are low, and any company participating in the auction can access user information without having to bid.

On Friday, a group of U.S. senators led by Senate Finance Committee Chairman Ron Wyden (D., Ore.) sent a letter to the largest companies running these auctions -- AT&T Inc., Index Exchange Inc., Alphabet Inc.'s Google, Magnite Inc., OpenX Software Ltd., PubMatic Inc., Twitter Inc. and Verizon Communications Inc. -- asking them what steps they take to make sure companies joining the auctions do so for the sole purpose of buying ad slots.

They also asked the companies to provide the names of all foreign clients who had access to user data through auctions over the past three years.

"As Congress debates potential federal privacy legislation, we must understand the serious national security risks posed by the unrestricted sale of Americans' data to foreign companies and governments," the senators said in the letter, a copy of which was reviewed by The Wall Street Journal. Beyond Sen. Wyden, the letter was signed by Sens. Kirsten Gillibrand (D., N.Y.), Sherrod Brown (D. Ohio), Bill Cassidy (R., La.), Mark Warner (D., Va.) and Elizabeth Warren (D., Mass.).

The information gathered during the ad-auction process -- known in the industry as "bidstream" data -- can be packaged by data brokers, which resell it to companies and governments. Even though all user information available through these auctions is anonymized, it is possible to identify specific individuals by cross-referencing it with other data.

Political campaigns, for instance, have successfully paired location data with voter files to advertise to individuals who have attended certain rallies.

Federal agencies have purchased this personal data and used it to track down suspects without seeking warrants. The nation's Defense Intelligence Agency, the Department of Homeland Security and the Internal Revenue Service have used this data -- without a warrant -- to monitor the locations of individuals through their mobile devices.

"The United States is not the only government with the means and interest in acquiring Americans' personal data," the senators wrote in the letter. "This information would be a goldmine for foreign intelligence services that could exploit it to inform and supercharge hacking, blackmail, and influence campaigns."

Several U.S. government agencies have warned that foreign actors could use data gathered from these auctions to spy on users who work for the military and intelligence community. Last year, the National Security Agency advised military and intelligence-community personnel to disable location-sharing services and turn off advertising permissions on their mobile devices.

Many companies accessing user data during auctions do so under contractual agreement that they won't use the data for any purpose other than bidding on and delivering the ad. In the letter, the senators asked the ad-auction companies how they enforce those contractual restrictions, and requested a list of all companies to whom they had provided data in the past three years who weren't under such restrictions.

In addition, the lawmakers requested a list of every foreign-headquartered or foreign-majority-owned company to whom the ad-auction operators had provided bidstream data in the past three years. They asked the eight companies to answer their questions by May 4.

In a statement Friday, an Index Exchange spokeswoman said the company voluntarily abides by high industry standards. "We look forward to our active involvement in this important process with the US Senate as we continue to evaluate the requests for information outlined," the spokeswoman said.

"PubMatic has been at the forefront of consumer privacy and transparency initiatives and is committed to the promotion of integrity in the digital advertising ecosystem," a spokesman for the company said.

An AT&T spokesman said, "We received the letter and will respond as requested, but we have thorough processes in place to protect the data referenced in the letter."

A Google spokeswoman said the company never sells people's personal information. "And all ad buyers using our systems are subject to stringent policies and standards, including restrictions on the use and retention of information they receive," she said.

A Twitter spokeswoman said the company had received the letter and intended to respond.

Magnite and Verizon didn't respond to requests for comment. OpenX didn't provide comment.

Write to Patience Haggin at patience.haggin@wsj.com

 

(END) Dow Jones Newswires

April 02, 2021 17:57 ET (21:57 GMT)

Copyright (c) 2021 Dow Jones & Company, Inc.

Transparency is how we protect the integrity of our work and keep empowering investors to achieve their goals and dreams. And we have unwavering standards for how we keep that integrity intact, from our research and data to our policies on content and your personal data.

We’d like to share more about how we work and what drives our day-to-day business.

We sell different types of products and services to both investment professionals and individual investors. These products and services are usually sold through license agreements or subscriptions. Our investment management business generates asset-based fees, which are calculated as a percentage of assets under management. We also sell both admissions and sponsorship packages for our investment conferences and advertising on our websites and newsletters.

How we use your information depends on the product and service that you use and your relationship with us. We may use it to:

  • Verify your identity, personalize the content you receive, or create and administer your account.
  • Provide specific products and services to you, such as portfolio management or data aggregation.
  • Develop and improve features of our offerings.
  • Gear advertisements and other marketing efforts towards your interests.

To learn more about how we handle and protect your data, visit our privacy center.

Maintaining independence and editorial freedom is essential to our mission of empowering investor success. We provide a platform for our authors to report on investments fairly, accurately, and from the investor’s point of view. We also respect individual opinions––they represent the unvarnished thinking of our people and exacting analysis of our research processes. Our authors can publish views that we may or may not agree with, but they show their work, distinguish facts from opinions, and make sure their analysis is clear and in no way misleading or deceptive.

To further protect the integrity of our editorial content, we keep a strict separation between our sales teams and authors to remove any pressure or influence on our analyses and research.

Read our editorial policy to learn more about our process.