29 Oct How are U.S. telcos playing the targeted advertising game?

Photo by Petr Kratochvil (CC0)

With rampant fears of digital disinformation about the U.S. presidential election and COVID-19 making the rounds, U.S. lawmakers from both parties are seeking to restrict the targeting of political ads online. Legislators like Anna Eshoo, Josh Hawley, and David Cicilline are pushing bills that would tackle ad targeting on platforms like Facebook and YouTube.

We know these and other companies’ algorithms feed users the most attention-getting content, even when it is misleading, hateful, or otherwise harmful to human rights—our spring 2020 report series, It’s the Business Model, looks at this in depth. But by focusing mainly on digital platforms, legislators let a very important player off the hook: U.S. telecommunications companies.

Telecommunications companies (telcos) like AT&T (ranked by RDR), Sprint, Comcast, and Verizon* offer customers different combinations of voice, text, broadband, and cable TV service. This means that they also have the ability to collect and combine customers’ data from multiple streams.

If I subscribe to a bundle of services from AT&T, the company can collect, combine, and correlate data from my internet browsing history, my TV-watching habits, and the infinite riches of my mobile phone activity and location data. On top of all this, AT&aT has my home address and billing information—valuable pieces of data that suggest a lot about what demographic groups I belong to.

Telcos’ access to demographic data allows them to bring a unique level of precision to their calculations about customers’ interests. In the digital advertising world, this information doesn’t just benefit telcos—it can benefit a whole ecosystem of actors (including advertising companies, ad networks, and digital platforms themselves) who want to target specific groups of people with specific interests.

In the 2020 RDR Corporate Accountability Index (due out in February 2021), we will rank digital platforms and telcos on a new set of indicators measuring corporate policies and practices around targeted ads. We apply these indicators to every company we rank that engages in or enables any type of ad targeting, and to every company that shares or sells user data and insights to third parties for any type of advertising or sponsored content.

In our last post, we explained why we decided to apply these standards to both digital platforms and telcos. Here, we’ll get into some of the ways telcos are claiming a piece of the targeted advertising pie.

Selling ads on cable TV
Telcos have long used demographic data to entice advertisers. On cable TV, while television networks claim most of the advertising slots, providers (like Comcast) get a few minutes of ad time per hour as well. Since the 1980s, cable providers have been able to increase the price they charge advertisers for those meager slots by geographically targeting the ads by postal code.

Today, mirroring the techniques of digital platforms like Facebook and YouTube, some telcos are beginning to let advertisers target cable ads on a much more granular level. Telcos are taking into account what they know about each household, based on data they collect from people’s internet behavior, mobile activity, and TV-watching habits. Telcos then target ads accordingly. This means that even if my neighbor and I are both watching Trevor Noah’s show on Comedy Central, we may see different ads during the commercial breaks.

Cable companies Comcast, Charter, and Cox have a partnership called Ampersand under which they synthesize user data in order to target TV ads. They added significant new ad-targeting capabilities—including letting advertisers target on the level of individual households instead of zip code—in time for the ad spending period leading up to the presidential election. For viewers, new systems like this are making the cable TV ad experience feel closer to what happens online. We’re seeing fewer ads for things we’d never buy, but having more of that uncanny feeling of being followed by advertisers who seem to know a lot about our interests.

While there are stronger transparency requirements for ads on television, targeted advertising on cable still could exacerbate the same problems that it has inflamed on social media: misinformation, polarization, and further fracturing of the public sphere.

Selling demographic data for the online targeted-advertising ecosystem
Telcos also sell user data to other players in the targeted-ad market when this proves more profitable than simply using it in-house. While some telcos sell user data outright (as T-Mobile, Sprint, and AT&T were caught doing with location data in the U.S.) others, like Verizon, sell “insights” based on user data. The “first party data” in telcos’ coffers can include mobile users’ location data and internet browsing history.

However, for online advertisers, the most important data from telcos is often their mundane but exceptionally accurate demographic data.

Precise demographic data, such as postal code and income level, adds an incredibly potent ingredient to the digital profiles that are used to target consumers, and can thus compound the very real problems that targeted advertising creates. While advertising companies may be able to target a political ad at certain users based on their online behaviors, they can do this much more precisely when they have users’ demographic data on hand.

Online advertisers and digital platforms often cannot directly access accurate and precise demographic data about users. This means that telcos are providing the industry with the much-needed “truth set” that demographic data represents. When combined with other data collected from data brokers and internet companies surveilling users’ online behavior, the “truth set” provided by telcos can anchor and enhance the value of data collected and inferred by these other actors. As such, telcos are helping online platforms increase their already unprecedented concentration of information and the power that comes with it.

To give an example, I live in a densely populated area of Washington, D.C. Before COVID came along, I either rode my bike or took the Metro to work every day. My mobile provider, AT&T, could probably glean these patterns by combining my location data (which would reveal my frequent Metro rides), my browsing behavior (indicative of my age and interests, like bike-riding), and my address. This would explain why, on the web, I’m less likely to see car ads, and more likely to see ads for Lyft or a local bikeshare. Most TV-based ads are still targeted nationally, by zip code. But when telcos can’t do the targeting themselves, they are more than happy to sell user data to the online advertisers who can take the final leap to targeting specific individuals as they browse the web.

It doesn’t end there. Many telcos also plug their data into parts of the internet-based targeted advertising “stack,” as AT&T has done with its Xandr advertising subsidiary. But, as our research has shown, telcos are hesitant to clearly describe these activities to the public, making it difficult to hold them accountable for these practices.

In European Union countries, the General Data Protection Regulation (GDPR) provides some privacy protection not just against Google and Facebook’s use of data, but against that of telcos as well. But the United States is still struggling to pass such a law.

Convergence…towards what?
This correlation of personal data collected by telcos and digital advertising companies as customers use different services leads to what people in advertising call “convergence”—the ability of an advertiser to use all these data streams to capture audiences “across screens.”

The involvement of telcos is a key driver of this convergence because it brings otherwise inaccessible demographic data streams into the targeted-ad world. When it comes to political campaigns, these systems can enable candidates to ensure that voters see the same messages—misleading and hateful ones included—on every device they own, no matter what services they are using.

We’ve begun evaluating telecommunications’ companies targeted-advertising policies because we worry that the targeted-ad practices of telcos are no less harmful than those used by digital platforms like Google and Facebook.

As the movement to constrain targeted advertising gains momentum, advocates must look more critically at the role that telcos play in this milieu. Wherever it emerges, it is the targeting-advertising business model, more than anything inherent about social media in particular, that is driving many of the problems in our public sphere and that could undermine the integrity of next week’s elections in the U.S.

*Ranking Digital Rights evaluates Verizon Media, which owns Yahoo! Mail and Tumblr. We do not evaluate Verizon’s telecommunications services.

19 Oct Why we rank telcos on their targeted advertising policies

“Digital Marketing” by Wichai Wi from the Noun Project. (CC BY)

Last month, AT&T announced that it may soon roll out a new, low-cost mobile internet plan subsidized by advertising. This came as no surprise to the RDR research team: We’ve been tracking telecommunications companies’ steady push into the mobile ad market for nearly two years.

In the 2020 RDR Index (due out in February 2021), we will rank telcos and digital platforms on a new set of indicators measuring corporate policies and practices around targeted ads.

This move by AT&T is part of an industry-wide trend by telcos to jump into the digital ad market that up to now has been dominated by digital platforms like Google and Facebook. All of the telecommunications companies we rank have ventured into the mobile ad market, tapping into the troves of data and insights they have on their customers in an effort to compete with digital platforms for a slice of the lucrative digital advertising pie.

While digital platforms have been in the much-deserved hot seat for building a business model that trades on user data for profit, telcos thus far have slid under the radar for cashing in on this very same model.

Telcos profit from this data in a variety of ways, only some of which are known to the public. We know that they serve ads to their subscribers via SMS networks, and that they sell user data to third-party ad companies that can influence what kinds of ads subscribers might see on other digital platforms or apps. And we suspect that AT&T’s proposed plan would compound this issue by effectively putting a price on privacy, leaving low-income consumers likely to opt for a mobile plan that subjects them to additional targeted advertising.

All told, we worry that the targeted advertising practices of telcos are no less harmful than those used by digital platforms like Google and Facebook.

For these and other reasons, our new research indicators on targeted advertising are industry-agnostic: We apply them to every company we rank that engages in or enables any type of targeting, and to every company that shares or sells user data and insights to third parties for any type of advertising or sponsored content.

Yet some of the telcos we rank have pushed back on our approach. When we’ve asked for their feedback on our preliminary research, some company representatives have argued that RDR should not evaluate telcos on our targeted advertising indicators—at least not in the same way as digital platforms. They say their SMS-based ad services are more limited in scale and fundamentally different in substance—and less risky, from a human rights perspective—than the kind of ad targeting that is happening on social media and other digital platforms.

The implication is that they are engaged in a more benign form of ad targeting that simply connects commercial retailers with potential customers through SMS-based ads that market footwear or face cream, for example. But they aren’t telling us precisely how ads are bought and sold, or how users’ data is changing hands along the way. We don’t know what we don’t know. But we do know the devil is often in the details.

We recognize that targeting a group of users who might be interested in buying new running shoes is not the same thing as targeting a segment of the population with political messages that could influence who people vote for. But the road from commercial advertising to political disinformation is pretty short: Just ask Facebook, which originally jumped into the online ad game to serve as a platform for retailers and is now one of the planet’s dominant vehicles for political messaging and targeting—with all the problems that this has brought. Indeed, for political campaigns, SMS messaging is gaining ground in the U.S., and has been a major force in other countries like India for the past few years.

Perhaps even more important is the fact that most telcos today are not simply offering SMS-based ads to commercial marketers. They are also selling or sharing user profiles and data with other parties. Data brokers, ad networks, and even political operatives then use that information to target specific individuals with personalized ads on other platforms and around the web. These practices could incur significant harms, putting users’ human rights at risk.

For all these reasons, we expect digital platforms and telcos alike to conduct human rights risk assessments on how their targeted advertising policies could harm the right to information, the right to privacy, and how they could be discriminatory—and to take steps to mitigate those harms. We expect companies to clearly disclose what types of ad targeting is not permitted—including listing restrictions against using certain audience categories, like race, gender, or political affiliation. We expect companies to offer users the ability to opt-in to whether they are targeted at all—targeting should be off by default—and we expect companies to give users the ability to control how their data is being used and shared with any third party that can exploit that information for targeting purposes.

When we pilot tested our indicators on targeted advertising last spring, we even found that telcos are far less transparent about these policies than digital platforms—and yet the human rights risks of their targeted advertising practices are equally grave. These initial findings affirmed our position that telcos need to be held to the same transparency and accountability standards about their targeted advertising policies and practices as digital platforms.

06 Oct Apple must implement anti-tracking features without delay: Joint letter

Customers flood the Apple Store in Hong Kong. Photo by Robert Pastryk via Pixabay, labeled for reuse.

Today Ranking Digital Rights sent a letter to Apple CEO Tim Cook from eight civil society organizations expressing dismay at the company’s decision to delay the implementation of critical privacy protections for iOS 14 until early 2021.

In June, Apple announced plans to roll out a suite of anti-tracking measures for iOS 14, including a requirement that all apps in the App Store ask for users’ permission before tracking them. But soon thereafter, app developers and major companies—Facebook among them—began complaining that the changes would put a dent in their advertising revenues. In September, Apple decided to postpone this privacy protective change until 2021.

Alongside Ranking Digital Rights, signatories to the joint letter include Access Now, Amnesty International, the Electronic Frontier Foundation, Human Rights Watch, the National Hispanic Media Coalition, New America’s Open Technology Institute, and Open MIC (Open Media and Information Companies Initiative).

Collecting people’s data across the internet without their explicit consent violates the human right to privacy and enables discrimination based on user demographics and behavior, including in ways that are illegal. Apps routinely track people’s activities when they use their smartphones, and this often happens without users’ knowledge, much less their consent. To help solve this problem, mobile ecosystem companies—chiefly Apple and Google—should require app developers to be fully transparent about their data collection practices and ensure that users consent to these practices before any of their data is collected.

Apple’s decision to delay these protections validates corporate business models that funnel advertising revenue into companies’ coffers using tracking systems that are on by default, and that users may not be able to opt out of. These data collection practices fuel the surveillance-based influence machine that spreads misleading ads, propaganda, and misinformation across the internet and social media. One month ahead of the U.S. elections and in the midst of an ongoing global pandemic, this will only increase uncertainty for users who are already struggling to find accurate information online.

The delay also runs counter to Apple’s recently announced human rights policy, which pledges an ‘uncompromising commitment to security and user privacy.’ While the delay is a boon for exploitative companies, it is at odds with Apple’s record of pushing the industry to embrace stronger privacy standards, as we reported in the 2019 Ranking Digital Rights Index.

Apple has the opportunity to reinforce its position as an industry leader on protecting the privacy of its users by empowering them to control who can track their online behavior. At the same time, this change can and should enable the company to become more transparent about how it enforces its terms against apps that violate its policies. By delaying the introduction of crucial privacy measures, the company is slowing the momentum it created.

Our letter calls on Apple to make good on the promises embedded in its human rights policy and implement the protections it already announced—not in early 2021, but as soon as possible.