The Spying Game

I often get strange, tough questions from the clients of my business intelligence and commercial investigation firm, but the recent bombardments highlight a new trend: bloated or irrational paranoia, depending on your take.

Should I stop using emails? Would you recommend a personal VPN (a network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization's network)? Is it safer to discuss in person than over an electronic device?

Just last week, one client pondered whether he should be using the Bloomberg terminal and another questioned if his phone, video and Skype calls were safe. I can't blame them. Just look at the headline news the past week alone:

Bloomberg reporters have been spying for years on how subscribers like bankers and government officials use their Bloomberg terminals, the screens that are ubiquitous in every major financial industry firm.

Then came the news that US Department of Justice officials had secretly seized two months of phone records of up to 20 journalists at the Associated Press in effort to see which government officials they had been speaking to in the effort to get a story on Middle East terrorism.

So now who is spying on whom, you wonder.

I have written about digital spying, cyber security and espionage in this column. As a former journalist covering commercial crimes, I used to sniff for fraud stories by searching for signs of "equities hemorrhage" caused by massive overnight withdrawals by institutional investors. But those data are available to subscribers on the Bloomberg terminals. And I didn't work for Bloomberg or the Associated Press.

So some chats with my Bloomberg sources follow.

The data which Bloomberg allegedly used to spy on how and when subscribers use those terminals were originally designed to help Bloomberg sales staff support their clients - Bloomberg News is the largest supplier of data terminals to Wall Street.

But Bloomberg reporters were exposed to these data during in-house training sessions and were even "encouraged" to use them, according to the sources.

However, they can only check "limited" information such as the "favorite functions" of subscribers like corporate bond trades or equities indices, say in London or Hong Kong but "never" any further details such as the specific ticker number.

Bloomberg reporters can also find out the "status line" of the subscribers through MSG9, the message settings function with which clients can update their status and whereabouts - though not used as often, this allows reporters to know, say if Federal Reserve chairman Ben Bernanke is attending a conference in London tomorrow.

The headlines news about the Bloomberg spying scandal originated from Hong Kong after a complaint from US investment bank Goldman Sachs. Bloomberg has taken prompt action to "shut" that access, according to the sources.

"The error is inexcusable," Bloomberg editor-in-chief Matthew Winkler was reported as saying. "Our reporters should not have access to any data considered proprietary."

The scandal has also prompted regulators to inquire what information Bloomberg reporters may have gathered from their activities. If these include policies in the making, how different is that from espionage? Consider the worst case scenario that some foreign spy agencies may have recruited journalists as agents.

And even if the information gleaned by reporters was limited, such insights no matter how macro were still proprietary and sufficient to give the reporters an idea of the movement of the market and the focus of the subscribers. Corporate espionage concerns aside, Bloomberg clients like investment banks and hedge funds for all their compliance and competitive pressures would certainly not be impressed with such snooping, especially about if and when certain employees have logged in to the terminals.

My client with second thoughts about using Bloomberg terminals has good grounds for concern but the damage is limited since the company has only one subscription shared by several colleagues.

But the Associated Press incident also highlights how vulnerable is our every means of communications.

I have previously discussed some measures one can undertake for security without being a computer nerd with a wide range of technical know-how. For example, remove the SIM card from mobile and smartphones before attending any important and confidential meetings - some companies collect all handheld devices from their executives before they enter a board meeting.

Those VoIP phones in the office can be remotely modified to become a stand-alone voice-recorder even when they are not in use. So it may be good practice to own several spare phones and low-value SIM cards and leave the office for certain conversations.

I have a device that looks like a small electrical charger. In reality, it has a hidden SIM card. If you call that number, this gadget lets you hear all live conversations within the four walls. I know wives would love to hide this device in the luggage of their spouses but it can easily be used for other purposes.

"I will start packing my own luggage from now on," a client swore when he heard about this device.

Now is that bloated or irrational paranoia?

(Vanson Soo runs an independent business intelligence and commercial investigations practice specialized in the Greater China region. Blog: http://vansonsoo.com)