Just a small thing, the Bloomberg privacy breach allegations. There are far weightier matters in search; for example, are evaluations and ratings of search vendors objective? Someone on the LinkedIn Enterprise Search Engine Professional Group even raised the possibility that vendors “pay” for coverage in some consultants’ evaluations of technology.
Well, on to the smaller thing which is labeled this way in the New York Times: “Privacy Breach on Bloomberg’s Data Terminals.” You can located the story in the May 11, 2013, edition of the newspaper. If you look online at http://goo.gl/oeMqA you may be able to view the news story. (Google, no promises because I know how you want every blog post to have continuously updated links, but that’s another issue.)
The main idea seems to have originated with a real journalism operation called The New York Post. This point appears in paragraph six, so it is definitely a subordinate point.
As I understand the allegation, Bloomberg tradition terminals had a function which allowed “journalists to monitor subscribers were promptly disabled.” I think that Bloomberg terminals generate some sort of report which allegedly allowed a journalist to determine if someone had used the terminal. The idea is that no use of a terminal suggests that the person has either moved on, lost his or her hands, or experienced an opportunity to find his / her future elsewhere.
How secure are secure systems. Image source: Sandia.gov at http://goo.gl/NaEBE. Modern methods for accessing digital information are difficult to depict. Paper is tangible. Digital data are just “out there.” Humans assume that if it cannot be seen, the problems associated with what’s “out there” are no big deal. Is this an informed viewpoint?
The Atlantic Wire covered the alleged breach in a story called “Why Billions Are at Stake in the Bloomberg Terminal Privacy Problem.” What I found interesting was that the Atlantic Wire pointed out that the breach allegedly allowed a journalist to determine the “news habits” of Bloomberg terminal users. Is this similar to the type of information which online services extract from users’ Web search histories?
The Atlantic Wire real journalism story noted:
Since Michael Bloomberg, a former partner at Salomon Brothers, starting leasing computer terminals to Wall Street in 1982 (originally under the name Market Master), his boxes, which give subscribers a steady stream of news and market info — have been a common (but pricey) part of any trading office. Bloomberg is a privately held company, so exactly how many terminals it leases is not public. But financial data does [sic] leak out: at the end of last year, the Financial Times reported that Bloomberg has more than 315,000 subscribers. The going price is about $20,000 a year according to the Post. So, an imprecise, back-of-the-envelope calculation puts Bloomberg LP’s terminal subscription revenue at $6.3 billion — which would be the lion share of the company’s reported $7.92 billion in total revenue. This stream of fees has made Michael Bloomberg a very rich man and allowed Bloomberg News to become one of the biggest employers of journalists in the country — meaning Bloomberg is best understood as a terminal company that happens to have a newsroom, cable channel, and weekly magazine.
The Atlantic Wire also pointed out:
The financial world is taking notice. This afternoon, Business Insider reported that similar data access occurred while Bloomberg News was covering massive 2011 losses incurred by JP Morgan Chase due to a rogue trader. That trader, Bruno Iskil, left the firm, which Bloomberg News may have learned about due to its proprietary data. Business Insider spoke with a source at Chase: “They were pretty blatant about saying they noticed if you haven’t logged into your Bloomberg or you haven’t been trading in a while.”
If this 2011 date is accurate, could the use of the feature by a journalist been a little known, but not too tough functions in a complex system?
Several questions occurred to me.
First, are such alleged two-way functions available within other trusted or secure systems? I know that tracking and data mining are hot topics today so the benefits of getting information are likely to be significant. There is too a downside.
Second, the sources report that Bloomberg has apologized. Is this an example of the type of behavior which operates from the premise “It is easier to ask for forgiveness and ask for permission”? I have noticed that this approach characterizes some of the higher profile online information services.
Third, what actions can organizations interested in secrecy going to take to make sure secure systems are secure? My hunch is that marketers will be quick to point out that a competitive system to Bloomberg’s does not cross any lines with regard to privacy. I understand the ease with which the assertion can be made, but exactly how will a licensee know a system is secure. There are some governments working hard to make sure that every system is accessible to authorities. If some governments achieve this objective, what happens in a legal matter? Isn’t the victor becomes the outfit with the most information and the biggest computer system?
I wish I could get more excited about this allegation. The whole notion of systems being marketed in one way and operating in another is not a surprise to me. What’s fascinating is that the industries alleged aggrieved by this Bloomberg matter has a long and colorful history of creating some interesting gray areas with regard to the letter and spirit of the law, trust between clients and those with fiduciary responsibility, and those who are “real” professionals.
I think I will stop thinking about “pay to play” consultant reports and small matters like secure terminals which are allegedly not what licensees were.
Stephen E Arnold, May 11, 2013
Sponsored by Augmentext where objectivity never pokes its nose