Mobile Compliance

Unlike emails text messages have a limited lifespan, in that they cease to exist after a period of time.  Since the use of text messaging is increasing, it is inevitable that there will be an increase in lawsuits involving text messages.  In the financial services sector, text messages are seen as a form of electronic communication and need to be treated like emails with regard to the preservation, review, and approval of messages.  It is only a matter of time before all industries are held to this high of a standard.

According to Winchester and Maines writing for The New York Law Journal, “…the party who fails to take appropriate steps to preserve text data and content may face sanctions of spoliation if it can be shown that this information should have been considered reasonably likely to be important at the time it existed.”[i] The strategy of senior executives should be that of preserving corporate profits by mitigating the amount of exposure they have with regard to text messaging.

As citizens we have the right to review what our elected officials are discussing via emails.  However, government officials have been able to skirt the public disclosure laws by conducting communications through text messaging.  According to a reporter, Erica Barnett, she was unable to obtain the text messages for a Seattle City Council member even though the text messages are subject to the same disclosure laws as emails.[ii] Corporations are responsible for ensuring that all electronic communication can be made readily available to regulators, so why shouldn’t our elected officials be held to such high standards?

In 2010, after inquiries made by taxpayers and the media, some senior city officials and five City Council Members of Bell, CA were involved in a pervasive scandal that swindled millions from the tax payers of Bell.  These individuals were paying themselves high salaries and embezzling city funds and they currently face criminal charges.  As a result, the state of California wants to put the city in receivership, but the city cannot come to agreement with the state.  The State Deputy Attorney General, Jim Hines, stated, “Our main goal has been to ensure accountability and transparency in city management until new elections can be held and to do so without imposing high costs…”[iii] If municipalities were required to have a text messaging compliance software package, our elected officials might think twice before conducting fraudulent activities.

Mobile compliance solutions such as TextGuard’s SMS mobile compliance software allow for the collection and filtering of messages in a compliant manner.  This ensures elected officials are held to a high standard where accountability and transparency exists and empowers the everyday citizen to make sure their elected officials act accordingly.  It also allows for prosecutors to obtain evidence of any inappropriate, illegal, or unethical behavior.

[i] New York Law Journal, Harvesting Evidence From the Sea of Text Messages, Alan M. Winchester and Russell E. Maines, October 06, 2010

[ii] Publicola, Council Members’ Text Messages Not Subject to Public Disclosure, Erica C. Barnett, Tuesday, February 23, 2010

[iii] Los Angeles Times, Legal fight looms over control of Bell, Jeff Gottlieb and Ruben Vives, October 14, 2010

Most Companies monitor their employees SMS messages on business owned cell phones as well as email messages legally.  It has become a standard procedure to stay compliant with many of the regulatory mandates by FINRA, HIPAA and the FSA. The importance behind mobile recording and monitoring text messages is to ensure compliance as well as prevention of nefarious communications. Companies use their business phones for personal use which can cost the company a significant amount of money,  not to mention insider trading or any other immoral actions that can be monitored via Email, SMS and MMS.

The private sectors understand the importance of cell phone surveillance and has found it to be a very effective way to thwart any communications which can compromise an organization and its reputation.

But what about the public sector?

Reports suggest that the  David Petraeus case was built off of the discovery of inappropriate e-mails and text messages. Jill Kelley, a close personal friend of Petraeus, received threatening e-mails from an anonymous account and she asked an FBI agent to do some email and text message spying.  The agent discovered that the messages were being sent by Paula Broadwell, Petraeus’s biographer, and had also found e-mail correspondence that revealed the true nature of Broadwell’s relationship with Petraeus.

But why was this process so long? Was it because the top officials are immuned from such things like email and SMS monitoring and are not required to backup their SMS messages?  Does the public sector not take monitoring seriously enough? Does the government only monitor specific people?

This complicated love scandal proves that having one’s  text messages  stored and monitored can be very invasive to the personal life, but it is also necessary to the proper functioning of an organization or business.  It is challenging to keep track of all employees and their activities, but mobile recording and monitoring makes it much easier.

Wall street has realized the importance of Mobile Monitoring, now it’s time for the government to take it a little more seriously.

Whatever programmed thoughts you have about your phone being safe as long as it stays in your pocket—erase them now. The truth is: it is relatively easy to hack into a phone, even if it is smart.

Today, phones aren’t just devices we use to place calls. We use them to transfer money from one bank account to another. We store passwords and personal information on them. We video chat, instant message, play games and more. We are always more attached to our phones than we think. Ever caught that nosy guy sitting next to you on the train catching a not-so-sneaky glimpse of what you were texting, reading or playing on your phone? You were really annoyed, (weren’t you?) even though chances are he had no idea of what you were actually doing.

Because phones are evolving to smartphones and able to do incredible things they weren’t able to before, we are depending on them more than ever. Of course, hackers know this. One easy way to hack into a phone involves only the art of deceit and nothing more. “For instance, a would-be hacker might call you and pose as the phone company saying they need to update your account and need your password. Or the hacker might get enough of your information to call the phone company and pose as you,” says Robert Siciliano, a McAfee consultant and identity theft expert.

In the case that you do get this type of call, remember that your mobile carrier will never call you to ask for a password, even if they are doing an “update.” The general rule you should follow is to never give out passwords or personal information via phone, unless you have actually called first to ask for an update of some sort.

Hackers also know that many carriers still use default passwords for the phones they issue and a good number of people just don’t know to change them. This makes their job super easy—they can simply look up default passwords provided by carriers and use them to their advantage.

The best precaution you can take is to change your password occasionally.

In the widely known News Corp. scandal, “the now-closed News of the World paid bribes to police and intercepted the voice mails of celebrities, politicians and crime victims.” (Aug16th, WSJ) It is extremely likely that these phone hacks intro voicemails involved easy access to default passwords of victims who hadn’t changed them on their phones.

More technically adept hackers may “get a bit of information about your account and send a phishing email purportedly from your carrier asking you to log in. At that point they will have your password and other sensitive information.”

Because smartphones allow applications to be run on them, hackers can easily attach malicious codes to these applications that are downloaded on a daily basis. The “safe-in-my-pocket” thoughts should disappear—your phone doesn’t even need to be seen to be hacked. Be cautious of the applications you download, especially if you’re an Android user. Publishers are allowed to download their applications right into the Android market, so be careful.

The bottom line is: Be cautious about the activity you conduct on your phone. Fewer purchases via a website from your mobile device, fewer risky downloads and more password changes today may mean fewer headaches tomorrow.

Source: http://technewscast.com/technology/tech-buzz/mobile-hacking-how-safe-is-your-smartphone/

The Truth About Jailbroken Phones

First, let me point out that is not illegal to 1. Jailbreak a phone, 2. Use a Jailbroken phone and 3.  Download a Jailbroken application from an app store like Cydia.

On July 26th, 2010 US regulators lifted the cloud of any uncertainty when they announced it was legal to unlock or “jailbreak” an iPhone. The US Copyright Office stated claimed there is “no bias for copyright law to assist Apple in protecting its restrictive business model.”

Jailbreaking an iPhone means hacking into the devices operating system, essentially allowing a user to run applications on the phone that were not necessarily approved by Apple and not available on the iTunes store as a download.

Apple claimed that it was illegal to “unlock” a phone but never took legal action against any of the developers who use jailbroken phones and jailbroken applications downloadable from sites like Cydia which is operated by Jay Freeman, more fondly known in the iPhone “Jailbreak” community as Saurik.

In 2009, The Electronic Frontier Foundation asked regulators to add jailbreaking to a list of explicit exemptions to the Digital Millennium Copyright Act’s anti-circumvention provisions. The Copyright Office agreed with EFF, concluding that, “while a copyright owner might try to restrict the programs that can be run on a particular operating system, copyright law is not the vehicle for imposition of such restrictions.”
Currently, over 10% of all iPhone users are using Jailbroken phones and jailbroken applications today and that number continues to rise every day.
It should be understood that this decision which applies to all smartphones, (not Tablets), does not require mobile device manufactures to allow unlocking or jailbreaking a phone, it just makes it legal to circumvent any controls put in place to block a user from doing it.
Regulators agreed that “the activity of an iPhone owner who modifies his or her iPhone’s firmware/operating system in order to make it interoperable with an application that Apple has not approved, but that the iPhone owner wishes to run on the iPhone, fits comfortably within the four corners of fair use.”
The one disadvantage of jailbreaking an iPhone is that is voids the warranty with Apple.  Apple has declared that presently it will not change this policy and will only honor warranties on non-jailbroken phones.
To gain access to the many jailbroken applications on the market, one must visit Cydia. The iPhone needs to be jailbroken in order to start using the applications and there are many freely available tools courtesy of the hacker group iPhone Dev-Team.

Another important fact to mention is that one can reverse a jailbroken phone by just flashing it back to the base IOS which is done by restoring the original device IOS. For more information on jailbreaking your Apple iPhone, click here.
It’s only a matter of time when businesses realize that using a jailbroken or unlocked Smartphone is not only NOT illegal, but it will be necessary to allow the best and brightest applications to run on the device getting the most widely used communication method in use today for both personal and business purposes. With Mobile Compliance solutions in place, the enterprise can still be protected from lost or stolen phones, as well as monitoring the activity on the Apple iPhone.   Additionally, since 95% of Information Workers use self-purchased technology for work, they will want the freedom to be able to decide what they are allowed to use on the phone they paid for!

With the increase,  (daily) into the enterprise marketplace, Apple’s IOS is missing a major feature prohibiting the use of iPhone’s as it pertains to the Electronic Communications Compliance rules and regulations for archiving and monitoring messages.  Presently, there is no way for a compliance solution like TextGuard to be able to capture the incoming and outgoing messages on the iPhone device.

Companies in every industry face many legal and regulatory challenges when it comes to electronically stored information (ESI) and messaging.  This does not change when that information is on a smartphone or PDA.  All US based companies are required to comply with the E-Discovery requirements of FINRA, FRCP as well as  Sarbanes-Oxley. Several industries impose additional complicated burdens due to sensitivity and risk. The financial services and healthcare industries face the most rigorous requirements and penalties for non compliance.

iPhone has been ranked as the most popular smartphone for both enterprise users as well as consumers.  In fact, the overall consensus is that with the exception of battery life, satisfaction is close to 100%!   However, don’t ask the legal department or compliance administrators at companies who have employees using their iPhones for work.  They continue to be challenged as to how to monitor and archive the SMS messages which are being sent to and from the device.

We continue to (try to) work with Apple in allowing the required API’s for developers / users as well as the carriers who will also benefit from a mobile compliance solution for the Apple iPhone.  Please contact me if you would like to be informed of any updates as things progress.

On November 11, 2010 the Financial Services Authority, “FSA,” produced final rules regarding the use of mobile phones for business.  Consultation Paper, CP 10/7, Taping:  Removing the Mobile Phone Exemption, explicitly states that company used mobile phones must be recorded and stored.  After a number of financial scandals that have rocked the financial services industry, the FSA has finally taken action.   This new change will apply to banks; stockbrokers; investment managers, including hedge fund managers; financial and commodity derivatives firms.[1]

The FSA did take the objections by financial firms under consideration, and as a result, firms will have a year to comply with the new standards and to develop policies and procedures reasonably designed to prohibit the use of non-company issued mobile phones for business purposes.  In addition, the FSA recognizes that firms will need to store huge amounts of data and as a result they limited the record retention time frame of the communications to 6 months.  It is important to note that financial firms will need to determine if their business models require them to be subject to the FSA’s mobile taping rule requirements.

Firms are going to need to conduct a risk assessment and determine who uses company issued mobile devices.  The next issue will be how can companies develop reasonable policies and procedures designed to prevent the use of non-company mobile phones for business purposes?  One way to accomplish this is by having all personnel sign a statement of understanding acknowledging that they have read the new policies and procedures, understand them, and attest that they will not use non-company assets for business purposes.  Within the procedures, firms must explain where these attestations will be maintained and how the policies and procedures will be tested.  If firms use an outside vendor for mobile compliance, the firms should get a statement from the vendor that the data is stored in a write once read many type format and that the vendor has policies and procedures reasonably designed to protect the integrity and security of the data.

Mary Schapiro, the Chairman of the Securities and Exchange Commission, “SEC,” and Lord Turner, the Chairman of the FSA held meetings on November 15^th to discuss cross border regulatory co-ordination.  As more scandals are uncovered and the individuals prosecuted, regulators will push to gain access to more information.  Since the technology exists and the need for such regulation exists, it is only a matter of time before the SEC and State Securities regulators are pushing for similar rules and regulations regarding the use of mobile phones for business purposes.

According to the CTIA–The Wireless Association, by December 2009 Americans sent 1.5 trillion texts on annualized rate.[i] According to the industry, as more smartphones become prevalent in business applications the use of text messages in commerce will only increase.  In addition, more companies are utilizing text messages as a way to keep in touch with their clients.  This increase has not only been in the financial services industry where the speed of information delivery can affect the profitability of a transactions but text messaging has found its way in to other industries such as pharmaceuticals.  In September 2010, Rite Aid decided to allow customers to subscribe to mobile alerts with regard to prescriptions.  More companies will follow this trend; failure to do so might result in a loss of competitive advantage.  As a result, CIO’s must ensure that their companies are compliant with the applicable rules and regulations.  If executives fail to take the risk seriously they may find themselves in the middle of a lawsuit.

The use of text messages has become so prevalent in today’s society that it has started to displace normal forms of communication, i.e. phone calls and physical interaction.  The human resource departments must be aware of this shift and address this in context with their sexual harassment policies.  “Sexting,” an individual could be construed as sexual harassment.  In Calmut County, Wisconsin the District Attorney has resigned over a “sexting” sexual harassment claim.  In 2009, the DA sent sexually explicit to a domestic violence victim in which he was prosecuting the boyfriend, which further victimized the woman.[ii] This type of sexual harassment case will only increase in volume as more people begin to use texting.

So what is a CIO or senior executive to do with regard to corporate policies and procedures?  The first thing all senior executives must do is evaluate their procedures with regard to the use of electronic communication devices.  The next would be to determine what type of electronic infrastructure they currently have and where the potential exposure is.  There are two different routes executives can take: write a set of procedures that forbid the use of such technology in the workplace, which is not practical; or obtain an electronic communications software application and that filters these phones or an application that completely censors this type of text.  One of the leading manufacturers of smartphones, Apple, Inc., has had a patent recently approved which will allow all “sexting” messages to be blocked.[iii]

These filters are only as good as the person that designs them and fail to do the most important thing; they only filter and block, they are not proactive in identifying potential risks and they do not capture pertinent data.  However, compliance solutions such as TextGuard’s SMS mobile compliance software allows for the collection and filtering of messages in a compliant manner.  This enables senior executives to evaluate current trends and gives greater legal protection to the corporation since this type of compliance monitoring indicates that the company reviews such messages for inappropriate behavior, illegal behavior, and unethical behavior.

[i] CTIA–The Wireless Association® Announces Semi-Annual Wireless Industry Survey Results, March 2010, http://www.ctia.org/media/press/body.cfm/prid/1936

[ii] Gannett Wisconsin Media, Jim Collar, October 5, 2010

[iii] Tech Week, Critics Welcome Apple’s Anti-Sexting Technology

A lesson from Wall Street, on September 23, 2010 NYSE’s Commission on Corporate Governance released its report that examines corporate governance.  The report highlighted 10 fundamentals that are absolutely essential in today’s economy and they are as follows:

1. The Board’s fundamental objective should be to build long-term sustainable growth in shareholder value for the corporation;
2. Successful corporate governance depends upon successful management of the company, as management has the primary responsibility for creating a culture of performance with integrity and ethical behavior;
3. Good corporate governance should be integrated with the company’s business strategy and not viewed as simply a compliance obligation;
4. Shareholders have a responsibility and long-term economic interest to vote their shares in a reasoned and responsible manner, and should engage in a dialogue with companies thoughtful manner;
5. While legislation and agency rule-making are important to establish the basic tenets of corporate governance, corporate governance issues are generally best solved through collaboration and market-based reforms;
6. A critical component of good governance is transparency, as well governed companies should ensure that they have appropriate disclosure policies and practices and investors should also be held to appropriate levels of transparency, including disclosure of derivative or other security ownership on a timely basis;
7. The Commission supports the NYSE’s listing requirements generally providing for a majority of independent directors, but also believes that companies can have additional non-independent directors so that there is an appropriate range and mix of expertise, diversity and knowledge on the board;
8. The Commission recognizes the influence that proxy advisory firms have on the markets, and believes that it is important that such firms be held to appropriate standards of transparency and accountability;
9. The SEC should work with exchanges to ease the burden of proxy voting while encouraging greater participation by individual investors in the proxy voting process;
10. The SEC and/or the NYSE should periodically assess the impact of major governance reforms to determine if these reforms are achieving their goals, and in light of the many reforms adopted over the last decade the SEC should consider the expanded use of “pilot” programs, including the use of “sunset provisions” to help identify any implementation problems before a program is fully rolled out. [i]

The above fundamentals not only apply to Wall Street firms but can also be applied throughout the business industry.  A sound corporate governance policy combined with some of today’s technology from compliance solution providers, such as TextGuard will allow companies to operate with greater transparency. For instance, as more people continue to lose their homes, greater attention will be placed on mortgage lenders and their lending practices.  Earlier this year the Attorney General of Illinois filed a lawsuit against two reverse mortgage lenders for predatory lending tactics.[ii] One way for companies to ensure that their representatives are behaving ethically and following the rules, regulations, and laws is by creating a sound technological infrastructure.

One way for companies to ensure that their representatives are behaving ethically and following the rules, regulations, and laws, is by creating a sound technological infrastructure.   TextGuard currently offers two different compliance solutions for companies.  TextGuard’s  Client Edition & Black Berry Enterprise Server Edition, captures SMS texts which provides Risk Governance professionals greater ability in ensuring corporate compliance and mitigating potential risks.  TextGuard’s VoiceGuard product allows for companies to record, archive, and review mobile phone conversations and provides another tool to the Risk Governance professional.

[ii]Illinois Attorney General Press Release, http://www.illinoisattorneygeneral.gov/pressroom/2010_02/20100208.html