Bloomberg snooping: Just looking at data can break the law

The Federal Reserve and the US Treasury are investigating whether Bloomberg reporters used the company's terminals to glean inappropriate information about officials' data use. Just viewing the information can be a felony, under federal law.

It worked like a 21st century Trojan horse for journalists.

Using search codes, Bloomberg reporters could tell if clients had logged into their Bloomberg market terminals and what types of functions they had used. With more than 315,000 terminals strategically placed in trading rooms around the world – and at the Federal Reserve, the US Treasury, and at the White House – Bloomberg offered its journalists a wide, if limited, look at what traders and policymakers were interested in.

Further denting Bloomberg's reputation, the Financial Times reported Tuesday that more than 10,000 private messages between traders at the world’s largest banks and their clients were viewable on the Internet for several years.

Bloomberg apologized for the online snooping, which had been going on since the news organization's early days. “The error is inexcusable," Matthew Winkler, editor-in-chief of Bloomberg News, wrote in a Monday editorial announcing that the publication had stopped the practice last month. And the company explained that the private messages, released by the client banks for Bloomberg's internal research, had been accidentally uploaded on the Internet by an employee.

Nevertheless, the fallout for Bloomberg looms large. The financial-data and news organization will have to repair the damage to its reputation among its clients. Then there are legal risks, particularly because reporters may have accessed information about how federal officials, including Fed chairmen and Treasury secretaries, used their terminals.

Such activity could be criminal under the Computer Fraud and Abuse Act (CFAA), even if reporters did nothing with the information, says Nick Akerman, a partner at New York law firm Dorsey & Whitney and an expert on the protection of competitively sensitive information and computer data. The key question is: “Did they access that [data] without authorization?”

There is some precedent for a case like this. In 2010, for instance, Sandra Teague of Iowa was convicted to two years probation under the CFAA for viewing President Obama's student loan records. There was no evidence that she used the data. Employed by a contractor for the US Department of Education at the time, she was found to have exceeded her authorized computer access – a verdict upheld by a federal appeals court in 2011.   

The Federal Reserve and the Treasury Department are reportedly investigating the Bloomberg breach.

Bloomberg could also be liable if, for example, a trading company can prove the snooping hurt its bottom line or a rogue Bloomberg employee misused the information for financial gain, Mr. Akerman says. In 1985, Wall Street Journal columnist R. Foster Winans was convicted of mail and wire fraud for leaking information in his stock column to a stockbroker ahead of publication.

For Bloomberg, a privately owned company, the revelations so far may not cause too much damage to its bottom line. Its terminals offer so much market information that many traders say they would be hard-pressed to use an alternate platform, although several are available. Additional embarrassing revelations, however, could force brokers and government officials to find an information provider they know won't spy on them.