Rogers ordered to flush out data miners to NASD Regulation
2002-05-02 09:51 - Street Wire
by Brent Mudry
NASD Regulation Inc., the regulatory arm of the National Association of Securities Dealers, has gone to court to flush out the identities of up to three Rogers Communications Internet subscribers who illegally swiped half or more of the regulator's broker registration database in mid-April. Court documents confirm the large-scale data miners downloaded at least 415,000 of the 850,000 records in the comprehensive database in a five-day period before being blocked out, and subsequently continued the strip mining campaign through other accounts.
NASD Regulation filed a rush petition against Rogers Communications Monday in the Supreme Court of British Columbia in Vancouver, and won a court order in a brief hearing Wednesday, unopposed by Rogers. The court order, approved by Mr. Justice Burnyeat, gives Rogers two days to provide NASD Regulation with a full description of Rogers@home subscribers who unlawfully downloaded broker records from April 15 to April 21, including the names, addresses, phone number and E-mail addresses of these subscribers.
At issue is the public Internet database version of the NASD's Central Registration Depository, or CRD, system, which provides first-level details of current and past brokerage employers of all registered brokers in the United States, and details of their registration particulars.
The NASD's Public Disclosure Program, or PDP, records also alert investors to the and other researchers to the possible existence of "disclosure events," for brokers, generally referring to their regulatory and arbitration histories. If a broker's PDP Web-site record includes a "maybe" flag regarding disclosure events, investors can request a second-level detailed record by mail or E-mail, with such requests processed by NASD Regulation within two days.
In its Canadian court petition, NASD Regulation notes its first-level PDP records are freely available to virtually all Internet users, providing they agree to use the information only for personal and professional, not commercial, purposes.
The detailed terms and conditions of use specifically prohibit data mining. "You agree that you will not use any robot, spider, other automatic device, or manual process to monitor or copy the PDP information in bulk, or to make voluminous, excessive or repetitive requests for information." Users also agree not to bypass any volume-request blocking software, not to interfere with the proper working of the PDP site and not to take any action which imposes an "unreasonable or disproportionately large" load on the site.
NASD Regulation claims that one or more Rogers@home subscribers have breached these terms in recent weeks on a massive scale. "If the current behaviour by the subscriber(s) is permitted to continue, the entire NASD broker employment database may be unlawfully downloaded by the Rogers' subscriber(s) in the near future," states Vancouver lawyer Michael Manson of Smart & Biggar, representing NASD Regulation, in an April 25 letter to counsel for Rogers.
"We are advised that the following IP addresses: 24.156.61.120, 24.42.228.214 and 24.42.228.215 have been using an automated program to extract hundreds of thousands of records from the Website. On or about April 15, 2002, these addresses sequentially retrieved records from the Website at an approximate rate of three records per second, which is a rate that is impossible to achieve manually," states Mr. Manson. (By coincidence, this same day, April 15, Rogers updated its end-user agreement for high-speed Internet subscribers, although it is not clear whether this is relevant to or has any bearing on the NASD Regulation situation.)
Although NASD Regulation technical staff were hot off the mark, it took four days before NASD contacted Rogers. In a sworn affidavit, Karrie Foley, NASD Regulation's vice-president of business technology and integration notes her staff noticed an unusual amount of PDP site activity on April 15. "Our research revealed a 380% increase in the number of hits to the Public Disclosure Current Employment Page, which shows the current employment of every registered securities broker in the United States. Due to this unusual increase, we referred the issue to the technology department of our parent corporation, the NASD."
NASD technology staff reviewed the PDP system logs and discovered the three IP, or Internet Protocol, addresses, had used an automated program to extract broker records en masse. "The three IP addresses retrieved approximately 415,000 records the week of 4/15-4/19, 2002. Additional data mining took place on Saturday, April 20, 2002. There may have been additional activity that our staff did not detect, so the 415,000 figure is a minimum number of records retrieved by the three IP addresses," states Ms. Foley.
NASD staff tracked the master owner of the three IP addresses by contacting the American Registry for Internet Numbers and discovered they were part of a block registered to Rogers@home. The regulator's legal staff finally contacted Rogers on April 19 to complain about the situation and demand the identity of the subscriber(s). The following Monday, April 22, Rogers representative Terry Keenan advised NASD that Rogers was sending a "sternly worded" letter to its mystery subscriber, but Rogers declined to identify the culprit without a court order or subpoena. "The Rogers representative also acknowledged that 121,000 hits to the PDP Website in 2 days seemed 'excessive,'" states a NASD official.
Left unmentioned in court filings is who might want to swipe NASD Regulation's database and what they might want to do with this information.
One golden application, obvious on Howe Street, the centre of dealings for the former Vancouver Stock Exchange, is a broker database for dubious penny stock promotions. Surely no end of promoters in Vancouver, Florida, New York, San Diego, offshore or elsewhere would presumably love to have a detailed list of every registered broker in the U.S.
Even better would be if such a broad list were refined and enhanced to target specific broker profiles, either by geographic region, years in the industry, number of past employers, or otherwise. Many past employers, or a history of working for flaky firms, for example, would be a warmly received by crooked promoters looking for flaky brokers to incentivize. Such a lush database could be made even richer if someone, say a promotional services company, took the effort to add E-mail addresses and direct phone numbers, and qualify these sales leads through initial contacts.
Well-honed boiler room operations, whether in Vancouver, San Diego, or even perhaps Thailand and the Philippines, could then work the phones and drum up buying interest for obscure penny stocks all across the country. While promoters in the world before data mining often concentrated on brokers in one or two cities or regions, making it easier for regulators to flag, investigate and crack suspect promotions, a groundswell of small-scale buying spread randomly across the country, through legions of brokers who don't even know each other, could be better than Stealth bombers at flying below the radar.
The identity of the one, two or three Rogers subscribers will not be a secret for much longer. NASD Regulation should have the names in its hot little hands by Friday morning. Then the real sleuthing work begins.
(c) Copyright 2002 Canjex Publishing Ltd. www.stockwatch.com |
