BY KATE STALTER, FOR U.S. NEWS
The debate about privacy versus security that played out last week during FBI Director James Comey’s congressional testimony is a constant concern in the financial services industry, where financial advisors hold detailed client information that is sometimes sought – for nefarious reasons – by third parties.
While the FBI’s ongoing dispute with Apple (ticker: AAPL) is extreme – the government is asking Apple to create a “back door” to its encrypted iPhone system to allow the government to unlock a device used by the perpetrator of fatal shootings in San Bernardino, California, in December – the debate about personal security hits home for many.
Brian Hamburger, an attorney and founder of MarketCounsel, an firm in Englewood, New Jersey, that offers business and compliance consulting to advisors, says the financial services industry has specific concerns about protecting client data.
“The FBI has asked Apple to be the arbiter as to who is good and who is evil, who is worthy of being protected by the technology they are using. Similarly, investment advisers find themselves asked to furnish information to people other than their clients. And while sometimes these requests can seem innocuous, such as a family member trying to help out, it can result in unforeseen problems for the adviser,” he says.
Hamburger cites an example of a request for information that was not what it seemed. “Recently, one of our advisor clients helped facilitate a transfer on behalf of a client that was away on safari, only to come to find out that the request did not emanate from the client, but rather, it was effectuated by a fraudster’s breach of the client’s personal email,” he says.
He says unintended consequences of privacy rules may even prevent advisors from helping clients in certain situations.
“Advisors don’t always have the leeway they need to really help their clients showing signs of diminished capacity. That’s due to stringent privacy rules that render them unable to assist in the manner they’d like by, for example, enlisting the support of third parties. But the privacy rules can’t be written with so many shades of gray. So it leaves investment advisers with bright lines that are not always sympathetic to the human condition,” Hamburger says.
When it comes to the data itself, existing regulations mandate that advisors share information about clients as part of a law-enforcement investigation. Apple and othertechnology companies don’t face the same kind of regulation.
“Existing privacy clauses relate to clients’ personal information being held by the financial advisor,” says Shane Cummings, director of operations at advisory firm Halbert Hargrove in Long Beach, California.
“Registered investment advisors are already regulated, so it’s different. Our technology does not work like Apple, and we do not encrypt our client data in such a way that it blocks even our access to it. Additionally, industry standards for RIAs are very clear on our obligation to respond to government requests. Noncompliance with a government request for information would likely be cause for the RIA firm to be shut down,” Cummings says.
In a letter to customers, Apple CEO Tim Cook explained the firm’s position in its dispute with the FBI:
“The FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software – which does not exist today – would have the potential to unlock any iPhone in someone’s physical possession,” Cook wrote.
He added, “The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a back door. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”
Michael Delgass, an attorney who serves as CEO and managing director of Sontag Advisory in New York, says a government request for data held by an advisor is different from the request for data in an iPhone.
“Apple is arguing that it can’t be forced to do something active, such as create a back door around iPhone security, whereas the advisor would be arguing it can’t be forced to do something relatively passive, such as copy over financial data and provide it to authorities,” he says.
Cummings says the financial services industry has its own concerns about data hacking.
“Hacking attempts, trying to steal people’s identities are already very aggressive and sophisticated,” he says. “An iPhone back door could put a powerful new tool in hackers’ hands if they figured out how to break Apple’s encryption. The financial and consumer industries have already seen very devastating identity theft cases. Putting a ready-made tool in the hands of hackers could make identity theft even easier.”