Opinion

Stories I’d like to see

Lying to the SEC, A-Rod’s contract, and everybody gets hacked

By Steven Brill
February 5, 2013

1.      Suppose a college applicant did this?

Here’s a story that seems so bizarre that it might be good material for a Tom Wolfe re-do of The Bonfire of the Vanities rather than worth the time of a serious non-fiction reporter – except that it’s apparently true. According to this New York Times report last month, Egan-Jones, an “upstart credit ratings firm,” has been:

barred for 18 months from issuing certain government-recognized ratings after the firm made misstatements on an application with the government. The S.E.C. said the firm had exaggerated its record when it applied for a government designation in July 2008. The firm said then that it had performed 150 ratings of asset-backed securities and 50 ratings of governments, when it actually had performed none at that time, according to the agency…. Under the terms of the penalty, Egan-Jones is barred [for 18 months] from rating asset-backed and government securities issuers as a so-called nationally recognized statistical rating organization….For other categories of ratings, Egan-Jones will still have the government designation.

Huh? “Exaggerated” its record? A firm applying for the SEC seal of approval as a provider of honest securities ratings seems to have completely fabricated its resume, saying it had done 200 ratings when it had done zero. And the SEC puts them in the penalty box for just 18 months for some ratings and lets them keep right on providing other ratings?

There must be more to this story. Maybe the fabrications on the application were an accident, or the work of a prankster who snuck into the Egan-Jones offices and took over a keyboard. Or maybe the SEC announcement of the “settlement” was a prank. If not, can the SEC explain what an applicant would have to do to be barred permanently from winning a designation? And why did it take five years for the SEC to deal with this?

2. Is A-Rod’s contract as hollow as his bat?

The recent round of charges that faded Yankee star Alex Rodriguez may be implicated in another scandal involving performance enhancing drugs (PEDs) has generated press speculation that the Yankees will use the charges as a way of freeing them from A-Rod and the $114 million left to pay over the next five years on his contract. But according to this ESPN story, “Rodriguez might be in little danger of having his contract voided, even if the charges turn out to be true. There is no precedent to successfully void a contract in baseball over PEDs.”

I wish some enterprising reporter who gets hold of A-Rod’s contract (or at least gets someone reliable to reveal the specific language in it) that tells us if it contains anything about what happens if he gets caught having used PEDs. And my personal Pulitzer will go to the reporter who also finds out who took what positions in any negotiations between A-Rod and the Yankees about any proposed drug abuse clauses.

The ESPN report quotes some purported language in the contract related to drug use, requiring that the player’s suspension period for being caught using PEDs shall be the suspension period mandated by Major League Baseball’s drug prevention program. But that seems to be the boilerplate included in all contracts. The likely additions to that for a contract the size of A-Rod’s would come in clauses related generally to the player’s conduct and “morals,” or whether his drug abuse caused an injury or disability rendering him unable to play. Thus, ESPN quoted a “baseball official who handles contract negotiations” as speculating, “If there are specific clauses that went into steroids and performance-enhancing drugs, then I doubt he would walk away with his money.”

Did the Yankees try to get such clauses included but yielded after push back from A-Rod and Scott Boras, his high-powered agent? If so, wouldn’t that have been a red flag? If they didn’t push for that kind of clause, wouldn’t that say something about the baseball owners’ real attitudes about drug cheating? Would it mean either that the Yankees don’t really care or that they knew that other teams would take A-Rod without that kind of escape clause? Reporters arriving later this month at the Yankees’ spring training camp in Tampa ought to be pushing everyone for answers.

The current A-Rod contract was signed more than five years ago. We know a lot more now about how widespread the PED problem is, and fans seem to be much more sensitive to it, as shooting stars like last year’s Melky Cabrera keep getting exposed. So has anything at all been added to the contracts ballplayers are signing today about PEDs that’s different from when A-Rod re-upped with the Yankees in 2007?

With that in mind, what’s Major League Baseball’s position on using contracts to support its claimed new-found determination to rid the sport of PEDs? Why couldn’t the league require that all contracts contain a provision that in situations where a player’s performance declines significantly over a set period of time – say, 100 games ‑ after he is caught using PEDs (and serves out whatever suspension he receives) the team can nullify that contract? I’d love to hear the players’ union leaders explain why they’d be against that.

3. China hacking: the Wall Street Journal says, “Us, too”

Last Thursday, the New York Times published a front page story detailing its findings that it had been the victim of a long campaign, allegedly from China, to infiltrate its computer systems. According to the Times, the hackers targeted reporters and editors working on its recent stories exposing the fortunes being accumulated by Chinese officials. The next morning, the Wall Street Journal ran its own front-pager  reporting that it, too, had been the victim of Chinese hackers. The Journal story quoted “people familiar” with the paper’s investigation of the hacking as saying the paper “has faced hacking threats from China during the past few years,” and that the Journal had been notified by the FBI of a potential breach in “the middle of last year.” The Washington Post also reported on Friday that it, too, had been hacked.

Why did the Journal and Post wait until the Times’ story came out to report this important news? It’s a complicated question worth a thoughtful story. Reporting on internal security issues facing a major company that handles market-sensitive information could shake customers’ confidence in the company. It could also compromise ongoing security investigations, not to mention hurt the business of the Journal – and its parent companies, Dow Jones and News Corporation – in China. It could even endanger the Journal’s and the Post’s people on the ground there. Then again, as I wrote here a few weeks ago, the escalating confrontation between China and Western media is fascinating, important stuff that is “going to be worth constant coverage.”

So what’s the story behind the Journal and Post apparently withholding a scoop about the hacking until the Times published its story? And what kind of debates were there at the Times before it went ahead and reported this apparent assault on America’s prime newsgathering organization?

Then there’s Bloomberg, which the Journal reported had also been a target of hacking but which claimed to have repelled the intruders. If true, what does Bloomberg do that the Times and Journal don’t do, and what are the Times, the Journal and other news organizations now doing differently to protect themselves?

PHOTO: New York Yankees Alex Rodriguez swings through a pitch during the sixth inning of Game 4 of their MLB ALCS baseball playoff series against the Detroit Tigers in Detroit, Michigan, October 18, 2012. REUTERS/Jessica Rinaldi

Comments
One comment so far | RSS Comments RSS

Given there are literally thousands of attempted hacking attempts daily, a possible breach at the Times, Washington Post, or Journal seems trivial. The fact that it was a foreign government is no great shock either. Businesses typically do not advertise the fact that they have been breached unless required by law (i.e., patient data) or when it is leaked to media (i.e. the rash of data breaches in retail stores). Otherwise, most businesses simply, and quietly, fix the problem, report it to the authorities if it rates that level of attention, and then move on to the next crises.

The story should not be about who got hacked by whom but about what security holes the company left open that a hacker crawled through and what the company did to fix the problem. Of course, the story could not be printed for at least 24 hours after the fix was in place and fully tested.

Data security is becoming rocket science or magic depending on ones favorite analogy. It is a complicated issue but not one many company’s seem to take seriously considering all of the media stories related to hacks and breaches recently. When it comes to hacks, the media reports on cause and effect but not enough on recovery. As long as that continues businesses will see these events as one-offs that won’t affect them, until it does.

Posted by BillO255 | Report as abusive
 

Post Your Comment

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
  •