This story is amazing on so many levels. International banking intrigue on the Eurostar, court cases, huge companies’ deals in jeopardy… It has everything!

The whole story (and associated court case) stems from an episode of shoulder surfing on Eurostar. The Lazard banker working on Iliad’s attempted takeover of T-Mobile US was not paying attention to the scruffy dude sitting beside him on the train. Unfortunately for him, that scruffy dude worked for UBS, and was able to put two and two together (with the assistance of a colleague).

If the Lazard banker had traded on this information, it would have been considered insider trading. However, the judge determined that the information gathered by shoulder-surfing was not privileged, as the UBS banker could not be considered an "insider" (warning, IANAL).

This is why you do not conduct sensitive conversations in trains, airport lounges, and the like. Also, if you are working on information this momentous, one of those screen protectors is probably a worthwhile investment. I have seen and overheard so much information along these lines, although unfortunately I am never in a position to take advantage of any of it.

As usual, humans are the weakest link in any security policy. This is particularly humorous since today I found that, at some point over the Easter break, corporate IT has disabled iCloud Drive on our Macs. Dropbox and my personal login to Google Drive / File Stream / whatever-it’s-called-this-week all still work though…

A particularly paranoid form of security audit would include shadowing key employees on their commutes or business travel to see how well company information is protected. But probably not. It’s much easier just to install annoying agents on everybody’s machines, tick that box, and move on.


Image is a still from this excellent video by ENISA.