SEC Looks at the Proxy Plumbing

Yesterday the Securities and Exchange Commission issued a “Concept Release on the U.S. Proxy System.” The Release followed an earlier public hearing in which the Commissioners, led by Chairwoman Mary Shapiro, spoke of the need to possibly modify a voting system that has remained largely untouched for more than 30 years.

The Concept Release, a dense document of more than 150 pages, addresses a wide range of issues including over and under voting, conflicts of interest by proxy advisers and ways in which retail investors can be induced to vote.While this is not the stuff of financial reform a la the Dodd-Frank bill currently slogging through Congress, the outcome of this regulatory exercise may be profound.

Here is a link to the Concept Release document.

As I pour over this document, I will share with you my observations about this Concept Release. Stay tuned.

I am Predicting the Future . . . Maybe

I’ve never been one to let the paint dry on something before playing with it and today is no exception. The object of my attention today is the Financial Reform bill passed by the Senate yesterday. What has me picking at the corners of this freshly painted piece of legislation are three provisions addressing corporate governance reform: Proxy Access, majority voting standards for uncontested director elections and Say-on-Pay.

What I am most interested in here are two things. Continue reading »

Massey Energy Director Elections: A Landslide or a Mudslide

I once asked a fellow law school graduate how he did in school. He replied with great enthusiasm, “I graduated in the top 90% of my class!”

A Massey Energy spokesman who announced that its three directors standing for election had won by a landslide reminds me of that retort when I read the announcement. Directors Gabrys, Moore and Phillips won their respective reelections by votes of 55.36%, 55.09% and 57.83& respectively.

A landslide? Surely Massey officials jest. Continue reading »

CyberRisk: Lessons from the GhostNet Report

Recently, a number of web sites I have developed came under a severe hacker attack. Starting last October, several sites were “vandalized” with the site’s home pages replaced with new ones proclaiming that the site had been hacked. A little research into the servers and I thought the problems had been solved.

I was mistaken.

The attacks continued for some months, escalating into a full-blown battle for control of my sites. DDoS, SQL injetion viruses, brute force attacks and god knows what else was thrown at my sites. Eventually, Google forced the site offline by proclaiming that my sites had become predator sites and that anyone visiting the sites should go elsewhere. Several months later, things are returning to normal. Considerable expense and hundreds of man hours were spent fixing the problems and, quite frankly, I am not entirely certain that it won’t happen again.

Questions remain. How did my sites get hacked, who did it and why was it done?

After considerable research into the subject, I discovered that these are the great unknown questions. Answers to these questions can at best be inferred. An acquaintance in the cyber-policy community  heard my story and said “Iran and China. Look there for answers.” After further prodding, he referred me to a recent report issued by a Canadian organization, SecDev Group, which recently issued its report,”Tracking Ghostnet: Investigating a Cyber-espionage network.” This is a frightening exposé of a world around us that most of us, certainly myself, are totally unaware of but should pay close attention to. What I learned from this report was troubling given the risk that we all face from cyber-criminals, cyber-terrorists and nation states bent on asserting themselves on the world stage.

The report details hackers from China (PRC) who waged an attack on the Indian government and the offices of the Dalai Lama. These hackers were able to successfully intrude with impunity into the computers of these organizations, stealing secret information, identities and use those computers to wreck havoc elsewhere.

The pattern was a familiar one to me based on my experience. However, what happened next was even more striking.

As I was putting new security precautions in place on my servers, I found that I could track visitors to my sites. What I found was alarming to say the least. In the time I installed the intrusion tracking software (I am speaking about a couple of minutes), a single intruder had tried to enter the site 288 times.

I now know a new technology term: “IP address blocker.”