In the fall of 2010, Paul Singer’s Elliott Management was on the warpath. This time, however, the hedge fund’s target wasn’t a poorly run company or a sovereign nation defaulting on its debt: Instead it was an industry trade publication that had gotten its hands on a copy of Elliott’s latest quarterly letters and had had the temerity to write about them.
Elliott went to battle with the publication — AR magazine, owned at the time by the parent company of Institutional Investor — armed with a favorite weapon: lawyers. The firm slapped the magazine with a “motion to compel,” an attempt to force it to reveal who had leaked the letter.
Institutional Investor’s own lawyers immediately fired back, citing so-called fair-use statutes that allow reporters to excerpt copyrighted material, as well as the First Amendment to the Constitution and New York State shield laws that protect reporters from having to identify their sources. Two days before AR was to file a response in New York State Supreme Court, Elliott dropped the matter.
Relations between the hedge fund and Institutional Investor eventually went back to normal — but Elliott has since turned its outrage on the leakers. In 2015 the firm told clients in a letter that it had uncovered the identities of “certain individuals who breached their confidentiality obligations” by leaking its quarterly letters to unintended recipients and that it was “seeking monetary damages.”
Nor is Elliott alone in wanting to go after leakers. Last year U.K. hedge fund firm Brevan Howard won an injunction against Reuters to stop the news service from reporting on the contents of one of its letters. (The online Wall Street tabloid Dealbreaker couldn’t resist speculating on why the notoriously secretive firm went to such lengths to block the story: “Did Brevan Howard Engage in an Olive Oil–Drenched Threesome With a British Celebrity?” blared a headline on its site at the time.) A spokesman for Brevan Howard declined to comment, but a person familiar with the ruling said the court determined that if the hedge fund firm had to assume all of its communications would be made public, then it would not be able to communicate necessary information to its investors.
And in 2014, David Einhorn’s Greenlight Capital sued finance blog Seeking Alpha for revealing that Greenlight had taken a stake in chip maker Micron, saying that Greenlight had not widely disclosed that information to investors and that the blog post made it more expensive for the hedge fund to build its position. Greenlight later dropped the suit, claiming it had identified the blogger on its own.
Many hedge funds are willing to go to great lengths to keep their letters and other information from falling into the hands of reporters and others who may reveal their contents to a broader audience. Some say such leaks can make it more expensive for them to build positions — as with Greenlight — or lead to a short squeeze, and some are concerned that leaked letters could give insights into secretive trading strategies. Others worry about potentially embarrassing personnel matters coming to light, or fear that revealing the identities of key employees could lead to talent poaching by other firms.
Some managers have essentially given up trying to stop the leaks. As long as there are crafty reporters, the thinking goes, these letters will get out there.
But others are getting crafty right back.
In addition to using long-standing tools like digital watermarking — the easiest and least expensive technique, which acts more as a deterrent than as an outright roadblock to sharing — some are employing technologies that make it impossible to print or download letters, or even to view them in their entirety. At the extreme, one hedge fund industry veteran says, is the example of John Paulson’s Paulson & Co.: Once clients logged in to see their letters, they could read only three lines of the letter at a time — the rest was covered by black boxes above and below. Paulson did not respond to a request for comment.
Yet how much secrecy is too much secrecy?
“There’s a balance of sharing information that’s proprietary and operating under the assumption that it will become public,” says Ron Geffner, a partner at law firm Sadis & Goldberg who works with hedge funds and other investment firms. He says he has clients that have had their letters leaked, though none has faced a materially negative impact as a result.
Geffner says it’s vital for managers to communicate with investors in a way that’s open, timely, and uniform — and that such communications will occasionally cover sensitive portfolio information, business operations, or personnel matters. This means portfolio managers will sometimes need to reveal positions that competitors could potentially trade on, or personnel matters that could lead to talent poaching.
Still, “we advise them to assume the information at some point is going to be public, and even if you’re sharing with investors, they could use the info against you in litigation,” says Geffner.
And even the most rigorous antisharing technologies don’t prevent people from snapping photos with their phones.
“My viewpoint on distribution is that anything you send out will be disseminated to other people,” says the head of business development at a macro hedge fund. “Watermarking is one thing — you can password-protect and send the password in another email; you can put them behind a firewall. But in 2018 everyone’s got a camera in their hand. You can take a picture of something and distribute it. It’s hard to protect against that.”
BACK IN THE DAY many hedge fund firms simply emailed individually watermarked PDFs to their clients and hoped for the best. But hedge funds, wary of both information leaking and hacking, have increasingly been adopting tools like investor portals used in conjunction with customer relationship management software, multifactor authentication (where clients undergo multiple steps to ensure they’re who they say they are), and so-called digital-rights management (DRM) technologies.
Jeremie Bacon, chief executive of software vendor Imagineer, says hedge funds can choose from a variety of vendors. Intralinks, which provides document sharing and so-called virtual data room services for secure communication with clients, commands a substantial chunk of hedge fund market share. Then there are newer providers like Imagineer, which operates a customizable web portal product that clients can link to their firms’ customer relationship management software. Last, there are fund administrators that provide portal services for some clients.
Bacon says the way clients typically use these portals is like this: A hedge fund posts a letter on its web portal via a content management system and then emails a link to the letter to a preapproved list of clients. If a client forwards the email to someone who has not been authenticated by the hedge fund firm, that person will be denied access.
“You can secure that web portal with your single sign-on or dual-factor authentication, and it gives you a much higher level of control,” Bacon notes.
Peter Hans is the chief executive of Harvest Exchange, an online content management platform for asset managers that allows them to post marketing and other materials and share them with a select audience. He says Harvest offers a number of ways for its fund manager clients to share their information with their desired audiences — and restrict access to those they do not want to see it.
“The biggest thing we do as a preventative measure is making it so the document itself is not accessible except to people who do have access to it,” he says. “So the only way to get a PDF with a watermark is to log into the system. We don’t use passwords a lot,” partly because they aren’t terribly secure, he adds.
But for managers who want to go full Fort Knox, there’s always DRM technology. Bacon says this technology can give users permission to open a PDF but can prevent them from printing, forwarding, or even screen-shotting a PDF — the letter’s contents are rendered unreadable when printed or screen-grabbed. He says Imagineer’s big-fund clients, which can have upward of thousands of clients themselves, are particularly interested in DRM features. Other DRM services popular with hedge funds include BlackBerry Workspaces — formerly known as WatchDox — and a Citrix application called ShareFile.
Some managers are taking things a step further, using behavioral-analytics platforms in conjunction with services like BlackBerry Workspaces to allow them to track when people are accessing a document — and then using machine learning techniques to observe patterns and detect unusual trading activity that correlates with that document being leaked.
THERE ARE PROBLEMS with Fort Knox levels of security, however. For starters, clients hate it.
“As an LP with so many hedge funds, is it is absolutely aggravating,” says an executive at a well-known fund-of-funds. “Look, we’re partners. While we understand their need for confidentiality — there are a few bad apples out there that have ruined it for all of us — it makes it very hard for someone like us who has different offices around the world to share stuff. For those of us that invest with a lot of hedge funds, it becomes a real burden.”
What’s more, these technology solutions are expensive. Just operating a simple web portal can cost anywhere from $12,000 to $60,000 on Imagineer’s platform, Bacon says; big hedge funds using other platforms can spend into the six figures just for that technology. Throw in multifactor authentication and DRM technology, and the price goes up even more. Bacon estimates that big firms could spend more than $5,000 per month if they have hundreds of clients and have DRM features turned on for every single user.
For those reasons, he says, DRM technologies haven’t caught on with the entire industry, estimating that only 30 percent of managers are using these more restrictive technologies. Hans notes that another reason more managers aren’t using them is that even DRM technologies aren’t totally bulletproof.
“I can pick up a camera,” Bacon says. “If I’m only allowed to read three lines, I can create a movie file. If people want to share your information, they’re going to share it. It’s not going to deter people from sharing it; it just makes it more annoying for the 99 percent of your clients who are good actors and not trying to share your information.”
Bacon says the most common approach is the middle ground, where managers employ a combination of applying watermarks to most everything and communicating with investors via their portals. Users can technically still share or forward the letters, but if they do, their names will be all over the documentation.
Another approach is implementing controls around who can see documents. Industry experts say that requesting access to several recent letters is standard in due diligence questionnaires from prospective clients, so it isn’t always possible to restrict access just to current investors. Ronke Majekodunmi, senior product line manager for software provider Backstop Solutions, says her firm offers autodeactivation technology so that hedge fund firms can automatically deactivate certain users after a time; customers can also set document access to expire so that end users can’t see a firm’s entire archive of letters.
But ultimately, even technology vendors acknowledge there are no guarantees.
“There are one or two letters I get that someone literally snail-mails to me,” says one veteran fund manager, who adds, “Realistically, you have to be crazy to assume that anything you send out is not gonna end up in somebody’s hands.” Investors can also simply read people the contents of fund documents over the phone.
And when letters do get leaked, Geffner notes, it’s difficult for managers to win lawsuits for monetary damages, as it’s hard to prove that leaked letters have caused losses.
He says there are times when, depending on how many investors a firm has, he may counsel clients to put certain things in writing but to discuss other matters in a conference call — provided the managers stick to a script so that they cannot be accused of giving different information to different investors. Most important, Geffner continues, managers need to understand what they can and can’t control when it comes to protecting their shared information.
“You saw Jurassic Park,” he says. “No matter what, everything has some sort of risk to it.”