Knowing what your competitors are doing is part of good business. But how you go about finding out can take you into dangerous territory

Economic espionage is centuries old. It is said that the Byzantine emperor Justinian sent two Nestorian monks to China in the year 520 to obtain the secret of silk making. It was jealously guarded by the Chinese who had maintained a monopoly over the silk trade for centuries.

 

The monks are said to have succeeded in smuggling silkworms hidden in bamboos back to the emperor together with the know-how of making silk. Soon, China lost its silk monopoly.

 

Enter the modern world. Secret trade information about rivals is still precious, and can bring competitive advantage or disadvantage depending on who is at the receiving end.

 

Early this year the French carmaker Renault suspended three senior executives for leaking secret information about its electric car project. The case was subsequently dropped, but is indicative of a growing trend.

 

Companies operate in a fiercely competitive and complex global market. They need lots of market information, including what competitors are doing, to make sound business decisions.

 

“Not knowing anything about your marketplace – and that includes what competitors and customers are doing, would put you at a serious competitive disadvantage,” says Arthur Weiss, founder and managing director of Aware, a competitive intelligence firm in the UK.

 

He says not only is it ethical to gather such information but it would be seriously unethical not to – as this would mean a company would be failing to provide value to its shareholders and other stakeholders. “It is not the information that is collected but the methods used to collect it that can be problematic,” he says. 

 

To cater for companies’ need for market information, a whole new sector – “competitive intelligence” – has developed. There are also security firms offering investigative services to companies, often employing former secret service agents.

 

In February 2011, the New York Times reported that pro-Wikileaks hackers had penetrated the computers of HBGary Federal, a security firm in the US, and collected thousands of internal emails and documents. The emails indicated the firm made pitches to offer spy-like services to the lawyers of Bank of America and the US Chamber of Commerce.

 

The proposed services included discrediting Wikileaks, which was rumoured to be planning a release of documents on Bank of America, and to embarrass adversaries of the US Chamber of Commerce. Both organisations have denied knowledge of such pitches or proposals.  

 

How companies should, or should not, gather market information has opened a new realm in ethics. There is an argument that if the information is gathered in a fair and ethical manner, it’s legitimate competitive intelligence. If the information is obtained using covert and underhand means, it becomes corporate espionage, a dirty ethical phrase.

 

Weiss says: “Competitive intelligence is legal, ethical and normal business practice while espionage is definitely unethical, often illegal and in the US it will be a criminal offence.”

 

Intelligence practices

 

Strategic and Competitive Intelligence Professionals (SCIP), the US-based non-profit organisation that promotes good practices in intelligence gathering, defines competitive intelligence as “the legal and ethical collection and analysis of information regarding the capabilities, vulnerabilities, and intentions of business competitors”. SCIP has a code of ethics for competitive intelligence professionals which members are expected to abide by.

 

“There are strict codes of practice for gathering information on competitors, customers, suppliers, etc, in order to gain competitive advantage,” Weiss says. “Breaching these puts you in an area that means you are either doing industrial espionage or in a grey area between legitimate intelligence gathering and unethical or illegal gathering.”

 

Companies engaging in espionage may target a variety of competitive and sensitive data belonging to competitors. It is possible to gather information from a competitor’s current and former customers, suppliers, former employees, stockholder meetings, stock exchange filings, patent filings, industry associations and trade shows, trade journals, newspaper articles, research studies, trade shows, in a perfectly ethical manner.

 

But the process can be time consuming. A short cut is to just steal the information from rivals using covert methods.

 

“People do espionage because it is easy,” Weiss says. He says almost all the information can be collected completely ethically using public sources. “But that requires a lot more skill, and knowledge and understanding of how business works. You may end up paying more for the information and spend more time analysing it.”

 

But competitive gains made from unethically gathered information can prove costly for a company.

 

“There could be an advantage in accessing information that you can’t access otherwise, but you also have to weigh up the considerable costs,” warns Andrew Crane, George R Gardiner professor of business ethics at Schulich school of business at York University in Canada, who co-authored a report entitled Competitive Intelligence: Ethical Challenges and Good Practice published by the Institute of Business Ethics in the UK.

 

Crane says the potential costs include reputational damage, legal action, creating a culture of dishonesty and promoting an intelligence “arms race” where everybody is trying to out-spy each other.

 

Prakash Sethi, president of Sethi International Centre of Corporate Accountability at Baruch College of the City University of New York, points to other issues involved in intelligence gathering and use. He says that some companies may gather information for a perfectly legitimate purpose but then misuse it elsewhere. An example would be a credit card company gathering personal information for checking a credit rating but later selling the information to other marketing firms for money.

 

Sethi says some of the large companies are so big that sometimes their own people don’t know what’s going on in the organisation. “Giving rewards and creating incentives for whistleblowers would deter businesses from engaging in unethical or illegal behaviour,” he says.

 

Embarrassing secrets

 

While most companies painstakingly protect their trade secrets, such as manufacturing processes, product designs, formulations, research, sales data and future plans, some may be worried about activists getting hold of embarrassing information.

 

“Companies have the right to hold proprietary information confidential. This does not extend to information that will affect the lives of others – such as health effects or pollution,” argues Mark Floegel, senior investigator at Greenpeace USA.

 

Floegel says that he has come across “too often” instances where a company’s sales force is ignorant of the hazards of the products they sell, engineers who are eager to design cleaner products blocked from doing so by management, and corporate security forces conducting rogue operations unknown to all but a very few in the company. He adds that secrecy and corporate compartmentalisation are breeding grounds for unethical behaviour.

 

Unsurprisingly, activist organisations are also becoming targets of corporate espionage. Recently Greenpeace filed a lawsuit in the US against Dow Chemical Company, Sasol North America, and others, accusing them of espionage.

 

Greenpeace says the companies hired a private security firm, Beckett Brown International, to spy on Greenpeace using physical and electronic surveillance methods.

 

Seeking damages, the lawsuit says the companies conspired to “spy, infiltrate and steal confidential information from Greenpeace with the intention of pre-empting, blunting and thwarting environmental campaigns”.

 

UK energy companies are also alleged to have been spying on activists. Top UK energy firms E.ON, Scottish Resources Group, and Scottish Power are reported to have hired a private security firm Vericola to secretly monitor environmental activists.

 

And the UK police have recently come under attack for planting an undercover agent, Mark Kennedy, in militant environmentalist groups to gather information on eco-activists. After seven years of spying on activists, Kennedy became disillusioned and remorseful, and spoke to the UK media, causing considerable embarrassment for the police.

 

More sophisticated technology has meant that companies are more vulnerable to spying. Cyber-spying, or computer hacking, has become a serious threat for organisations. A high profile case came to light when Google disclosed in 2010 that its servers in China had been attacked to steal the company’s search engine source codes. Hacking campaigns have also targeted dozens of other multinational companies operating in China.

 

Techy tricks

 

Other technological advances include tiny spy cameras in a variety of disguises, bugs and electronic devices that can be used to gather information. Campaigners, however, say dialogue can be more effective for companies than engaging in espionage against activists.

 

“We have very little to hide. We welcome the opportunity for frank discussions with our opponents. We do not seek to defeat polluters, but to help them convert to clean, sustainable practices,” Floegel says.

 

But many companies don’t get it. Floegel says public relations and security firms see an opportunity for profit by frightening corporate executives into thinking that environmentalists are bogeymen bent on destroying companies.

 

“Perversely, they have an incentive to distort information about activists to create the appearance of threats where none exists to ensure their clients remain fearful and thus susceptible to paying for more espionage,” Floegel says.

 

Observers say that regulations to address corporate espionage are either weak or absent.

 

In many respects, Europe has lagged behind the US in espionage legislation. The US introduced the Economic Espionage Act in 1996 that criminalises the misappropriation of trade secrets. In contrast, the Theft Act in the UK does not consider information as property, and there is no specific regulation to deal with corporate espionage.

 

Even in the US, there have been few convictions under the espionage act, which critics blame on the lack of robustness of the law. 

 

Multinational companies also need to understand the risks of operating in emerging markets, including China where the government can invoke vague state secrets law to protect economic information. In 2009, Shanghai police arrested three Rio Tinto employees for allegedly obtaining “state secrets” for undue competitive advantage. The information included data on China’s steel industry, largely dominated by state-owned-enterprises.

 

Chinese officials said Rio Tinto used the information to extract a higher price from Chinese steelmakers for iron ore. Rio Tinto has denied any wrongdoing.

 

“As China’s economy will soon pass Japan’s to become the second largest in the world, the protection of trade sensitive data in the industrial pillars is becoming increasingly important to national security and the welfare of China’s citizens,” said Jiang Ruqin, a senior official in the Bureau of State Secrets Protection in Jiangsu province, in an article published by the World Security Institute, Washington, in 2009 after the Rio Tinto case.

 

Officials such as Ruqin are advocating for a tougher regulatory regime in China to protect sensitive economic information.

 

Crane says industry should take initiatives to establish strict ethical standards for competitive intelligence. But he adds that competitive intelligence is not a high profile issue for most companies. “Intelligence often goes under the radar. Except for the few scandals that come to light, there’s not a lot of awareness of the problem or the risks that come with it.”

 

Crane says companies need to protect their own data. “But then they also have to work to enhance the industry culture and develop professional responsibility around competitive intelligence gathering.”

 

The right measures

 

However, some leading global companies have put relevant policies in place, recognising the potential reputation risks from illegal or unethical competitive intelligence gathering.

 

For example, pharmaceutical giant GlaxoSmithKline’s code of conduct includes a competitive intelligence policy stating: “GSK staff must ensure that all their competitive intelligence is carried out ethically and in adherence to all applicable laws that protect the use of confidential and proprietary information.”

 

A case that demonstrated how a competitive intelligence policy can work in practice involved arch rivals Coca-Cola and PepsiCo in 2006.

 

Rather than succumbing to temptations of laying hands on the rival’s trade secrets, Pepsi tipped off Coke when a Coca-Cola employee tried to sell stolen information to PepsiCo. Coca-Cola then reported the matter to the US FBI, resulting in the arrest of three people.

 

Weiss says that reputation risks are high for companies that engage in espionage. “They should be named and shamed.” He says that not all governments treat it as a serious problem meaning that companies can get away with it.

 

Greenpeace’s Floegel says there are several risks for companies that engage in espionage. “Many acts are illegal and subject to criminal law. Targets of espionage may sue for damages as Greenpeace has done.”

 

He says the risks for such behaviour, however, should be far more than reputational.

 

Floegel says the recent raft of news stories about corporate espionage demonstrates that many corporations are willing to engage in such behaviour, because they see few obstacles or consequences. “We need strong criminal and civil remedies and such remedies need to be strictly enforced.”

 

Crane says it is in the interests of companies to establish strict ethics policies for competitive intelligence.

 

“Companies that don’t take leadership here are resigning themselves to moral mediocrity,” he warns, suggesting that an “anything goes mentality” can become instilled across the business. And that spells danger throughout the company.

 

Big corporate espionage cases and allegations

• 2011: French carmaker Renault suspends three senior executive for allegedly leaking trade secrets related to the company’s electric car project in partnership with Nissan. The case was subsequently dropped.

   

• 2010: Greenpeace files a lawsuit in the US accusing Dow Chemical, Sasol and others of spying and stealing information.

   

• 2010: Google says its China operations were hacked to steal intellectual property and email information of human rights activists. The hacking operation is suspected to have targeted at least 20 other multinational companies operating in China.

   

• 2010: US firm CyberSitter accuses the Chinese government of stealing its anti-pornography software and using it in Green Dam, a government-led programme for installing censoring filter in all personal computers in China.

   

• 2009: Retailer Sears is accused of spying on online customers, but settles the case with the US Federal Trade Commission.

   

• 2009: Starwood, a US hospitality company, accuses competitor Hilton of stealing corporate information including brand concepts when Hilton hires 10 executives from Starwood.

   

• 2009: Personal details of thousands of customers of T-Mobile in the UK are stolen and sold to a rival.

   

• 2009: Shanghai police arrest three Rio Tinto employees in China for allegedly obtaining state secrets that included data on China’s steel industry.

   

• 2007: Wal-Mart apologises to the New York Times after being accused of recording the conversations between a Times journalist and Wal-Mart employees. The company fires the technician who taped the conversation. The fired employee goes public telling the Wall Street Journal that the company used large surveillance systems to spy on critics, board directors, stockholders and even on consulting firm McKinsey.

   

• 2007: McLaren-Mercedes Formula One team is disqualified from the F1 constructors’ championship and fined $100m for possessing secret technical information about the rival Ferrari team’s cars.

   

• 2006: US customs officers detain a former Chinese employee of Motorola at the airport before she boards a plane to Beijing and discover more than 1,000 confidential documents allegedly stolen from Motorola. The employee is also a co-defendant with China’s telecom equipment giant Huawei in a separate civil lawsuit brought by Motorola. 

   

• 2001: Procter & Gamble voluntarily admit that its agents had engaged in espionage against Unilever to gather information on Unilever’s haircare business in the US. In a settlement, P&G return stolen documents, reportedly pay $10m to Unilever in compensation, and promise not to use the gathered information to its advantage.  

   

• 1993: General Motors’ German division Opel accuses Volkswagen of espionage when eight executives leave to join Volkswagen. Volkswagen eventually agrees to pay $100m to GM in settlement and buy car parts worth $1bn from the company over seven years.

   

• 1991: Air France is accused of helping the French secret service gather corporate secrets by installing microphones in planes’ seats.

   

• 1950s: Operation Brunnhilde was an industrial espionage operation allegedly directed by the former East Germany’s ministry for state security. Suspected spoils include information about supersonic jet Concorde’s electronics system.

   

Ethics for competitive intelligence professionals

• Complywith all applicable laws, domestic and international.

   

• Accurately disclose all relevant information, including one’s identity and organisation, prior to all interviews.

   

• Avoid conflicts of interest.

   

• Provide honest and realistic recommendations and conclusions.

   

• Promote this code of ethics within one’s company, with third-party contractors and within the entire profession.

   

• Faithfully adhere to and abide by company policies, objectives and guidelines.

   

Source: Strategic and Competitive Intelligence Professionals

 

Ten good practices in managing ethics for competitive intelligence

1. Establish clear guidelines on CI practice.

    

2. Integrate CI into the organisational code of conduct.

    

3. Establish or refer to a stand-alone CI ethics policy.

    

4. Factor in international variations in legal and ethical standards on CI.

    

5. Extend guidelines to business partners.

    

6. Back up guidelines with targeted training.
7. Ensure training is tailored to relevant audiences.

    

8. Develop a clear streamlined process for providing legal/ethics approval or advice.

    

9. Facilitate regular cross-functional reviews of CI practice and guidelines by management.

    

10. Support professionalisation of CI through industry/professional associations.

     

Source: Competitive Intelligence: Ethical challenges and good practice, a report authored by Andrew Crane & Laura J Spence, published by Institute of Business Ethics, UK, in December 2008