Typically competitive intelligence isn't stealing, it's collecting through legal means. It costs more than spying often does, and requires more skill to do it legally. That's not how others see it. As seen through the eyes of Tony Gilroy, director of the movie Duplicity:
I began to look into it and seriously, if you just Google you'll be shocked. Just go Google, "competitive intelligence," [which] is what they like to call themselves. That's what the industry describes itself as, "competitive intelligence." That's a euphemism.
[CI] is massive. It is so huge. Many multiples of billions of dollars all over the place. It's a huge, huge industry and for a logical reason.
It's like what he says in Duplicity: if you can invest $60 million in making something and I can buy a lot of intelligence for $2 million, I mean, a lot of intelligence for $2 million. For $2 million, if I can have your $60 million investment, either steal it outright or know how to defend against it or come up with something that's just like it, this is happening all the time everywhere.
There isn't anything in the movie that hasn't happened.
I've mentioned that I used to do competitive intelligence and while I feel it's somewhat harsh to claim all CI is evil, Gilroy makes a strong point with the $2M business justification.
CI tactic: Dumpster diving is legal, but funky
Googling CI will point toward legal articles which inevitably will mention dumpster diving at one point or another. I never considered this to be illegal because it has been protected repeatedly by the Supreme Court, recently upheld in 1988.
Legal or not, CI-related dumpster diving is a real concern to all technical companies I've dealt with! Although I never implemented dumpster diving against a corporation for another corporation, when I write a book it will require an entire chapter to explain the finer points of collection.
Diving could really be a bit funky at times. Let me share a story:
Hired on to recover 'after-party' videotapes incriminating a part-time film actress and junior public safety officials, the trail led to the funky of funkiness: an empty dumpster behind a strip club which yielded disgusting shoes and the jackpot of partially destroyed evidence.
The entertaining part? Recovering the evidence BEFORE approaching the would-be blackmailers, spending an hour listening to them lie about events, departing a short distance away to watch the dumpster get filled and then watch those same two grown men dig through fresh garbage for two hours on a cold, cold New Mexico night in a futile search for the evidence they thought they adequately destroyed.
As said in the credit card commercials: priceless!
Another story would be a con artist getting maximum sentencing due to evidence recovered through dumpster diving. "Intent" to commit those financial crimes became a foregone conclusion when the money trail led to to forged pharms (drugs) and Vegas casino lines of credit.
Dumpster diving means this: Iron Mountain's value for offsite shredding is here to stay, but cost competitors within this model may struggle with internal staff security – the right cash or the right pizza can upset the apple cart and make offsite shredding a liability.
Going further than the law allows is called industrial espionage and Tony Gilroy's movie Duplicity depicts two CI departments performing industrial espionage – repeatedly. Would that level of effort be considered real or is it fiction?
But that's just Hollywood. Right?
Sorry. That is not the case. The FBI echoes the sentiments and recommends to just don't bring your tech hardware on foreign trips unless you really need it.
From the FBI's counterintelligence website:
In most countries, you have no expectation of privacy in internet cafes, hotels, airplanes, offices, or public spaces. All information you send electronically (fax, computer, telephone) can be intercepted, especially wireless communications.
During the Beijing Olympics, hotels were required to install software so law enforcement could monitor the internet activity of hotel guests.
If information might be valuable to another government, company or group, you should assume that it will be intercepted and retained.
Security services and criminals can track your movements using your mobile phone and can turn on the microphone in your device even when you think it is turned off.
Definitions: FBI counter intelligence
Economic espionage is (1) whoever knowingly performs targeting or acquisition of trade secrets to (2) knowingly benefit any foreign government, foreign instrumentality, or foreign agent. (Title18 U.S.C., Section 1831).
- Trade secrets are commonly called classified proprietary information, economic policy information, trade information, proprietary technology, or critical technology.
- Theft of trade secrets occurs when someone (1) knowingly performs targeting or acquisition of trade secrets or intends to convert a trade secret to (2) knowingly benefit anyone other than the owner. Commonly referred to as industrial espionage. (Title 18 U.S.C., SECTION 1832).
- A foreign agent is any officer, employee, proxy, servant, delegate, or representative of a foreign government.
- A foreign instrumentality is defined as: (1) any agency, bureau, ministry, component, institution, or association; (2) any legal commercial or business organization, corporation, firm, or entity; and, (3) substantially owned, controlled, sponsored, commanded, managed or dominated by a foreign government.
FBI counter intelligence traveler telephone, laptop and PDA security recommendations
If you can do without the device [laptop, PDA, mobile phone], do not take it!
Do not leave electronic devices unattended. Do not transport them (or anything valuable) in your checked baggage. Shield passwords from view. Avoid Wi-Fi networks if you can. In some countries they are controlled by security services; in all cases they are insecure. [Note that wireless routers themselves often are compromised as well.]
Sanitize your laptop, telephone and PDA, prior to travel and ensure no sensitive contact, research or personal data is on them. Backup all information you take and leave that at home. If feasible, use a different phone and a new email account while traveling.
Use up-to-date protections for anti-virus, spyware, security patches and firewalls. Don't use thumb drives given to you – they may be compromised. During the Beijing Olympics, hotels were required to install software so law enforcement could monitor the Internet activity of hotel guests.
Clear your browser after each use: delete history files, caches, cookies, and temporary internet files.
Beware of phishing. Foreign security services and criminals are adept at pretending to be someone you trust in order to obtain personal or sensitive information.
If your device is stolen, report it immediately to the local U.S. Embassy or Consulate.
Change all your passwords including your voicemail and check devices for malware when you return. Cyber criminals from numerous countries buy and sell stolen financial information including credit card data and login credentials (user names and passwords).
[Read more: printable PDF]
Analysis
CxO types: Ensuring corporate awareness is a tough job. Every single person in the company must realize the value of every scrap of paper to an outside CI effort. Onsite shredders are often compromised with scanners built into the same model, making offsite shredding services a more reliable option provided their staff are well compensated and trained.
IT managers: The same diligence should hold true for digital data and the devices and thumb drives which hold sensitive contents. If it is possible to implement a lender laptop policy for overseas travel, Sun Tsu, the FBI and I all recommend not fighting where the enemy is strongest.
Choose your defensive strategy and work with HR and the executive team to ensure it is followed from the top down and the bottom up. Do your part to make sure your company is aware and secure and you'll sleep better at night.
