Spyer Beware

Spyer Beware

Not knowing the legal limits of competitive intelligence has always been risky.

The Web has made ignorance more risky than ever.

Anyone convicted of stealing a trade secret under the EEA can be fined up to US $500,000 and faces a jail term of up to 10 years A senior vice president of a large bank recently came to our company asking for help. He was under pressure to respond to his chief rival's recent IT strategy. The rival had somehow managed to deliver a great deal of information to the desktops of loan officers, money managers and traders. As a result, the rival had a lot of happy customers and was quickly gaining market share. To learn what the rival had done, according to some of the people we talked to, management of our client's bank was ready to undertake several risky information-gathering activities, including misrepresentation--actions that could have caused much bigger problems than those they hoped to solve. They could have, for example, landed the client in jail.

This news will not surprise consultants working in the area of competitive intelligence. Most of the managers I have met are entirely ignorant of the legal rules we must all play by when gathering information.

That kind of ignorance has always been dangerous, but today it is more dangerous than ever. As an open information source, the Web has given business strategists access to competitive information never before available. Because companies are no longer limited by printing and distribution costs, they tend to wax long and candidly about their products and services. Most home pages reveal far more than do printed annual reports: Organisation charts, job postings, strategic alliances and price lists are some of the intelligence-rich disclosures available to every visitor to many corporate home pages. In a survey my firm conducted last year, we discovered that 95 percent of the corporate strategists and analysts we interviewed stated that their organisations were generally not aware of the Economic Espionage Act, passed by Congress in October 1996. They should be. The EEA is serious business. This law further refines the definition of a trade secret and raises trade secret violations from a possible civil to a criminal offence. It states that anyone convicted of stealing a trade secret under the EEA can be fined up to US $500,000 and can face a jail term of up to 10 years. The company doing the snooping may receive fines of up to US $5 million. This law has already helped the Justice Department prosecute people who have allegedly stolen trade secrets regarding the Taxol product from Bristol-Myers Squibb Co. and shaving technology from Gillette--where the defendant has pleaded guilty.

And while the federal government has so far prosecuted only a half-dozen cases, the lack of legal action should not suggest that the Justice Department doesn't care. The government recognises the ever-increasing value of intellectual property to U.S. economic vitality and will continue to raise the punishment for those who attempt to steal that property. So what can a corporate researcher do? Where does responsible vigilance cross the line and become criminal activity? According to the EEA, the new Web intelligence game rules could proscribe activities in the following areas: Customer lists online.

Breaking into a company's site to obtain the rival's customer lists. Under the EEA, a company's customers fall under the intellectual property umbrella.

Electronic communications.

Electronic mail, teleconferencing and the Internet have greatly increased the amount of documentable information that travels between business partners.

Under the EEA statute, you could be prosecuted if you receive information containing anything that could be considered a stolen trade secret even if you had no knowledge that it was being sent to you.


Just because you found your expert through a corporate Web site doesn't mean you can ask any questions you want an answer to. Whether on the telephone, in person or online, you should identify who you are and where you are calling from. If you know that the company you are targeting has information it is treating as confidential, you may be stepping over the line simply by asking someone for it--even if you have previously identified yourself.

Bear in mind that if a company releases some of this information on its public home page, that is its business. However, if you use devious or illegal means to access this data via a corporation's intranet or Web site, then you may receive far more than a slap on the wrist. As might be expected with a medium that entered the mainstream of business culture less than three years ago, there is a vast territory where the law is vague and business ethics are still being worked out. In these areas senior executives need to exercise caution.

For starters, they should ensure that the following don'ts are observed: Never have someone send an e-mail posing as a student looking for more information on the industry for a term paper about the company.

Never place a job posting on various listservs or directly in help wanteds on the Net that you know will attract those at the rival who know something you want to learn.

Never respond to a help wanted ad placed on the rival's home page so when you arrive at the rival's offices you can turn the interview around and interview the interviewer, gleaning information about the rival's strategic intentions.

Never encourage a hacker to invade the rival's Web or intranet infrastructure and record all of its Web transactions, including inquiries that the rival's marketing department may make to prepare for a new product introduction.

While no one has defined industry norms for intelligence gathering either on or off the Net, most companies know what kind of actions will make them look good or bad in the public eye. Let's call this legal/ethical litmus test the Harm Rule. The Harm Rule states that if you feel your action would embarrass your company should news of that action leak to the newspapers the next morning, then don't do it.

The Harm Rule provides an excellent test to determine how far you should go on the Net to gather information on Company X. Will you use the Anonymyzer (an Internet site that disguises your e-mail address and identity), or will you let the person receiving your e-mail know your name? These are among the Internet intelligence questions you need to answer for yourself before beginning your competitive knowledge quest.

Intelligence on the Net need not be an illegal or even unethical venture.

You can gather a great deal of information on the competition without worrying about crossing over the espionage line. Many competitive analysts, like those in my firm, do it all the time. Here, for example, are the steps we followed to gather information for the worried banker.

Step 1. The Gathering.

We conducted a comprehensive search of secondary sources, using the Internet and other sources, home pages and government documents. We did this to fine-tune our understanding of the rapidly changing issues. But most important, we performed this first scan to learn the names and affiliations of key individuals in this field.

Step 2. Finding the Experts.

Using a number of search engines, we located experts such as conference presenters, book authors and individuals who posted their resumes on their own home pages.

Step 3. Interviewing.

We dedicated the majority of the time to interviewing these individuals who, because they directly or indirectly interact with potential rivals, knew the rival's operations, moves and plans. In all instances, we identified ourselves and if asked about who our client was, we stated that we could not reveal that information. In the end, we located over 60 experts, but because of the specificity of the questions, we ended up with 18 finely tuned interviews that would later feed into our analysis.

Within five weeks, we learned several things: The rival was less a threat than our client first thought. Second, his aggressive stance in the market came primarily from a very strong telemarketing sales force--not from some powerful banking workstation. We learned about the firm's satellite sales operation as well as about its back-office IT operation supporting trading and administration. In short, we presented a detailed blueprint of the competitor's operations.

The client was pleased. Had he known that other courses of action being considered by his bank could have invited expensive legal problems, he would have been even more pleased.

Leonard Fuld is president and founder of Fuld & Company, a Cambridge, Mass., competitive intelligence research and consultancy. You can reach him through his firm's Web site at

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about GilletteProScribeVigilance

Show Comments