Critical Information Defence


Murray Associates

North American services conducted in association with Murray Associates

Griffin Security Group

Specialist security consultancy services delivered in conjunction with Griffin Security Group

WhitePaper

'The Ethics of Business Espionage' - the thin grey line.

Dr Andrew Crane - senior lecturer business ethics, University of Nottingham business school has published a paper on business ethics. Some key points explored.

1. Ethically its logical to expect that a competitor also has some form of moral claims on an organization that go beyond those codified in law - for example some form of right to privacy, or a right to 'fair play'.

Certainly, it is open to debate whether the mere fact of a competitive situation bestows upon an organization carte blanche to act in whatever way is necessary to beat their competitors, including lying, deception, providing false information about competitors to consumers, poaching staff, and other such questionable practices.

2. There seems to be a reasonable case for suggesting that there are limits to acceptable forms of intelligence gathering, beyond which the practice might be considered unethical. Ordinarily we might expect the law to determine the boundary between acceptable and unacceptable practice, but with the rapid advancement in information and communication technologies, as well as the increasing growth in the competitive intelligence industry, legal limits are not always as clear-cut as one might hope or expect.

There is a onus, and expectation that an organisation goes to reasonable lengths to protect its property and that of its shareholders, when the property is information, what is reasonable?

What proportion of the value of the information should one spend in securing it?

How does an organisation even put a value on such information?

The opportunity cost can be massive, certainly too high to trust to luck.

3. Companies who want to engage in dubious practices simply contract the work out to independent operators to 'do the dirty work', whilst providing 'plausible deniability' for the company in case the operation is exposed or goes wrong.

To this end, the following criteria are suggested to determine whether ethical problems could be said to have arisen in intelligence gathering. Specifically, one might suggest that ethical problems occur when one or more of the following are deemed to have occurred:

a) The tactics used to secure information are questionable since they appear to go beyond what might be deemed acceptable, ethical, or legal business practice;

b) The nature of the information sought can itself be regarded as in some way private or confidential;

c) The purposes for which the information is to be used are against the public or an organisation's interest.

These are not mutually exclusive, and indeed, it is often difficult to disentangle one from another.

'Questionable tactics' may take many forms, from the clearly illegal, such as breaking and entering competitors' offices to steal information or installing bugging devices, to rather more grey areas. This includes searching through competitors' rubbish, hiring private detectives, infiltrating competitor organizations with industrial 'spies', covert surveillance through spy cameras, contacting competitors in a fake guise such as a potential customer or supplier, interviewing competitors' employees for a bogus job vacancy, and pressuring the customers or suppliers of competitors to reveal sensitive information about their operations.

These are all tactics that have been, and indeed continue to be used, by intelligence gatherers in industry.

When hiring a security company to investigate questionable tactics, it is imperative that firstly you ensure that their ethics are irreproachable.

Determining where exactly 'questionable' practices become 'unethical' ones is not exactly clear cut either, but application of the golden rule - do unto others as you would have them do unto you - and other principles can help to clarify this position.

Don't hire a investigation company to investigate the use of bugging devices, they may well have just planted them or have been rifling through your bins the previous day -They do unto others as they propose to undo for you.

Would you trust IT virus protection software written by software engineers who write viruses on the side.

Private or confidential information may refer to any kind of information which the organisation feels should not be freely available to outsiders and which therefore there should be some kind of moral or legal protection. Whilst in principle this seems quite reasonable, it is rather more difficult to establish a corporation's right to privacy than it is an individual's - and certainly, the enforcement of privacy is considerably trickier.

The implementation of an Information Classification System will help reinforce the organizations' view, such classification should be posted on each and every document and consideration should be made for all communications verbal, written or electronic.

A considered and well publicised Classification Policy can help broaden awareness, ensure appropriate countermeasures are set in place and minimise operational risk.

It would seem that even companies with an ethical policy on intelligence gathering might accidentally encourage, or even tacitly endorse, questionable behaviours on the part of employees or contracted agents.

In an increasingly knowledge-based competitive environment, the incentives to overstep the mark in intelligence gathering have increased significantly, and, with advances in information and communication technologies, the opportunities for doing so have multiplied accordingly. Moreover, the boundaries for defining acceptable practice have also become increasingly muddied, especially now that surveillance technologies and other 'spying' tools and gadgets have become so easily available to companies.

Industrial espionage has major implications for all industry players, whether they are directly involved in espionage activities or not. Businesses need to maintain confidence in their data integrity and security; they need to offer reliance in their attitude towards privacy; and perhaps most of all, they need to establish strong relationships of trust with their key stakeholders.

Whiterock counter measures

Known as "sweeping" TSCM (Technical Surveillance Counter Measures) involves the detailed checking of rooms, offices, vehicles or any area within a building to ensure that no covert listening, secret camera or telephone phone tapping devices have been deployed. TSCM is vital for protection.

Whiterock specialises in the methods available to counter the illegal bugging, and interception, of private and corporate telephone calls by utilising Hi-Sec encryption. Secure-Comms offers complete protection to clients who require assurance that their mobile, landline and fax transmissions remain secure, private and confidential.

WhiteRoom is a unique 24x7 service which provides a safe environment for management meetings and discussions. WhiteRoom provides reassurance that critical corporate information is protected. WhiteRoom detects, defends and deters espionage, provides an instant status overview and is a cost effective route to due diligence, boosting protection and security. Ultimately, WhiteRoom protects the most valuable of assets - knowledge.

In the company of spies: The ethics of industrial espionage [External link to Adobe Acrobat Document]