MARCH 12, 2007
Wal-Mart gets lots of bad press, but usually it's about how the company treats wage laborers, not about how it treats the press. Yet, last week, CEO H. Lee Scott found himself calling an executive at The New York Times to apologize for having spied on their employees. In an effort to ferret out the source of a leak of embarrassing company memos, a Wal-Mart employee apparently intercepted text messages and telephone calls of other employees. Now, FBI investigators are on the case, and the Wal-Mart employee caught snooping was sacked (which may just be a token measure making him Wal-Mart's Lynndie England). If this latest fiasco is anything like what happened at Hewlett-Packard last year--when Chairwoman Patricia Dunn resigned after it came to light that she hired spies to investigate a boardroom leak to the press--more heads are sure to roll.
Biz-world pundits and even Wal-Mart watchers (there are many of late) seemed shocked that the company would do something so distasteful--so downright dirty--as spy on its own employees and on journalists. "I believe that this incident is a case of human nature running amok," wrote one former Wal-Mart staffer on Computerworld.com. (He shouldn't have been surprised. In 2003, the Center for Business Ethics reported that 92 percent of U.S. employees were electronically monitored by their bosses.) But the real danger for Wal-Mart--and, increasingly, American business writ large--isn't "data brokers" hired by companies to spy on their employees. The real danger is paranoid executives hiring brokers to spy on other corporations.
It's called "competitive intelligence gathering," and, in its purest form, it is a banal and mostly innocuous practice: mining open source information to keep up with a competitor's marketing strategy or pricing plan. But, in recent years, an out-of-work cadre of cold war spooks and the uncertainties of a post-September 11 world have spurred a wild, wag-the-dog intel industry where wannabe spies routinely prey on the fears of big business and convince CEOs to sign them up for espionage (sometimes under the vague rubric of due diligence). These "intelligence professionals" (some of them CIA and MI6 alumni) often employ methods that cross ethical and legal boundaries--pretext calls, surveillance ops, bribes, wiretaps, and hacking--and can land the CEO who hired them in costly litigation. (Dunn and four others have since been indicted on felony charges of conspiracy, fraud, and identity theft. Is this what Wal-Mart has in store?)
This isn't an entirely new phenomenon: As early as 1850, Allan Pinkerton, Chicago's first freelance detective, took on jobs the nation's nascent local police were not equipped to handle--from solving a spate of train robberies to tracking down counterfeiters. "We never sleep," was Pinkerton's motto, and, as detective lore has it, the agency's insignia--an all-seeing eye--gave birth to the term "private eye."
But today's world of private detectives is infinitely more complex, more corporate, and more global. Are Greenpeace activists threatening your oil profits? Is the Uzbek CEO you want to invest with in bed with terrorists? Is your secretary in bed with your competitor? There is a wide array of intelligence brokers to turn to for help with threats--real and imagined.
What makes this growing business so dangerous is that it remains largely unregulated--a murky industry where ethical and legal boundaries appear to be judged on a sliding scale. One corporate spy told me he had no problem breaking the law to hack into the computer of a "degenerate thief" to track down stolen assets, much like a cop might break the rearview light of a suspected drug dealer's car, in order to have an excuse to pull him over. What about pulling a bank statement out of the trash on company property? Or cajoling a disgruntled employee at the local telephone company to pull up some phone records? What if someone volunteers a piece of ostensibly innocent information, like a company's production schedule or factory plans? These things really happen, and they're obviously not ethical. But are they illegal?
Sometimes the line is blurry even to firms that think of themselves as part of the white-shoe establishment. Even Kroll, the reputable industry dinosaur, has been sued for foul play. The elusive firm Hakluyt--founded by former MI6 operatives and legendary for doing business over port and cigars in London's tony White's club--has also seen its share of lawsuits. Shell Oil and EADS , the company that brought us the Airbus A380, are said to be among its most loyal clients.
Then there are the newer intelligence brokers like Diligence, a midsize firm with about 100 employees worldwide that says it aspires to "professionalize" the spy biz and make it a more respectable industry. In the process of growing the company, however, Diligence has done a few less-than-respectable things. Most recently, it was caught spying for the English rugby team by covertly videotaping the closed practice matches of its competitors. Then there was the time, in 2005, that accounting firm KPMG sued Diligence for sending faux spies into its Bermuda office posing as real spies to convince a KPMG employee to give up sensitive information about an ongoing investigation.
There are also counter-corporate espionage firms that offer spies to protect against the spies. Former CIA chief James Woolsey sits on the board of one such firm, Global Options, a Washington, D.C.-based outfit, which used to call itself "a private CIA, Defense Department, Justice Department, and FBI, all rolled into one" until, presumably, some wise public relations people suggested a more conservative marketing strategy.
Some of what these companies do is illegal, but enforcement is spotty. According to Tom Mahlik, a section chief in the FBI's counterintelligence division, law enforcement reacts on a "catch as catch can" basis. In other words, corporate espionage is much like that tree falling in the forest. Says Mahlik, "If it wasn't detected, it wasn't illegal--because you don't know about it."
The cases we do know about have cost corporate America millions of dollars. Procter %amp% Gamble paid its rival Unilever a $10 million settlement after its hired spies pulled confidential documents from the trash bins outside Unilever's Chicago office. WestJet was forced to pay a reported $4.6 million in legal fees for spying on rival Air Canada and another $10 million to children's charities. Spies can also come from within. Last year, an ambitious secretary at Coca-Cola took the secret formula of a new Coke drink to competitor PepsiCo. Unfortunately for the secretary, Pepsi decided it wasn't worth the potential costs and turned her in.
So why do CEOs continue to hire spies? Perhaps because they think the other guy is doing it. Or perhaps because they believe globalization has a dark and sinister side. "Corporations have to get into emerging markets to achieve better returns, but emerging markets have more problems--institutionalized corruption, the lack of transparency, political risk, local and foreign competitors who don't play by the same rules," says Nick Day, chief executive for Diligence Europe. "Foreign governments use their espionage services in a way the U.S. doesn't. Russians bug their hotel rooms. The French put bugs in the first class seats of Air France. The Chinese run agents inside U.S. corporations. The point being, those are reasons why U.S. corporations are having to use intelligence because it's the only way to level the playing field."
That may be, but it is a difficult thing to prove. A successful spy job is by definition a secret one. Then again, few companies report cases of corporate espionage for fear of scaring their investors. Mark Cooper, from the risk management company C2I International, says, "I don't know how much corporate espionage goes on, [but] I tell clients to shed their papers properly or have their security cameras watched. It's mostly common sense stuff." Then again, it might also be wise to keep away from the fantasists in trench coats.
By Ilana Ozernoy