|
Foreign Affairs While insiders pose the greatest threat to the company's jewels, outsiders are a close second. But even then, insiders may be unwitting accomplices. Info requests. Based on reports sent to the U.S. Defense Investigative Service (DIS), unsolicited requests for information are the most frequently used modus operandi for foreign collection of U.S. technology information. In 1996, such requests surpassed all other collection methods by a nearly three-to-one margin. Phony foreign requests for information or "partnering" arrangements can take many forms: letter, fax, phone call or e-mail. Foreign operatives may request free samples of software and working models. Or, they may offer, unsolicited, to work as sales agents, consultants or representatives in foreign countries. The foreign operatives frequently word their messages to appeal to cultural commonalties (see box, p. 23). Visits. Foreign operatives may even try to schedule meetings at U.S.-based companies under the guise of "mutual information-sharing." Then, they'll arrive with last-minute or unannounced persons, try to wander away from approved locations or initiate conversations beyond the scope of the visit. They may pressure the host into becoming conciliatory or use social engineering techniques to get information from employees. While these seem like obvious rouses, the threat is real: In a surprising number of cases, insiders give away information they would not have had they realized the motives of their assailants. Joint ventures and licensing. In order to break into a foreign market, a U.S. company may enter into a joint venture with a foreign firm. Doing so, however, often requires the transfer of proprietary secrets--if not as a condition of the contract, then as a matter of practical necessity. The problem is, once the foreign firm acquires proprietary technology, it can use it to make a competitive product. India, for example, is said to use compulsory licensing for pharmaceuticals. Companies wanting to sell pharmaceuticals in India must license use of the technology to an Indian company. The Indian company may then turn around and begin marketing a similar product. Surveillance Technologies Although most intellectual property is stolen through low-tech means, surveillance technologies also pose a threat. For example, in 1988 France's Direction Générale de la Sécurité Extérieure (DGSE) allegedly sent a four-man team to Seattle to intercept test data and personnel communications during flight tests on Boeing's new 747-400 airplane. Information collected on the 747's new computerized navigation system was allegedly used in a similar system in the Airbus A340. While this incident happened more than a decade ago, an independent report released last year by the Commission for the Control of Security Interceptions suggests that illicit state-sponsored surveillance continues today in France. The report says that more than 100,000 telephone lines are tapped illegally each year in the country, with state agencies behind most of the eavesdropping. France, of course, is not the only country to employ surveillance technologies, and even the U.S. has been accused of such spying. Electronic Break-ins Computer penetrations are a serious threat to intellectual property. A recent high-profile case involving competing investment brokers Reuters Holdings PLC and Bloomberg LP demonstrates the reality of this growing threat. More than $6.5 billion is spent annually on computer terminals that Wall Street traders use to get up-to-the-second bond and equity prices and currency values. These computers contain sophisticated, proprietary software applications and tools that allow traders to analyze investments and predict current trends. Even though Reuters had more than a century's head start on the trading room floor, Bloomberg's new trading tools were considered superior. So Reuters founded a subsidiary called Reuters Analytics to develop a competitive product. Rather than devote millions to product R&D and testing, however, Reuters Analytics took a different tack. In January 1998, reports alleged that the subsidiary had commissioned a consulting company to break into Bloomberg's computers. As a result of the breach, the consulting company reportedly obtained information about Bloomberg's operating code, the underlying software that governs the functioning of Bloomberg's data terminals. This information was then passed on to Reuters Analytics, as well as to the parent company's London headquarters. Often, though not always, a computer attacker holds (or has held) a position of trust within the targeted organization. While the method of break-in was not disclosed in the Reuters-Bloomberg case, sources said former Bloomberg employees working for Reuters Analytics or the consulting company may have been involved. |