Competitive Intelligence, Corporate Security and the War on Terrorism

Competitive intelligence teaches you to see things as they are. So what role does competitive intelligence have in the fight on terrorism? What is happening to competitive intelligence due to the response of corporate security staff to the war on terrorism? Let’s list the major ways that is occurring and then develop each of them in turn:

• Those involved with competitive intelligence may have additional missions.
• Businesses are changing and will continue to change the way they deal with outsiders.
• Numerous changes have resulted for so-called open records or Freedom of Information Act statutes and regulations, both at the federal and state levels.
• The war on terrorism has placed increased responsibility on, and an increase in funding at the disposal of, corporate security units.
• Many, although certainly not all, citizens are more sensitive to what other people are doing and are on the lookout for anything “strange.”
• There will be unintended, perhaps even unpredictable, consequences for competitive intelligence professionals.

Those involved with competitive intelligence may have additional missions.

Currently, in the corporate world, the burden of responding to the war on terrorism has fallen most heavily on corporate security personnel. As those involved with security are finding, since the war on terrorism has so many facets, it is useful to reach out to other corporate functions for assistance.

More on IP Theft

Hacked: The Rising Threat of Intellectual Property Theft and What You Can Do About It

IT Strategy: IT Versus Terror

How to Avoid Intellectual Property Theft

For example, in some firms, it has increased the awareness of the impact of counterfeiting, which is sometimes linked to terror groups. That in turn sometimes brings the legal team into the mix, drawing on the expertise there to help deal with counterfeiting and its associated activities, such as trademark violations, patent infringements and the like. Internal staff involved with competitive intelligence may also have a similar supplemental role.

A competitive intelligence team should be reviewing what your firm has already released to the public to avoid wasting time and money protecting such material. For example, in one assignment, our firm was able to develop complete floor plans, equipment inventories and even machinery locations for several Midwestern food plants. The principal source of the data was a tax office that was being filed to allow regular updating of assessments.

If this were your firm, instead of focusing on keeping this data from being disclosed through other channels, which it is too late to do, a better use of resources would be to protect the facilities and also work with the tax office to make sure that future filings would not be accessible to third parties or contain sensitive facility information. To provide for the second step, you will probably have to work with the agency and provide the data separately, marked as “trade secret—not for release” or the equivalent. Also, the competitive intelligence team can help your security team determine whether the “leak” is the result of economic espionage, an accident or just effective competitive intelligence efforts directed at your firm.

Seek out the competitive intelligence team’s expertise and ask it to help educate your entire staff on how to defend against the intelligence-gathering efforts of your competitors. While that is beyond the scope of this piece, an effective defensive competitive intelligence program can supplement legal and security programs by minimizing the accidental loss of competitively sensitive data, thus reducing the burden on these functions. But just how can it supplement those programs?

To understand where and how competitive intelligence professionals can assist both your security program and a legal program, it may help to align these programs. One school of thought puts the relative availability and benefit of so-called “open-source information,” which is data available to everyone, primarily but not exclusively secondary data, as follows:

• Open-source information: 80 percent of what is needed to make decisions.
• Open proprietary: legally obtained through concentrated efforts, 10 percent more of what is needed.
• Closed propriety: information obtained through so-called gray activities, which are legal but of dubious ethical stature, as well as some that are clearly black, such as industrial espionage, 5 percent more of what is needed.
• Classified: closely held, extremely valuable information, such as trade secrets, virtually all black operations, 5 percent more of what is needed.

As the following chart shows, one way of looking at the relative missions of corporate security, intellectual property protection programs and defensive competitive intelligence is to line them up against the elements of the data pyramid showing these ratios.

If a competitive intelligence unit cannot or does not undertake these missions, there is no reason why appropriately trained security personnel cannot assume these related responsibilities.

Businesses are changing and will continue to change the way they deal with outsiders.

To competitive intelligence practitioners, business changes driven largely by security efforts have already made it more difficult to collect primary information on many targets. No longer are full company directories commercially available or a regular feature on the Internet. No longer are tables of organization and plant diagrams to be found on a homepage or on the walls in public reception areas in businesses.

Industrial security teams are not doing these things to foil intelligence gathering, but to protect against potential terrorist activities. But protecting against terrorists in many cases also means, almost by accident, protecting against competitive intelligence professionals working for your competitors.

As the war on terrorism drags on, we can expect that companies will increasingly protect their employees and the information that their employees possess. If and when U.S. businesses begin to be damaged by terrorists, we can expect to see such protective and defensive activity escalate to levels that today would be almost unimaginable. If such escalation occurs, it will not put competitive intelligence out of business, but it will make the collection of primary intelligence—information from people, or information from observations—even more difficult than it is today. That in turn means that those developing competitive intelligence will further rely on secondary or document-based data for intelligence purposes.

There are many fundamental flaws with such a research strategy—among them that what has not yet happened, but is being planned, is likely to be in the possession of people, while documentary evidence is available in only the most general terms.

If competitive intelligence should trend toward library- or now Internet-based research, we can expect an increase in the use of disinformation, which practitioners find most distasteful. Besides its obvious ethical problems, which are significant, disinformation has the effect of destroying trust in those involved in spreading it. In the business world, for disinformation to work, it must mislead competitors. And those people spreading it, or least most of them, must actually believe in it as well. When it becomes obvious later on that the information is incorrect, these people will, consciously or subconsciously, be less willing to do the future bidding of those who created the disinformation.

It is only the presence of the relatively new Securities and Exchange Commission (SEC) rules on public disclosure that have kept many publicly traded businesses from utilizing disinformation. For non-publicly traded businesses, however, disinformation still remains an option. As businesses realize that they are more secure from competitive intelligence penetration aimed at primary intelligence data, we can expect a rapid rise in the use of disinformation released through the print media. Some of the disinformation, of course, will be accidental. A reporter who misquotes an executive, a typo in a magazine chart, or an overly enthusiastic or pessimistic headline all can contribute to disinformation, or even can create it.

To be sure, disinformation, if taken too far, can be fraud. But there is a great gray, and frankly distasteful, area between strict honesty and fraud. As competitive intelligence is pushed back from access to people and must rely more on secondary sources, targets of legitimate competitive intelligence activities may well be tempted to tweak what the competition hears by adjusting what they say or do not say.

Research has shown that starting on this slippery slope from the clear bright light area of legal and ethical behavior into the increasingly gray zone of unethical behavior leads all too often to the black area of fraud and violation of criminal laws.

Numerous changes have resulted for so-called open records or Freedom of Information Act statutes and regulations, both at the federal and state levels.

For decades, citizens and businesses had come to rely on the state and federal Freedom of Information Acts (FOIAs), also known as open-records laws, to gain access to government records about themselves and others. Of course, there have always been exceptions to access, such as those guaranteeing personal privacy, protecting ongoing criminal investigations, etc. But in general, the FOIAs have been a powerful tool for controlling the behavior of government. They similarly have been a powerful tool in the hands of intelligence professionals, who use them to dig out details about companies dealing with the government, companies in difficulty with the government or those seeking to influence the government.

Shortly following the attacks of Sept. 11, 2001, the U.S. government adopted a new, more rigid policy toward the release of information to the public. Following the specific directive of the attorney general, federal agencies immediately began to restrict access to information that might be of assistance to terrorists. For example, the U.S. Environmental Protection Agency (EPA) had previously posted online very detailed information compiled from the numerous reports businesses filed with it. It also had begun a program of enriching that information by adding details from publicly accessible business directories, and even adding access to driving-direction programs, and producing maps of the areas surrounding many industrial facilities. After 9/11, that material soon disappeared from the Internet. The EPA’s feeling was that the data provided too much assistance to terrorists in detailing chemicals being used, physical locations and other details.

However, that data was also being used by companies in the chemicals industry to develop accurate and inexpensive profiles on their own competitors. In fact, the utility and power of this data had been such that official representatives of the chemicals industry had actually protested to the EPA before 9/11, seeking to remove that information from places where their competitors could access it. They even engaged a competitive intelligence research firm to show just how powerful and critical that data was to developing competitive profiles.

But the limitation of access to data does not and will not stop there. There are moves within the U.S. government to put together working groups to reassess the kinds of information that should be available through FOIA and the kinds of information that should be protected. A part of this battle has surfaced in the use of brand-new classifications for data not previously seen, marking efforts by U.S. government organizations to protect data that was not personal, confidential or subject to a security classification. The result is that the amount of data available through the federal FOIA and the speed with which it can be retrieved are both less than in 2000.

In addition, the states themselves, responding to increasing citizen concern about identity theft and similar invasions of privacy, have begun efforts to limit or prevent the release of what most people would consider personal data. This has had unintended but significant consequences on the production of data for businesses. For example, last year, one state amended its open-records laws to try and protect personal, sensitive data. It stated that records released by state government agencies could not include identification data such as taxpayer numbers, telephone numbers, home addresses and similar information. This all makes perfect sense. However, the way the language is written, it impacted not only the contents of business records but also the access to them.

For example, in the insurance industry, applications for approval of new policies, advertisements and the like are typically accompanied by a cover letter from the company filing the documents. That letter will include the name of the individuals responsible for the filing, their direct-dial phone number and other data. The applications themselves will typically contain some sort of identification number for the company, usually its federal taxpayer identification number, the same number used in corporate filings with the SEC. Because of the change in the law, the state insurance department found that it was not able to release documents dealing with the filing of new insurance policies, to which the public and competitors had a right of access, without manually redacting telephone numbers, personal names and taxpayer dedication numbers from these documents. Since the documents, upon receipt, were put into Adobe PDF format, and some were even provided in that format, that position meant withholding the documents completely from the public until they could be rescanned with the material data manually blacked out.

Since these forms were available online as well, that one change completely shut down access to all filings of all insurance companies for as far back as the records went. Eventually, that was straightened out by a combination of amendments and the application of common sense, but for a period of time, an effort to protect personal identity and personal phone numbers had the effect of shutting down access to literally thousands of pages of previously public information.

But not all rule changes in recent years have been intended to restrict access to information. For example, the SEC adopted regulation FD, for full disclosure, to force companies to release critical information, all at once to all parties. The companies had been required to disclose material information as was known, but very often that information was disclosed first to one or a select group of analysts before it was made available to the media and then to the public. The SEC sought to level the playing field by requiring that this information, when released, be released to everyone simultaneously.

Oddly enough, changes in SEC regulations requiring more public disclosure by publicly traded businesses have had a different impact. While we might initially think that this makes collecting competitive intelligence easier, it actually has the effect of making those who disclose information about publicly traded businesses more sensitive about what they say, to whom they speak and the contents of what they release. Anyone reading their analyst briefings and comparing them with some from even six years ago will be struck by the extreme caution exercised by every speaker and the extremely general nature of all exhibits and displays such as PowerPoint presentations.

As the war on terrorism continues, we can expect that access to more and more data currently held by the government will be impacted. Most likely, it will be subject to the typical back and forth of politics. That is, access will be increasingly restricted. That will result in a backlash, shifting the trend toward more “openness and transparency.” When data that should not be released is found to have been released, there will be another backlash, and so forth.

The war on terrorism has placed increased responsibility on, and an increase in funding at the disposal of, corporate security units.

This funding change may have profound implications for competitive intelligence. First, providing additional funds and responsibility to those in corporate security will eventually result in corporate security activities making some forms of competitive intelligence that much more difficult, or even impossible. This is not to say corporate security will actually target competitive intelligence, although it should.

And corporate security units may eventually become sensitive to the existence of threats from competitive intelligence; having seen their mandate increased, they will continue to increase their activities by moving into the area of defending against competitive intelligence.

Regardless of which way this works, more aggressive corporate security practices will result in making the collection of any raw data, whether primary or secondary, more difficult in the future. Oddly enough, there is little evidence to indicate that the terrorists most feared by businesses as a threat to their facilities utilize sophisticated data-gathering channels. Security managers will move to control the release of the information that their company can control, to limit the distribution of materials that it produces, and to prevent access to information and facilities. That may not be an effective antiterrorist strategy, but it may well be, by accident, an effective anti-competitive intelligence strategy.

On the other hand, increased spending on corporate security and counterterrorism may also benefit competitive intelligence professionals. Consider these possibilities, for example:

• Government research and development of mapping technology, coupled with improvements in satellite surveillance, make it possible for business intelligence analysts to gain access to highly detailed pictures of a target facility in real time and at little or no cost.
• Companies come to realize that the tools and techniques of competitive intelligence can supplement activities in areas ranging from facility protection to tracking counterfeiting, thus opening new career opportunities for internal competitive intelligence staff.

Many, although certainly not all, citizens are more sensitive to what other people are doing and are on the lookout for anything “strange.”

The impact of this is similar to that caused by a ramping up of activity by security departments. However, it is likely to ebb and flow.

For example, several years ago, a client wanted information about the production capacity of a plant owned and managed by a competitor. The client had done a very good background research assessment of what could be found on the Internet and from industry print resources. From that, the client found out the nature of the product produced at this plant and the kind of specialized equipment used, and identified the plant’s ability to shift among various types of products. However, what was lacking was a real in-depth assessment of the size of the plant, and the number of pieces of large manufacturing equipment there, both critical to creating a profile of the plant’s current active capacity.

In this case, we went to the township where the plant was located, specifically to the office that housed local zoning and building code enforcement records. Our hope was that the facility’s plans for expansion and renovation and the like, which had been filed there, would help us assess current conditions and the current manufacturing area in the facility itself.

The plant was located in a small, semi-rural community. It was more than likely the largest employer in the township, perhaps even in the county. When a representative of Helicon went to this office, it was small enough that after he was given access to the plans on file, he reviewed them at a worktable in the middle of the office. As requested by the township, he signed his name in the public records log, identified his company—although that was not required by state law—and proceeded to evaluate the plans.

Another individual on the assignment attempted to call several people within the plant. The background research by the client had led us to identify names of individuals, such as the plant manager, so an effort was made to elicit additional information on the plant.

About 24 hours later we received a call from an individual with the parent company. The parent had found out “about our interest” in the plant and was very upset. We pointed out that, in fact, both individuals had left their names and clearly identified themselves in all situations. Otherwise the company would have had no way of contacting us to express its concern!

What happened was probably not that the individuals at the plant reported the relatively innocuous calls to headquarters, but rather that someone in the township had a relative or friend working in the plant. That person probably wondered why someone from outside that area was so interested in the plans of the facility and called someone, which ultimately resulted in an inquiry made by headquarters of the small number of people at the plant as to whether they had been contacted by Helicon. The answer was yes. About half of the key people in the plant in fact had been approached by Helicon, but had provided no data of value.

In our experience, the calls that were being made to elicit information from the plant personnel would not normally have triggered an inquiry like this. Rather, it was the curiosity of an individual in the township about the request to see a public record about a major industrial facility that triggered a defensive response. In more than 25 years of conducting competitive research, this is the only case we can recall where the local government gatekeeper, as it were, alerted a target of our interest.

We are virtually certain that this will not be the last such event. We absolutely believe that the appropriate caution that has been engendered among Americans, and others around the world, has already had an impact on the competitive intelligence process. While the caution evidenced will not always be at the highest level, it is our opinion that after every actual or threatened terrorist event somewhere in the world this kind of sensitivity will increase, even if for only a short time.

There will be unintended, perhaps even unpredictable, consequences for competitive intelligence professionals.

One example of this may be a controversy that arose in early 2007. As many in and out of competitive intelligence know, Google has a product called Google Earth, which consists of satellite photographs of much of the world.

A January 2007 news report indicated that Google was talking with British military commanders in Iraq after learning that terrorists attacking British bases in Iraq may have been using aerial footage from Google Earth to pinpoint their strikes. Google was quoted as saying it had “opened channels” with the military in Iraq and that it was “sensitive” to the requests of the military there.

It does not take much imagination to see that Google Earth, a product widely used by competitive intelligence analysts, particularly when dealing with older facilities, may become less useful, less precise or even inaccessible under certain circumstances and with respect to certain areas.

Admittedly, the restrictions may simply deal with areas where U.S. troops and other military groups are engaged in active conflict. However, it is merely a short step to having Google Earth confronted with a request to tone down its operations due to a map of a terrorist target found by authorities not targeting a regimental headquarters in Iraq, but rather a refinery in Philadelphia.

Summing up the Threat

What other areas of use to intelligence practitioners might terrorism impact? For that we have to turn to the law of unintended consequences, not a very comforting concept.

That law, really an expression of centuries of observations, holds that actions by individuals or groups of individuals, including government, often have at least one significant unintended and unforeseen consequence. That consequence may be positive, it may be negative, or it may actually cause a result opposite to that intended by those initiating action.

Think about its application to competitive intelligence, and you will begin to see what intelligence professionals now face.

These options are not inclusive. They cannot be. As the war on terrorism morphs, and as our responses to it change, the surrounding business environment will also change. Somewhere along the line, a competitive intelligence practitioner will run into the “Butterfly Effect.” That is, some very minor event in the war on terror will have a major impact on the competitive intelligence profession—maybe positive, maybe negative.

All we can be sure of is that change will continue to happen.

John J. McGonagle and Carolyn M. Vella are, respectively, the managing and founding partners of The Helicon Group. Helicon is a competitive intelligence consulting, research and analytical firm located in Blandon, Pa. They have written six books on competitive intelligence.