UK Home >  OUT-LAW News >  OUT-LAW Radio

The world of corporate espionage

OUT-LAW Radio, 05/10/2006

Delve deep into the murky world of corporate espionage and surveillance to find out how companies go about conducting – and avoiding – spying campaigns in this week's podcast.

A text transcription follows.

This transcript is for anyone with a hearing impairment or who for any other reason cannot listen to the MP3 audio file.

The following is the text spoken by OUT-LAW journalist Matthew Magee.

Hello and welcome to OUT-LAW Radio, the weekly podcast that keeps you up-to-date on all the twists and turns in the world of technology law.

Every week we bring you the latest news and in-depth features that help you to make sense of the ever-changing laws that govern technology today.

My name is Matthew Magee, and coming up on this week's show we have a special extended feature. We look at the world of corporate surveillance and counter-espionage. As Hewlett Packard Chairwoman Pattie Dunn is charged in America in relation to that company's surveillance of employees, board members and journalists, how widespread is the practice? and is it possible to do it legally?

But first, the News

  • The European Commission is close to presenting its case against Intel;
  • A US gambling bill has been smuggled into law in a Ports Act; and
  • Spam maker loses bid for spam email trade mark.

European Commission officials are close to presenting their antitrust case against Intel, according to reports from Commission sources. European Commission staff are said to have already conducted an internal trial of their arguments before going public.

The European Commission's five year investigation of Intel centres on its behaviour in a market that it dominates, the company has 80% of the world's micro chip market and the Commission is investigating whether or not it abused that power.

A long awaited law making online gambling illegal in the US was passed by the Senate on Friday night as part of an unrelated ports bill. Democrats accuse republicans of forcing through the law quickly in order to garner support ahead of congression elections on 7 November. The news has had a major impact on online gaming companies, many of them British. 888 plc and Party Gaming has said that they will cease all operations in the US for the foreseeable future.

Other companies, such as PartyPoker, said that they are likely to pull out of the US.

The company behind spicy luncheon meat SPAM has failed in an attempt to register Europe-wide trade marks asserting its right over the term 'spam' in relation to unsolicited bulk email.

Spam is the colloquial term for such unsolicited bulk email in a homage to a Monty Python sketch in which a café menu contains only SPAM. Previously Hormel has tolerated the use of the term spam for email but had requested trade marks on 'spam' in relation to, amongst other things, "services to avoid or suppress unsolicited e-mails" and "creation and maintenance of computer software and technical consultancy".

It lost its case.

That was this week's OUT-LAW news

Hewlett Packard has been trapped for weeks at the centre of one of the grimiest and most exciting technology stories in years. The company hired private investigators who spied on the company's own board members in a desperate bid to trace the source of a leak.

It didn't stop there. Journalists were trailed, fake emails were sent that could install software on a reporter's computer and even journalists' families were traced.

All this has opened up to scrutiny the world of corporate espionage and surveillance. It is suddenly clear that this is a major part of corporate life, so OUT-LAW Radio delved into that murky world to talk to some of the people for whom secrets are a way of life.

Stephen Grant:  Well, tools of the trade are things such as video cameras, digital video recorders, covert pinhole cameras that no-body can see, very much like they use in investigative journalism.

MM: I went to see Stephen Grant who runs the family firm – a corporate surveillance business in Edinburgh. Sat at a table surrounded by cameras, wires and gizmos, he talked me through some of the equipment he uses.

SG: The pinhole cameras, well you wouldn't really know but there is actually one in this little bag here.

MM: So it's pointing at me now?

SG: Yeah it's pointing at you now.

MM: Where is it?

SG: You'll never find it, that's how difficult it is to find. It's just in this bag.

MM:I should just describe it, it's a blue rucksack and Stephen is saying the camera is in one of the straps and there is a tiny, it really is a tiny hole that looks basically like a big pinprick and apparently there is a camera in that.

SG: This little bit of gear here there is a tiny little camera attached to that and that's all you require, a power source and that can record about a week. We have also got specialist trackers that you can put on vehicles and we can tell on our laptop exactly where the vehicle is.

MM: So what do you do if you have a leak? Some claim that Hewlett Packard broke the law in its methods. What can you do to conduct a legal investigation.

SG: There are ways of doing it I wouldn't want to give away too many secrets because obviously that would make it more difficult for us to catch people but there are actually perfectly legitimate ways of doing this. I don't know too much about the Hewlett Packard situation but it looks like they were perhaps a bit too duplicitous. We have other methods which I wouldn't want to go into too far where we can detect who is leaking information but its specific ways of doing it which are perfectly legal.

MM: Give us a clue.

SG: It is just a way of manipulating the information that's distributed.

MM: So giving different stories to different people.

SG: Something like that but there are ways of doing it. If a large company came to us and said concerns that perhaps a member of staff is meeting up with a rival or something like that we would have no qualms about doing surveillance. If there is evidence to be obtained there is always a way of getting it legally.

MM: How common is this?

SG: It is very common, I mean most companies at some stage will have considered it I would think and most companies will be actively using it in various different parts of the business.

Justin King runs Industrial Espionage Anti-Surveillance Consultancy C2I.  He says that some things that appear illegal in fact are not including placing a bug in a boardroom or a chief executive's office.

JK: There is no UK law that says that thou shalt not bug by means of telephony as in transmission devices etc.

MM: Say I am legally in a property and I put a little microphone bug under a boardroom table and then record what's going on, that's not against the law.

JK: Not strictly any criminal law, no but you would then have to prove in a court of law that you showed intent to steal information and that information you go down the route of conspiracy and you would go down criminal law, you would go down other forms of law but it, you are not actually committing a criminal offence, no which needs to be tightened up I think in this country.  If you connect your microphone to the ring mains and using 240 volts to power it then you could probably actually be done for theft of electricity.

MM: The law is complicated, though, and bugging brings in all sorts of different kinds of legislation. Even though actually placing a bug may not be illegal, there are tight controls on what you can do with the information afterwards, according to Victoria Southern, a lawyer at Pinsent Masons, the law firm behind OUT-LAW.

VS: If you are recording a telephone conversation then there is a specific criminal offence provided for recordings in those kinds of circumstances. There is nothing in any piece of legislation that stops you from putting a physical bug in a room, in an office or something like that provided that you are there lawfully and you haven't, you know, committed any criminal offence to get access to it. If the bug is recording the goings on in a particular room well that could take you into the realms of data protection, for example in particular you've got principle one, which requires that the data is processed fairly and lawfully and when you are looking at whether the date is processed fairly you look at what the data subject has been told, about the purposes for processing. So obviously if the bug has just been planted there and nobody is aware of the fact that this is recording the goings on in a particular room then there is a good argument that the processing could be considered to be unfair. Initially it will be civil liability under the Data Protection Act but if a complaint was made to the Information Commissioner and he investigated that and found that it was a breach of any of the principles then he could issue an enforcement order which could say to the private organisation that they just cease processing and if they continue to do that then that would then become criminal liability under the Data Protection Act.

MM: There is clearly a lot of business in the anti-espionage industry, and therefore in the spying industry as well. So does anybody know how big a problem this is, and how many companies it really affects? Justin King again.

JK: One in twenty, so 4-5% of the clients that we go and investigate, we find a problem or chink in their armour and I wouldn't say it is not 5% that a bugging device is actually found but it is 5% of the time there is a leak somewhere and its usually a combination of good old fashioned human pretext where people will just try and push and push to try and get information, combined with IT abuse these days.

MM: As Hewlett Packard is finding out, life can be pretty difficult for large companies found carrying out secret surveillance, whether legal or not. Most claim that they had no idea such tactics were used and a long chain of silent command ensures that that is a defendable claim. Companies want plausible deniability of controversial bugging and they employ a string of companies to ensure that they get it.

SG: Things go further and further down the food chain. You will have a company who will contact their solicitors to say we want an investigation done into this other company. The solicitors will then instruct maybe a reputable investigation agency. They will instruct somebody else and it will go down the food chain until you get somebody who realises the only way this information is going become available is that some bugging device is placed and again the company, the solicitors, everybody will deny all knowledge but sometimes we ought to learn to say do you realise that the only way you could get that information is through illegal activities and we just can't condone this, we just can't take that any further.

MM: If a company's attempts to distance itself from unethical or even illegal action fails then it can face a barrage of hostile public reaction, and the consequences for the business and shareholders can be dire. In the Hewlett Packard case news has dribbled out, day after day, keeping the story alive for a month as new revelations creep out. Alex Woolfall is a Crisis Management Expert for public relations firm Weber Shandwick and he says that that is not the way to handle this kind of crisis.

AW: I would definitely be in the school of thought that says 'get it all out in one go'.  If the company genuinely feel that in fact it has done something it is not proud of and that it really needs to set the record straight then it is far better to be completely open about that and get it out and over and done with because once you've lost the trust you won't get the trust back again very easily and the more clients I would with, the more they seem to understand that actually at the end of the day honesty is not only the best policy, it’s the only policy now if they really really care about their corporate reputation.

MM: Corporate surveillance is out there, with an estimated £11 million a year spent on bugging devices alone in the UK. A long string of subcontracted security firms is not enough to keep a company's name out of the headlines, so firms need to be sure of their legal ground regardless of who is actually doing the work for them. If they don't they could find themselves, like Hewlett Packard, with the information that they want, but at a very high price.

That's all we have time for this week, thanks for listening.

Why not get in touch with OUT-LAW Radio? Do you have a legal problem you would like us to discuss on air? Do you know of a technology law story? We'd love to hear from you on radio@OUT-LAW.com.

Make sure you tune in next week; for now, goodbye

OUT-LAW Radio was produced and presented by Matthew Magee for international law firm Pinsent Masons

OUT-LAW Recommends

Free OUT-LAW seminars
- Making your contract work
- Information security
Six cities, October & November

This week's podcast
Are ISPs about to betray our trust?

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.