Stealing secrets
In the information economy, ideas are golden. That's why they're getting stolen.
Reno Marioni, CEO of startup travel and entertainment Web site Adventure Zone Network, was cleaning out a former employee's computer last summer when he made a horrific discovery: The employee had e-mailed the company's business plan and financing information to his new employer, a competitor.
"I could have had him arrested. But we're in the process of building a company, and we could either look forward or focus our energies on doing that."
Reno
Marioni
Adventure Zone Network
Marioni says he remembered the ex-employee behaving oddly before his departure: taking calls outside on his cell phone and shutting himself inside his office. Suspicion even led Marioni to have the employee sign an intellectual property nondisclosure agreement before his departure. But to no avail - the illicit e-mail went out just a half-hour after the employee signed the agreement.
The CEO was furious, and his investors, whom he informed of the breach, were shaken up. It was a stab in the back that could not be undone.
"You have to worry about employees," Marioni says now. "I could have had him arrested. But we're in the process of building a company, and we could either look forward or focus our energies on doing that."
Marioni's case is hardly unique. It's an all-too-common example of the kind of spy tactics that are now endemic in the dot-com world.
Unhappy employees can make off with more than just office pens.
According to Ira Winkler, author of Corporate Espionage (Prima Communications, 1997), U.S. businesses lose $100 billion a year to industrial spying. And while measuring the impact of espionage in the high-tech industry remains an inexact science, experts say the underground exchange of information is raging in dot-com hot spots like Silicon Valley.
"You can be left extremely vulnerable. Your entire product line and customer list is left on the server of the business-to-business sites."
Ira
Winkler
author, Corporate
Espionage
In the high-tech world, it's even worse than in traditional industries, Winkler says. "It's rampant. In some ways, it's a part of doing business."
Experts say hacking, cheating, and stealing information for material gain are natural consequences of an economy that relies on technology and the Internet. Competition is fierce, labor is short, and information is gold. Even traditional corporations are targets, as more companies rely on the Net for business operations like purchasing and sales.
"You can be left extremely vulnerable," Winkler says. "Your entire product line and customer list is left on the server of the business-to-business sites."
Data on espionage is scarce, in part because corporations fear public attention could expose weaknesses and precipitate new attacks. But in a recent survey on Internet security by the Computer Security Institute, 74 percent of the polled companies admitted financial losses as a result of computer breaches. Of 273 companies polled, 66 reported a loss due to theft of proprietary information, for a total cost of $66.7 million.
In Silicon Valley, theft of trade secrets appears to stem in part from an extremely mobile labor pool. With proprietary information residing on shared networks within companies, all it takes to dull a competitor's edge is a single disgruntled employee.
Recent court dockets have been spattered with allegations of insiders making off with privileged information. The Santa Clara County District Attorney's Office has handled about a dozen cases of employees taking their secrets with them to new employers in the past several years.
"Typically, it's not burglary," says Julius Finkelstein, a deputy district attorney who heads the DA's high-tech crime unit. "It's someone who wants to take a jump from one company to another."
Finkelstein likens information theft to bank robbery. "Banks used to get robbed all the time until measures were taken to beef up security," he says. "If you think money is valuable, think about how much value there could be in a computer disk that has software that's generating hundreds of millions of dollars. That takes up less space than a stack of $100 bills."
While most cases of espionage seem to originate with insiders, hacking for insider secrets still happens. In 1999, federal prosecutors accused a small online bookstore of intercepting thousands of e-mail messages sent by Amazon.com to booksellers. The company, now called Alibris, paid $250,000 to settle the charges.
"You'd be surprised how much information companies give out without knowing, not thinking anyone would care. People just ask for the information."
Ira Winkler
Venture capitalists, too, may be at fault. Some in Silicon Valley say investors, whose job it is to hear the plans of businesses seeking money, can be loose-lipped about the secrets they hear. "You have to assume that they're talking to people," Marioni says. "You need to do your homework. If you're coming out with a product that directly competes with Microsoft, you don't go out to the investors of that company."
Sometimes, valuable information is up for the asking. "You'd be surprised how much information companies give out without knowing, not thinking anyone would care," Winkler says. "People just ask for the information."
Computer security experts advise that in addition to ensuring their networks are secure, companies should require their employees to sign agreements not to share private company information with outsiders.
Also, companies should review what information they must hold closely and what they can disclose.
Sometimes taking preemptive legal action against employees can keep trade secrets safe. Online advertising agency DoubleClick claimed two of its vice presidents had begun planning a competing venture while still employees. DoubleClick argued that the employees had acquired company secrets --including information and strategies regarding revenue, pricing, customers, and projects --that could have been used against it. In 1997 a judge ruled that the employees could not immediately start a competing firm.
But perhaps the most sobering advice is to continue trusting employees, despite the damage they could cause.
"You have to put a level of trust in people, even though this stuff happens," Marioni says. "Or else things end up being worse. You could be angry and bitter, or keep positive and move forward."