CORPORATE ESPIONAGE

Corporate espionage has been a prevalent issue in the business world for decades. It refers to the
unauthorized collection of confidential information by an individual or organization for illegal or
unethical purposes. The impact of corporate espionage can be significant, ranging from financial losses
to loss of reputation and customer trust. This research paper aims to explore two real-life examples of
corporate espionage and analyze their differences and similarities. The objective of these cases will be
evaluated, and the methods used to perform the espionage will be discussed. Additionally, the paper
will delve into the question of whether corporate espionage can always be considered a crime, or if
there are circumstances where it can be considered acceptable. Finally, the paper will examine
strategies that companies can use to protect their intellectual property from both insider and outsider
attacks.

1.1 Identify and briefly describe two other cases of industrial espionage.
1.1.1 P&G and Unilever: Hair care trade secret
Procter & Gamble's competitive analysis team hired a general contractor who then hired
subcontractors to conduct spy on competitors, including Unilever. Some of the intelligence firms
used unethical methods such as dumpster diving to gather information from Unilever's hair care
headquarters in Chicago. The spies disguised themselves as market analysts or journalists to
obtain details such as new product launches, prices, and margins. P&G Chairman John E. Pepper
was unaware of the spying operation and fired three managers responsible in the project. P&G
sent a letter to Unilever admitting the wrongdoing, and Mr. Pepper personally contacted
Unilever Co-Chairman Niall FitzGerald to attempt to resolve the matter. The two companies then
began negotiations to reach a resolution. The revelation of P&G's involvement in corporate
espionage against Unilever was surprising to industry observers, but many felt that P&G had
taken the right approach by voluntarily admitting to their actions.

1.1.2 Anthony Levandowski vs Google: Self-driving car secrets

Anthony Levandowski was convicted of one count of illegally obtaining trade secrets related to
car self-driving technology. He was sentenced to serve a maximum of 10 years in jail and may be
required to pay a fine of up to $250,000. Levandowski was once recognized as a top engineer in
the rapidly expanding self-driving car industry and was a key player in establishing a division of
Google dedicated to this technology. The charges against him are based on events prior to his
resignation from Google, when he founded a self-driving truck startup, Otto, which was
 immediately purchased by Uber for an estimated $680 million. In February of 2017, Waymo
(Google's project on self-driving cars) filed a lawsuit against Uber, alleging that the company
acquired Otto with the intention of accessing confidential documents that Levandowski had
taken when he resigned from Google. The dispute was resolved in February 2018, with Uber
paying Waymo around $245 million. Levandowski admitted guilty in relation to his weekly
updates on Google's self-driving project. He admitted to transferring 14,000 files from a Google
server to his own laptop, along with other confidential documents.

1.2 Indicate the similarities and differences between the two cases that you have selected and why you
choose them.
One similarity is that both cases involved the theft of confidential information related to a company's
product or technology. In the P&G and Unilever case, the information was gathered through unethical
methods such as dumpster diving and disguising as market analysts or journalists. In the Levandowski vs
Google case, the information was taken through the downloading of 14,000 files from a Google server
and transferring them to Levandowski's personal laptop.

Another similarity is the potential consequences of the corporate espionage. In both cases, the
individuals involved faced legal consequences, with Levandowski facing a maximum of 10 years in jail
and may be required to pay a fine of up to $250,000.

However, there are also differences in these two cases. One difference is the level of involvement by the
companies. In the P&G and Unilever case, the company's chairman, John E. Pepper, was unaware of the
spying operation and took responsibility for the actions by firing three managers and admitting to the
wrongdoing. In contrast, in the Levandowski vs Google case, the individual, Levandowski, was
responsible for the theft of the confidential information.

Another difference is the approach taken by the companies in resolving the issue. In the P&G and
Unilever case, the two companies began negotiations to reach a resolution, while in the Levandowski vs
Google case, the dispute was settled through a lawsuit with Uber paying Waymo approximately $245
million.
I selected these two incidents of corporate espionage to be the centerpiece of this paper because of the
notable companies involved. The P&G case demonstrates the significance of ethics and transparency in
business, particularly with regards to admission and efforts to resolve the issue with Unilever. The case
of Anthony Levandowski and Google, on the other hand, highlights the consequences of violating trust
and the crucial importance of protecting valuable information.

2.1 What is the goal of those conducting the spying?

The competitive analysis team of Procter & Gamble aimed to gain a market intelligence advantage over
Unilever. They sought information such as new product launches, prices, and margins that would give
them an edge in the market.

On the other hand, Anthony Levandowski's goal was to benefit his new startup, Otto, by stealing
Google's confidential information and intellectual property related to self-driving cars. By obtaining this
information, he would be able to advance Otto's position in the rapidly developing field of self-driving
technology.

Other objectives of corporate espionage may include:

 Military intelligence can expose weak spots for potential enemy attacks or serve as information
for terrorists in choosing targets and recognizing vulnerabilities.
 Political intelligence can provide an advantage in areas such as foreign relations and intelligence
operations.
 In the industrial sector, spies are focused on acquiring information about new advancements with
military or commercial significance, such as advancements in technology, communication,
computers, genetics, aviation, lasers, optics, and electronics, which can provide a nation with an
economic or military edge.
 Financial information of a company can be utilized to improve sales strategies and even lure
employees away.

2.2 How do the attackers achieve their goal (attack methods)?

In the P&G and Unilever case, the competitive analysis team of Procter & Gamble used social
engineering tactics to gain access to confidential information about Unilever's products and strategies.
This was achieved by disguising themselves as market analysts or journalists to obtain details such as
new product launches, prices, and margins.

In the case of Anthony Levandowski and Google on the other hand, Levandowski was a former Google
employee who used his access to confidential information and intellectual property to benefit his new
startup, Otto. By resigning from Google and taking this information with him, Levandowski posed an
insider threat to Google's interests.

Other attack methods:

 For cyber espionage, there are various attack methods, such as exploiting weaknesses in
websites or browsers, sending targeted phishing emails with the objective of increasing the
attacker's network access, attacks on the primary target's partners through the supply chain, use
of worms, malware, and Trojans and compromising updates for a widely used third-party
application.
 Catfishing is a form of social engineering often used in cyber espionage. It involves creating a
false identity, a tactic that has been made easier by social media and access to billions of photos.
Attackers may build a virtual relationship with their targets over several months while posing as
an attractive person of the opposite sex, a recruiter, or a journalist. This technique has been
used frequently enough in cyber espionage to warrant separate mention.

3. Is obtaining industrial secrets a crime or not? Simply put when it is a crime and if it is not a crime.
When and how would that be?
The lawful form of corporate espionage is known as Competitive Intelligence, which involves collecting
and analyzing publicly accessible information through ethical methods. This can include monitoring
mergers and acquisitions news, observing changes in government regulations, or tracking social media
activity. Companies may even establish teams to manage the information they make public. It is not
illegal to gather information about a private company if the methods used to obtain it are lawful.

However, when trade secrets are obtained without the consent of the intellectual property owner, it is
typically considered illegal. This is where some organizations cross the line and engage in illegal
corporate spying.
4. Imagine that you are the Information Security Manager in a company that would be a likely target for
an industrial espionage attack. How would you protect your intellectual property from an attack by
someone who is outside your organization?
 To guard against cyber espionage attacks, companies should take various steps such as
recognizing the methods used in these attacks, keeping an eye on their systems, safeguarding
critical infrastructure and data access regulations, making sure their systems and third-party
software are secure, creating a cybersecurity policy, having a plan in place for responding to
incidents, educating employees about security policies and avoiding potential threats, regularly
changing passwords, and monitoring the data stored on mobile devices for bring your own device
(BYOD) practices.
 It is crucial for business executives and employees who travel for business purposes to be aware
and to undergo yearly training on safe travel and laptop security measures.
 Regularly educating employees about the potential security risks and their role in protecting the
organization is crucial in avoiding espionage. This education should include basic security
measures and instances of social engineering they may encounter.

5. Similar question to the question above but this time how would you protect your intellectual property
from an attack by someone who is on the inside of your organization?
 Monitoring Employee Activity: To protect corporate data, it is effective to monitor employee
activity using software that tracks every action made on the computer system. This helps detect
any unusual activity and allows the company to take action before it’s too late. Making employees
aware that their activities are being monitored can deter espionage.
 Termination Procedures: Proper termination procedures are necessary to prevent espionage, as it
often happens in the last few weeks of an employee's tenure. Proper procedures ensure that all
terminated employees are removed from the system and their credentials are terminated
immediately, preventing any surprise actions.
 Background Checks: Conducting background checks on new and current employees can help
prevent espionage by revealing past behaviors or connections to competitors that might indicate
a high risk to the company. Look for factors like sudden increases in lifestyle, unexpected trips,
and increased debt.
 Protection of Trade Secrets: The recipient of trade secrets should be notified in writing that the
information is confidential and proprietary, and not to be disclosed or used without consent.
 Confidentiality and non-disclosure agreements should be entered into with employees and third
parties. The company should create and maintain written confidentiality policies and monitor
their compliance. Access to confidential information should be restricted to those with a
legitimate need to know. When an employee leaves the company, the company should obtain all
company documents or devices containing confidential information and remind the ex-employee
of their legal obligation not to disclose or use such information. Electronic devices containing
confidential information should be secured with access control systems and passwords.
Documents containing trade secrets should be marked with a notice indicating their confidential
and proprietary nature, and stored in a safe and secure environment under lock and key.

In conclusion, both the Procter & Gamble and Unilever story, as well as the Anthony Levandowski and
Google story, highlight the importance of protecting a company's intellectual property. These stories
demonstrate the various methods that attackers can use to steal information and gain an advantage,
such as social engineering and insider threats. It's essential for companies to be aware of these attack
methods and implement measures to protect their confidential information, trade secrets, and
intellectual property.

References
Atkins, B. (2019, February 12). Learning From Apple's Spying Incidents - How To Protect Your Company
From Corporate Espionage. Retrieved from Forbes:
https://www.forbes.com/sites/betsyatkins/2019/02/12/learning-from-apples-spying-incidents-
how-to-protect-your-company-from-corporate-espionage/?sh=24bf734c6fb4

Darren Dummit, R. B. (2020, August 13). Self-Driving to Federal Prison: The Trade Secret Theft Saga of
Anthony Levandowski Continues. Retrieved from TradeSecretsLaw:
https://www.tradesecretslaw.com/2020/08/articles/trade-secrets/self-driving-to-federal-
prison-the-trade-secret-theft-saga-of-anthony-levandowski-continues/

Fruhlinger, J. (2018, July 2). What is corporate espionage? Inside the murky world of private spying.
Retrieved from CSOOnline: https://www.csoonline.com/article/3285726/what-is-corporate-
espionage-inside-the-murky-world-of-private-spying.html

Gillis, A. S. (2021, March). Cyber Espionage. Retrieved from TechTarget:

https://www.techtarget.com/searchsecurity/definition/cyber-espionage

Kenton, W. (2022, July 12). Industrial Espionage: Definition, Examples, Types, Legality. Retrieved from
Investopedia: https://www.investopedia.com/terms/i/industrial-espionage.asp

News, N. (2012, May 25). Trade Secrets: What are they and how can you protect them from
unauthorized disclosure and use? Retrieved from NelliganLaw:
 https://nelliganlaw.ca/articles/trade-secrets-what-are-they-and-how-can-you-protect-them-
from-unauthorized-disclosure-and-use/

Procter & Gamble vs Unilever: A Case of Corporate Espionage. (2004). Retrieved from ICMR India:
https://www.icmrindia.org/casestudies/catalogue/Business%20Ethics/Procter%20&%20Gamble
%20vs%20Unilever%20-%20A%20Case%20of%20Corporate%20Espionage.htm

Serwer, A. (2001, September 17). P&G's Covert Operation An intelligence-gathering campaign against
Unilever went way too far. Retrieved from CNNMoney:
https://money.cnn.com/magazines/fortune/fortune_archive/2001/09/17/310274/index.htm

Statt, N. (2020, August 4). Former Google exec Anthony Levandowski sentenced to 18 months for
stealing self-driving car secrets. Retrieved from TheVerge:
https://www.theverge.com/2020/8/4/21354906/anthony-levandowski-waymo-uber-lawsuit-
sentence-18-months-prison-lawsuit