Friday, October 30, 2020
The tales of espionage conjured up by John le Carré are without doubt fiction based on fact. But in the real world, businesses and their owners have been seeking to gain the upper hand over rivals for eons. It’s just that modern technology has made the process so much simpler.
Whether through old-fashioned spying or underhand and malevolent online marketing tactics, firms that don’t understand what’s at risk are playing with fire. ‘Stuff’, as they say, happens, and the key is to make sure it’s to someone else.
Gaining an advantage
According to Rebecca Jackson, senior associate in the Litigation & Dispute Resolution Team at Walker Morris, there is no specific legal definition of industrial espionage. However, she says that “the term, along with ‘corporate espionage’ or ‘corporate spying’, ordinarily refers to illegal or unethical use of business trade secrets to achieve an advantage”.
And as Oliver Sissons, SEO manager of Reboot Digital, knows – and as we will see later – acts of sabotage often take place online “as it can be ‘easier’ to get away with... damaging and obstructing a business’s online reputation”.
To illustrate the point, earlier this year, Reboot Digital conducted a survey that asked firms whether they’d considered damaging a competitor’s reputation and what would be the reasons for doing so. The results were intriguing. It found that 30% of respondents would because they had a better service or product; 18% would sabotage to make competitors lose clients; and 9% cited a lack of traffic to their own website.
But while online has become more prevalent, it’s not the only risk of subterfuge that firms face.
A wide span
While some tactics involve someone who gains employment specifically to spy and steal information, others involve cyber-espionage and failures in a company’s systems. As Jackson notes: “Industrial espionage can span from the use of highly sophisticated technology to access a competitor’s systems, covert analysis of competitor’s pay-per-click data or even leaking of confidential information via ex-employees or other insiders.”
By the very nature of industrial espionage, it can be hard to define since as most businesses are reluctant to reveal cases for fear of losing client faith or as a result of not being aware if and how they have experienced any loss. Jackson worries that there is also a general lack of awareness on the threat posed by cyber theft of trade secrets and the measures that should be put in place to prevent it. This is “especially true for SMEs, because of their limited capacity to invest in advanced cybersecurity defence measures”.
As to the threats, they come from an ever-changing range of sources. Individuals may want to buy or sell sensitive data; individuals with a grudge against a former employer may be paid by a competitor for confidential information; and hackers and hacktivists might attempt to sabotage a company’s operations.
From the other direction comes organised crime networks that see cybercrime as a low-risk and high-reward activity; bogus websites that steal an identity and seek to trick clients or customers into passing information or money; and competitors who seek to gain an advantage.
Industrial espionage isn’t necessarily illegal and in terms of online marketing, tools and practices are developing so quickly that, as Jackson explains, “there are areas of industrial espionage that the law will inevitably not be able to keep up with”. Even so, it’s easy to think that the misappropriation of trade secrets is without direct criminal sanctions. However, that does not mean that in every case of industrial espionage the perpetrator will escape criminal liability. Jackson points to “a spy, in the course of acquiring the trade secrets of another, might commit the criminal offence of burglary, or of gaining unauthorised access to a computer, or fraud by abuse of position under the Fraud Act 2006 or of intercepting communications or conspiracy to defraud”. That said, information generally cannot be stolen as it does not constitute property for the purposes of the Theft Act 1968.
Leaking of confidential information
But what of confidential information? Protection against leaks came in 2016 when the EU adopted Directive 2016/943, the EU Trade Secrets Directive. It covers the protection of undisclosed know-how and business information against their unlawful acquisition, use and disclosure. “The directive,” says Jackson, “was intended to facilitate enforcement of rights across Europe, by offering a minimum standard of protection and harmonised remedies. Chapter II sets out the circumstances in which trade secrets, as defined in Chapter I, may be lawfully acquired, used and disclosed, as well as the circumstances in which this will be unlawful.”
The directive came to the UK via the Trade Secrets (Enforcement, etc) Regulations 2018. While the Trade Secrets Regulations largely codified what was already in place previously by way of common law principles, the regulations potentially make it easier to bring a claim. It’s worth remembering that, as Jackson says, “the Trade Secrets Regulations do not introduce a criminal remedy for any kind of ‘trade secret theft’”.
Breaches of Intellectual Property Law
Another aspect to consider is how espionage relates to intellectual property (IP) rights. The law of confidentiality and its protection is very closely related to IP protection, which is reinforced by the Trade Secrets Directive. For Jackson, it’s important to understand that “under English common law, almost any type of information can be protected as confidential”. Therefore, as she sees it, “an action for breach of confidence can often be used where IP rights are not sufficient to protect the information in question”.
Online in general
This is the most obvious of threats. The press is full of hacking and cyber-attacks where a competitor’s systems have been compromised; malicious software has been deployed; a distributed denial-of-service (DDOS) attack has crashed a competitor’s website and/or services; and social media offences and cyber-enabled fraud have been committed.
The key problem is opportunity and Jackson thinks that “the volatility and uncertainty of economic crises, such as coronavirus, has also provided further opportunity for these crimes”. Think how social media is used to defame. Content posted on blogs, internet forums, online newspaper comment sections and social networking sites such as Facebook and Twitter can be inaccurate and vicious in nature. As Jackson has seen, “anonymity encourages some individuals to dispense with the usual restraints that they might apply to other forms of publication”.
She advises that where such posts and content cause serious financial harm to a company, there is the potential to pursue a claim for defamation. Interestingly, liability can be attached here to an author, internet service provider, website operator or an employer.
Looking specifically at DDOS, Sissons asserts that this “could be policed under section 3 of the Computer Misuse Act 1990, which applies to unauthorised acts related to a computer intended to impair the operation of computers or programs, or to prevent or hinder access to programs or data held in any computer”.
Jackson, however, points to other options – a claim for damages, injunctive relief, a claim for defamation, involving a regulator, and/or alleging breach of competition law/unfair trading practices.
Underhand and online
And then there’s what Sissons terms as ‘online sabotage’ which “can involve discrediting a business’s products or service with negative (and likely fake) reviews. Although this is just one example of how a business can attempt to sabotage another competitor, it isn’t always about gaining sensitive information (unlike cyber-attacks). It’s about how the individuals use it to damage the reputation of another.”
Fake reviews are a well-known problem as anyone who buys on Amazon or who uses TripAdvisor will tell. Gwendoline Davies, head of Commercial Dispute Resolution at Walker Morris, tells of a 2018 landmark case which saw an Italian court sentence a man to prison for ‘paid review fraud’. It was the first case of its kind. In the case, PromoSalento, a digital marketing agency, charged €100 for 10 reviews on TripAdvisor.
The court identified a provision in the Italian Constitution where writing fake reviews under fake profiles is a criminal offence. The agency owner received a nine-month sentence and an order for €8,000 in costs and damages.
Fakery can be a very profitable earner. In 2015 the Competition & Markets Authority published figures that found that 54% of UK adults used online reviews and £23bn per year of UK spending was (then) potentially influenced by online reviews.
Fake reviews can be devastating too – especially for small businesses. For example, in the US, Nyberg Photography, wrote in 2015 how it had been caught up in an extortion scam with monies demanded to ‘manage a reputation’.
But fakery doesn’t have to ‘bash’ a rival, it can be used to establish a firm’s own position. Consider the story on Bloomberg in September (2020) where US regulators are said to be preparing to investigate fraud allegations against electric truckmaker Nikola after the firm admitted to faking a video of its truck driving itself.
Another risk to counter is what some consider unfair online advertising, which Sissons has seen transcend into utilising negative search engine optimisation (SEO) tactics. Negative SEO, he says, involves using unethical practices to negatively impact a competitor’s position in the search engine rankings.
A central part of the problem for Sissons is that while the legality of negative SEO is still a contested subject, “fundamentally it is hard to track or prove – presenting itself as a black hole of issues”. Further, he says that the legality of sabotage is not easy to determine as it doesn’t directly relate to a criminal offence.
That’s a point echoed by Jackson who says that “in certain jurisdictions, the use of competitors’ trademarks as search terms is predominantly considered acceptable (including England) and in fact the European Court of Justice rejected a trademark holder’s infringement claim based on such use in a case relating to Interflora.” She warns, however, that this is not a clear-cut area.
Of course, nothing is ever straightforward, and with negative SEO or online sabotage Sissons reckons that it could be argued that it involves unauthorised acts. He gives an example of a firm that “creates spam backlinks which tricks Google into thinking an online business has built the links for themselves… it is up to the victim to pursue compensation from the civil courts”. He would say its ‘unlawful interference’, also known as ‘causing loss by unlawful means’.
Keep calm and carry on
Abuse seems to be getting worse as more firms adopt aggressive online marketing campaigns including pay per click, use of social media platforms, disruption of competitor’s online video campaigns with a competitor’s ad, and keyword targeting.
And it’s all down to anonymity.
But before countering this, Jackson emphasises that firms “should take advice before embarking on any form of hostile marketing campaign by way of retaliation as it can easily backfire and result in even more adverse negative publicity than the initial negative campaign against a firm”.
Sissons agrees entirely, noting that “you should never consider countering any form of negative marketing campaigns or press against you. The damage can be worse if you retaliate”. He says that where firms notice “that a business owner is sabotaging your business, report them immediately. You can make a complaint directly to Google via a spam report. Thereafter Google will act accordingly”. The same applies to fakery – “you can also flag reviews you believe to be fake – also informing Google. Anything on social media platforms can also be immediately reported and blocked”.
As for negative SEO, he would suggest “filling out a disavow file for any spam backlinks your site does not want to be associated with”. He cautions, though, do not attempt to do so unless the firm knows how to as a mistake could mean the results can be even more damaging.
As competition grows, firms are clearly using much more aggressive tactics and a growing number are contemplating underhand strategies such as negative SEO or reputational damage on top of the usual techniques.
Competition is natural, but firms of all sizes need to be on their guard for abuse. They shouldn’t be misled into thinking that espionage is all highbrow and involves spying that 007 would be proud of – which it can – for it’s just as easy to be an anonymous armchair keyboard warrior.
THE RUMOUR MILL
“Why haven’t you written about [company name] being in administration?”
This is a genuine and not uncommon experience for the Printweek newsdesk. In this particular instance, numerous calls and emails were received about the same company, asking us why we had not yet written about this particular firm’s unfortunate fall into insolvency.
The reason why we had not done so is simple: the firm was not in administration, and there were no official court filings related to such a move. For obvious reasons Printweek does not write speculatively about matters that are of the utmost seriousness and that potentially involve hundreds of people’s livelihoods.
In the case of this particular example, which took place a couple of years ago, the company that was supposedly ‘definitely going into administration this week why aren’t you covering it’ is still trading, and is not in administration, today.
Person or persons unknown were very keen to try and damage this print business, and attempted to manipulate Printweek into providing credence for something that was nothing but a malicious rumour.
The SME printer
“Our industry loves to chit-chat. Of course trading has been tough this year, we are battling through an unprecedented situation just like many other companies. But we are still here, much to our competitors’ annoyance.
But they’ve done everything they can to make sure all the rumours say otherwise. They’ve even gone as far as ringing up paper companies to bad-mouth us. A rep from one of the paper companies came in to see us and said ‘Oh, I’m surprised you’re still here’, and you just think, ‘really?’ And the damage that sort of behaviour can cause to any company, never mind at a time when we’re trying to work through something as serious as a global pandemic, is immense.
In the end we had to issue cease and desist letters because it became so bad.
Why would you spend your time doing something so negative? Why would you want to do that? Unfortunately this industry still has quite a few people who are like that.”
The boss of a larger group
“Probably once a year someone will come up with a rumour about us being in trouble in some way. It’s often around the time of big tenders and it comes from competitors.
There has always been a bit of naughtiness around the industry. I can live with it and in some ways I see it as a compliment – we must have competitors on their toes if they’re worried enough to be doing that.
When it gets to the really dirty tricks is when people start spreading disinformation among our customers in an attempt to destabilise our client relationships.
I have had to have some very frank conversations with clients when they have asked me about rumours that are completely unsubstantiated. Hopefully the client will also be intelligent enough to turn their attention to the people who are spreading the rumours, and to think about why the people involved would do that. Perhaps it’s to deflect attention from their own issues?
We’ve also had instances in the past where we have subcontracted work under NDA to another printer, and that printer has then promptly gone directly to the client and tried to take the business away from us.
It does make you wonder what has happened to ethical business behaviour.
Our stance is to rise above it all and not to bad-mouth other companies.”