​

WHEN A LARGE food manufacturing company learned that one of its most popular products would be facing increased competition from a new company, senior managers hired outside consultants to conduct research. The consultants’ report was a blockbuster. Not only did it have the names, Social Security numbers, home addresses, and personal information of the competitor’s management, it included detailed plans for the competitor’s new factory, which had just broken ground, as well as the ingredients for the rival product.

Also included in the report were bids from suppliers for everything from staples to spices. Perusing the list, company executives found that some suppliers for the potential competitor also held contracts with their company. They let it be known that such dual contracts represented a “conflict of interest” and that vendors had to choose between the two customers.

When suppliers informed the competing company of these hardball tactics, all of the aggrieved parties filed lawsuits. The litigation brought to light the company’s original investigative efforts.

The consultant had used various ruses to acquire the inside information on the competitor’s plans. These tactics included paying the contractor of the new company’s facility for a peek at the blueprints and placing one of their own employees inside the new company in a secretarial position, where that person would have access to confidential information. They also engaged in dumpster diving at the competitor’s trash facility and personal surveillance of company executives to dig up dirt on their personal lives.

Although the case was settled out of court, the matter was deeply embarrassing to all parties and extremely costly. As a separate matter, the consultant was charged with several crimes stemming from the investigation.

This true story illustrates the challenge that investigators and their clients face when they want to gather business intelligence. It is perfectly reasonable to explore some information avenues—and some financial laws, such as “know your customer” requirements, even demand that companies conduct due diligence on some customers and business partners. However, when conducting any type of due diligence investigation, companies must ensure that their tactics are both legal and ethical. To do this, they must examine their intelligence-gathering methods (or the methods to be used by a third party) and understand the legal limits surrounding data collection.

Forbidden Fruit

The first point to remember is that certain types of data are off limits, either because they are considered personal, such as medical records and tax returns, or because they are otherwise legally protected, as are classified documents and trade secrets. A private investigator has no right to acquire that type of protected data no matter the method used. The mere possession of these types of data can lead to prosecution. Most investigators know this.

Collection Methods

Most cases that cross the line from due diligence and competitive-intelligence collection to industrial espionage do so because of the methods used to gather data rather than the contents of the information itself.

There are two types of methods investigators use when gathering information: data compilation and field investigation.

Data compilation. Collecting and analyzing data is the real art of competitive intelligence. Before any other investigative techniques are employed, it is best to develop a comprehensive portrait of the target. Much of this can be done with public information. Only after other resources have been exhausted should field investigation be undertaken. A good interim report can focus on issues that need confirmation, conserving valuable resources. Data compilation of this sort rarely crosses the legal line.

Field investigation. After the target has been vetted and the data compiled, it is often necessary to confirm some parts of the information and to go after other information where gaps exist. If the investigators have done their homework, they should have a good idea of where the holes are. It is during field investigation that most legal errors are made.

There are some clear bright lines that investigators should not cross when conducting corporate inquiries, and there are some gray areas. Issues include trespassing, hacking, surveillance, trash-talking, targeting employees, and wiretapping.

Trespassing. Many companies maintain public areas where it is certainly permissible to wander. For example, it is perfectly legitimate to comparison shop in a competitor’s retail establishment. However, trespassing—going into locked areas without permission—is illegal. For example, placing an employee in the company to spy on the competition crosses the line into industrial espionage.

There are some gray areas, however. One concerns the legal theory of implied consent; in such circumstances private areas are unsecured, allowing a person to infer that he or she can freely enter a restricted area. The issue of implied consent is determined on a case-by-case basis; no general rules govern its use.

Hacking. Accessing public areas of a target’s Web site is permissible, as is reviewing registration data, archived Web pages, and linked Web sites. Unauthorized access, however, is almost always difficult to justify. If you have to hack a site to gain entry, you have already crossed the line.

Surveillance. A primary part of an investigator’s job is to closely observe targets. It is clearly within the rules to take pictures of public areas without permission. More problematic are techniques such as photographing license plate numbers in a parking lot and matching them to owners by using public databases. Although nominally legal, this can cause a lot of grief, as a California investigator discovered when he was visited by the FBI. It turned out that his target was a defense contractor, and the investigator himself became the target of a counterespionage investigation.

Pretexting. Investigators often use pretexts to gain information that their targets would never reveal if they knew the purpose of the inquiry. A number of laws include pretexting provisions that apply in certain circumstances. For example, the banking law referred to as Gramm-Leach-Bliley sets out rules for pretexting that are intended mainly to prevent the disclosure of bank customers’ financial information. These rules make it illegal to obtain or attempt to obtain certain customer information of a financial institution by using fraud, deceit, or trickery.

There are some pretexting situations investigators should always avoid. For example, investigators should never impersonate law enforcement or military personnel. It is also extremely dangerous, and illegal in some states, for investigators to present themselves in the guise of someone in authority, such as a fire marshal, to gain entry into otherwise restricted areas.

Investigators should not assume the identity of a contemporary person or company. Using the logo of a legitimate utility company truck or posing as the manager of an existing bank is out of line and is illegal in some jurisdictions. Also, investigators may not use any alias or pretext to persuade a target to commit any illegal act.

There are other circumstances under which pretexting is still allowed. However, the rules are constantly changing so investigators must be aware of evolving state and federal laws. They must also follow societal trends. For example, in the past, it was regarded as unethical to pose as a reporter unless the person asking the question was an accredited journalist. These days, when anyone can be a blogger, the line between journalist and citizen is so indistinct that it is legal for investigators to claim they are “with the media” to gain access to persons and property.

Trash talking. It is a fact of life that many corporate investigators and their clients use bellicose language to describe competitors. However gratifying such trash talk may be, it can be legally dangerous. E-mail references to “crushing” the competition or “doing whatever it takes” to get the upper hand almost never help an investigation and can be used as evidence of bad faith if revealed.

Targeting employees. Employees can be among the best sources of information about a target company. Sometimes, of course, they are more than willing to tell all, especially when they believe they have been treated unfairly.

Getting information from employees who freely give it is generally permissible, and it is not mandatory that the investigator reveal the true purpose. Where this method becomes iffy, however, is when the investigator seeks information that is otherwise protected—such as trade secrets. Getting information from staff also crosses the line if the employee is recruited to produce documents or actually spy on the employer.

Wiretapping. Wiretapping is usually illegal and should never be attempted without a court order. Similarly, recording conversations without the knowledge of the other party can be illegal in many circumstances. This often depends on state law and is a dicey method of gathering information.

Similarly, planting spyware in a target computer is illegal unless it is installed by law enforcement officials who have obtained a warrant.

By following these general guidelines, companies and their investigators can gain critical information without landing in court. If a technique is in a gray area, investigators should ask themselves how the situation would look in court. Even technically legal methods should be avoided if the procedure would paint a negative picture in a civil or criminal proceeding.

Donald deKieffer is a principal in the Washington, D.C. law firm of deKieffer & Horgan.