Issue 20, 16 December 2014 WhiteNews Global corporate espionage news Editorial: WhiteRock Updates: All About Privacy 2 Threat: Are LinkedIn Contacts Trade Secrets? 3 News: $400 Bn Military Espionage; Code Fishing 4 News: Falcani Black List; Football Whistleblower 5 Feature: Willy Wonka’s Lessons in Espionage 6-7 Technology: Hearing Aid for Corporate Spies 8-9 Extra: FBI’s Untold Story; Spy on Your Rival 10-11 Letter From America: Spying Breakfast Club 12 Exclusive Reporting for WhiteRock’s Clients Risk of Public Disclosure: Learning from Willy Wonka Our feature story is seemingly seasonal and light-hearted, but the film ‘Charlie and the Chocolate Factory’ carries a very strong espionage message that is relevant even 50 years later. Willy Wonka was a brilliant CEO who knew that the only person who could protect his trade was himself. Wonka’s story translates superbly into today’s corporate world, and in this issue we are discussing how the contemporary big players are maintaining their edge and success over their competitors. This is equally relevant for small and medium-sized businesses, who really don’t prioritise their trade secrets, making their advantage extremely vulnerable. In the technology section we analyse the delicate matter of hearing aid systems. They’re everywhere, including in corporate meeting rooms, and nobody really considers these as a threat. We’re examining how to achieve a balance between protecting valuable corporate information without creating an embarrassing situation that in turn could lead to reputational damage! Our extra section may give you a wrong impression this time. No, we’re not teaching you how to spy, this is not our bag. The article is about knowing your competitors and getting as much authorised information about them as possible. In the eve of WhiteRock celebrating 20 years in the information security business, our focus is all about PRIVACY. This cements everything we do, ranging from consultancy and technical services to technology installations. Without revealing too much yet, we can already say that along with the awareness and policy work, mobile device security is going to be a big focus – so look out for WhiteRock’s brand new MobileWatch™! Finally, to thank you for believing in WhiteRock in 2014, we’re sending you our 20th cocktail, a sensational Christmas pudding vodka. PUDKA is complex and warming with notes of Rudolf on the nose and a long lingering glow of spiced tangerines and cinnamon humbugs! Enjoy the season and see you in 2015! Raili Maripuu, WhiteRock MD “The Wonka Way is All About Privacy,” Crispin Sturrock, WhiteRock CEO WhiteRock - A Bond of Trust WhiteNews20-Final-Print.indd 1 12/11/14 8:33 AM Editorial Page 2 11 Manor Courtyard, Hughenden Avenue, High Wycombe, Buckinghamshire, HP13 5RE, UK +44 (0) 844 247 4538 [email protected] www.whiterockglobal.com WhiteRock Updates: Contents: All About Privacy Threat 3 Wow, what a year this Year of the Horse has been – literally crazy galloping all the way! As we are approaching the News end of the year, WhiteRock is reflecting the changes and achievements that 2014 brought to our business. 4-5 We have now completed our major restructuring that we started earlier this year. I’m really proud to say that we have a fantastic and a strong team of people bringing you a better Feature and even more professional WhiteRock. 6-7 With the new team, WhiteRock has redefined our services Technology with the aim to bring more clarity to what we do. We outgrew the TSCM market long ago, as we strongly believe that ‘bug sweeps’ are not the sole answer to organisations’ information 8-9 security challenges. Extra We have played around with the ‘corporate information protection’ and ‘audio-visual privacy’ terminology, and Spy on Your Rival: 10 Authorised Ways 10 along with our clients’ feedback concluded that both are too ambiguous and wide to define our role in the corporate Letter From America information security function. Kevin Murray: No Winners in Spying Breakfast Club 12 The above very naturally evolved into a ‘Privacy Cover’, which embodies everything that WhiteRock does and is a solid foundation for all our products. In a broad sense, ‘privacy’ Cartoon of the Month: is part of the overall ‘information security’, closing the gap between the IT and physical security, whilst working very Beware of These Jingle Bells! closely with these functions within organisations. The gap we are talking about involves mostly human and vulnerable technology, the two biggest threats to high-value information! With nearly 20 years experience in protecting confidential corporate information, WhiteRock has developed nine different products that are designed to achieve the desired Privacy Cover for organisations. These can be grouped into three and range from the consultancy and technical services to technology installations. In recognition of the fact that human behaviour creates 80% of information leaks, 2014 saw a surge of WhiteRock’s legal and consultancy services. We delivered corporate mobile device security policies and the same for managing the security at high-value corporate meetings. We also delivered around 20 awareness sessions, which is up nearly 10-fold in comparison to the previous year. In the eve of WhiteRock celebrating 20 years in the information security business, we are very excited to Did You Know? welcome the new 2015. Without revealing too much yet, we can already say that along with the awareness and policy It’s not quite telepathy, but a group of scientists work, mobile device security is going to be a big focus – so have successfully eavesdropped on our inner thoughts look out for WhiteRock’s brand new MobileWatch™! Using a newly designed algorithm, researchers at University of California in the US were able to work out Raili Maripuu Managing Director Using a technique called electrocorticography, which measures neuronal activity via electrodes placed on the surface of the brain, the team took recordings while the patients read out WhiteRock - Editorial Page WhiteNews20-Final-Print.indd 2 12/11/14 8:33 AM Threat 3 11 Manor Courtyard, Hughenden Avenue, High Wycombe, Buckinghamshire, HP13 5RE, UK +44 (0) 844 247 4538 [email protected] www.whiterockglobal.com Spy Networking: Do LinkedIn Contacts Qualify as Trade Secrets? At first glance, this seems like any other trade secret theft dispute between an employer and a former employee. However, when Cellular Accessories For Less Inc. that supplies large organisations with wireless phones and accessories in the US, sued its ex-manager David Oakes and a rival, Trinitas The defendant argued further that Oakes’ LLC, the case created a new legal puzzle in LinkedIn contacts could not possibly be corporate espionage legislation: do LinkedIn considered trade secrets as these would have 8 Point Action Plan: contacts qualify as trade secrets? In fact, been viewable to any of his other LinkedIn they may do. connections, which the plaintiff says is How to Guard Your not correct. Oakes also claims that Cellular Oakes, a sales account manager for Cellular, authorised salespeople to disclose the Contacts decided to strike out on his own after six identities of clients to potential customers as Regardless of the possible changes years with his employer. He had signed a way of attracting new business, and failed in legislation, businesses should an employment agreement requiring that to inform employees that LinkedIn contacts proprietary information did not leave the were proprietary or confidential. monitor their company’s and premises, and a statement of confidentiality employees’ presence in professional forbidding the knowing disclosure or use of networking sites, such as LinkedIn, this information. their client lists, customer base, However, in 2010, when Cellular terminated and other information they want Oakes, he started his competing business, Trinitas, and allegedly violated the previously mentioned terms of confidentiality, plus suggestions for how to guard your some more. According to the lawsuit filed in secrets better: the Central District Court of California, Oakes emailed himself a customer information file with 900+ personal and business contacts, detailed billing preferences, pricing and nature of customer information client strategy documents. Also, what looks The court declined to take judicial notice of like a violation of the same seriousness – the functions of LinkedIn and stated that he maintained his LinkedIn contacts after the parties did not make sufficiently clear privacy settings and train employees termination. whether and to what degree Oakes’ contacts how to maintain barriers against were indeed made public. The judge found genuine issues of material fact as to trade secret misappropriation, but social media accounts remain he did not state that LinkedIn contacts are not trade secrets. completely separate from their business accounts, which should Although perhaps not such a good decision be linked only to a company email for Cellular in this case, this ruling has a remarkable importance and may serve as a precedent or open the door for similar lawsuits in the future. Even though millions to employees upon termination of of companies use social media to build their businesses, professional networking sites such as LinkedIn are still perceived more as to inform employees that LinkedIn professional environments than Facebook contracts, non-competition and contacts were proprietary or or Twitter. Therefore, it is widely assumed non-disclosure agreements, as well that the company has some control over its employees’ contact base especially if the trade secrets in the context of online firm has encouraged such networking as part A federal judge denied the defendant’s of their work. motion for a summary judgement in October, finding there were issues of material fact Although the intricacies of social networking conditions regarding the use of surrounding the question whether LinkedIn and the availability of privacy settings seem contacts were protectable trade secrets.