25 September 2007
Nikkei Report

TOKYO (Nikkei)–Companies are gearing up efforts to protect themselves against the theft of cutting-edge technology and management information by monitoring their own employees as well as visitors to their facilities.

Behind the trend are the great changes that have taken place in industrial espionage over the past 25 years — following the arrests of Hitachi Ltd. (6501) and Mitsubishi Electric Corp. (6503) employees trying to steal computer secrets from IBM Corp. in 1982.

Recent incidents show that the growth of information technology has made it easier to duplicate and remove trade secrets, with insiders, including a company’s own employees and those of customers, having the potential to become industrial spies.

Fujitsu Ltd. (6702), a major producer of computers and microchips, plans in December to put into operation a Tokyo computer center that will serve as “a next-generation base which takes advantage of all the most advanced security technologies,” President Hiroaki Kurokawa said.

The computer center will require everyone — even officials from Fujitsu’s customers — to have their identities confirmed before they can enter the building through palm vein scans as well as step through a metal detector.

Visitors will also be obliged to wear a name card with an embedded IC tag. Their whereabouts will be constantly shown on a surveillance monitor, and if they should come close to a place they are not authorized to enter, a red light and a buzzer will be activated to warn Fujitsu officials.

Fujitsu believes the security system will secure the trust of customers, which are naturally concerned about industrial spies gaining access to the information they store at the facility.

Companies are keeping a watchful eye on their own staff as well. About 6,500 people work in the headquarters annex of NTT Data Corp. (9613) in Tokyo’s Toyosu district, including the employees of firms working jointly with the major provider of information systems services.

Every morning, “security-associated congestion” occurs in the building as workers cannot get to their desks until they go through IC card readers at three spots — the entrance to the building, inside the elevators and the entrance to each floor. They cannot go to any floor other than their own without first obtaining a permit, and the existence of surveillance cameras placed in the hallways further strengthens the feeling among them that their every move is being monitored. The security system also records the use of every employee’s computer.

There are some workers who complain about such extensive surveillance, “but we have repeatedly tried to gain their understanding of the special responsibilities of systems integrators, which handle the confidential information of clients,” said an NTT Data official.

There have been a string of information leaks by company insiders in recent years, among the chief examples being the theft of personal data on more than 8.5 million people by a former employee of a firm hired to do work on behalf of Dai Nippon Printing Co. (7912) and the leak of product design data by an employee of autoparts maker Denso Corp. (6902).

According to a survey conducted by the Ministry of Economy, Trade and Industry on 625 manufacturing firms, a combined 36% of respondents acknowledged that they either have or may have had technology stolen from facilities in Japan or abroad. Of the actual or supposed thefts, 62% were attributed to current or former employees.

The methods used by industrial spies have become trickier with the passage of time. The Japanese office of U.S. risk management service firm Kroll Inc. recently handled an espionage case where “moles” were used.

In spring last year, a high-tech company accepted seven engineers, including Japanese ones, as permanent transfers from a non-Japanese Asian firm. Initially, they worked in an ordinary manner, but after two to three months, they began to frequently make duplicate copies of design data and drawings, pretending it was just part of the job. It was later found that the stolen trade secrets had been sent to the Asian firm through a number of roundabout routes.

A Kroll team led by Kageyama launched an investigation, and “their deeds were reported to the police, which resulted in multiple arrests,” he said.

Why do companies take such big risks to steal trade secrets? It is generally because of the ever-intensifying competition in global markets, where trade secrets can be of enormous value in boosting a firm’s competitiveness.

In May this year, an employee of Kia Motors Co., a member of South Korea’s Hyundai Motor group, was arrested on charges of leaking production technology to China. According to an estimate by South Korean prosecutors, if all the targeted information had been leaked, the Hyundai Motor group could have suffered a loss of 4.7 trillion won, or about 590 billion yen, in the Chinese market alone.

There are also cases in which companies do too much to protect the information that underpins their competitiveness. Last fall, internal scrutiny of its own board members by U.S. computer giant Hewlett-Packard Co. to determine the source of information leaks led to a criminal investigation because its monitoring involved illegally obtaining their private phone records and even physically following them, among others.

With corporate defense measures against industrial espionage growing somewhat excessive, companies are now facing the challenge of striking a balance between the protection of trade secrets and that of the privacy of both ordinary employees and board members alike.

(The Nikkei Tuesday morning edition)