The CFE as IP Security Advisor: Raising consciousness, promoting balance
/
SPECIAL TO THE WEB
Robert Tie, CFE, CFP
Contributing Editor, Fraud Magazine
“Business is hell,” said U.S. Civil War Gen. William Tecumseh Sherman … well, not quite. “War is hell” were his actual words. But there’s ample reason to believe that this prototypical warrior took the dangers of the marketplace seriously.
As CFEs well know, fraud is one such peril. And if it happens in Silicon Valley or another of the world’s R&D capitals, billions in legitimate profits can disappear. It’s enough to make anyone nervous about their intellectual property (IP).
Sherman, who initially had left the army for a business career that ran from real estate to banking to law, all with limited success, later said that he could more easily lead 100,000 men in battle than manage land in a speculative market.
And it was true. He re-entered the U.S. Army when war broke out in 1861 and led his troops to victory in the South. Before that, however, he had suffered from stress-induced asthma during the 1850s real estate frenzy in San Francisco, where he managed the West Coast branch of a Missouri bank.
In the volatile business environment of the Gold Rush, California land was seen as the key to great wealth, and people resorted to any means — fair or fraudulent — to get it. Then, as now, it wasn’t easy to lead a business in a cutthroat competitive environment.
CURRENCY OF IDEAS
Fast-forwarding to the 21st century, we see that today’s commercial frenzies often are less about land and precious metal than they are about marketable new ideas. For example, when developed into innovative consumer electronics, the right brainstorm can generate more profit than many a gold mine.
“Consider the iPhone,” says Jonathan Turner, CFE, CII, a principal of Wilson & Turner Incorporated, an investigative consultancy headquartered in Memphis, Tenn. “Before it revolutionized cell phones, they all had pushbuttons. Now it’s hard to find one of those. That’s how valuable the touchscreen concept was.”
No one wonder, then, that Apple and other businesses investing heavily in R&D get the heebie-jeebies at the prospect of someone stealing the design of their latest product before the company can bring it to market. You might think the best response would be super-tight security.
“Think again,” Turner says. “Before a new consumer product goes on sale, the manufacturer needs to find out how typical customers react to it.”
Toy makers, six to eight months before Christmas, put early models in front of test groups of kids to see which ones they play with, he says. That feedback determines what will be in stores just before the holidays. Likewise, the New York and Detroit auto shows introduce “concept” cars with radically innovative, sometimes outlandish, features. Some of those elements turn out to be so popular among show attendees that manufacturers add them to the next generation of cars.
“Sure, that market intelligence is beneficial,” Turner acknowledges. “But getting it involves exposing your valuable new designs to outsiders. In the IP world, the competition is for ideas, and once they get out, it’s impossible to put them back in the bottle. Even if you’ve patented your concept, a competitor can create a product that does the same thing in a slightly different way and doesn’t intrude on your patent.”
FACETS OF RISK
Turner recalls two instructive incidents Apple might prefer to forget — after learning from them, of course.
In 2010 and again in 2011, Apple employees field-testing as yet unreleased new iPhones inadvertently left them in public places. Outsiders soon found, examined and discussed them at length not only in the media but in the design labs of Apple’s inquisitive competitors.
“Everyone asked why Apple let these devices be taken out of the laboratory,” Turner says. “The answer is you don’t know how well it’s going to work until you put it in the field. So Apple told its employees to test the new phones in a variety of environments where customers would use them. In doing so, however, Apple took the risk that its competitors would see the devices before they went on sale. Thanks to such premature exposure, competitors often swiftly introduce a similar product.”
Still, product development and marketing people take that risk because they think the “real-world” feedback is worth it, Turner notes. He adds, however, that information security teams — more mindful of risk than of reward — might reject this approach.
“Various internal constituencies often have very different views on IP — what to do, why and how to go about it,” Turner says. “This is a normal, rational conflict that every organization must learn how to mediate.”
THE RIGHT BALANCE
There are up to 30 different constituencies inside the typical business, Turner says — executive-level management, several categories of divisional or mid-level departmental leadership and 10 to 20 categories of rank-and-file employees in functional areas. Each of these groups has its own perspective on how to capitalize on and protect the organization’s IP.
“In many companies, the legal department’s role is to mitigate risk exposures, and the easiest way to do so is to say, ‘You can’t do that,’ ” he notes. “In contrast, the development group wants to put its products in front of as many people as possible to determine which design nuances can turn their ‘okay’ idea into a market breakthrough.”
Finding the right balance between these approaches requires accepting certain shortcomings to obtain what you perceive to be even greater advantages, Turner says. The typical trade-offs? If an organization wants to field-test its products, it has to sacrifice some IP security and vice-versa.
