On Monday of this week, Siobhan Gorman of the Wall Street Journal reported on the depth of cyberspying of Nortel Networks, allegedly at the hands of the Chinese. It appears that this breach of Nortel’s security began as early as 2000 and, apparently, continues today.
Hackers somehow got access to the passwords used by seven key Nortel executives, including a former CEO. Nortel did not discover the breach in their security until 2004, meaning that the Chinese hackers gained access to intellectual property, proprietary documentation and even employee e-mails. All of this was discovered by an internal security team that faced severe budget cuts as Nortel’s business began to implode. Nortel filed for bankruptcy protection in 2009 and the company has been actively selling off its assets. According to Gorman, Nortel’s technology is still located within 45 percent of the U.S.’s telephone switch infrastructure. It’s up to the reader to speculate about the extent of cyber-espionage taking place in the systems connected to that infrastructure.
Industrial espionage is nothing new. Intellectual property rights are routinely challenged or ignored outside of our Western cultural legal system. Take, for example, Bombay-based Cipla, an Indian pharmaceutical manufacturer. Indian patent laws make a distinction between the manufacturing process of a drug and the product that results from that process. As a result, Cipla began reverse-engineering drugs like Prilosec and selling it for pennies on the dollar compared to its U.S. version. While taking a humanitarian approach to the distribution of its generic versions of patented drugs (i.e. making them more affordable for poor people), Cipla was accused of breaching the ethics of intellectual property law. Operating in other cultures and countries can, at times, present a businessperson with an ethical minefield.
In Nortel’s case, a different sort of ethical issue also gets raised: the company did not disclose to prospective buyers that their systems had been hacked. As a result Avaya, Ciena Corp. and Ericsson may have bought spyware-infected assets. At the time of those acquisitions, Nortel was not “obligated to disclose a breach to another company as part of an acquisition deal.” Put yourself in the shoes of the one doing the acquiring. Wouldn’t you have wanted to know that small detail? Caveat emptor. (The SEC has since issued formal guidance to correct this situation from happening in future.)
Harvard Professor Clayton M. Christensen recently pointed out in a post titled “How Will You Measure Your Life?” that most often, businesspeople employ “the marginal cost doctrine” to their personal lives and the decisions they make. ”If I do this just once,” one reasons, “it will be O.K.” However, that marginal cost may carry within it an extreme set of consequences down the road. ”The lesson I learned from this,” writes Christensen,”is that it’s easier to hold to your principles 100% of the time than it is to hold to them 98% of the time. If you give in to ‘just this once,’ based on marginal cost analysis…you’ll regret where you end up. You’ve got to define for yourself what you stand for and draw the line in a safe place.”
My hope is that together, as sales and marketing professionals, we can stand in the breach and do what is right. Regardless of the personal cost, it is important to keep to our personal ethical standards.