In our blogs, Jeroen and I talked about ethical intelligence gathering. We’ve discussed this topic from the organization point of view. I recently came across a news item which made me think about another point of view: the perspective of the one(s) the intelligence is gathered about.
To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services. Some location-based services offered by Apple, such as the MobileMe “Find My iPhone” feature, require your personal information for the feature to work.
In our definition, Apple is gathering competitive intelligence, because it is information about external factors (their customers). They use this information to improve their solutions (as they state in the policy) but probably also to manage their marketing campaigns et cetera. Nothing wrong with this, but the way they acquire this information is dubious. Apple doesn’t really give her customers a choice about this. They have to accept or ‘walk away’ (and the apps are what makes a iPhone, right?). Don’t forget, that most people (including me) don’t always read the full policy, because the’re to lazy, don’t understand what it says or simply don’t have the time. So Apple can collect this information sometimes without the customers knowing about it!
How does Competitive Intelligence in general relate to the privacy of those who are ‘under investigation’?
Privacy is one of the most important things in our lives. Privacy is the ability to do things without the public knowing about it. When someone is depriving you from your privacy, you’ll need to consent to this (like Apple asks permission to their customers so they can access personal geographical information). Because the border between private and public is difficult to determine, there is much discussion about it. Companies have also something like privacy. This privacy consists of information that shouldn’t be out in the open, like a secret recipe. It is very likely you’ve signed at least one non-disclosure agreement in your live, and exactly this information (that you shouldn’t disclose to ‘others’), is privacy sensitive.
Within the Competitive Intelligence area most sources are public. About these sources, there is no discussion about privacy. For example, it is not very smart to tell on Twitter that you’re going on vacation and there’s nobody home to look after your cat. When you do, you don’t have any right to complain about your own privacy if a security company is approaching you and asks if you need a security system for your home when you’re on vacation (because the’re not the only ones who know you’re going on a trip). Everything that you (or a company) puts on the internet (via a website or blog etc.) is automatically in the public sphere, so there are no big issues about which concern privacy.
There are privacy related problems when conducting unethical investigation. If you’re tapping phones, intercepting emails or lay in the bushes with a binocular, privacy becomes a big issue. These examples are pretty straightforward, but it’s not always that simple (the Apple case, for instance). How do you decide whether or not the information you find is in the public domain? When can’t you use something because you would deprive someone of their privacy? These questions are answered in a code of conduct, like the one SCIP has for CI professionals. Such a code of conduct describes what acceptable ways are to collect information. It states for instance that you may not ask a former employee of company X to disclose sensitive information about that company. A code of conduct will answer most questions regarding privacy issues. When you can’t resolve privacy issues with a code of conduct, use your own moral consciousness.
The major conclusion of this blogpost is that a CI professional should be aware of privacy-issues, and handle these issues with care. Also, it shows that the security of your CI tool is important. Your database is not only filled with information about your environment. A well-developed and used CI tool will contain a lot of analysis, reports and articles, which is your organization’s ‘privacy’. Although you should respect others privacy and they should respect yours, there’s no harm in protecting your own.
Privacy Change: Apple Knows Where Your Phone Is And Is Telling People by Meg Marco
Code of ethics for CI professionals on SCIP