In a survey of the 30 largest corporations listed on the German Stock Index (DAX) it launched last week, SPIEGEL asked questions like: How large are the respective security departments? To what extent were or are outside security firms or detective agencies used? What steps are taken to ensure that subcontractors are not resorting to illegal methods?
Of course, almost all respondents have sought to portray themselves as the grand protectors of company statutes and of data privacy and transparency guidelines. Deutsche Post, at least, admitted that "projects were assigned to outside service providers in isolated cases." Allianz, the insurance giant, wrote: "We cannot rule out the use of detective agencies." It even admitted: "Typically, the risks to a company that are associated with inadmissible investigative methods are greater than the potential benefits" it could "derive from such investigations."
Fear is rampant in the corporate world -- fear of criminal employees, and of critical members of supervisory boards and works councils, legal battles, corruption, data theft or simply bad press. The latest in the string of woes companies face is the fear of image loss, which is just as detrimental to the innocent within their ranks.
'We're Using Live Ammunition'
These fears are not diminished by the fact that this peculiar security industry, which, by its very nature, prefers to keep its operations under wraps, is suddenly at the center of public attention. It is a multimillion-euro business, one that continues to thrive on the paranoia of some corporations that apparently feel surrounded by enemies of every stripe. Thus, the current spying abuses may very well have been fueled by a special mix of fantasies of omnipotence and the persecution complexes of some of the captains of German industry.
It is their choice of words that betrays them. Deutsche Bahn CEO Hartmut Mehdorn used military language in a recent announcement of his company's new anti-corruption policies: "We are on the hunt, and we're using live ammunition." When former Deutsche Post CEO and Deutsche Telekom Supervisory Board Chairman Klaus Zumwinkel was still in a position to be worried about future business, he said that he planned to "make it a fight over every letter, down to the last drop of blood." Wary of internal skeptics, he said: "How can you go to battle when you're filled with doubt? And who's going to join the fight when people keep saying: 'Maybe they'll shoot back?'"
Anyone who spends any amount of time with German business owners and senior executives is familiar with their language and the images they like to use in their speech, as well as the philosophy behind both: Business is war.
They are talking about abstract wars with abstract goals, wars that take place in the heads of "generals" in their executive suites. But, as in real war, one of the first casualties is the truth.
Spying at Deutsche Post
Welcome to the dark side of power. Hardly anyone is a more telling case study than Klaus Zumwinkel, in his dual positions at Deutsche Post and Deutsche Telekom, on the one hand, and in his ambivalent nature, on the other.
On the one hand, he was the parsimonious holder of a Federal Order of Merit (Germany's highest honor), a man who was fond of talking publicly about morals among corporate executives. And then there was the other side of Zumwinkel, who allegedly avoided paying taxes on his millions by investing in foundations in Liechtenstein. Investigators are even looking into whether he may have used corporate air travel for personal trips, a charge Zumwinkel also denies.
As a father figure at the helm of Deutsche Post, Zumwinkel liked to rant about transparency and fairness. But he was also someone who apparently hired private investigators very early on in his tenure, to an extent that still remains unclear.
It was around the turn of the millennium, when an unknown man attempted to blackmail Deutsche Post by threatening to take advantage of a loophole in the postal laws that even experts had hardly taken much notice of until then. The loophole would allow competitors using presorted letters to take advantage of Deutsche Post's entire network at low cost, thereby undermining its monopoly of the postal system. The company took the challenge very seriously. The man, who must have had insider information, was demanding payment in the high eight figures.
Klaus Engelen, the company's general counsel at the time, apparently received instructions from senior management to use all means possible to find out who the blackmailer was. Engelen prepared a list of potential offenders, including three officials with the regulatory agency in Bonn responsible for the postal service, several company employees and a number of officials in Brussels.
That was when Control Risks got involved. For several hundred thousand euros, the security firm launched a spying operation. In the end, charges were dropped against all suspects, with the exception of one manager in Deutsche Post's internal regulatory affairs department. He received a disciplinary transfer at first, but was eventually let go. The man insists to this day that he was innocent, but a spokesman for Zumwinkel stresses: "The public prosecutor conducted a detailed investigation of the case. No charges whatsoever were filed against Klaus Zumwinkel, the chairman of the supervisory board at the time."
But according to information obtained by SPIEGEL, Deutsche Post, at about the time of its initial public offering, had private investigators spy on industry competitors like UPS, where they apparently even sifted through the garbage to search for usable information.
The case is as ambivalent as the issue is as a whole. Companies have an understandable interest in preventing internal information from being leaked. And, of course, companies must protect themselves against such leaks.
The number of threats has grown considerably in recent years. Minor reports, or even rumors, can light a fire under a stock today -- or even incinerate it.
In addition to triggering fear among executives, these concerns fueled the development of a security industry on a scale that was nonexistent only a few decades only. In Germany alone, there are already 1,500 detective agencies operating today. But are there any regulated training programs in the business? No. Some form of official certification? None at all. In fact, all it takes for someone to be able to call himself a detective in Germany is a police clearance certificate and a basic business registration. The Federal Association of German Detectives has criticized this lack of regulation for years, albeit unsuccessfully.
An Unregulated Security Industry
For this reason, it is an industry that still operates largely without direct supervision, which is reflected in its casual approach to doing business. In addition to legal means, like observation, detective agencies apparently use borderline legal or even illegal tools as well, ranging from video surveillance to the use of homing and bugging devices.
This has sparked an enormous interest in high-tech equipment, as evidenced by the industry's frequent conventions and trade shows, like the "Security" trade show in the western Germany city of Essen, as well as seminars and workshops. Last week, for example, Christian Schaaf of the Munich consulting firm Corporate Trust conducted a tightly synchronized series of meetings at a Frankfurt hotel.
Some of the topics at Schaaf's event included: "The use of covert investigators," "Investigating the private sphere" and "IT forensics to uncover and prevent irregularities." The cost of the two-day seminar, in which the Telekom affair was also discussed, with some measure of glee, was about €2,000 ($3,140). Security doesn't come cheap.
Schaaf, an old hand in the business, spent 19 years in the police force. People like him are also familiar with the grey zones of the trade, including "shady solicitations" and the tricks that can be used to cover up detective activity. One ruse, for example, is to use law firms as intermediaries, so that the identities of those pulling the strings in corporations are not even revealed when an informant's cover is blown. Thus, when activities turn out to be illegal, the executives can always claim that they had no knowledge of what was going on.
Nowadays the security business receives about 80 percent of its work from industry, even though no more than a dozen firms end up landing the major contracts, from corporations like Telekom or Allianz.
The largest players in the security business include New York consulting firm Kroll, which employs about 3,800 people in more than 30 countries. Another key player is London-based Control Risks, founded in 1975, which operates internationally and includes, among its specialties, the preparation of risk analyses on dangerous regions and the deployment of professionals trained in the intelligence field in kidnapping cases. The company is currently earning millions in Iraq, where it provides security for property and individuals.
But as is the case elsewhere in the tightly structured market economy, the major players have a tendency to use the services of smaller subcontractors. At the bottom of the food chain are small companies like Desa, which, as a subcontractor to Control Risks, once spied on a journalist at the Financial Times Deutschland on behalf of Telekom.
It may have happened eight years ago, but Hans-Jürgen Stephan, the managing director of Control Risks Germany, said last week that he was "appalled by what happened. It really threw me for a loop." The Desa activities, says Stephan, "were already a violation of every rule in the company at the time, and would be totally unthinkable today."
Stephan is quick to use sharp language. He himself took over at the helm of the German division of Control Risks in late 2003. The previous players, he says, all left the firm long ago. Stephan, however, has a very special connection to journalists. He even pays some of them to conduct research on behalf of Control Risks.
Stephan admits: "We hire journalists to address business-related issues for us."
Freelance journalist Detlef G., for example, who works for newspapers like the business daily Handelsblatt and Die Tageszeitung. On the other hand, Control Risks paid him more than €5,200 ($8,165) in October and November 2004 alone for his assistance.
One of his assignments was to gather information to uncover which of a group of his fellow journalists were writing critical reports about specific companies, or to find possible leaks in the companies.
Detlef G. sees nothing scurrilous in his side job. He insists that the sources he used in his research are accessible to the public. "It wasn't as if I were hanging around people's houses, like some spook, or sniffing around in their personal lives."
BEAT BALZLI, DINAH DECKSTEIN, FRANK DOHMEN, ISABELL HÜLSEN, MARCEL ROSENBACH, JÖRG SCHMITT, HOLGER STARK, THOMAS TUMA
Translated from the German by Christopher Sultan.
Post to other social networks:
Stay informed with our free news services:
| All news from SPIEGEL International | Twitter | RSS |
| All news from Business section | RSS |
© DER SPIEGEL 24/2008
All Rights Reserved
Reproduction only allowed with the permission of SPIEGELnet GmbH
