For once, investigators at Germany's Federal Office of Criminal Investigation (BKA) didn't have far to go. In fact, the assignment didn't even require getting into their cars. All it took was a brisk walk to the stairwell or the elevator.
The German headquarters of Control Risks GmbH, one of the world's largest private security firms, is located only a few floors above the offices of the BKA's branch in Berlin's Treptow neighborhood. In the past, government detectives and their private industry counterparts even got together for the occasional social gathering on the roof deck shared by the two organizations, which offers a spectacular view of downtown Berlin across the Spree River.
The security professionals turned over a wealth of material to the BKA officials. But during their visit with their upstairs neighbors almost two weeks ago, the government agents were no longer interested in casual shoptalk, but rather in the role Control Risks may have played in the Deutsche Telekom wiretapping affair. The scandal has dominated the public debate in the worlds of business, politics and the media for more than two weeks.
The affair is already being described in Berlin as the "epitome of data treachery," and as a scandal on par with the 1962 SPIEGEL affair . German Interior Minister Wolfgang Schäuble (CDU) has been asked to review the government's data storage guidelines. And Matthias Kurth, president of the Federal Network Agency, the regulatory office for telecommunications and postal services, has demanded that Deutsche Telekom conduct a speedy review of its internal weaknesses.
Spying on Journalists and Board Members
For years, Deutsche Telekom hired outside companies to spy on journalists and members of its own supervisory board, hoping to uncover internal leaks. But how far, in fact, does the scandal extend: just into Telekom's own past, or possibly into the sphere of influence of other major corporations that may have availed themselves of similar services and dirty tricks?
It is already clear that Telekom also hired Control Risks, which in turn subcontracted some of its assignments to a company called Desa. Desa, which is run by two former informants for the East German secret police, the Stasi, has also completed assignments for other prominent clients.
Desa is currently investigating a case of insurance fraud in Berlin for the Allianz insurance company. And for retail giant Rewe, the company's detectives kept tabs on a bankrupt wholesale customer and investigated a gang that had been stealing from its warehouses. Back in 1986, when he was still working for the Stasi, one of the current owners of Desa was praised for his "uncompromising performance of his duties," while his current business partner was characterized as a "loyal comrade" in 1988.
Moreover, it is clear that Control Risks worked for other German corporations, like Lufthansa and Deutsche Post. And, more recently, it was revealed that the two security firms were not the only ones that investigated a journalist from the newspaper Financial Times Deutschland (FTD).
In 2001, Lufthansa set its sights on the man, who had written damaging articles about the company in the past. In this case, however, it was not telephone records that were abused, as they had been in the Deutsche Telekom scandal. Instead, the airline used its passenger data for the journalist, one of its frequent fliers, to trace his connections to members of its own supervisory board. The FTD journalist had taken a Lufthansa flight to Hamburg, where he had met his informant in a Lufthansa airport lounge, of all places. Ultimately, he proved to have a touch of bad luck.
The company -- long since under new leadership, namely that of CEO Wolfgang Mayrhuber -- has told SPIEGEL that the allegations are indeed correct, but also notes that flight data does not enjoy the same internal protections as telephone records, for example. "We did nothing illegal," a spokesman insists.
A Bermuda Rectangle
First Telekom, then Deutsche Post, and now Lufthansa. But there is more to the story.
Telekom wasn't the only client for which Network Deutschland, a small Berlin consulting firm, compared and matched up the telephone records of supervisory board members and journalists, the activity that triggered the scandal in the first place. From 1998 onward, Deutsche Bahn awarded the company 43 contracts, worth a total of about €800,000 ($1.25 million). But unlike Telekom the spying activities conducted at Deutsche Bahn are not considered illegal.
The national railway company was apparently interested solely in fighting corruption. As an example, a few years ago it looked into all contacts between outside suppliers and its own employees.
Nevertheless, there are odd connections in the Bermuda rectangle formed by giants Telekom, Deutsche Post, Lufthansa and Deutsche Bahn. In 2001, after Deutsche Post had fired its top in-house lawyer in the wake of a wiretapping affair, he turned up, miraculously enough, at a Lufthansa subsidiary. Two years ago, the head of security at Lufthansa left the company for a job at Deutsche Post.
Were the two former state-owned corporations, Lufthansa and Deutsche Post, somehow in collusion with Telekom and Deutsche Bahn, the last two major businesses in which the federal government still holds a significant stake? What unbelievably detailed data profiles could have been culled from the rail and flight information, telephone records, invoice data and mail correspondence of millions upon millions of customers, especially if the four companies had already been so fond of doing their own spying?
Although conspiracy theories abound, the verifiable facts are still relatively straightforward. So far the list of suspects at the public prosecutor's office in Bonn includes eight current and former Telekom employees, including former Chairman Kai-Uwe Ricke and former Supervisory Board Chairman Klaus Zumwinkel, who have since left the company and deny all guilt.
The BKA is currently sifting through two truckloads full of seized Telekom files, documents and computers. The analysis could take months. Meanwhile, prosecutors are not even sure whether the scandal will remain limited to Deutsche Telekom, or whether their efforts will ultimately uncover a concerted effort.
Worst of all is the fact that the public is now willing to believe a lot of things. After a string of scandals -- the sleaze and slush fund affairs at Volkswagen, corruption scandals at electronics and engineering giant Siemens, allegations that discount supermarket chain Lidl spied on employees and an investigation of Zumwinkel for possible tax fraud -- the latest evidence of corporate malfeasance merely heightens the damage to German industry's image.
Rampant Fear in the Corporate World
In a survey of the 30 largest corporations listed on the German Stock Index (DAX) it launched last week, SPIEGEL asked questions like: How large are the respective security departments? To what extent were or are outside security firms or detective agencies used? What steps are taken to ensure that subcontractors are not resorting to illegal methods?
Of course, almost all respondents have sought to portray themselves as the grand protectors of company statutes and of data privacy and transparency guidelines. Deutsche Post, at least, admitted that "projects were assigned to outside service providers in isolated cases." Allianz, the insurance giant, wrote: "We cannot rule out the use of detective agencies." It even admitted: "Typically, the risks to a company that are associated with inadmissible investigative methods are greater than the potential benefits" it could "derive from such investigations."
Fear is rampant in the corporate world -- fear of criminal employees, and of critical members of supervisory boards and works councils, legal battles, corruption, data theft or simply bad press. The latest in the string of woes companies face is the fear of image loss, which is just as detrimental to the innocent within their ranks.
'We're Using Live Ammunition'
These fears are not diminished by the fact that this peculiar security industry, which, by its very nature, prefers to keep its operations under wraps, is suddenly at the center of public attention. It is a multimillion-euro business, one that continues to thrive on the paranoia of some corporations that apparently feel surrounded by enemies of every stripe. Thus, the current spying abuses may very well have been fueled by a special mix of fantasies of omnipotence and the persecution complexes of some of the captains of German industry.
It is their choice of words that betrays them. Deutsche Bahn CEO Hartmut Mehdorn used military language in a recent announcement of his company's new anti-corruption policies: "We are on the hunt, and we're using live ammunition." When former Deutsche Post CEO and Deutsche Telekom Supervisory Board Chairman Klaus Zumwinkel was still in a position to be worried about future business, he said that he planned to "make it a fight over every letter, down to the last drop of blood." Wary of internal skeptics, he said: "How can you go to battle when you're filled with doubt? And who's going to join the fight when people keep saying: 'Maybe they'll shoot back?'"
Anyone who spends any amount of time with German business owners and senior executives is familiar with their language and the images they like to use in their speech, as well as the philosophy behind both: Business is war.
They are talking about abstract wars with abstract goals, wars that take place in the heads of "generals" in their executive suites. But, as in real war, one of the first casualties is the truth.
Spying at Deutsche Post
Welcome to the dark side of power. Hardly anyone is a more telling case study than Klaus Zumwinkel, in his dual positions at Deutsche Post and Deutsche Telekom, on the one hand, and in his ambivalent nature, on the other.
On the one hand, he was the parsimonious holder of a Federal Order of Merit (Germany's highest honor), a man who was fond of talking publicly about morals among corporate executives. And then there was the other side of Zumwinkel, who allegedly avoided paying taxes on his millions by investing in foundations in Liechtenstein . Investigators are even looking into whether he may have used corporate air travel for personal trips, a charge Zumwinkel also denies.
As a father figure at the helm of Deutsche Post, Zumwinkel liked to rant about transparency and fairness. But he was also someone who apparently hired private investigators very early on in his tenure, to an extent that still remains unclear.
It was around the turn of the millennium, when an unknown man attempted to blackmail Deutsche Post by threatening to take advantage of a loophole in the postal laws that even experts had hardly taken much notice of until then. The loophole would allow competitors using presorted letters to take advantage of Deutsche Post's entire network at low cost, thereby undermining its monopoly of the postal system. The company took the challenge very seriously. The man, who must have had insider information, was demanding payment in the high eight figures.
Klaus Engelen, the company's general counsel at the time, apparently received instructions from senior management to use all means possible to find out who the blackmailer was. Engelen prepared a list of potential offenders, including three officials with the regulatory agency in Bonn responsible for the postal service, several company employees and a number of officials in Brussels.
That was when Control Risks got involved. For several hundred thousand euros, the security firm launched a spying operation. In the end, charges were dropped against all suspects, with the exception of one manager in Deutsche Post's internal regulatory affairs department. He received a disciplinary transfer at first, but was eventually let go. The man insists to this day that he was innocent, but a spokesman for Zumwinkel stresses: "The public prosecutor conducted a detailed investigation of the case. No charges whatsoever were filed against Klaus Zumwinkel, the chairman of the supervisory board at the time."
But according to information obtained by SPIEGEL, Deutsche Post, at about the time of its initial public offering, had private investigators spy on industry competitors like UPS, where they apparently even sifted through the garbage to search for usable information.
The case is as ambivalent as the issue is as a whole. Companies have an understandable interest in preventing internal information from being leaked. And, of course, companies must protect themselves against such leaks.
The number of threats has grown considerably in recent years. Minor reports, or even rumors, can light a fire under a stock today -- or even incinerate it.
In addition to triggering fear among executives, these concerns fueled the development of a security industry on a scale that was nonexistent only a few decades only. In Germany alone, there are already 1,500 detective agencies operating today. But are there any regulated training programs in the business? No. Some form of official certification? None at all. In fact, all it takes for someone to be able to call himself a detective in Germany is a police clearance certificate and a basic business registration. The Federal Association of German Detectives has criticized this lack of regulation for years, albeit unsuccessfully.
An Unregulated Security Industry
For this reason, it is an industry that still operates largely without direct supervision, which is reflected in its casual approach to doing business. In addition to legal means, like observation, detective agencies apparently use borderline legal or even illegal tools as well, ranging from video surveillance to the use of homing and bugging devices.
This has sparked an enormous interest in high-tech equipment, as evidenced by the industry's frequent conventions and trade shows, like the "Security" trade show in the western Germany city of Essen, as well as seminars and workshops. Last week, for example, Christian Schaaf of the Munich consulting firm Corporate Trust conducted a tightly synchronized series of meetings at a Frankfurt hotel.
Some of the topics at Schaaf's event included: "The use of covert investigators," "Investigating the private sphere" and "IT forensics to uncover and prevent irregularities." The cost of the two-day seminar, in which the Telekom affair was also discussed, with some measure of glee, was about €2,000 ($3,140). Security doesn't come cheap.
Schaaf, an old hand in the business, spent 19 years in the police force. People like him are also familiar with the grey zones of the trade, including "shady solicitations" and the tricks that can be used to cover up detective activity. One ruse, for example, is to use law firms as intermediaries, so that the identities of those pulling the strings in corporations are not even revealed when an informant's cover is blown. Thus, when activities turn out to be illegal, the executives can always claim that they had no knowledge of what was going on.
Nowadays the security business receives about 80 percent of its work from industry, even though no more than a dozen firms end up landing the major contracts, from corporations like Telekom or Allianz.
The largest players in the security business include New York consulting firm Kroll, which employs about 3,800 people in more than 30 countries. Another key player is London-based Control Risks, founded in 1975, which operates internationally and includes, among its specialties, the preparation of risk analyses on dangerous regions and the deployment of professionals trained in the intelligence field in kidnapping cases. The company is currently earning millions in Iraq, where it provides security for property and individuals.
But as is the case elsewhere in the tightly structured market economy, the major players have a tendency to use the services of smaller subcontractors. At the bottom of the food chain are small companies like Desa, which, as a subcontractor to Control Risks, once spied on a journalist at the Financial Times Deutschland on behalf of Telekom.
It may have happened eight years ago, but Hans-Jürgen Stephan, the managing director of Control Risks Germany, said last week that he was "appalled by what happened. It really threw me for a loop." The Desa activities, says Stephan, "were already a violation of every rule in the company at the time, and would be totally unthinkable today."
Stephan is quick to use sharp language. He himself took over at the helm of the German division of Control Risks in late 2003. The previous players, he says, all left the firm long ago. Stephan, however, has a very special connection to journalists. He even pays some of them to conduct research on behalf of Control Risks.
Stephan admits: "We hire journalists to address business-related issues for us."
Freelance journalist Detlef G., for example, who works for newspapers like the business daily Handelsblatt and Die Tageszeitung. On the other hand, Control Risks paid him more than €5,200 ($8,165) in October and November 2004 alone for his assistance.
One of his assignments was to gather information to uncover which of a group of his fellow journalists were writing critical reports about specific companies, or to find possible leaks in the companies.
Detlef G. sees nothing scurrilous in his side job. He insists that the sources he used in his research are accessible to the public. "It wasn't as if I were hanging around people's houses, like some spook, or sniffing around in their personal lives."
BEAT BALZLI, DINAH DECKSTEIN, FRANK DOHMEN, ISABELL HÜLSEN, MARCEL ROSENBACH, JÖRG SCHMITT, HOLGER STARK, THOMAS TUMA
Translated from the German by Christopher Sultan.