Re: Pricing Intrusions

[JohnNicholson () aol com (JohnNicholson () aol com)]

Marcus -

I think that your analysis is focusing primarily on the value of the stolen 
information to the thief.  I would argue that the thief generally has little 
use for the information he steals.  While the thief has the technical ability 
to acquire the information, it is likely to be far more valuable to a third 
party.

There's also one area that you didn't address, which is the value of 
destroyed information. If you could get into a network and trash the 
information related to a valuable project, that could set a competitor back 
both in terms of time and money. 

>   - blackmail someone (high risk, potentially low profit)

I agree.

>   - try to beat someone to a patent (high risk of legal wrangling,
>       potentially huge profit but risk of legal wrangling tied
>       to the size of the "take")

Beating someone to a patent is challenging. In the US, the patent for an 
invention goes to the "first to invent" rather than the "first to file" as it 
does in Europe and other countries.  By stealing information related to 
patentable products in the US, you probably won't do a lot of good.  In 
Europe, though, the "first to file" regime makes this kind of theft 
potentially much more lucrative. 

This doesn't mean that stealing information relating to research and product 
development isn't useful as corporate espionage. Among other things, stealing 
research can help you know what your competitors are doing and might save you 
from going down some wrong paths.

>   - try to steal someone's ideas for product designs (high risk of
>       legal wrangling, potential for profit, but you also still
>       have to do the _work_)

See above.

>   - use stolen information to do insider stock trades (near zero
>       risk, high potential for profit) in this crime, oddly,
>       the "victim" isn't likely to suffer very much unless you
>       make them suffer deliberately.

The risk on this one is a little higher than you might think. The SEC is 
pretty good at tracking down anomalous stock trades. You're right about your 
Barron's example. There was a case a few years ago where a guy who wrote a 
column in the WSJ was trading based on the reaction his column would have the 
next day. Needless to say, the fact that I know about the case means that the 
guy was caught.

>  
>  >How about someone's medical records,
>  >communications with their lawyer, etc?
>  
>  Medical records would be useful for blackmail, I guess. But I'd
>  be scared to get involved in that kinda stuff. I've watched enough
>  movies to know that the proper way to react to blackmail is to hunt
>  the blackmailer down and shoot them. :)
>  
>  A person's communications with their lawyers wouldn't be that
>  interesting. A company's sure might be.

The communications between an individual who was suing a large company and 
his/her lawyer could be very valuable to that company.  A company's 
communications with its lawyers could be very valuable to the other side. 
Look at what happened when the Tobacco Companies' communications with their 
lawyers were disclosed.

John