Business information open to fly on the wall
The blurred line between Chinese 'state secrets' and commercially confidential material highlighted in the Rio Tinto case has uncovered another dirty secret: the failure of many mainland firms to protect valuable business information.
Two weeks after the formal arrest of four mainland-based employees with global miner Rio Tinto on commercial secrets infringement charges, Irvin Qiang says his industry is still reeling from what looks set to be China's highest-profile business confidentiality case.
Mr Qiang, who works for a corporate crime investigation firm in Shanghai with a clientele of both multinational and domestic firms, said his foreign clients are scrambling to figure out how to fine-tune their information collection practices after the Rio Tinto fallout.
'But more interestingly, Chinese companies, particularly those state-owned firms, have for the first time in years shown interest in earnest in raising their game in enforcing confidentiality rules,' he said.
Chinese firms often lack the know-how to protect business secrets concerned with their core competencies, analysts and lawyers said.
They say that the money-for-information skulduggery Rio Tinto is accused of is a rule rather than the exception in China's business community and usually goes unpunished.
The four Rio Tinto employees implicated, led by Australian national Stern Hu, the company's chief iron ore salesman in China, allegedly bribed Chinese executives for key production and sales data that had given the Anglo-Australian miner an unfair advantage in the marathon iron ore supply talks.
They were detained by the Shanghai branch of the State Security Bureau early last month.
An apparent government-initiated campaign is now under way to plug the loopholes and hold accountable those who give out information in return for benefits from multinationals.
'Most Chinese companies, state-owned and privately controlled, have done a poor job in holding their cards to the chest when it comes to business competition,' said Jiang Yong, a researcher on economic security issues with the China Institute of Contemporary International Relations. 'It reflects broader substandard corporate governance.'
Mr Jiang said very few big state-owned giants in strategically important businesses such as the energy sector would have strict rules and compliance to ensure control of business-related information flow.
However, the rest of corporate China is still 'in the stone age' when it comes to keeping their internal information internal.
'Of course, we have opposite examples like Huawei Technologies, [one of the country's biggest telecommunications equipment makers] which boasts detailed and feasible confidentiality rules,' Mr Jiang said.
'Unfortunately, these well-disciplined firms are in the absolute minority and their practices have more to do with managers' personal traits than faith in good corporate governance.'
Huawei president Ren Zhengfei is reportedly keenly aware of the need for information security, thanks to his experience as a former People's Liberation Army officer before founding the company.
Ironically, state-owned enterprises have been keener to mark documents as 'classified' than their multinational peers, said Mr Qiang, who previously worked for a big state-owned shipping company, before he became an investigator.
'But they don't have a specific office to keep custody of these files. Then you have this bizarre scenario: documents marked as secrets are usually littered around in the office ... It looks like heaven for commercial spies,' he said.
Many Chinese firms do not list detailed confidentiality rules in their contracts with employees, and those who do don't specify the consequences of infringement. The loopholes offer opportunities for abuse by unscrupulous employees.
Then there is the poor business ethic and sometimes the lethal customs of guanxi, or connections.
In Rio Tinto's case, Hu and his colleagues, some of whom were former state-owned steel mill executives, allegedly leveraged a mix of dollar-splashing and cronyism to obtain information.
At least two state-owned steelmakers, Laiwu Steel & Iron Group and Shougang Steel, have acknowledged their employees were under investigation.
'We have seen too many cases of leaks, either inadvertent or deliberate breaches in exchange for favours, in Sino-foreign business talks on an enterprise level,' said Li Su, who has run H&J Partners, a business consultancy in Beijing, for more than two decades.
Mr Li said some favours took the form of arranging and paying for overseas study trips for Chinese executives and officials' children.
Others required a payment delivered to a designated third-party company as a consulting fee in disguise.
But Beijing authorities have apparently decided to step in.
Nanfang Weekly, a news magazine, reported last month that the State Security Bureau, the government ministry in charge of the country's information security, has been carrying out a campaign since earlier this year to identify systematic loopholes and raise awareness among state company executives about corporate information security.
A person who has worked with officials from the Guangdong branch of the security bureau confirmed the report, saying it was quite unusual for the regulator to have companies under surveillance.
'In normal times, the [security bureau] is put in charge to monitor information leakage within the government and military-related bodies, but their priority seemed to have been shifting ground a bit recently,' he said.
The person also confirmed domestic media reports that the bureau would see a promotion in its administrative ranks in the government bureaucracy and an expansion of its duties very soon.
'I heard it would happen before the end of the year,' he said.
Xia Yong, the incumbent head of the usually low-profile security bureau which does not even have an official website, is reportedly a close adviser to President Hu Jintao.
He was appointed to the position in 2005.
Mr Jiang said that more intervention in the state sector would help big Chinese firms build better defences against the leaks that would undermine their business interests.
'But at the end of the day, it will be up to the state firms' executives, most of whom are still far from commanding basic modern contemporary managerial skills, let alone information security know-how,' he said.
Yu Jie, a Shanghai-based lawyer familiar with commercial secrets infringement cases, hailed the security bureau's involvement but questioned the sustainability of the heavy-handed approach.
'The solution would eventually have to come down to the judiciary system rather than an administrative arm of the state,' Mr Yu said.
In fact, amid diplomatic controversy stoked by the espionage charges, the security bureau handed Rio Tinto over to normal prosecutors and police who formally arrested Hu and his colleagues on August 12.
However, given the implementation of the Commercial Secrets Law, a piece of domestic legislation that draws the line on what can and cannot be done in obtaining business information, the feasibility of the legal tools against wrongdoings in this area has been cast into shadow.
'Very few cases actually went to the court partly because of Chinese companies' face-saving propensity,' said Mr Yu, adding that the vagueness in legislation had also caused delays.
In that context, the Rio Tinto fallout could be a welcome event 'since it gave a very public lesson about the cost of shoddy information security', he said.