Saturday, October 01, 2005

WE MEET AT THECORNER OF KING AND BAY, underneath the big Bank of Montreal clock. Hundreds of business people rush by. This isn’t the usual place to do an interview, but Chris Mathers prefers it this way. He likes meeting people outdoors, where he can walk, talk and watch passersby for any familiar faces.

“Surely,” I ask, “no one is listening to us?” “Darlin’, you never know,” he replies, sounding almost like a private eye off the pages of a Raymond Chandler book. “Walk down a street where employees are hanging out, taking a smoke break. Go into a bar or a restaurant. You’re bound to hear things that you shouldn’t. People like to talk and eavesdropping is only human nature. It’s, like, Spy School 101.”

A former undercover cop turned self-employed corporate gumshoe, Mathers is a Philip Marlowe for the 21st century, with a talent for forensic IT work coupled with basic instinct and an old-fashioned, politically incorrect vocabulary that includes words like “dames,” “dicks,” “chicks” and “baloney.”

Today, he looks très Bay Street in a pale pink Zegna shirt, black pants and black designer oxfords – one of 60 pairs of shoes he admits to keeping in his closet. It’s what he wears to blend into the country’s financial heart. He keeps an office near here in order to be close to corporate clients whose problems range from frauds and website breaches straight through to plain old blackmail and, yes, corporate espionage. “Fact is,” he says, turning in a circle and flinging out an arm as if to take in every skyscraper, “you throw a stone high enough here in any direction, chances are you’ll hit a criminal or would-be-criminal.”

I’m here to talk to him about corporate spying. Those like Mathers, who work in the underbelly of the corporate world, understand that Air Canada’s $220-million lawsuit against WestJet for stealing company data such as passenger-load lists is only the tip of the iceberg. And, as with most icebergs, the danger is largely hidden; this is because companies are reticent to even admit that they have been victims. After all, such information can spook shareholders and adversely affect stock prices.

Former RCMP commissioner Norman Inkster, now working in the private sector, says that instead, the companies call in the consultants. “What they invariably say at first is ‘I want to get my money back,’ ” he tells me. The damage stemming from such non-disclosure is enormous. In 1996, a Canadian Security Intelligence Service (CSIS) team estimated that the theft of industrial and economic secrets in Canada was costing the country a staggering $1 billion a month. And according to Michel Juneau-Katsuya, the former CSIS operative who requested the study, the organization has also identified no less than 24 different countries that are actively stealing secrets from Canadian companies. Along with the usual suspects like China, they include “friends,” such as the U.S., Britain, France, Germany, Israel and South Africa.

“We’re not only bleeding; we’re hemorrhaging,” Juneau-Katsuya says.
Meanwhile, a similar study conducted around the same time in the U.S. found that the Americans, whose economy is at least 10 times bigger than ours, was losing $2 billion a month. In response, they introduced the Economic Espionage Act in 1996. While it hasn’t erased the practice of stealing secrets, it was at least a recognition that the law needed to exponentially increase the penalties for such crimes, including jail time.

The Canadian response has been the exact opposite. There are no laws here to counter stealing of corporate secrets. There isn’t even federal recognition that the problem exists.

Which brings me back to Mathers, one of those operatives whose job is to find the spies and stop them cold. Think of him as the guy who spies on the spies. In the murky world of corporate skulduggery, he circumvents what he calls the country’s willingness to be a patsy, all the while treading a fine bottom line between right, wrong and completely unethical.

'You throw a stone high 
enough here in any direction, 
chances are you'll hit a criminal 
or a would-be criminal'

“We find it hard to think that most corporate ‘spies’ are folks like you or me, co-opted for money or through circumstance,” notes Mathers. “They could be janitors paid the minimum wage, middle managers unhappy that they didn’t get that big promotion, or longtime employees stuck with big bills for alimony and child support.” They could be strangers who walk in carrying toolkits to repair computers or phones, or they could be properly suited and tied, with official looking business cards. They could be the attractive women sitting next to you at the bar, or they could be posing as students working on papers.

Business is business, after all, and corporate espionage is but another way to beat a competitor and gain a bigger market share, all the while avoiding spending big bucks for research and development. “Listen, if you’re going to be gathering competitive intelligence, [in order] to get anything of value, you’re going to break the law. Say you’re at the printer and your competitor’s annual report is sitting there. Are you to ignore it or look at it?
“How many angels,” he continues, “can dance on the head of a pin?”

Born in Montreal to a CN railway worker and a stay-at-home mother, Mathers, now 50, spent his early years in the tough Point St-Charles neighbourhood in the south-central section of the city near the railroad tracks. Even as a kid, he was attracted to the seamier side of life. He hung out in Montreal’s downtown and watched people shoot up heroin. He called prostitutes by their first names and knew guys who drove hijacked trucks filled with stolen goods. “I never did any of that stuff myself,” he cautions. “For some reason, I just wanted to know about it.”

Maybe that’s what RCMP officers sensed when they came across him working as a bouncer in a popular bar in London, Ont. At the time, he was studying genetics at the University of Western Ontario and wondering what to do next. When the Mounties suggested he sign up, he did. Soon, he went undercover, working drug, gun and illicit cash deals as if he’d been doing it his whole life.

Mathers’ nickname during his 20 years on the force was ‘Big Action.’ Once, when he was running a money exchange sting just off of Bay Street, he found himself in the men’s washroom with a legitimate businessman who worked in the same building. “What do you guys do over there?” the man asked, curious. “We mind our own business,” Mathers snarled back.

Inkster, who went on to become the global managing partner of KPMG’s forensics group before starting his own consulting firm, says Mathers could role-play like nobody’s business. It didn’t matter if he was the tough head of the illegitimate money exchange house or a tacky tourist in the Caribbean, complete with loud printed shirt and camera around his neck as he chatted up the owner of a burned-down enterprise who’d claimed the fire had devoured costly merchandise that a Canadian businessman sent him. “Chris being Chris, he got the fellow to tell him chapter and verse about the fact he’d moved the product out before the fire and was trying to collect on both ends,” Inkster says. “He has a sense of...drama.”

At times, his characters have gotten Mathers in big trouble, especially during the few years he had to hide out in a rural Ontario farmhouse until members of a Colombian drug gang who were trying to kill him had been prosecuted and put in jail.
But the characters have also helped make him aware of how things work beneath their façade. He laughs out loud when I tell him about Target of Opportunity, a DVD that a former KPMG operative loaned me, in which one man wreaks havoc with a company’s digital and hard-copy resources in only three days, stealing secrets right, left and centre as he romps, unchallenged, through corridors, offices and boardrooms.

“Well,” he says, “that might as well be real life.” Companies are lulled into thinking their security is tight, thank you very much, but when they hire his firm to do both physical and electronic penetration tests, they fail. Every time.

Citing confidentiality agreements he signed in blood, practically, he can’t tell me which companies he is working for. But he tells me stories about computer passwords that are too easy or bypassed altogether, and laptops that are blithely used in full view of other people, especially on airplanes. “It’s naïve to believe that the person sitting next to you is not interested in the sensitive document you’re working on, or even the airline itself,” he says. “Hell, I know of one international airline that has microphones in the executive class area that pilots can switch on and off at will.”

He’s on a roll now, moving from lax computer security to lax security, period. One of his current contracts is to test how easy it is to physically break into a local firm. Turns out all it took were several cigarettes and some friendly banter. “By the time my guys tried to get in, the security guards actually held the doors open for them,” he snorts. “The directors were, um, shocked, to say the least.”

He plans to step up the test next time around, sending in one of his men in a big cardboard box labelled “top secret” or something similar. It will arrive at the end of the day, be taken in and left alone, so that, after closing time, the guy will pop out, wander around taking pictures in compromising places and cool his heels until the next morning.

That’s not all. He ticks off his fingers as he lists ever more tricks of the corporate spy trade. Steal a stack of business cards and pretend they’re yours. Call someone’s office around 1:30 p.m., after the permanent receptionist is well into the lunch hour, and you get a replacement who has no idea you weren’t talking to the boss before and will unwittingly give you information about meetings and schedules.

The honey trap works. 
'If I were a CEO, the last 
thing I'd want is my guys 
out talking to young dames'

He once knew a charming, elderly ex-RCMP operative who is often hired by companies to penetrate their offices, who’d totter into them when the bosses aren’t there, chat up the receptionists, convince them he’s supposed to wait in their bosses’ offices until the bosses come back, steal everything he could get his hands on and quietly slip out while they’re on the phone or in the bathroom.

There’s the “no-fail” phone call by a woman with a British accent because, for some reason, he says we trust women with British accents more than anyone else in the world.

Or the scam in which corporate spies call you in for an interview for the dream job of your lifetime and encourage you to tell them just what it is you’re up to these days.

Some spies get really creative. Consider the Asian businessmen who were allegedly planning a joint venture with an Ontario company and went on a tour of the factory just before they were to sign the partnership agreement. Or another group of businessmen who wore rubber-soled shoes to pick up metal filings they later analyzed that gave them the secret to the manufacture of the particular alloy. The end result? There was no partnership agreement, and proprietary information was stolen.

Then, there’s what Mathers calls the “honey trap,” in which sex is used to catch someone with highly prized knowledge in a most compromising position, especially when the person is married with children. “I know it sounds sexist and all, but it works,” he says. “If I were a CEO, the last thing I’d want is my guys out talking to young dames. That can be dangerous.” So, I ask, who should be on alert?

People who can influence public markets, he replies. People who make their living predicting the future. People who work in high-tech, low-tech and paper, in mining, pharmaceuticals, software and soda drinks. People whose ideas are worth more than the paper they’re printed on. Because that’s a problem when it comes to criminal charges here: No matter what’s stolen, the Criminal Code counts only the actual, not potential, value.

Just ask Mitel, the Ottawa-based telecommunications giant that, according to reports, lost an estimated 10 years of research and up to $1 billion in estimated market share in the 1990s when a 16-year employee sold some of its trade secrets to the Vietnamese government. To Van Tran was charged with one count of fraud and one count of possession of stolen property over $5,000. In October 2001, he was fined a grand total of $25,000 – half of what he was paid by the Vietnamese – and he spent nary a day in jail.

The case helps bolster Mathers’ contention that people in Canada spend hardly any time in jail for hard crimes, never mind those that can be classified as white-collar crimes.

It doesn’t take much to bolster your security. Be proactive, Mathers says. Check out the people you’re thinking of hiring or doing business with before you give them the keys to your kingdom and you’ll eliminate 95 percent of problems. That way, chances are you’ll never have to hire someone to comb through company garbage, which people like Mathers hate doing. 
“Hey,” he says,” this is a Zegna shirt. A $250 shirt. You think I’ll go into dumpsters? No. Thank. You. At $450 an hour, I don’t think my clients want me swimming around in a dumpster. If someone wants a dumpster diver, I’m going to send them to see a low-end private investigator.
“Aw, damn. Is that a soy sauce stain?”