Competitive Intelligence Marketplace

This is an interesting development, and it will indeed be very interesting to see how this plays out.

As an aside on search techniques, the approach that I suggest to better evaluate the presence of proprietary information posted to the web by a company is to use the "site:" operator to designate a company's domain name as the limitation for your search. Also to use the "filetype:" operator to designate in Google (Yahoo follows the same syntax) that you want the search engine to search for Powerpoint files. So in this instance I ran a Google search for "+Proprietary filetype:ppt site:boeing.com."

I found two results. One includes a mention of proprietary data. Another is a PowerPoint file describing Boeing's intention to protest the Air Force fuel tanker award that received so much attention this past Spring (AIrbus won and the award was cancelled over claims of improper evaluation methodology).

One unknown is a difference between what was on the Boeing site and what is on the Boeing site today. It's not inconceivable that Boeing employees could have realized proprietary data was exposed and took the information down.

Another unknown is what information Airbus employees might have found using the "robots.txt" file on the Boeing site that tells search engines such as Google not to index certain files or pages on the site. The current robots.txt file on the Boeing site does not appear to limit search engines indexing of any content on the site.

In no circumstances am I suggesting that Boeing did anything to clean up their site. Only that it is within the realm of possibility that they could have done any of these things to close gaps that might have existed before. It's also conceivable that Airbus employees applied search methods more advanced (and potentially more intrusive) than my own. Again, not saying they did-- just that it is within the realm of possibility.

Many companies post information market "Proprietary and Confidential" to their public web sites. Companies in every industry. Fortune 500 (100, 50) companies that should have information security professionals that should know better. As CI professionals an important question is whether or not we are obliged to respect the privacy markings of competitors' documents that are posted and available on their public web site.

Another dimension of the problem in the corporate world is the over-reliance of Proprietary information markings. One of the principal concepts of information protection is that to protect everything is to protect nothing. In this environment it is a crap-shoot, and trade secrets are put at risk through haphazard application of the security frameworks that are intended to protect that very and truly proprietary information.