The manufacturing industry might not have the allure of the video game industry, but these days it's undergoing a transformation that bears more than a few similarities.

Additive manufacturing, or 3-D printing, technology is gaining ground in the industry, allowing companies in a broad range of sectors to pursue new avenues for innovation, production, and distribution. A research firm tracking spending on 3-D printing products and services reported that the industry crossed the $5 billion mark in 2015, up more than 25 percent in just one year.

Much like the explosive shift in the movie and music industries, many manufacturing-based industries are undergoing a rapid acceleration in their usage of digital media. This, in turn, is replacing the efficient production and distribution of physical goods as a competitive priority. While this opens a world of growth and cost-saving opportunities for producers, it is also rife with risk — just ask any video game industry executive.

The digital assets that are being created can travel far and travel quickly — and as companies continue to tap into global sourcing networks, they’re doing so more than ever before. These distributions may leave companies and their valuable, digital properties particularly vulnerable to confidentiality breaches, unauthorized trading, and outright theft. In today's world, these unseemly activities are especially difficult to detect, tough to prevent, and extremely costly to the company’s bottom line.

Despite the importance of confidentiality, traditional considerations such as cost, experience, and equipment capabilities tend to dominate companies' choices when hunting for new suppliers. These suppliers, moreover, tend to be situated in industry hotspots near many other, similar competitors. For companies with valuable digital assets at stake, are countries that crack down on digital theft a safer bet? Should they avoid sourcing work in areas with competitors clustered nearby? To date, scientific investigation remains scant.

To answer these questions, Brett Massimino — then a PhD student at The Ohio State University Fisher College of Business, now an assistant professor of service operations management at Cornell University — teamed up with Fisher Profs. John Gray and Kenneth Boyer. They set their sights on a global business besieged by confidentiality problems: The electronic video game industry.

"Video game development and publishing is spread around the globe, but very often is concentrated in tech-heavy metropolitan areas," said Prof. Gray. "Any industry globally sourcing the development of high-value digital assets could learn a great deal from the video game industry's historical struggles in maintaining confidentiality."

The journey to understand the relationships between global sourcing activities and digital confidentiality took Massimino and his co-authors deep inside today's video game-hacking culture. Their findings, published in the January 2017 issue of Production and Operations Management, could reframe the sourcing decision-making process for manufacturers and many others.

White hat, black hat

Video games are a more than $80 billion-a-year business with development and publishing work spread around the globe, much of it clustered in industry hotbeds such as Los Angeles, San Francisco, Tokyo and Paris. Their piracy culture is just as vibrant and widespread: Games frequently fall prey to hackers, and these hackers' efforts have become so aggressive and successful that games are actually slightly more likely to be leaked prior to official release than not. Although no consensus exists on the true financial impact to the industry, a market research firm has estimated annual losses nearly match revenue.

To better understand the industry's confidentiality problems, the researchers sought to track how a video game's vulnerability was linked to two key factors related to the locations of the primary publisher and developer: The level of protection a country’s laws and penalties afforded and how agglomerated, or clustered, the region surrounding a company was in terms of industry-related activity.

To investigate, the researchers plunged into one of the industry’s worst nemeses, accessing a pair of servers at the epicenter of the “black hat" video game-hacking world, the Warez “Scene." In this bustling and highly competitive underworld, hackers often race to illicitly distribute games before the official releases.

"In this Scene, 'first-to-market' is a badge of honor within a social community that places a premium on notoriety," Massimino said. "Hackers take immense pride in their communal reputations, and they often face ridicule or outright rejection by fellow members if they fail in providing a functional, accessible product in a timely manner."

By quietly accessing these servers, the team culled information on over 5 million illicit versions of electronic products that were distributed between the years 2000 and 2010. Pairing these data with information on the “white hat” game-development activities and associated companies gave the team complete pictures of both legitimate development and game-hacking incidents — and some surprising results.

Chilling effect

Conventional wisdom suggests countries with strong so-called national property rights — robust copyright and patent protection and tough infringement penalties — would be safe havens for work involving valuable digital assets. The researchers, however, found no evidence of these protections’ consistent, direct effect on the types of illicit distribution captured in their study.

"To the members of these hacking communities, the allure of releasing sought-after content is very often stronger than the threat of prosecution," Massimino said. "These individuals often think they'll never be caught, are extremely confident in their ability to maintain anonymity, or may simply just not care about formal intellectual property protections and legislations."

The role property protections may play in densely populated business clusters is more complex. Regional business clusters such as Silicon Valley beget a complex series of behavioral phenomena that may be a net benefit or detriment to confidentiality. For instance, workers' collaborations across organizations tend to be much more frequent, easier, and far less formal within clustered regions. Further, this tightly knit, opportunity-rich culture tends to attract an industry's best and brightest individuals. Combined, these phenomena may engender a workforce that is best positioned to protect its proprietary developments, and facilitate rapid responses to any threats that may exist.

The flipside? This high-performing workforce also may be the most capable of exploiting any weaknesses in protections that may occur. Here, the frequent, informal communications among workers — e.g., those of a happy-hour conversation — may breed confidentiality losses that range from innocent leaks to skillfully plotted corporate espionage.

So in these environments, which side wins out, and how do countries' protective measures come into play? Massimino and his team found that, on balance, developers in more agglomerated areas tended to have better confidentiality performance. Interestingly, strong property rights protections dampened this effect. Here, the authors posit, stringent laws and penalties around digital theft may be too effective — that is, they may throttle the cross-organizational, "white hat" communications and developments that traditionally characterize industry clusters. The impact on "black hat" activities, meanwhile, is relatively unfazed.

For governments eyeing ways to better protect companies located within their borders, these results indicate some unintended, counterintuitive consequences that tougher intellectual property laws and penalties may carry, especially for agglomerated regions. For companies eyeing suppliers, the study is another reminder of a stark reality of the complex world of sourcing decisions: The right choice is rarely the result of simple intuition.