Spying on the HP Board
Basically, the chairman of Hewlett-Packard, annoyed at leaks, hired investigators to track down the phone records (including home and cell) of the other HP board members. One board member resigned because of this. The leaker has refused to resign, although he has been outed.
Note that the article says that the investigators used “pretexting,” which is illegal.
The entire episode—beyond its impact on the boardroom of a $100 billion company, Dunn’s ability to continue as chairwoman and the possibility of civil lawsuits claiming privacy invasions and fraudulent misrepresentations—raises questions about corporate surveillance in a digital age. Audio and visual surveillance capabilities keep advancing, both in their ability to collect and analyze data. The Web helps distribute that data efficiently and effortlessly. But what happens when these advances outstrip the
ability of companies (and, for that matter, governments) to reach consensus on ethical limits? How far will companies go to obtain information they seek for competitive gain or better management?The HP case specifically also sheds another spotlight on the questionable tactics used by security consultants to obtain personal information. HP acknowledged in an internal e-mail sent from its outside counsel to Perkins that it got the paper trail it needed to link the director-leaker to CNET through a controversial practice called “pretexting”; NEWSWEEK obtained a copy of that e-mail. That practice, according to the Federal Trade Commission, involves using “false pretenses” to get another individual’s personal nonpublic information: telephone records, bank and credit-card account numbers, Social Security number and the like.
EDITED TO ADD (9/8): Good commentary.
EDITED TO ADD (9/12): HP Chairman Patricia Dunn was fired.
Mike Schiraldi • September 7, 2006 2:15 PM
The solution is easy: hold companies liable. If Alice pretends she’s Bob and tricks CharlieCo into divulging Bob’s information, Bob should be able to sue not just Alice but CharlieCo too.
And CharlieCo should absolutely not be allowed to use a defense of, “But she knew Bob’s zip code, SSN, and mother’s maiden name!” Tough luck, they should have been more vigilant.
If that sounds unfair, consider precedent like child protection and stolen property laws. If you sleep with a minor, it’s no defense to say, “But she had a really good fake id!” If you buy stolen property, you might not be guilty of a crime, but you definitely have to give it back, even if you don’t get your money back. “But it looked like a legitimate sale, and they had a really well-forged certificate of ownership!” Doesn’t matter.