Tuesday, September 12, 2006

Pretexting and the Hewlett-Packard Patriciagate Melodrama

Please note: pretexting is a word derived from "pretext" and not from "text". Pretexting is a data-gathering practice by which personal information is obtained under false pretenses, i.e. under a pretext.

Pretexting is currently in the news in connection with the snooping of the private phone records of Hewlett-Packard board members by private investigators hired by Hewlett-Packard chairwoman Patricia Dunn to find out who on the HP board was leaking HP board information to news media. Dunn claims to have had no knowledge that pretexting would be used as a method to get information, an explanation which stretches her credibility - after all, how did she imagine that the investigators would get the information she required? Moreover, did not investigators keep her up-to-date on the progress of an investigation she was paying for?

It appears as if private phone records were pretexted not only for HP board members but also for the news reporters who wrote the leaked story, as well as for additional news reporters and related private persons. To put it bluntly, Hewlett-Packard has put itself into a legal and public relations nightmare because of in-fighting among its board membership.

We were always of the opinion that Hewlett-Packard was on a long downhill slide ever since the days of Carly Fiorina and the ill-advised merger with Compaq. Perhaps HP's current problems are simply the inevitable result of a cumulation of many bad decisions over time at the top-level of HP, putting increasingly less-suited persons into office, and leading to the struggling position in which the company now finds itself.

After all, Patricia Dunn started out her career as a freelance reporter and temporary secretary and is not necessarily someone whose inherent qualifications would seem to warrant the kind of business position which she currently (still) holds, although one could speculate that a sense for melodrama might be a product of her background.

George Keyworth II, the admitted board leak source, was former chairman and senior fellow with the Progress & Freedom Foundation, as also a former science adviser to President Reagan and director of the Los Alamos National Laboratory Physics Division, all high political and geek positions but not necessarily posts which should qualify him for a top US corporate role.

Populist-type popularity, politics, expertise in non-related fields and connections seem to mark some (what percent?) of corporate America's leaders, rather than competence for the office held. (So what's new in the world, the sceptics will say. It has always been that way.) We would in any case expect corporate boards to be staffed by people trained in the law and not by the serendipity collection of "popular" - but perhaps sometimes incompetent - persons we often find there. We see this same problem regarding the persons elected to US Congress - where popularity among the voters is the major qualification of US Congressional members, rather than their objective competence, legislative suitability or legal learning.

As for the law involved here, financial pretexting is clearly illegal pursuant to the Gramm-Leach-Bliley Act (GLBA), but the illegality of pretexting is not extended beyond financial institutions by this law. This legislation is typical for the kind of muddled lawmaking which has become more and more typical for the US Congress. Why should just "financial" pretexting be illegal according to that law, but nothing else? Is fraud not fraud everywhere? Indeed, that was one of the excuses referred to by HP in the SEC filing which refers to the pretexting at hand:

"The committee (assigned to review the investigation methodology) was then advised by the committee's outside counsel that the use of pretexting at the time of the investigation was not generally unlawful, except with respect to financial institutions, but such counsel could not confirm that the techniques employed by the outside consulting firm and the party retained by that firm complied with all respects with applicable law," according to the [HP] SEC filing. "

Whether the kind of phone record pretexting used in the instant case was illegal under federal and/or California law is still being investigated by U.S. and State of California attorneys, although the California Attorney General says that a crime has been committed, although it is not yet clear which crime, by whom, or who will we charged. Potentially, since phone records are stored on computers, pretexting also involves "hacking" computer data, which is clearly a crime, both State and federal:

"Chris Hoofnagle, a privacy expert and senior attorney at UC Berkeley's Boalt Hall School of Law, agreed that it appears the pretexting methods employed by HP's investigators violate the law.

"Pretexting like this is technically hacking," he said. "This is illegal under state and federal law.
"

Indeed, at his Chris Blog, Hoofnagle (who is correctly senior staff attorney to the Samuelson Law, Technology & Public Policy Clinic at Boalt) writes:

"No federal law specifically prohibits pretexting phone records. The federal Gramm-Leach-Bliley Act prohibits pretexting for information from financial institutions, but is silent in other contexts. Many have latched onto this silence to claim that pretexting is legal.

Nevertheless, pretexting for phone records is illegal. Don’t believe statements to the contrary from the private investigative lobby. A pretexter can be charged with the federal Computer Fraud and Abuse Act, the Wire Fraud Act, state computer intrusion laws (hacking laws), and state identity theft laws. And not just in California. The laws of other states are flexible enough to pursue this form of fraud.
"

Other blogs that are interesting to read on this issue are:

Spyware Hunt
Law Blog - WSJ see especially this e-mail exchange between Tom Perkins and Larry Sonsoni
White Collar Crime Prof Blog (our remark on the comment there on the attorney-client privilege, is, yes, it is quite amazing that such an e-mail exchange would be made public)

Pretexting and the Hewlett-Packard Patriciagate Melodrama

Please note: pretexting is a word derived from "pretext" and not from "text". Pretexting is a data-gathering practice by which personal information is obtained under false pretenses, i.e. under a pretext.

Pretexting is currently in the news in connection with the snooping of the private phone records of Hewlett-Packard board members by private investigators hired by Hewlett-Packard chairwoman Patricia Dunn to find out who on the HP board was leaking HP board information to news media. Dunn claims to have had no knowledge that pretexting would be used as a method to get information, an explanation which stretches her credibility - after all, how did she imagine that the investigators would get the information she required? Moreover, did not investigators keep her up-to-date on the progress of an investigation she was paying for?

It appears as if private phone records were pretexted not only for HP board members but also for the news reporters who wrote the leaked story, as well as for additional news reporters and related private persons. To put it bluntly, Hewlett-Packard has put itself into a legal and public relations nightmare because of in-fighting among its board membership.

We were always of the opinion that Hewlett-Packard was on a long downhill slide ever since the days of Carly Fiorina and the ill-advised merger with Compaq. Perhaps HP's current problems are simply the inevitable result of a cumulation of many bad decisions over time at the top-level of HP, putting increasingly less-suited persons into office, and leading to the struggling position in which the company now finds itself.

After all, Patricia Dunn started out her career as a freelance reporter and temporary secretary and is not necessarily someone whose inherent qualifications would seem to warrant the kind of business position which she currently (still) holds, although one could speculate that a sense for melodrama might be a product of her background.

George Keyworth II, the admitted board leak source, was former chairman and senior fellow with the Progress & Freedom Foundation, as also a former science adviser to President Reagan and director of the Los Alamos National Laboratory Physics Division, all high political and geek positions but not necessarily posts which should qualify him for a top US corporate role.

Populist-type popularity, politics, expertise in non-related fields and connections seem to mark some (what percent?) of corporate America's leaders, rather than competence for the office held. (So what's new in the world, the sceptics will say. It has always been that way.) We would in any case expect corporate boards to be staffed by people trained in the law and not by the serendipity collection of "popular" - but perhaps sometimes incompetent - persons we often find there. We see this same problem regarding the persons elected to US Congress - where popularity among the voters is the major qualification of US Congressional members, rather than their objective competence, legislative suitability or legal learning.

As for the law involved here, financial pretexting is clearly illegal pursuant to the Gramm-Leach-Bliley Act (GLBA), but the illegality of pretexting is not extended beyond financial institutions by this law. This legislation is typical for the kind of muddled lawmaking which has become more and more typical for the US Congress. Why should just "financial" pretexting be illegal according to that law, but nothing else? Is fraud not fraud everywhere? Indeed, that was one of the excuses referred to by HP in the SEC filing which refers to the pretexting at hand:

"The committee (assigned to review the investigation methodology) was then advised by the committee's outside counsel that the use of pretexting at the time of the investigation was not generally unlawful, except with respect to financial institutions, but such counsel could not confirm that the techniques employed by the outside consulting firm and the party retained by that firm complied with all respects with applicable law," according to the [HP] SEC filing. "

Whether the kind of phone record pretexting used in the instant case was illegal under federal and/or California law is still being investigated by U.S. and State of California attorneys, although the California Attorney General says that a crime has been committed, although it is not yet clear which crime, by whom, or who will we charged. Potentially, since phone records are stored on computers, pretexting also involves "hacking" computer data, which is clearly a crime, both State and federal:

"Chris Hoofnagle, a privacy expert and senior attorney at UC Berkeley's Boalt Hall School of Law, agreed that it appears the pretexting methods employed by HP's investigators violate the law.

"Pretexting like this is technically hacking," he said. "This is illegal under state and federal law.
"

Indeed, at his Chris Blog, Hoofnagle (who is correctly senior staff attorney to the Samuelson Law, Technology & Public Policy Clinic at Boalt) writes:

"No federal law specifically prohibits pretexting phone records. The federal Gramm-Leach-Bliley Act prohibits pretexting for information from financial institutions, but is silent in other contexts. Many have latched onto this silence to claim that pretexting is legal.

Nevertheless, pretexting for phone records is illegal. Don’t believe statements to the contrary from the private investigative lobby. A pretexter can be charged with the federal Computer Fraud and Abuse Act, the Wire Fraud Act, state computer intrusion laws (hacking laws), and state identity theft laws. And not just in California. The laws of other states are flexible enough to pursue this form of fraud.
"

Other blogs that are interesting to read on this issue are:

Spyware Hunt
Law Blog - WSJ see especially this e-mail exchange between Tom Perkins and Larry Sonsoni
White Collar Crime Prof Blog (our remark on the comment there on the attorney-client privilege, is, yes, it is quite amazing that such an e-mail exchange would be made public)

The ISandIS Network

Our Websites and Blogs: 3D Printing and More 99 is not 100 Aabecis AK Photo Blog Ancient Egypt Weblog Ancient Signs (the book) Ancient World Blog AndisKaulins.com Anthropomorphic Design Archaeology Travel Photos (blog) Archaeology Travel Photos (Flickr) Archaeo Pundit Arts Pundit Astrology and Birth Baltic Coachman Bible Pundit Biotechnology Pundit Book Pundit Chronology of the Ancient World Computer Pundit DVD Pundit Easter Island Script Echolat edu.edu Einstein’s Voice Energy Environment and Climate Blog Etruscan Bronze Liver of Piacenza EU Laws EU Legal EU Pundit FaceBook Pundit Gadget Pundit Garden Pundit Golf Pundit Google Pundit Gourmet Pundit Hand Proof HousePundit Human Migrations Idea Pundit Illyrian Language Indus Valley Script Infinity One : The Secret of the First Disk (the game) Jostandis Journal Pundit Kaulins Genealogy Blog Kaulinsium Kiel & Kieler Latvian Blog LawPundit.com Law Pundit Blog LexiLine.com LexiLine Group Lexiline Journal Library Pundit Lingwhizt LinkedIn Literary Pundit Magnifichess Make it Music Maps and Cartography Megalithic World Megaliths Blog) Megaliths.net Minoan Culture Mutatis Mutandis Nanotech Pundit Nostratic Languages Official Pundit Phaistos Disc Pharaonic Hieroglyphs Photo Blog of the World Pinterest Prehistoric Art Pundit Private Wealth Blog PunditMania Quanticalian Quick to Travel Quill Pundit Road Pundit Shelfari SlideShare (akaulins) Sport Pundit Star Pundit Stars Stones and Scholars (blog) Stars Stones and Scholars (book) Stonehenge Pundit The Enchanted Glass Twitter Pundit UbiquitousPundit Vision of Change VoicePundit WatchPundit Wine Pundit Word Pundit xistmz YahooPundit zistmz