October 02, 2006, 4:52 PM — A snapshot of what bloggers are saying about the latest in information technology
I love a good corporate scandal, and Silicon Valley, in its own coming of age, has started to produce them, most recently with the revelation that former Hewlett-Packard chairman Patricia Dunn called in spies. The most recent Time Magazine gives the lurid details of this episode, which some say is of the same scope as the notorious Enron scandal. The intent was to spy on their own directors' personal phone records, in an attempt to discover where leaks were coming from. The level of outrage is a few notches below that of Enron, but perhaps by now the public has become a bit jaded. We no longer expect our corporate leaders to act responsibly. I've been following another one, unrelated to the HP scandal but no less shocking, which involves another very large company, and you can visit my own blog on the subject here.
But back to HP. It was a surprisingly simple ruse, as corporate espionage usually is. If you watch the movies, you think of spies as jet-setting around the world, driving Aston-Martins and employing wildly sophisticated equipment that can do virtually anything. And it's true about the equipment, industrial spies do use an impressive selection of electronic toys, but most of their work is done with simple telephone calls and dumpster-diving.
For the most part, industrial espionage is an accepted, if back-room practice, that is mostly legal. Every company does intelligence gathering on their competitors, but occasionally a line gets crossed. Patricia Dunn crossed that line, and her actions may even result in criminal charges. Her spies used a ruse called pretexting, which involved calling phone companies and pretending to be someone else in order to obtain telephone records. In addition to using this ruse to obtain phone records of their own directors, HP also gathered phone records of nine journalists.
The White Collar Crime Prof Blog weighs in on this and other corporate scandals, noting that since ten witnesses took the Fifth at the House Subcommittee hearing, it looks like everyone was working together. On the surface, the story is that the investigators' specific actions were unknown to the HP executives, but this is the oldest corporate and political ruse in the book: When the top dog makes it known that they want a particular result, but doesn't specifically give the order so as to provide for a level of plausible deniability. But the prof says that under conspiracy laws, an agreement doesn't have to be expressly made, although there's still some question as to the extent of the legality or illegality of pretexting. There's no question that these actions were unethical, and if they weren't illegal, they certainly should have been. If there's no other outcome here, it should at least be that other corporations will now keep a closer watch on their industrial espionage activities.
The Wall Street Journal's law blog also says that it would be "difficult" to establish that HP execs are responsible, even if the courts were to determine that a crime was indeed committed. It would seem that the spies are going to be made to fall on their own swords.
Rich Tehrani's VoIP blog weighs in with some interesting considerations, telling us just how surprisingly easy it is to obtain phone records with little more than a phone number and the last four digits of the person's social security number. Tehrani rightly questions why phone companies and credit card companies make this sort of information so accessible, even though there is technology in existence that would minimize the ability of people to use pretexting. Consider it a wake-up call. We've all become aware of the risks of identity theft, and there are a million precautions that are taken. Companies have put procedures in place to make sure that financial data such as credit card numbers are kept safe. It's time to extend that same concern to other types of data as well--such as phone records.
