Thursday, September 14, 2006

HP learns a privacy lesson

Some have opined that privacy is dead. David Brin's book length treatment of this idea in The Transparent Society is well worth reading. But I have to disagree with him and other commentators who forecast the demise of privacy in general or even just informational privacy.

Privacy is certainly evolving, but it's far from moribund.

The recent resignation by the chair of Hewlett Packard's board of directors, Patricia Dunn, reveals that there are consequences for violating people's privacy. What is shocking to me is that the chair was so daft to think that she could violate the privacy of the members of the board and they wouldn't care.

It's one thing to violate people's privacy when they're your own peasants employees, but to think she could get away with treating her own corporate board like this is the height of hubris.

The story hit the news when a recent SEC filing by Hewlett Packard corporation revealed that a director had resigned due to concerns regarding the legality and propriety of actions by the corporation.

“[F]ollowing his resignation [from the Board of Directors,] Mr. Perkins sought information from HP concerning the methods used to conduct HP’s investigations into the leaks, asserted that phone and e-mail communications had been improperly recorded as part of the investigation, and informed HP that he had recently consulted with counsel regarding that assertion...HP informed Mr. Perkins that no recording or eavesdropping had occurred, but that some form of “pretexting” for phone record information, a technique used by investigators to obtain information by disguising their identity, had been used. Mr. Perkins, although no longer a director, then requested that HP conduct an inquiry into the propriety of the techniques used to conduct the investigation.” |HP’s Form 8-K|
The California Attorney General’s office is investigating whether the pretexting violated California's identity theft law.
"Pretexting like this is technically hacking," [California Attorney General Bill Lockyer] said. "This is illegal under state and federal law." Specifically, Lockyer said, the HP case runs afoul of California Penal Code Section 502, which prohibits "tampering, interference, damage, and unauthorized access to lawfully created computer data and computer systems." He also said the case involves Penal Code Section 530.5, which bars use of people's personal info "for any unlawful purpose, including to obtain, or attempt to obtain, credit, goods, services or medical information in the name of the other person without the consent of that person." |San Francisco Chronicle|
Not only were the records of HP’s Board of Directors obtained through pretexting, but also the phone records of several reporters, according to C-Net’s Jim Kerstetter.

Now, the U.S. House of Representative’s Energy and Commerce Committee is also requesting information on HP’s actions.

No comments: