decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.


Contact PJ

Click here to email PJ. You won't find me on Facebook Donate Paypal


User Functions

Username:

Password:

Don't have an account yet? Sign up as a New User

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
The 2 CA Laws in the AG's HP Investigation & The Latest
Friday, September 08 2006 @ 01:40 PM EDT

First, the latest. MarketWatch is now reporting that Patricia Dunn has offered to resign if the HP board asks her to, and there will be a special meeting of the board by telephone this weekend to discuss it.

SFGate has some information on two statutes that the California Attorney General Bill Lockyer says are involved in the HP leak probe case. I thought you might like to see them.

Note that they are not necessarily the only two statutes that may come into play, as there are federal laws also, such as the Computer Fraud and Abuse Act, Title 18, Section 1030, subtitled "Fraud and related activity in connection with computers", and there are federal agencies that could get involved, such as the FCC, the FTC, and the SEC, depending on a number of factors. I'm afraid that doing any kind of law-breaking with a computer tends to compound your problems. But these are the two statutes connected to the California investigation.

If you are interested, Electronic Privacy Information Center, EPIC, has a page specifically on its efforts to get laws passed outlawing pretexting of any kind. Here's a letter it sent on April 24, 2006 providing its views on the California law, SB 1666, that would make pretexting illegal and which is now on the Governor's desk. You can read the text as introduced in February. After amendments, it looks like this. This is a website where you can follow California legislative information. And here you can read all about SB1666. Here are EPIC's comments to the FCC, which is also considering what to do about pretexting. MarketWatch has an article on pretexting that gives some tips on how to avoid becoming a victim. One of the companies that EPIC identified as selling personal data -- it claims it has stopped -- also has a few more tips [PDF] on how to protect yourself from pretexters. I have my doubts that anything works 100% currently, when the phone companies use information to authenticate their customers that employers, neighbors, coworkers, and ex-significant others would likely know or could easily find out and misuse.

Here's the snip from the article to get us started :

Chris Hoofnagle, a privacy expert and senior attorney at UC Berkeley's Boalt Hall School of Law, agreed that it appears the pretexting methods employed by HP's investigators violate the law. "Pretexting like this is technically hacking," he said. "This is illegal under state and federal law."

Specifically, Lockyer said, the HP case runs afoul of California Penal Code Section 502, which prohibits "tampering, interference, damage, and unauthorized access to lawfully created computer data and computer systems."

He also said the case involves Penal Code Section 530.5, which bars use of people's personal info "for any unlawful purpose, including to obtain, or attempt to obtain, credit, goods, services or medical information in the name of the other person without the consent of that person." "Pretexting is a serious problem," Lockyer said.

And in HP's case, he said, the company is guilty of breathtaking arrogance if nothing else. "The idea of a corporate official spying on another official is outrageous," Lockyer said. "It's also incredibly stupid."

Here's Penal Code Section 530.5, in colored text so you can easily see where it begins and ends:

(a) Every person who willfully obtains personal identifying information, as defined in subdivision (b), of another person, and uses that information for any unlawful purpose, including to obtain, or attempt to obtain, credit, goods, services, or medical information in the name of the other person without the consent of that person, is guilty of a public offense, and upon conviction therefor, shall be punished either by imprisonment in a county jail not to exceed one year, a fine not to exceed one thousand dollars ($1,000), or both that imprisonment and fine, or by imprisonment in the state prison, a fine not to exceed ten thousand dollars ($10,000), or both that imprisonment and fine.

(b) "Personal identifying information," as used in this section, means the name, address, telephone number, health insurance identification number, taxpayer identification number, school identification number, state or federal driver's license number, or identification number, social security number, place of employment, employee identification number, mother's maiden name, demand deposit account number, savings account number, checking account number, PIN (personal identification number) or password, alien registration number, government passport number, date of birth, unique biometric data including fingerprint, facial scan identifiers, voice print, retina or iris image, or other unique physical representation, unique electronic data including identification number, address, or routing code, telecommunication identifying information or access device, information contained in a birth or death certificate, or credit card number of an individual person.

(c) In any case in which a person willfully obtains personal identifying information of another person, uses that information to commit a crime in addition to a violation of subdivision (a), and is convicted of that crime, the court records shall reflect that the person whose identity was falsely used to commit the crime did not commit the crime.

(d) Every person who, with the intent to defraud, acquires, transfers, or retains possession of the personal identifying information, as defined in subdivision (b), of another person is guilty of a public offense, and upon conviction therefor, shall be punished by imprisonment in a county jail not to exceed one year, or a fine not to exceed one thousand dollars ($1,000), or by both that imprisonment and fine.

(e) Every person who, with the intent to defraud, acquires, transfers, or retains possession of the personal identifying information, as defined in subdivision (b), of another person who is deployed to a location outside of the state is guilty of a public offense, and upon conviction therefor, shall be punished by imprisonment in a county jail not to exceed one year, or a fine not to exceed one thousand five hundred dollars ($1,500), or by both that imprisonment and fine.

(f) For purposes of this section, "deployed" means that the person has been ordered to serve temporary military duty during a period when a presidential executive order specifies that the United States is engaged in combat or homeland defense and he or she is either a member of the armed forces, or is a member of the armed forces reserve or the National Guard, who has been called to active duty or active service. It does not include temporary duty for the sole purpose of training or processing or a permanent change of station.

And now the longer one, California Penal Code Section 502, which I've edited to show the pertinent parts (the rest has to do with things like theft of telephone services, which isn't germane):

(a) It is the intent of the Legislature in enacting this section to expand the degree of protection afforded to individuals, businesses, and governmental agencies from tampering, interference, damage, and unauthorized access to lawfully created computer data and computer systems. The Legislature finds and declares that the proliferation of computer technology has resulted in a concomitant proliferation of computer crime and other forms of unauthorized access to computers, computer systems, and computer data.

The Legislature further finds and declares that protection of the integrity of all types and forms of lawfully created computers, computer systems, and computer data is vital to the protection of the privacy of individuals as well as to the well-being of financial institutions, business concerns, governmental agencies, and others within this state that lawfully utilize those computers, computer systems, and data.

(b) For the purposes of this section, the following terms have the following meanings:

(1) "Access" means to gain entry to, instruct, or communicate with the logical, arithmetical, or memory function resources of a computer, computer system, or computer network.

(2) "Computer network" means any system that provides communications between one or more computer systems and input/output devices including, but not limited to, display terminals and printers connected by telecommunication facilities.

(3) "Computer program or software" means a set of instructions or statements, and related data, that when executed in actual or modified form, cause a computer, computer system, or computer network to perform specified functions.

(4) "Computer services" includes, but is not limited to, computer time, data processing, or storage functions, or other uses of a computer, computer system, or computer network.

(5) "Computer system" means a device or collection of devices, including support devices and excluding calculators that are not programmable and capable of being used in conjunction with external files, one or more of which contain computer programs, electronic instructions, input data, and output data, that performs functions including, but not limited to, logic, arithmetic, data storage and retrieval, communication, and control.

(6) "Data" means a representation of information, knowledge, facts, concepts, computer software, computer programs or instructions. Data may be in any form, in storage media, or as stored in the memory of the computer or in transit or presented on a display device.

(7) "Supporting documentation" includes, but is not limited to, all information, in any form, pertaining to the design, construction, classification, implementation, use, or modification of a computer, computer system, computer network, computer program, or computer software, which information is not generally available to the public and is necessary for the operation of a computer, computer system, computer network, computer program, or computer software.

(8) "Injury" means any alteration, deletion, damage, or destruction of a computer system, computer network, computer program, or data caused by the access, or the denial of access to legitimate users of a computer system, network, or program.

(9) "Victim expenditure" means any expenditure reasonably and necessarily incurred by the owner or lessee to verify that a computer system, computer network, computer program, or data was or was not altered, deleted, damaged, or destroyed by the access.

(10) "Computer contaminant" means any set of computer instructions that are designed to modify, damage, destroy, record, or transmit information within a computer, computer system, or computer network without the intent or permission of the owner of the information. They include, but are not limited to, a group of computer instructions commonly called viruses or worms, that are self-replicating or self-propagating and are designed to contaminate other computer programs or computer data, consume computer resources, modify, destroy, record, or transmit data, or in some other fashion usurp the normal operation of the computer, computer system, or computer network.

(11) "Internet domain name" means a globally unique, hierarchical reference to an Internet host or service, assigned through centralized Internet naming authorities, comprising a series of character strings separated by periods, with the rightmost character string specifying the top of the hierarchy.

(c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public offense:

(1) Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property, or data.

(2) Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network.

(3) Knowingly and without permission uses or causes to be used computer services.

(4) Knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a computer, computer system, or computer network.

(5) Knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network.

(6) Knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network in violation of this section.

(7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.

(8) Knowingly introduces any computer contaminant into any computer, computer system, or computer network.

(9) Knowingly and without permission uses the Internet domain name of another individual, corporation, or entity in connection with the sending of one or more electronic mail messages, and thereby damages or causes damage to a computer, computer system, or computer network.

(d)

(1) Any person who violates any of the provisions of paragraph (1), (2), (4), or (5) of subdivision (c) is punishable by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment in the state prison for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.

(2) Any person who violates paragraph (3) of subdivision (c) is punishable as follows:

(A) For the first violation that does not result in injury, and where the value of the computer services used does not exceed four hundred dollars ($400), by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.

(B) For any violation that results in a victim expenditure in an amount greater than five thousand dollars ($5,000) or in an injury, or if the value of the computer services used exceeds four hundred dollars ($400), or for any second or subsequent violation, by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment in the state prison for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.

(3) Any person who violates paragraph (6) or (7) of subdivision (c) is punishable as follows:

(A) For a first violation that does not result in injury, an infraction punishable by a fine not exceeding one thousand dollars ($1,000).

(B) For any violation that results in a victim expenditure in an amount not greater than five thousand dollars ($5,000), or for a second or subsequent violation, by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.

(C) For any violation that results in a victim expenditure in an amount greater than five thousand dollars ($5,000), by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment in the state prison for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.

(4) Any person who violates paragraph (8) of subdivision (c) is punishable as follows:

(A) For a first violation that does not result in injury, a misdemeanor punishable by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.

(B) For any violation that results in injury, or for a second or subsequent violation, by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment in a county jail not exceeding one year, or in the state prison, or by both that fine and imprisonment.

(5) Any person who violates paragraph (9) of subdivision (c) is punishable as follows:

(A) For a first violation that does not result in injury, an infraction punishable by a fine not one thousand dollars.

(B) For any violation that results in injury, or for a second or subsequent violation, by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.

(e)

(1) In addition to any other civil remedy available, the owner or lessee of the computer, computer system, computer network, computer program, or data who suffers damage or loss by reason of a violation of any of the provisions of subdivision (c) may bring a civil action against the violator for compensatory damages and injunctive relief or other equitable relief. Compensatory damages shall include any expenditure reasonably and necessarily incurred by the owner or lessee to verify that a computer system, computer network, computer program, or data was or was not altered, damaged, or deleted by the access. For the purposes of actions authorized by this subdivision, the conduct of an unemancipated minor shall be imputed to the parent or legal guardian having control or custody of the minor, pursuant to the provisions of Section 1714.1 of the Civil Code.

(2) In any action brought pursuant to this subdivision the court may award reasonable attorney's fees.

(3) A community college, state university, or academic institution accredited in this state is required to include computer-related crimes as a specific violation of college or university student conduct policies and regulations that may subject a student to disciplinary sanctions up to and including dismissal from the academic institution. This paragraph shall not apply to the University of California unless the Board of Regents adopts a resolution to that effect.

(4) In any action brought pursuant to this subdivision for a willful violation of the provisions of subdivision (c), where it is proved by clear and convincing evidence that a defendant has been guilty of oppression, fraud, or malice as defined in subdivision (c) of Section 3294 of the Civil Code, the court may additionally award punitive or exemplary damages.

(5) No action may be brought pursuant to this subdivision unless it is initiated within three years of the date of the act complained of, or the date of the discovery of the damage, whichever is later.

(f) This section shall not be construed to preclude the applicability of any other provision of the criminal law of this state which applies or may apply to any transaction, nor shall it make illegal any employee labor relations activities that are within the scope and protection of state or federal labor laws.

(g) Any computer, computer system, computer network, or any software or data, owned by the defendant, that is used during the commission of any public offense described in subdivision (c) or any computer, owned by the defendant, which is used as a repository for the storage of software or data illegally obtained in violation of subdivision (c) shall be subject to forfeiture, as specified in Section 502.01.

(h)

(1) Subdivision (c) does not apply to punish any acts which are committed by a person within the scope of his or her lawful employment. For purposes of this section, a person acts within the scope of his or her employment when he or she performs acts which are reasonably necessary to the performance of his or her work assignment.

(2) Paragraph (3) of subdivision (c) does not apply to penalize any acts committed by a person acting outside of his or her lawful employment, provided that the employee's activities do not cause an injury, as defined in paragraph (8) of subdivision (b), to the employer or another, or provided that the value of supplies or computer services, as defined in paragraph (4) of subdivision (b), which are used does not exceed an accumulated total of one hundred dollars ($100).

(i) No activity exempted from prosecution under paragraph (2) of subdivision (h) which incidentally violates paragraph (2), (4), or (7) of subdivision (c) shall be prosecuted under those paragraphs.

(j) For purposes of bringing a civil or a criminal action under this section, a person who causes, by any means, the access of a computer, computer system, or computer network in one jurisdiction from another jurisdiction is deemed to have personally accessed the computer, computer system, or computer network in each jurisdiction.

(k) In determining the terms and conditions applicable to a person convicted of a violation of this section the court shall consider the following:

(1) The court shall consider prohibitions on access to and use of computers.

(2) Except as otherwise required by law, the court shall consider alternate sentencing, including community service, if the defendant shows remorse and recognition of the wrongdoing, and an inclination not to repeat the offense.

502.01.

(a) As used in this section:
(1) "Property subject to forfeiture" means any property of the defendant that is illegal telecommunications equipment as defined in subdivision (g) of Section 502.8, or a computer, computer system, or computer network, and any software or data residing thereon, if the telecommunications device, computer, computer system, or computer network was used in committing a violation of, or conspiracy to commit a violation of, subdivision (b) of Section 272, Section 288, 288.2, 311.1, 311.2, 311.3, 311.4, 311.5, 311.10, 311.11, 422, 470, 470a, 472, 475, 476, 480, 483.5, 484g, or subdivision (a), (b), or (d) of Section 484e, subdivision (a) of Section 484f, subdivision (b) or (c) of Section 484i, subdivision (c) of Section 502, or Section 502.7, 502.8, 529, 529a, or 530.5, 537e, 593d, 593e, or 646.9, or was used as a repository for the storage of software or data obtained in violation of those provisions. Forfeiture shall not be available for any property used solely in the commission of an infraction. If the defendant is a minor, it also includes property of the parent or guardian of the defendant.

(2) "Sentencing court" means the court sentencing a person found guilty of violating or conspiring to commit a violation of subdivision (b) of Section 272, Section 288, 288.2, 311.1, 311.2, 311.3, 311.4, 311.5, 311.10, 311.11, 422, 470, 470a, 472, 475, 476, 480, 483.5, 484g, or subdivision (a), (b), or (d) of Section 484e, subdivision (d) of Section 484e, subdivision (a) of Section 484f, subdivision (b) or (c) of Section 484i, subdivision (c) of Section 502, or Section 502.7, 502.8, 529, 529a, 530.5, 537e, 593d, 593e, or 646.9, or, in the case of a minor, found to be a person described in Section 602 of the Welfare and Institutions Code because of a violation of those provisions, the juvenile court.

(3) "Interest" means any property interest in the property subject to forfeiture.

(4) "Security interest" means an interest that is a lien, mortgage, security interest, or interest under a conditional sales contract.

(5) "Value" has the following meanings:

(A) When counterfeit items of computer software are manufactured or possessed for sale, the "value" of those items shall be equivalent to the retail price or fair market price of the true items that are counterfeited.

(B) When counterfeited but unassembled components of computer software packages are recovered, including, but not limited to, counterfeited computer diskettes, instruction manuals, or licensing envelopes, the "value" of those components of computer software packages shall be equivalent to the retail price or fair market price of the number of completed computer software packages that could have been made from those components.

(b) The sentencing court shall, upon petition by the prosecuting attorney, at any time following sentencing, or by agreement of all parties, at the time of sentencing, conduct a hearing to determine whether any property or property interest is subject to forfeiture under this section. At the forfeiture hearing, the prosecuting attorney shall have the burden of establishing, by a preponderance of the evidence, that the property or property interests are subject to forfeiture. The prosecuting attorney may retain seized property that may be subject to forfeiture until the sentencing hearing.

(c) Prior to the commencement of a forfeiture proceeding, the law enforcement agency seizing the property subject to forfeiture shall make an investigation as to any person other than the defendant who may have an interest in it. At least 30 days before the hearing to determine whether the property should be forfeited, the prosecuting agency shall send notice of the hearing to any person who may have an interest in the property that arose before the seizure.

A person claiming an interest in the property shall file a motion for the redemption of that interest at least 10 days before the hearing on forfeiture, and shall send a copy of the motion to the prosecuting agency and to the probation department.

If a motion to redeem an interest has been filed, the sentencing court shall hold a hearing to identify all persons who possess valid interests in the property. No person shall hold a valid interest in the property if, by a preponderance of the evidence, the prosecuting agency shows that the person knew or should have known that the property was being used in violation of, or conspiracy to commit a violation of, subdivision (b) of Section 272, Section 288, 288.2, 311.1, 311.2, 311.3, 311.4, 311.5, 311.10, 311.11, 470, 470a, 472, 475, 476, 480, 483.5, 484g, or subdivision (a), (b), or (d) of Section 484e, subdivision (a) of Section 484f, subdivision (b) or (c) of Section 484i, subdivision (c) of Section 502, or Section 502.7, 502.8, 529, 529a, 530.5, 537e, 593d, 593e, or 646.9, and that the person did not take reasonable steps to prevent that use, or if the interest is a security interest, the person knew or should have known at the time that the security interest was created that the property would be used for a violation.

(d) If the sentencing court finds that a person holds a valid interest in the property, the following provisions shall apply:

(1) The court shall determine the value of the property.

(2) The court shall determine the value of each valid interest in the property.

(3) If the value of the property is greater than the value of the interest, the holder of the interest shall be entitled to ownership of the property upon paying the court the difference between the value of the property and the value of the valid interest.

If the holder of the interest declines to pay the amount determined under paragraph (2), the court may order the property sold and designate the prosecutor or any other agency to sell the property. The designated agency shall be entitled to seize the property and the holder of the interest shall forward any documentation underlying the interest, including any ownership certificates for that property, to the designated agency. The designated agency shall sell the property and pay the owner of the interest the proceeds, up to the value of that interest.

(4) If the value of the property is less than the value of the interest, the designated agency shall sell the property and pay the owner of the interest the proceeds, up to the value of that interest.

(e) If the defendant was a minor at the time of the offense, this subdivision shall apply to property subject to forfeiture that is the property of the parent or guardian of the minor.

(1) The prosecuting agency shall notify the parent or guardian of the forfeiture hearing at least 30 days before the date set for the hearing.

(2) The computer or telecommunications device shall not be subject to forfeiture if the parent or guardian files a signed statement with the court at least 10 days before the date set for the hearing that the minor shall not have access to any computer or telecommunications device owned by the parent or guardian for two years after the date on which the minor is sentenced.

(3) If the minor is convicted of a violation of Section 288, 288.2, 311.1, 311.2, 311.3, 311.4, 311.5, 311.10, 311.11, 470, 470a, 472, 476, 480, or subdivision (b) of Section 484e, subdivision (d) of Section 484e, subdivision (a) of Section 484f, subdivision (b) of Section 484i, subdivision (c) of Section 502, or Section 502.7, 502.8, 529, 529a, or 530.5, within two years after the date on which the minor is sentenced, and the violation involves a computer or telecommunications device owned by the parent or guardian, the original property subject to forfeiture, and the property involved in the new offense, shall be subject to forfeiture notwithstanding paragraph (2).

(4) Notwithstanding paragraph (1), (2), or (3), or any other provision of this chapter, if a minor's parent or guardian makes full restitution to the victim of a crime enumerated in this chapter in an amount or manner determined by the court, the forfeiture provisions of this chapter do not apply to the property of that parent or guardian if the property was located in the family's primary residence during the commission of the crime.

(f) Notwithstanding any other provision of this chapter, the court may exercise its discretion to deny forfeiture where the court finds that the convicted defendant, or minor adjudicated to come within the jurisdiction of the juvenile court, is not likely to use the property otherwise subject to forfeiture for future illegal acts.

(g) If the defendant is found to have the only valid interest in the property subject to forfeiture, it shall be distributed as follows:

(1) First, to the victim, if the victim elects to take the property as full or partial restitution for injury, victim expenditures, or compensatory damages, as defined in paragraph (1) of subdivision (e) of Section 502. If the victim elects to receive the property under this paragraph, the value of the property shall be determined by the court and that amount shall be credited against the restitution owed by the defendant. The victim shall not be penalized for electing not to accept the forfeited property in lieu of full or partial restitution.

(2) Second, at the discretion of the court, to one or more of the following agencies or entities:

(A) The prosecuting agency.

(B) The public entity of which the prosecuting agency is a part.

(C) The public entity whose officers or employees conducted the investigation resulting in forfeiture.

(D) Other state and local public entities, including school districts.

(E) Nonprofit charitable organizations.

(h) If the property is to be sold, the court may designate the prosecuting agency or any other agency to sell the property at auction. The proceeds of the sale shall be distributed by the court as follows:

(1) To the bona fide or innocent purchaser or encumbrancer, conditional sales vendor, or mortgagee of the property up to the amount of his or her interest in the property, if the court orders a distribution to that person.

(2) The balance, if any, to be retained by the court, subject to the provisions for distribution under subdivision (g).

502.9. Upon conviction of a felony violation under this chapter, the fact that the victim was an elder or dependent person, as defined in Section 288, shall be considered a circumstance in aggravation when imposing a term under subdivision (b) of Section 1170.


  


The 2 CA Laws in the AG's HP Investigation & The Latest | 149 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Corrections here
Authored by: MathFox on Friday, September 08 2006 @ 01:45 PM EDT
In case PJ make a mistake...

---
If an axiomatic system can be proven to be consistent and complete from within
itself, then it is inconsistent.

[ Reply to This | # ]

Penal Code Section 530.5
Authored by: rsteinmetz70112 on Friday, September 08 2006 @ 01:50 PM EDT
Seems to require an intent to defraud or obtain services or for some other
illegal purpose. That does not seem to have happened.

Investigating leaks of confidential information would seem to be a legal
activity. Simply looking at the information for the purpose of determining who
leaked a confidential information would not seem to be illegal. There was no
apparent intent to use the information.

---
Rsteinmetz - IANAL therefore my opinions are illegal.

"I could be wrong now, but I don't think so."
Randy Newman - The Title Theme from Monk

[ Reply to This | # ]

Lack of enforcement, rather than lack of law?
Authored by: Ashe on Friday, September 08 2006 @ 01:55 PM EDT
So the upshot is that technically, they don't actually need a law against
pretexting, it's already covered under the broad laws they already have?



---
"I am exhausted from living up to your expectations"

[ Reply to This | # ]

California Penal Code Section 502
Authored by: rsteinmetz70112 on Friday, September 08 2006 @ 02:05 PM EDT
Paragraph C (6) and (7) seem to be the only parts violated.

Again all of the rest of them require some intent to use the information for
fraud or something illegal or disrupt the system in some way.

It seems the penalty is then set at a maximum fine of $1,000.

I can't see an illegal purpose behind any of the actions which would kick it up
to a more serious offense.

---
Rsteinmetz - IANAL therefore my opinions are illegal.

"I could be wrong now, but I don't think so."
Randy Newman - The Title Theme from Monk

[ Reply to This | # ]

Off Topic Here
Authored by: artp on Friday, September 08 2006 @ 02:13 PM EDT
Please see the instructions for HTML posting in the reply editor.

And I always forget to click the radio button for HTML posting.

[ Reply to This | # ]

Was Dunn a mentor to Fiora
Authored by: Anonymous on Friday, September 08 2006 @ 02:28 PM EDT
Was Dunn aserious backer of Fiora?

I notice that one of the early pieces said something like
" she has been upset with leaks that seem to have begun
in the time of Carly Fiora". IS this more of getting Fiora opponents out
then in punishing this incident?

[ Reply to This | # ]

The 2 CA Laws in the AG's HP Investigation
Authored by: Anonymous on Friday, September 08 2006 @ 02:51 PM EDT
IANAL but is it not a simple case of criminal fraud to represent yourself as
some one else in order to obtain the records for that other person? If the
record is only supposed to be available to the individual then saying you are
that person to obtain it is effectivly identity theft which is a form of fraud
is it not?

[ Reply to This | # ]

    Question: Contrarian outlook
    Authored by: Anonymous on Friday, September 08 2006 @ 02:52 PM EDT
    Answer: what you need to explain this.
    Looks way toppy to me but who knows?

    [ Reply to This | # ]

    Plausible Deniability
    Authored by: Anonymous on Friday, September 08 2006 @ 03:09 PM EDT
    This may end up in some criminal charges although I doubt that since the main purpose for having three intermediaries (a law firm, a private investigator, and the outfit that actually did the "pretexting", i.e., fraud) is to provide plausible deniability for HP. I bet they'll successfully claim that they had NO earthly idea (honest injun) that anything illegal was ever involved. As if they think there's some perfectly legal way to get hold of someones phone logs.

    So we a scenario like: Sonsini assures HP that it was all legal, which absolves HP, and then Sonsini claiming that some junior lawyer told him it was all legal, which absolves Sonsini. So, at best, the junior lawyer and the private investigator (whom no one will name yet) will end up holding the bag. I wonder if the company that does the "pretexting" will have any liability?

    inal, etc.

    [ Reply to This | # ]

    I am on HP's side
    Authored by: argee on Friday, September 08 2006 @ 04:21 PM EDT
    The duties and responsibilities of a director to his
    corporation are sacred. That trust was broken. From
    this act all this hoopla ensued. The leaker shoud be
    dismissed, and perhaps even held accountable. No
    corporation can have a traitor in its midst.

    Dissent is different, can even be public, but the
    director in question cannot divulge things at a meeting
    if he swore he would keep it confidential.

    Pretexting. What can I say? This is a common tool of
    the press, reporters and the media. Movies are made of
    it, and we see it all the time. These laws are fine, but
    are probably trumped by the first amendement in the case
    of the press.

    "But this was not the press," you say! Well, it seems to
    me that it *did* get to the press, and the end result was
    to "open the cloak of secrecy", so even if the personds
    doing it were not reporters, the end result was to air it
    out. This is only a matter of degree.

    Innocent third parties? I feel for them. They should not
    deal with companies that so easily are duped into releasing
    sensitive data. If there is any liability anywhere, it
    is here: like person A should sue AT&T for being careless
    with his data. Would be hard to prove significant damages,
    though.

    In short, I see this as a legitimate corporate squabble,
    and the law simply got in the way (on both sides). It may
    be the stuff of a scandal, and I am sure lawyers will
    extract huge fees out of it, but I do not see where the
    public got harmed.

    And the scandal is misdirected. The scandal here is the
    leaker that got caught, not the pretexting baloney.

    My vote: 90% for HP, 10% for ... hmmmmm ... whoever.





    ---
    --
    argee

    [ Reply to This | # ]

    The Cart In Front of the Horse
    Authored by: Anonymous on Friday, September 08 2006 @ 05:43 PM EDT
    1) From my understanding of what information has been made availible so far, HP
    hired an investigator to look into the matter for them. They (that is, direct
    employees of HP) did not directly engage in the type of social engineering that
    people are labelling "pretexting" here. In such a case, I fail to see
    why everyone is worried about charges being filed against directors or some sort
    of sanction against HP when the investigation was specifically done with a
    contractor whose SUBcontractor actually did the pretexting. I would think it
    would be the contractor and subcontractor in hot water, even if the board may
    have committed ethical mis-steps.

    2) There may be private agreements here we dont know about. I work for a
    consulting firm part owned by microsoft and accenture. This firm does a good
    bit of business as a partner of HP in providing infrastructure transformation
    services in the Microsoft space. I know that I when I joined the company, I
    signed a business protection agreement which, while I cannot go into specific
    terms, essentially gives my company the right to investigate me, my financial
    history, my use of company funds, etc etc. As a director, there may be a
    private agreement that specifically cedes some of these abilities to HP so long
    as any investigation conducted is in compliance with the law.

    3) Is anyone here familiar with the california statues and whether or not
    intent and NDA or BPA rights can affect statutory prohibitions? In the case
    where there is a legally binding pre-existing private agreement that
    specifically allows certain types of information searches or investigations,
    would using such unethical methods still be illegal if the subject of the
    searches were to have ceded specific rights to do so?

    ---
    Clocks
    "Ita erat quando hic adveni."

    [ Reply to This | # ]

    Something that bothers me
    Authored by: Anonymous on Friday, September 08 2006 @ 06:07 PM EDT
    ...is how few seem to comment on the spying on journalists through
    "pretexting" in order to find out their confidential sources.

    Investigating their board for a leak, that's one thing, even if the methods were
    illegal, I can understand the motive.

    But pretending to be a journalist in order to find out their sources, that is
    something completley different.

    [ Reply to This | # ]

    Sherlock Holmes did it, so it must be OK!
    Authored by: Anonymous on Saturday, September 09 2006 @ 05:37 AM EDT
    In The Adventure of the Missing Three-Quarter, Holme fraudulently pretends to be the sender of a telegram in order to discover who the addressee was. As he observes "Of course, with a warrant we could demand to see the counterfoils, but we have not reached that stage yet. I don’t suppose they remember faces in so busy a place. Let us venture it."

    It seems little has changed ...

    [ Reply to This | # ]

    However, if you clicked thru a EULA then you have given broad permission to be investigated.
    Authored by: Anonymous on Saturday, September 09 2006 @ 09:20 AM EDT
    If you clicked thru a software EULA and installed software then you might find
    that YOU HAVE GIVEN VERY BROAD PERMISSION FOR YOU TO BE INVESTIGATED NOT ONLY
    FOR SOFTWARE THEFT ISSUES, ETC... but, for the EULA empowered vendor(s), you
    could be broadly investigated for something and if they run into something
    else... well, that is life.

    THE EULA is a violation of citizen rights, and it contrary to the idea of
    consumer protection, and citizen rights.

    IF HP, ever had in it's possession a Board sign off, or had them click thru a
    Board only encrypted software communication application (with a broad
    Microsoft-like EULA) then, maybe there is no crime?

    The EULA might say simply that you consent to being investigated. The courts
    have supported this language in the past, so why not in this type of case (if
    not specific to this case, then maybe other types of investigations might
    apply).

    The CIA or FBI would love to have every citizen sign a EULA as then there would
    be no problem to investigating anyone for any reason.... as they have given
    permission for being investigated in the EULA.

    The next investigation by software companies is going to be for infringers of
    software and business method patents... and since you have clicked thru a EULA
    in the past (who hasn't) then you can be openly investigated for intellectual
    property infringement... because you have said you consent to this by clicking
    thru the EULA.

    It would be interesting if the Computer Abuse and Fraud act were rendered
    useless as a protection against an evil vendor, by the fact that you have
    clicked "I AGREE" on their, or a partner', EULA? Hey, Microsoft does
    not investigate you, they assign a 3rd party to do that, the BSA is their
    investigator (and the BSA was not mentioned as party to the click thru EULA at
    all)!

    [ Reply to This | # ]

    Stephen Shankland and his father were (are?) also targeted
    Authored by: ak on Saturday, September 09 2006 @ 09:24 AM EDT
    An HP spokesman said reporter Stephen Shankland's records were targeted by a subcontractor working for a private investigator hired by the company. Shankland was a contributing reporter on a Jan. 23 article about a long-term board planning session that apparently angered HP Chairman Patricia Dunn, who launched the investigation.
    In a twist that indicates the extent of HP's investigation, the personal phone records of Shankland's father, Thomas, a semi-retired physicist in New Mexico, were also targeted, a prosecutor for the California attorney general's office said. The attorney general's office said the HP investigator obtained Thomas Shankland's home and cell phone numbers and requested that his full phone records be obtained. It's not clear if the investigators actually obtained the records.
    HP probe snared a third News.com reporter
    In a surprising twist, telephone records of CNET News.com reporter Stephen Shankland's father were targeted.

    By Jim Kerstetter, Staff Writer, CNET News.com, September 8, 2006

    Stephen Shankland also reported about activities of the leadership of The SCO Group Inc. and Hewlett Packard is one of the main supporters of The SCO Group Inc.

    [ Reply to This | # ]

    What the heck is "pretexting"?
    Authored by: Jude on Saturday, September 09 2006 @ 09:27 AM EDT
    Can anyone explain to what the difference is between "pretexting" and
    just plain old lying, misrepresentation, and/or fraud?

    [ Reply to This | # ]

    Social Security Info
    Authored by: Bill The Cat on Saturday, September 09 2006 @ 10:13 AM EDT
    So, just where did the PIs get the social security number information. All of it or the last four digits are not normal information just lying around.

    Is is possible that HP provided this information? I don't know where else those doing the investigations could have acquired it.

    Any ideas?

    ---
    Bill Catz

    [ Reply to This | # ]

    Fave quote
    Authored by: grundy on Saturday, September 09 2006 @ 10:31 AM EDT
    While reading all the links from thursday afternoon's articles
    I found this gem, regarding that Ms Dunn done done:

    "According to Perkins' attorney, Viet Dinh, ...
    'This is the corporate governance equivalent of
    using an elephant gun to shoot a butterfly in a gun-free zone.'"

    (sorry, I forgot to record which link)

    [ Reply to This | # ]

    The Smoking Gun website has letter sent from Mr. Perkins
    Authored by: Anonymous on Saturday, September 09 2006 @ 11:51 AM EDT
    I thought you all would be interested. Clicky.

    [ Reply to This | # ]

    HP's Dunn says she has no plans to resign
    Authored by: Chris Lingard on Saturday, September 09 2006 @ 12:56 PM EDT

    In a surprising press release from Reuters Chairman Patricia Dunn denied all knowledge of the wire tap.

    Dunn said she did not know private investigators hired by the computer maker had used questionable tactics to access private phone records of board directors and journalists.

    "Our board certainly had no idea" of the privacy breaches, Dunn said in an interview on Friday, adding, "This problem won't recur."

    So who did pay the investigators that made the wire taps?

    [ Reply to This | # ]

    What a dilemma!
    Authored by: Anonymous on Sunday, September 10 2006 @ 12:58 AM EDT
    From the article:
    "Patricia Dunn has offered to resign if the HP board asks her to, and there will be a special meeting of the board by telephone this weekend to discuss it."
    No matter how I felt about Patricia Dunn, if I were on the board I'd have serious second thoughts about picking up the phone for this conference call. *gleep*

    [ Reply to This | # ]

    Groklaw © Copyright 2003-2013 Pamela Jones.
    All trademarks and copyrights on this page are owned by their respective owners.
    Comments are owned by the individual posters.

    PJ's articles are licensed under a Creative Commons License. ( Details )