More details are emerging in the HP leak probe story. You can now, thanks to CNET, read [PDF] for yourself, without having to rely on journalistic interpretations, more documents in addition to the Tom Perkins letter to the board of directors and AT&T's letter to him about his account that we linked to yesterday. CNET's PDF has the following in it, and note the last item:
Tom Perkins's signed two-page letter (on KPC&B letterhead)
to the directors, including this sentence: "As the Company failed to make a full and accurate report (as required by federal law) and having given the Company several opportunities to correct the record, I am now legally obliged to disclose publicly the reasons for my resignation." There is no date on this letter, as scanned;
a two-page signed letter from Travis M. Dodd of AT&T to
Mr. Perkins, outlining the pretexting attacks (and making
it clear, incidentally, that it was Mr. Perkins's home
telephone account which was hacked;
an email from Mr. Perkins to Ann Baskins (identified by the Wall St. Journal as the head of HP's legal department, dated July 18, 2006, in which he tells her that, after reviewing the draft of the minutes of the board meeting of May 18, he can't accept them. He states that it's not true that he ever approved of the surveillance, as the minutes indicate he did. On the contrary, he questioned its legality at the meeting. He was under the impression that the investigation would be looking at "calendars, travel schedules" and the like. Beneath his email you find hers to him, a cover email sent with the "confidential draft minutes" of the May 18 meeting. Note this is not a draft of the 8K.
an e-mail from Mr. Perkins to Ann Baskins and the HP board members, dated July 28, 2006:
"As previously stated, I cannot accept these minutes. While a number of points were made in my earlier memo, the essential point to be acknowledged is that the sub-rosa surveillance of the HP Board member's personal communications was, and is, illegal....
"Interestingly, HP has on its board an expert in the matter, namely Larry Babbio, whose company, Verizon, has testified before the F.C.C. on the illegality of the practice, and has filed suits against consultants who engage in 'pretexting.' I attach two pertinent documents pertaining to Verizon's activities in the area. Indeed, AT&T, my home telephone carrier, has confirmed that my confidential records have been compromised pursuant a fraudulent pretext, where the imposter pretending to be me opened an untraceable and inaccessible online account in order to steal the records. AT&T is investigating further....
"I did not resign from the board for frivolous reasons, but because HP was standing into dangerous waters -- waters hazardous with both illegal and unconscionable governance practices -- and because my advice was being ignored. I have had a long history with the company; and I am appalled at the events, and at the disclosures of the May 18th meeting, which are so out of character for the corporation, formerly an icon of the Valley.
"I trust that the board will undertake an investigation and take corrective action, without external pressure."
That, of course, is what appears not to have happened. The question now, I gather, is who knew what and when did they know it?
Now, if every member of the board got that last email, a natural question is, why did it take until September, after public reports of the dispute hit the media, to file the information about the dispute and the reasons for the Perkins resignation with the SEC? It's a long, long time between May and September. You can compare the email with the recent HP SEC filing's account:
At the time of his resignation, Mr. Perkins did not provide any written communication to HP concerning the reasons for his resignation. Following his resignation, and after HP on May 22 had disclosed the fact of Mr. Perkins' resignation on Form 8-K in accordance with the applicable federal securities laws, Mr. Perkins notified HP that he had concerns with the HP Board's handling of investigations that had been conducted into leaks of confidential HP information from meetings of the HP Board of Directors.
So an investigation by AT&T is added to the list. And the issue with the SEC is now clear. Mr. Perkins noticed HP in his letter that in his view the 8K filed on May 22nd (press release filed with it as an exhibit) was defective, because it didn't describe his "objection to and disagreement with the Company's operations, policies and practices as they relate to the chair's improper and likely unlawful investigation."
And while it may be technically true that no written objections were presented by Perkins prior to the May 22nd filing, I'm not clear on when he would have had time to do so, since the date of the report on the 8K is May 18, the date he resigned, it's dated at the bottom on the 19th, as is the press release, and then filed on the 22nd. So unless he wrote mighty fast, I don't quite see how he had time to provide a written statement. His letter says that he was never given the opportunity to read the 8K prior to its filing, despite having, in his view, the legal right:
At no time has the Company provided me with a copy of the filing or advised me on my right to review and approve it, as mandated by Item 5.02 of Form 8-K."
His July email opens by saying that he'd requested "the final approved minutes of the May 18th minutes" but had not been sent them. Now, I have to mention that I don't know, and I don't think anyone yet knows, precisely what happened. Anyone can write up a letter or an 8K filing after the fact and say whatever they think is helpful to them legally, once it's clear there is a rat's nest falling on one's head. All I'm doing is highlighting the issues I see, the areas where I see conflicting accounts.
The investigation will probably turn, I would imagine, on whether HP had reason to know by his verbal remarks that he disagreed materially with the company's policies and practices. If a board member storms out, saying he is resigning after a 90-minute heated discussion, do you or don't you know he has objections to and disagreements with the Company's operations, policies and practices? Perkins, according to his letter, told HP's board in July that, in his view, as a publicly traded company, it was required to file with the SEC any time a director resigns in protest over the company's policies. He also told them he had retained a lawyer to advise him. Then there is the issue of whether HP was obligated to show him the 8K prior to filing on the 22nd.
You definitely do not want to get into a dispute with a lawyer, if you are not one. But notice that lawyers, when they are in a dispute, do not rely upon their own legal knowledge and abilities. Lawyers hire lawyers.
Attorney General Bill Lockyer has been quoted all over saying that he doesn't know yet if the pretexting was illegal, but that it certainly was "colossally stupid," and
this SFGate.com article gives an indication of when he'll tell us if it was illegal or not:
Lockyer said his office is investigating five other cases of pretexting. But only the HP case involved a corporate boardroom dispute. The others involved data-mining and identity theft.
"This is very unique," he said.
The results of the investigation may be announced in several weeks, he added.
"They are presumed innocent until we determine otherwise," he said. "Still, I think the reputational injury may be the worst aspect of it." ...
Company spokesman Ryan Donovan said, "Perkins was asked if he was leaving because of any disagreement with HP, and he indicated no. Based on that, HP submitted the filing in May."
One hopes it is unique. The article quotes Charles Elson, director of the Weinberg Center for Corporate Governance of the University of Delaware, who says in his opinion, HP should have disclosed the dispute whether Perkins put his reasons in writing or not. We'll see what the SEC decides on that one. Newsweek's update has more info on a subpoena issued by the California AG:
NEWSWEEK has learned that the attorney general has issued at least one search warrant in connection with that investigation. Signed Aug. 31 by a California Superior Court judge, the warrant allows the state to search the records of a communications company. The warrant, a copy of which was obtained by NEWSWEEK, is an attempt to discover the identity of the pretexter who obtained Perkins's telephone records. The warrant may be just one of many issued in the attorney general's investigation.
Editorials are beginning to show up now too, like this one in the Mercury News by Mike Langberg, who says the chairwoman, Patricia Dunn, should leave:
If you've got a pension or a 401(k) or own mutual funds, you've probably got a stake in HP or other big corporations.
You want those companies answering to accomplished, experienced directors.
But who would serve on a board where the chair might single-handedly decide to invade directors' privacy?
But did chairwoman Dunn act alone? Was she really the only person who knew about the investigation? The HP 8K filed yesterday indicates otherwise:
As a result, the Chairman of the Board, and ultimately an internal group within HP, working with a licensed outside firm specializing in investigations, conducted investigations into possible sources of the leaks of confidential information at HP.
So who else was involved? How much did they authorize? Investigations, plural? And when did the "internal group" learn about the pretexting? How much did they know? And the biggest question of all: did HP authorize it? The Newsweek article by David Kaplan that broke this story tells us this:
HP's chairwoman, Patricia Dunn, told another director she wanted to know who it was; she was fed up with ongoing leaks to the media going back to CEO Carly Fiorina's tumultuous tenure that ended in early 2005. According to an internal HP e-mail, Dunn then took the extraordinary step of authorizing a team of independent electronic-security experts to spy on the January 2006 communications of the other 10 directors -- not the records of calls (or e-mails) from HP itself, but the records of phone calls made from personal accounts. That meant calls from the directors's home and their private cell phones.
Is that the same email we are reading today, or another? If another, somebody received that email. Who? One thing we know for sure: after the pretexting was revealed the board didn't all resign in protest. And the "internal group" -- did they protest, or did they go along with it? The article says "Dunn acted without informing the rest of the board" until she told them at the May 18 meeting. So who, if anyone, did she inform? Who made up the "internal group"? And if they were told by counsel that what the investigator was doing was legal, does that get them off the hook?
I couldn't help but notice a series of headlines about HP overhauling its Integrity server line with dual-core Itaniums. Journalists have a definite type of humor. Here's where it shows up, in these headlines:
HP Improves Integrity"
HP to bolster its Integrity
HP Shows Its Integrity
Do the headline writers know we'll do a doubletake? I think they probably do. They play with words for a living. I don't know about you, but it made me smile. A sad, wry smile. That is the issue, to me, in any case, not just the law, but the ethics. I don't think there can be much dispute about where the line is on that.
And the reason it all matters to the FOSS community, in my mind, is this: when "the enterprise" gets interested in Linux and FOSS, unfortunately they come with their type of baggage. I think it matters to notice that and to remember it when various vendors make demands on GPLv3, for example. The FOSS community doesn't do business the way big business seems to. Something like this could never happen, I don't believe, in the FOSS community. The ethics are so different. And we need to educate ourselves about how the other half lives, so to speak, so we don't let them destroy FOSS values. Not saying that they are, with any specificity. Just saying: let's keep our eyes wide open.
And on the note of ethics and business, here's a press release for you:
Global Dosimetry Solutions, Inc. (GDS), a division of Mirion Technologies, today announced that Hewlett Packard (HP) and SCO presented the new UNIX high availability system deployed at GDS during the SCO Forum 2006, the premier UNIX and application mobility conference, which was held in Las Vegas. The GDS system is one of only two in the world selected by the Executives at HP to be presented at SCO Forum.