HP board chairman Patricia Dunn claims she didn't know the gun was loaded. Oh, wait, wrong song. She says, according to Reuters and others, that the board had no idea pretexting was going on:
"Our board certainly had no idea" of the privacy breaches, Dunn said in an interview on Friday, adding, "This problem won't recur."
She didn't even know what the word pretexting meant until June or July, she says, and she thinks it's "absolutely appalling". So, the fingerpointing begins:
HP has acknowledged that Dunn hired an outside firm, which in turn hired subcontractors to find out who leaked information from board meetings to the media. The company claimed it requested -- and received assurances -- that the investigators would comply with the law.
See? It's all the fault of the investigators, or maybe just the subcontractors they hired. The lowest guys on the tottering totem pole did it. Natch. All alone. Without authorization from a living, breathing soul. California's Attorney General Bill Lockyer said that would be HP's obvious defense, that it wasn't them, that it was the data brokers that broke the law. And so it comes to pass.
All the reporters' names have come out now. And more family members too. It just keeps getting bigger.
[ Update: Newsweek now (Sunday) is reporting that in an interview with them, "Dunn says she was aware HP was obtaining the phone records of suspected leakers as long ago as 2005." And the board met today, according to Newsweek, but reached no decision on whether Dunn would or would not resign. They will meet again Monday.]
BusinessWeek lists 8 of the 9:
They are: Peter Burrows, Ben Elgin and Roger Crockett of Business Week; Pui-Wing Tam and George Anders of The Wall Street Journal; Dawn Kawamoto and Tom Krazit of CNET Networks Inc.'s News.com; and John Markoff of The New York Times.
And here's number 9 -- Stephen Shankland is another victim of the KGB. Oops, I meant the HPB. That's the Hewlett Packard Board. Or maybe we should call them the HPG, the HP Gang. Joke. Joke. I know, I know. It's not HP or its board of directors or Ms. Dunn and her "internal group" -- it's the subcontractors. Dunn has told us the board was totally clueless. But here's a kick in the teeth: whoever the perp is, the pretexter(s) not only wanted the phone records for Shankland. They went after his *father's* too:
In a twist that indicates the extent of HP's investigation, the personal phone records of Shankland's father, Thomas, a semi-retired physicist in New Mexico, were also targeted, a prosecutor for the California attorney general's office said. The attorney general's office said the HP investigator obtained Thomas Shankland's home and cell phone numbers and requested that his full phone records be obtained. It's not clear if the investigators actually obtained the records.
I trust Mr. Shankland Senior will sue them royal, once somebody figures out whodunnit.1 Let's see. Physicist. New Mexico. Um. Los Alamos National Laboratory, maybe? Oh, boy. Let's hope not. Otherwise, it's getting to be like bowling, seeing how many laws can be knocked over with just one ball.
So it's all the board members, plus 9 reporters, plus two family members that we know of. So, whether or not one accepts the lone gunman theory of who is to blame, it seems anyone was fair game in the HP leak probe. And according to Lockyer, the investigation hasn't hit the edges of the story's universe yet, according to the Washington Post:
California Attorney General Bill Lockyer, meanwhile, said the case was wider than previously reported and hinted it that it could go grow beyond the Silicon Valley technology pioneer. In an interview yesterday, Lockyer said the investigation stretches back to 2005 and involves more than one internal investigation that HP conducted of leaks to the media.
Lockyer is conducting a criminal probe of how contractors hired by HP obtained personal records by posing as someone else, a practice known as "pretexting," to determine who leaked confidential company information to the media.
"I worry that this may be an inquiry that's only touched the tip of the iceberg, not with respect to HP, but perhaps to similar practices in other businesses or other segments of our life," Lockyer said. "Could it be galactically stupid? It doesn't get much worse."
Now, on when Ms. Dunn discovered pretexting was going on, methinks she knew at least that phone records were obtained from the surveillance, and she knew that much by May 18, when she revealed it to the board and Mr. Perkins loudly protested for 90 minutes, according to his account. No? Am I missing something? How did she think they got that information?
The stork brought it?
She didn't want to know the details? Even to reassure herself the information was accurate? And when Perkins protested, she didn't look into it immediately? June or July? Hmm. The same Business Week article quotes Tom Perkins' skeptical attorney on that point:
Viet Dinh, an attorney representing Perkins, said it's difficult to believe Dunn didn't know about pretexting before June. "To my knowledge, there are only two ways to get these kinds of records: with a government subpoena or with people's consent," Dinh said, asserting that HP's investigators didn't have that kind of privileged access.
Both the Wall St. Journal and Mercury News say she said it wasn't until August that she found out pretexting was going on. But we can rule that out, I think, simply because of the July email to the board from Tom Perkins. She says CEO Mark Hurd "was aware there was a leak investigation going on but he was not involved in it." According to her account, "he helped determine the best way for the results to be conveyed" to the board after the investigation results were in. We know how well that worked out. Moneywatch has this explanation from Dunn:
However, Ms Dunn said she chose not to ask about the details of the probe because she was a subject of the investigation herself. See, she couldn't be positive she wasn't herself the leaker, so she had them check herself out, just to be on the safe side. Joke. Joke.
Indeed, it is, to my snorting brain, anyway. Although I have to tell you that sometimes the stupidest of all the stories turns out to be the true one. And this is a rundown for you of what the media accounts are saying various folks are saying, and there can be a far cry between what you read in the media and what investigators eventually find.
Forbes, of course, reports it dutifully:
The company has maintained it didn't specifically know about the pretexting method the private investigators employed. Sources close to HP told Forbes.com that Dunn explicitly told investigators to conduct their search legally. She even hired outside legal counsel to monitor their actions. But she was told by the very investigators she hired that they couldn't reveal their specific methods to her. As a board member herself, Dunn was a target of the investigation, she was told.
Uh oh. Outside counsel might not like that paragraph. I believe their account was that inhouse counsel did it and they were not involved (cf. the email exchange the Wall St. Journal posted [PDF], in which outside counsel Larry Sonsini clearly told Tom Perkins: "I was not involved in the design or conduct of the investigation. The investigation was run by the HP legal department with outside experts.") Here's an article Law.com has on the inhouse lawyer, HP's general counsel Ann Baskins, who, along with the board, received the two emails in July from Perkins that we showed you earlier in which he called on HP to investigate the leak probe, told them the "sub-rosa surveillance" was illegal, and told them to take "corrective action".
Meanwhile, HP CEO Mark Hurd has sent a memo to his employees. Here's part of what he wrote:
"I know that many of you have read the media coverage and speculation regarding the recent actions of the HP board," Hurd said. "My belief is that this has nothing to do with the strategy or operations of Hewlett-Packard."
You can read it for yourself and draw your own conclusions.
We still don't know the names of the investigators, who seem to be the ones everyone inside HP would like to blame for what happened, but the California Attorney General knows now:
H-P's Donovan said that the company wouldn't say who the investigators were or what state they were based in, and that he didn't know if payments were made to the investigators from H-P corporate funds.
The spokesman also said that H-P is cooperating with state prosecutors and has delivered the names of the investigators to the office of California Attorney General Lockyer.
When asked for a list of those names, and whether state prosecutors planned to provide one at some point, Dresslar declined to comment.
The AG has gotten a warrant so as to get from Cox Communications the name(s) of the pretexter(s):
The attorney general's office has obtained a warrant to gather information from Cox Communications, the Internet service provider where the IP address of the suspected pretexter has been traced to.
The warrant requires Cox to disclose the identity of the subscriber whose computer was assigned the IP address, the subscriber's connection logs, as well as all stored electronic communications, including email and buddy lists.
I hope none of you is buddies with any PIs, because if you are, the AG may be reading your mail.
And the future? -- lawsuits springing up like mushrooms under every tree for as far as the eye can see. Both the New York Times and CNET are considering their legal options:
"We need to learn more about what was obtained, how it was obtained and by whom," said New York Times spokeswoman Abbe Serphos. "If, as it appears, the rights of any of our reporters were violated, we will pursue whatever legal recourse is available to us."
CNET said it was seeking "a full accounting of all the actions taken" from HP. Dow Jones declined comment.
AP reports another possible avenue:
In a letter sent late Friday, U.S. Senator Richard Durbin, D-Illinois, asked U.S. Attorney General Alberto Gonzales to review whether HP's investigation broke any federal laws. "I am deeply troubled by these allegations," wrote Durbin, who wants to pass a federal law that would outlaw obtaining private phone records without an accountholder's consent.
I hope Mr. Shankland Senior sues. He certainly seems positioned to be able to, and so do the board members, if any of them besides Perkins ever gets morally outraged, and the reporters can sue, I would think, and their fathers and husbands, etc. Tom Perkins' lawyer sees civil litigation ahead too:
Dinh, a former U.S. assistant attorney general who is one of the authors of the U.S. Patriot Act, also said he expected civil lawsuits against HP from those whose privacy may have been invaded.
"In addition to potential criminal liability there are civil penalties involved for a breach of a person's dignity and privacy by illegally accessing their private records," he told Reuters. "I trust that all persons and entities who have been so violated will pursue their remedies under the law."
I gather that means Mr. Perkins will. That's not all he's done, according to the Washington Post:
The lawyer, Viet Dinh, said Perkins had made criminal referrals to the U.S. Attorney for Northern California, Kevin Ryan, and Michael Garcia, the U.S. Attorney for the Southern District of New York. Perkins also made enforcement referrals to the U.S. Federal Trade Commission and the Federal Communications Commission.
"We have made criminal referrals and our understanding is that they are being investigated and being handled in the normal course," Dinh told Reuters. "We cannot confirm any specific criminal investigations that they may be undertaking."
AT&T is working with the CA AG and AT&T has sued to find out the names of 25 people who set up phony accounts. The article doesn't make clear if it's 25 in this investigation or 25 total in various incidents, including the HP case.
Dunn says it will never happen again:
"Pretexting will no longer be permitted as a part of any HP investigation," Dunn said.
That's good to know. But there aren't too many crimes where you can wipe the slate clean by saying you are sorry and you'll never do it again. Of course, I hasten to remind everyone that no one yet knows for sure who is legally responsible. Those out-of-control investigators -- they're the bad guys here so far, we're led to believe, and it may even be true, but I notice still justifications for what happened in these words, from the same interview with Dunn:
"That investigation was authorized on the basis that everything done would be not only legal but fully compliant with HP's high standards for both ethics and business practices," she said. "I received assurances about that at every step of the way....
This is a board who has suffered for a long period of time from egregious breaches of standards of business conduct. The board asked me to do something about it," she said. "Many directors thought the top priority was to figure out how to plug the leaks. We couldn't function as a board with these leaks continuing. This was not my spying on the board."
The leaking also has hurt HP's image, she said.
"HP's reputation has been damaged by a leaker who refused to come forward knowing this investigation was going on," she said, a person who "lied to the rest of the board, by omission and commission, about the fact that he was the source of this information for a long period of time."
According to this account, the board of directors was more unified than we were led to believe. Either that, or Ms. Dunn would like everyone on the board to share the blame. In this NY Times interview, she points the finger at Tom Perkins. As for blaming it all on the databrokers, here's what CA AG Bill Lockyer says:
Lockyer said HP's antics violated directors' and journalists' right to privacy, which is guaranteed in California's Constitution. He emphasized that no one involved in the investigation is above the law.
"The crime seems to have been committed by the data broker, but that leads to the question of who knew what and when," Lockyer said. "How many others were part of the illegal activity — we don't know the answer to that yet."
People involved in the HP investigation may have also violated a California Civil Code banning a corporation's communication of employee Social Security numbers to the public.
So HP itself may be on the hook, not just the databrokers or individual board members or lawyers or whoever it turns out did the deed. And that's on top of the two laws I showed you yesterday that Lockyer earlier cited.
HP's shares rose on Friday, in case any of you are worried that all this reporting will affect their profits. I have never understood Wall Street. SCO's shares seem to always rise on bad news too. I'm guessing we don't share common values. Here's a list of analysts who think nothing will come of all this, and Dunn will remain on the board, unless it comes out that she had personal knowledge of the plan. My personal favorite quotation from that collection:
Momin Khan, an analyst with Technology Business Research, said that Hurd's efforts since becoming chief in March 2005 have gone a long way toward restoring investor confidence and the H-P corporate culture. Khan added that in its own way, Dunn's methods of clamping down on corporate leaks actually fits in with the company's turnaround.
"They are clearing ship and trying to get rid of corruption and unethical business practices," he said. "There are issues regarding privacy, but H-P is now about a culture of business ethics and accountability."
In an alternate ethical universe from the one you and I call home.
1 Update: Marbux writes to me that Mr. Shankland might not need to wait. Just off the top of his head he thinks he sees all kinds of civil litigation possibilities already, depending on our assuming for the sake of argument that the facts eventually turn out to be as the media has portrayed them, and when you read what he wrote to me, you'll see what I mean about mushrooms. Marbux:
If the facts are as stated in your article, I think he doesn't need to wait although it might depend on the jurisdiction in which his lawyer desires to sue. Consider these causes of action:
A. Against the contractor now on grounds of invasion of privacy with
an alternative count sounding in negligence.
B. Against HP now on alternative grounds that:
1. HP was negligent in selecting a contractor for the job.
2. HP was negligent in failing to contractually require that the
contractor would not engage in unlawful or tortious conduct.
3. HP was negligent in failing to better supervise the contractor.
4. HP intentionally, in reckless or wanton disregard for the rights of
others, did not promptly mitigate the invasion of privacy once it
became aware it had occurred by:
[a] failing to notify Mr. Shankland;
[b] failing to secure the improperly acquired information; and
failing to adequately institute remedial measures to ensure that such
breaches of privacy rights would not reoccur, and thus alleging HP is liable
for punitive damages.