This story just keeps on growing. And it gets uglier and uglier. Or sillier and sillier, depending on your sense of humor.
Now the Financial Times' Kevin Allison reports that a memo sent to HP employees by Patricia Dunn on Tuesday listed categories of victims of privacy invasion, and the list includes two HP employees, not just board members:
Private investigators working for Hewlett-Packard’s board spied on two employees in addition to board members and journalists in an attempt to uncover a boardroom leak, it was revealed on Wednesday....
Patricia Dunn, HP’s chairman, said in a message to employees on Tuesday that investigators hired to ferret out a boardroom mole had used questionable tactics on “certain directors, two employees and a number of individuals outside the company including journalists”.
What does that mean, "certain directors"? I thought the story was that the reason Ms. Dunn couldn't find out the details of the spy mission was because she herself was a target, which implied that all the directors were subject to investigation. But the memo says only "certain directors" were subject to questionable tactics, not all, and that raises some questions in my mind.
If the "questionable tactics" were only used against some directors, does that signify that at some point, the investigation had been narrowed down to certain ones on the board and certain employees, and somebody at that point had to say, Carry on, men, and now dig deeper? No? What else can it mean? And does that mean HP spied on all its employees and then narrowed it down to two, giving only them the "questionable tactics" treatment? I realize HP has been cost-cutting, but I think the story would be better for HP if the "questionable tactics" were used across the board, so to speak, no pun intended.
And I'm sure we'd all like that "number of individuals outside the company" quantified. Is it the nine journalists and two family members, Stephen Shankland's dad and Dawn Kawamoto's husband, or are there more yet to be revealed?
I must point out that the
fact that the Financial Times has this memo demonstrates that the leaks at HP have yet to be altogether plugged. Or it might be getting worse. Maybe some HP employee got so mad at hearing what happened, he or she decided to become a leaker too. That's the thing about mean mistrust. It's contagious.
Listen. If you're at HP and yearning to leak to the media, don't call us, 'kay? Email either. IM isn't safe. If you simply must leak something, might I suggest the Linux pigeon protocol? It's that or we're back to sneakernet. Trust no one.
Think about Trusted Computing, folks, in this context. Who'll need PIs then? Your own computer will be spying on you night and day. What a glorious future awaits us all. I'm afraid it'll be the Comfy Chair for anyone crazy enough to become a journalist in that Brave New World.
"Confess! Confess! Confess! Confess!"
Update: HP has now hired a law firm to represent it in the criminal matters, according to Justin Scheck's article, "HP (Sans Sonsini) Sits Down with Feds," in Law.com:
In fact, the troubled tech company has hired Morgan, Lewis & Bockius as it tries to fend off various criminal investigations ....
On Monday, Morgan, Lewis lawyers sat down with San Francisco federal prosecutors in hopes of forestalling federal criminal charges.
The Monday meeting involved a "proffer" — a normal step these days in white-collar investigations, in which a company under scrutiny offers up information to the government with certain conditions, as a means of showing good-faith cooperation with investigators.
They've hired another outside firm to make sure any future investigations are handled legally, following advice from Wilson, Sonsini. And Mercury News reports that the PI has been identified:
The operator of a small Massachusetts security firm has been identified by a source as the individual Hewlett Packard retained to investigate boardroom leaks to the media.
The individual is Ronald R. DeLia, according to a source familar with the HP board investigation. DeLia is listed in public documents as the registered agent of the Boston-area company Security Outsourcing Solutions.
So now Massachusetts authorities are involved:
"We can confirm that the California Attorney General has contacted our Attorney General Tom Reilly regarding this HP matter," said Meredith Baumann, a spokeswoman for Reilly's office. "We have offered our assistance with the investigation."
And you can read Patricia Dunn's apology
to Peter Burrows of BusinessWeek, one of three BusinessWeek reporters whose phone records were accessed. BusinessWeek had this statement:
"We are deeply disturbed that our First Amendment rights and the privacy rights of three of our journalists have been violated," says BusinessWeek Editor-in-Chief Stephen J. Adler. "These actions by Hewlett-Packard and its agents potentially endanger the confidentiality of our sources and undermine our good-faith efforts to report matters of public interest. In addition, they invade the privacy not only of our reporters but of all their phone contacts. We urge Hewlett-Packard immediately to provide a detailed account of exactly which records they obtained so we can take appropriate steps to limit the damage."