Slashdot Mirror
Boardroom Spying Debacle at HP
theodp writes "As word spread that HP was dumping Board member George Keyworth for press leaks, Newsweek broke the bigger story: HP Chairwoman Patricia Dunn was so obsessed with finding the leaker that she authorized a team of independent electronic-security experts to spy on the phone records of calls made from HP Directors' home and private cell phones. Not only that, phone records were obtained via pretexting, the controversial practice of obtaining information under false pretenses. After Dunn laid out the surveillance scheme for the Board last May, HP Director Tom Perkins quit on the spot, characterizing Dunn's actions as illegal and unethical. HP is also coming under fire for playing dumb to the SEC about the reasons behind Perkins' resignation. Perkins, who helped launch HP's computer division in the 60's, has asked the FTC, FCC and the Justice Department to investigate."
Tom Perkins, as in Kleiner, Perkins, Caufield & Byers.
This is pretty dramatic.
. . . has documents here: Hewlett-Packard Targeted Board In Leak Probe
...the future crusty old bastards are already drinking the Kool-Aid.
If they are company phones, they can do what they want.
Regards,
Steve
yes, but if you read TFA, you see that they were both company phones AND "private cell phones"
-d
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
http://news.bbc.co.uk/1/hi/business/5321034.stm
Hi deacon. According to the article, there was no wiretapping. So no, they didn't break the law you cite, and did no illegal phone tapping.
What they did do was "pretexting," which apparently is also illegal. Basically, they impersonated the directors. They called their phone companies, and -- pretending to be the director in question -- they lied to the customer service person until he/she believed the real customer was on the line. Then, they instructed the customer service person to give them the contents of the director's personal phone records via email.
That's pretty shocking. It's corporate-sponsored law-breaking. Of course, as I mentioned in another post, the other members of board found out they were being illegally spied upon back in May, and did nothing. They've had months. What the hell were they thinking?
My Greasemonkey scripts for Digg &
I don't know if there's a legal precedent for email, but I do know that you usually sign an agreement stating that the corporation can watch anything/everything you do using their workstations, telephones, email servers, etc, etc.
Keep in mind though, that response is more relevant in the context of an employer-employee relationship. Board of Directors are not "necessarily" employees of the company. Their election by the shareholders binds them to the company, what the company can do with them is limited, and I certainly would think the company could not dictate an agreement to them to do X or Y. The Directors have an obligation to the shareholders, not to the "company."
Actually, it was a guy by the name of Richard Armitage who leaked the information. Who BTW was agains the Iraq invasion as well. http://www.foxnews.com/story/0,2933,212317,00.html
When a man lies he murders a part of the world.
If you read the letter from AT&T they said that the person provided the last 4 digits of the social security number. This is why social security cards use to have "not for identification" printed on them. When people finally realized that we needed a national id number for some things, they also realized that it would turn bad if abused. Now that everyone ignores this fact, we have a large problem with identity theft. SSN were to be used by employers and the IRS. At different times I have had it as my employee ID posted on a call out list, my student ID posted with my grades, my insurance member number. You are not allowed to keep it secret, but they want to pretend that only you would know it.
In California, where HP is headquartered, it is a crime to obtain labor through "fraudulent representation or pretense" is guilty just as if they had stolen services with similar value (California Penal Code 532). By representing themselves as the customers of the phone company whose records were requested, they obtained the labor of customer service staff under false pretense.
It is likewise criminal, in California, to willfully obtain "personal identifying information" (including, among many other thingsother things, name, address, telephone number, place of employment, or social security number) of another and then use that information for any unlawful purpose, including "to obtain, or attempt to obtain, credit, goods, services, or medical information" (Penal Code 530.5, emphasis added), without the consent of the person whose information was used. Here, they used several pieces of personal information concerning the directors targetted to obtain services from people with whom those directors did business, and did so without the directors consent.
So to say there is no law which makes it illegal to use someone else's personal information to enable yourself to impersonate that person to get someone to give you information is, well, not exactly true, even outside of banking information.
Knowing how most corporate structures are, she would have access to anything and everything about her employees. SSNs, mother's maiden name, etc
If the board members are paid (they are), then HP needs a Taxpayer ID number (that would be a Social Security Number) for each board member. I can't see any way HP could NOT also have a home address for each director.
It's widely known that with any two of address, SSN, and DOB, the third one can be easily obtained by running a credit report on the target.
Mother's maiden name is ZERO security for anyone who cares enough to pay to go through public records in the person's home state. It is, at best, a "hardening" countermeasure, that keeps casual identity thieves at bay. AT BEST.
If you want to pay people to acquire and sift through a person's trash, this is also generally possible AND LEGAL. Account numbers may be reconstructed from shredded documents, if they even got that level of security, pretty readily.
So, this may cost $10k per targeted director, but that's nothing, really, for a Fortune 100 company. Much of the progress can be made for under $500 per target. With the Internet, you don't have to get your hands as dirty to find out all this stuff.
She is (soon was) chairwoman of the board of directors. Where do they grow you people?
So yeah, I would say that he is wealthy.
Charlie is an author for The Inquirer, which has been the main source for leaks from HP since Carly started fucking things up. Including leaks about witchhunts for previous leakers, ampling demonstrating that the witchhunts weren't working. Charlie keeps his sources secret, HP has no way to compel him to release them, and all this is known by anyone who reads The Inquirer which is where the leaks show up. If he had posted anonymously, I would have ignored him. As it is, I've read many previous leaks on The Inq (including the sad/hilarious case of HP purchasing a new corporate jet in the midst of layoff season), and know what he is saying is probably true.
HP has a fundamental problem. The leakers are the symptom, and their inability to catch any significant number of leakers is evidence that the problem is truly endemic and well known by the employees. It's like catching insurgents -- to do it, you need intelligence, and to get intelligence you need cooperation. If the insurgents have grass roots support, you won't get that cooperation, and you're doomed.
The enemies of Democracy are
The Board represents the stockholders and the C-level employees work for the board and at their discretion. That said, there's usually contracts involved that would require substantial payouts when the CEO is canned, but there is absolutely no reason why the board couldn't have heard this relevation, held a vote, then had her escorted off the property on the spot.
As I understand the situation, the remaining board members aren't entirely in the clear since the CEO appears to have committed criminal acts as a corporate officer and they took no action. At a minimum I would expect them to get rather interesting calls from their corporate director insurance carrier. Nothing like facing personal liability from stockholder suits to focus your attention.
In the real world, it's much murkier since you can have people who are both C-level employees and board members, and in many cases the CEO is also the chairman of the board. In those cases individuals can have mixed loyalties, but that's why you want outsiders on the board.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
This was a long running follow up to HP executive director's board members leaking information to the press in direct violation of BOARD policy to discuss meetings outside offical channels. The short story is that when Carly was still in charge information about her "chewing out" sessions with the board was leaked by a board member to "get back" at her with the press. Needless to say, it made Carly's job even harder and caused her to be let go sooner... again there was leaking involved in that decision also. When Carly left they split her 1 position of CEO/Pres 3 ways. Dunn and another guy pick up the CEO position and started invesigating who was leaking (late 2004). Over the next year they went to HP's internal affairs department and began investigaing what was going on... they had suspects, but no "smoking gun". Over the next year, they investigated several more big leaks..from meetings of only board members and upper management...i.e. people that should know better. By this point the board knew they were being investigated. The only mention of the "spying" in the WSJ article was that HP eventually hired outside investigators.. read that as slimy PIs just like workmans comp, and other private agencies use. It was the outside guys that scammed for the court records.. just like PIs do to catch you cheating on your wife! It's not new, it's done every day.
The reason it was known is that Both CEOs (Dunn and the other guy) and HPs council took the evidence to the ethics board.. over the head of the board of directors to recommend action. They discussed the entire evidence with the guy they fired and the guy who quit before taking it to the full board. They basicly went to the board and demanded they fire the guy..Who's still there! The guy who quit is full of crap, just like the leaker. There is no statement to be made... somebody was violating confidentiality of their board discussion to further their "agenda" and should be punished. In the WSJ article both the other CEO and the General Consul agreed if it was any normal "employee" of HP they would be terminated immediately under the companies rules.. This is about the "Board" thinking their above the rules and the CEO of a company doing their job.. nothing less.