The HP Saga: Covert Ops? I Shouldn’t Have Asked

20 Sep ’06

The story that keeps on giving is back, as the NYT reports that HP at one time considered planting spies in CNet and the WSJ as part of its leak investigation.

Reporters and investigators appear to be closing in on HP’s belief of the legality of the pretexting, and the inquiries it made to satisfy itself (from the NYT piece):

California and federal prosecutors are exploring whether laws were broken in the investigation, particularly in the use of pretexting — a technique in which an investigator masquerades as someone else to obtain that person’s calling records from a phone company.

Concern over legality was reflected in an e-mail message sent on Jan. 30 [2006] by Mr. Hunsaker, the chief ethics officer, to Mr. Gentilucci, the manager of global investigations. Referring to a private detective in the Boston area, Ronald R. DeLia, whom the company had hired, he asked: “How does Ron get cell and home phone records? Is it all above board?”

Mr. Gentilucci responded that Mr. DeLia, the owner of Security Outsourcing Solutions, had investigators “call operators under some ruse.”

He also wrote: “I think it is on the edge, but above board. We use pretext interviews on a number of investigations to extract information and/or make covert purchases of stolen property, in a sense, all undercover operations.”

Mr. Hunsaker’s e-mail response, in its entirety, said: “I shouldn’t have asked….”

It is unclear who, if anyone, in the company was then briefed on what he had been told. People who have seen other material from Hewlett-Packard’s investigation said that Mr. Hunsaker, in supervising the operation, communicated frequently with Ms. Dunn, the chairwoman, about its progress. But they said it was not clear when Ms. Dunn, who ordered the investigation, learned of the methods used.

Ms. Dunn will no doubt be delighted to learn of Mr. Hunsaker’s reply. It’s not quite “We’ll cut off your air supply“, but it has a least taken investigators one step closer to the company in their criminal investigation. How long before it appears in the biz dev powerpoints of lawyers marketing their antitrust and document destruction policy expertise?

One other step is suggested in the WSJ’s coverage yesterday:

A computer-crimes specialist with Hewlett-Packard Co. emailed his superiors this year warning that the company’s investigation of board leaks — then still in progress — was being conducted in a manner that could be illegal, according to people familiar with the situation.

Specifically, Fred Adler, an official in H-P’s global security office in Roseville, Calif., wrote that acquiring people’s phone records through false pretenses could be against the law, these people said. H-P has since admitted that investigators working for the company used such a method, known as pretexting, in obtaining phone records of its directors, two H-P employees, nine journalists and an unspecified number of outsiders.

It is unclear who in H-P’s management received the warning from Mr. Adler, a former Federal Bureau of Investigation special agent. Mr. Adler’s unit is headed by Jim Fairbaugh, H-P’s head of global security, whom people close to the matter have said worked on the leak probe.

A WSJ story today seems to make the missing connection:

By January 2006, H-P was on to a new leak investigation Ms. Dunn launched and which emails refer to as KONA II. H-P emails indicate that lawyers and others inside H-P knew the company was on shaky legal ground in going after personal phone records, yet pursued them anyway. On Jan. 28, 2006, Kevin Hunsaker, a senior ethics attorney in H-P’s legal department, asked a colleague if it was legal to acquire people’s personal text messages, presumably from their cellphone records.

The Hunsaker email was an apparent follow-up to an earlier question posed to Fred Adler, a former computer-crimes cop who works at H-P’s security unit. Mr. Hunsaker, complaining that one of the targets of the leak probe — then-H-P director Thomas Perkins — rarely used his cellphone “and does just about everything via text message,” asked Mr. Adler if H-P could “lawfully get text-message content, or is it the same as the cellphone records?”

Mr. Adler’s response, 13 minutes later: “Even if we could legally obtain the records, which we can’t unless we either pay the bill or get consent, I would highly suspect text-messaging records are not kept due to volume and expense. The only other means is through real-time interception, an avenue not open to us.” The H-P spokesman said Mr. Hunsaker and Mr. Adler wouldn’t comment.

and also:

Another email by Mr. Hunsaker, dated April 28, 2006, shows how Ms. Baskins tried to be extra certain that H-P’s probe was legal, before action was taken against Mr. Keyworth, who was accused of leaking information to the press. In a one-page email written to Messrs. Gentilucci and DeLia, Mr. Hunsaker said he was writing at Ms. Baskins’s request to confirm the details of how the investigation team obtained people’s personal phone records. He said Ms. Baskins wanted to “confirm the legality” of the operation, before providing the information to Larry Sonsini, H-P’s outside lawyer, and to H-P director Robert Ryan, who were planning to interview Mr. Keyworth.

Mr. Hunsaker’s email described how personal phone records had been gathered through outside parties, noting that he was the only H-P employee who saw the fully compiled records. His email said H-P provided the names and phone numbers of the people it was targeting to Mr. DeLia, and he passed on the information to a “third party” and “they make the pretext calls.” He said his own legal research, as well as that of an outside attorney, confirmed that pretexting was legal.

The WSJ also reports that Ronald DeLia, a principal of one of the outsourced investigators who has been invited to appear before the U.S. House Energy and Commerce Committee’s hearings on this issue, intends to take the fifth:

Mr. DeLia has indicated that were he to appear at next week’s House hearing he would invoke his Fifth Amendment right against self-incrimination, said a person close to the committee.

I suspect that his reaction speaks volumes more about his belief of the legality of his and his firm’s involvement than the legal opinion it has been reported that his firm’s counsel provided to HP.

CNet reports on the subterfuge used by HP to install snooping software on CNet computers:

Following the Jan. 23 story by [CNet's] Kawamoto and Krazit, an HP investigator posing as a tipster began e-mailing Kawamoto, starting with a Jan. 27 e-mail from a Hotmail account purporting to be from “Jacob Goldfarb,” Kawamoto was told.

“I am a senior level executive with a high tech firm in the valley and an avid reader of your columns. My real name is not used, you might understand why,” the bogus tipster wrote. “Not quite sure how to approach you on this, but I’ll attempt anyway. In short, tired of broken promises, misguided initiatives and generally bad treatment. Have some information that I would be interested in passing along. Felt it might be appropriate to contact you.”

A later e-mail from that same address included an attachment believed to have contained marketing information about a new HP product. That attachment, government investigators told Kawamoto, had the ability to track the e-mail, notify the sender if it was opened, tell the sender if the e-mail was forwarded, and what IP address to which it had been forwarded. Sending Kawamoto an attachment like that would not have been illegal, investigators said.

Finally, the NYT also reports on the charges being investigated, and the potential implications on HP liability. One theme of the NYT’s report is a lack of clarity in the law, something that Techdirt has also picked up. Bruce Schneier isn’t buying it. Meanwhile, at CNet, Declan McCullagh provides his perspective on pretexting legal reform. Wired brings it all home with some advice on how to avoid being pretexted.

Update: WaPo is now involved – reasoning perhaps that there is scandal enough for everyone on this story – and its first graf is a sizzler:

The Hewlett-Packard Co. spying effort that has sparked criminal investigations was wide-ranging and included physical surveillance, photographs and spyware sent via e-mail, and it also targeted wives and other relatives of HP board members and reporters, according to a consultant’s report prepared for the company.

And of course, there’s more:

The Feb. 10 report, obtained by The Washington Post, summarized in eight pages how investigators, to identify an internal leak of confidential HP information, surreptitiously followed HP board member George A. Keyworth II while he was giving a lecture at the University of Colorado. They watched his home in Piedmont, Calif. They used photographs of a reporter to see if the reporter met with him. And they tried to recover a laptop computer stolen from him in Italy so they could analyze its contents.

Finally, for the House Committee now involved in this case, one particularly interesting data point on the investigators’ batting averages:

According to DeLia’s report, investigators obtained subscriber information on at least 240 of more than 300 phone numbers sought, and was in the process of analyzing them, including the records of phone calls from Keyworth’s New Mexico house, to and from his fax and cellphone, as well as his new wife’s home and cellphones. Similarly, the firm obtained records of Perkins’s home phone calls from Jan. 4 to Jan. 26, including 12 U.S. calls, three to Britain and two other international calls.

Previous post:

Next post: