Get Smart about Business Spending
September 6, 2006 6:00 PM PDT
Newsmaker: Calif. top cop on HP, privacy and 'pretexting'
See all Newsmakers
Attorney General Bill Lockyer confirmed Wednesday that his office has issued subpoenas to determine whether HP broke any laws by hiring an investigator who used "pretexting" techniques that are illegal in California. HP acknowledged Wednesday that it investigated its own board of directors at the bequest of HP Chairwoman Patricia Dunn in hopes of learning who leaked information to CNET News.com in January about the company's strategic plans.
Pretexting involves duping a company in order to obtain confidential information from that company. Tom Perkins, a former member of HP's board of directors, quit in protest after learning of the methods used to investigate the board, which included obtaining records--without his permission--of calls made from his home telephone.
Lockyer spoke with CNET News.com to shed more light on the relevant California statutes and the practice of pretexting in general. An edited transcript of that conversation follows.
Q: What is covered under California law with regard to pretexting?
Lockyer: There are two relevant statutes that may provide for criminal liability to someone who does pretexting. There's an identity theft statute, and there's a law that was designed to mostly address computer hackers, but it's getting information illegally from someone's computer system. Essentially it's pretending you're some other person to get a business that has a lot of personal information about a customer, to get that information disclosed by pretending you're that customer.
This practice is not illegal under federal law with respect to telephone records, correct? But from what I understand, that's not the case in California.
Lockyer: Yes, we have a stronger California law than the federal statute.
What exactly does that cover?
Lockyer: The law could cover anyone. It's unlikely to be enforced because it's so common unless there are egregious violations of people's personal privacy. I think a lot depends on the volume of pretexting, and that would certainly include data miners, and others who do it in a regular way.
This law is unlikely to be enforced unless it's something that's being done in large volumes?
Lockyer: Anyone that does this might be prosecuted, but with constraints on resources, it's probably the large-volume privacy invaders that are actually going to wind up being prosecuted.
What are the penalties for this act?
Lockyer: They are generally misdemeanors, but there are circumstances in which they could be a felony.
Have you recently prosecuted any individuals or organizations under these pretexting laws?
Lockyer: Yes we have, and we also have six active investigations currently, including the HP investigation. We have six of them with rather egregious facts.
What's going on at the federal level? Do you think a federal law is required to stop this from occurring?
Lockyer: California tends to lead in many of these policy areas; this is another example. But I'm hopeful there will be federal legislation or national standards in this area. I hope it's a significant consumer protection enactment if they adopt federal law. We've had this problem in other instances, financial privacy, do-not-call, and other things, where the federal law was significantly weaker than our state law.
In terms of the people who actually commit the pretexting acts versus those who hire them to do these acts, how does the liability work in these cases? If the organization was unaware that their agent was using pretexting techniques in order to gather information are they subject to any liability?
Lockyer: It depends on what the specific facts are, and what the expectations of the employer were when they hired an agent in the circumstance. It's very facts-based; it can result in both the third party as well as the employer being criminally liable.
See more CNET content tagged:
Bill Lockyer, pretexting, federal law, statute, law
If HP can get away with this, your employer or ex-employer can do it to you: lie so they can get the record of every phone number you called. They need to be punished severely enough to send a message that this kind of identity theft won't be tolerated.
This is really just another form of identity theft, and should be treated (by statute, and then aggressively prosecuted) as such.
- HP Pretexting
- by mpasco September 11, 2006 7:18 AM PDT
- When an individual or company hires a "hit man", that individual or company is as responsible for the consequences of the "hit" as the actual perpetrator, and is as guilty under the law. This has been established in every state's supreme court at one time or another.
- Like this Reply to this comment
-
(4 Comments)It is a no-brainer that HP and it's board are equally guilty of pretexting. Contending that they had no knowledge of how the illegal information was acquired does nothing to exonerate them. They hired the "hit men" knowing that illegal tactics would be used and then benefited from the results. "It fell off of the truck" is a lame explanation when you know what truck it was going to fall off of and are there at exactly the right time to catch it.
Using illegal methods to obtain informtion should raise plenty of flags concerning what else may be happening under wraps. Perhaps an independent audit of their finances and business practices would be in order. They are certainly exhbiting the same corporate arrogance as Enron.