Dunn grilled by Congress

A congressional committee on Thursday grilled former Hewlett-Packard Chairman Patricia Dunn over why she didn't put a stop to controversial techniques used by the company in an investigation into press leaks.

Under questioning, Dunn was asked why she didn't recognize that investigators would have to turn to dubious means to get personal phone records. Dunn said she relied on the advice of others, including HP's outside investigator, Ron DeLia.

"I did not know where this information could be found publicly, but I was aware that the kinds of investigations done by Mr. DeLia had previously been based solely on publicly available information," Dunn said. "I took the understanding without any question, and I understand why that might seem strange today, knowing what I know now."

Dunn was questioned by the committee, as were HP's outside lawyer Larry Sonsini and HP IT security worker Fred Adler. A number of other former HP employees and contractors refused to testify earlier Thursday, invoking their Fifth Amendment rights against self-incrimination.

The comments came at the start of two days of hearings, by an oversight and investigations subcommittee of the House of Representatives' Energy and Commerce Committee. The hearings regard the practice of pretexting, or obtaining phone records without consent and through the use of false pretenses. Thursday's hearing is devoted to the HP case, while hearings Friday will focus on the broader issue.

Among those who refused to testify was Ann Baskins, who resigned Thursday as HP's general counsel. Also pleading the Fifth were two other HP employees who have left the company, as well as DeLia, the operator of Security Outsourcing Solutions in Boston.

Also refusing to testify were a variety of outside contractors involved in the HP leak investigation, including Joe Depante, owner of Action Research Group in Melbourne, Fla.

As for Dunn, she was asked about a June 15, 2005, meeting at which the methods of pretexting were discussed. Investigations and Oversight subcommittee chairman Ed Whitfield, R-Kentucky, pointed to handwritten notes attributed to Baskins that included Dunn's initials next to questions and also noted that "obtaining phone numbers is a time consuming process" in which investigators call various carriers "and use pretexting to extract the information."

Videos: Patricia Dunn testifies
During congressional hearing, former chairman says she's sorry she trusted others.

HP's Dunn says many companies do it
She tells committee most corporations have security departments that do "detective-type work."

Rep. Greg Walden, R-Oregon, presented Dunn with an e-mail from the day earlier in which Dunn asks DeLia to reschedule a meeting to June 15 so Baskins could be included. In earlier testimony, before Walden presented the e-mail, Dunn said, "I do not recall being in that meeting."

On further questioning, Dunn said that she may have seen the word pretexting, but didn't know it equated to fraudulent misrepresentation. "The word pretext does show up in documents I had seen," Dunn said.

Walden repeatedly asked Dunn how she thought HP was getting the phone records. "My understanding was these records were publicly available," she said, later adding, "I understood that you could call up and get phone records" because she thought it was a common investigative technique.

Walden expressed skepticism, asking Dunn if she really believed that. "I thought a year ago, I thought six months ago, that indeed you could," she said.

"You're serious?" Walden said. "I'm not being funny here. You honestly believed it was that simple?"

He also presented Dunn with documents from a later Wilson Sonsini inquiry that had DeLia and others saying that Dunn was aware of the techniques being used. Dunn said the word "pretexting" may have been used, but that she did not understand that meant fraudulent misrepresentation.

"No one ever described to me that the fraudulent use of identity was part of the HP way of conducting investigations," Dunn said.

Dunn was asked whether she had a problem with the e-mail sting, in which HP sent an e-mail to CNET News.com reporter Dawn Kawamoto under the guise of "Jacob," a ficticious disgruntled employee. "This did raise a concern to me," she said.

But Dunn said she was not the one in a position to decide on such matters. "I sent the team to management to get approval for their techniques," Dunn said.

Asked repeatedly whether she was at all at fault for what happened, Dunn expressed regret but did not accept the blame. "If I knew then what I know now, I would have done things very differently," Dunn said. However, she said, "I do not accept personal responsibility for what happened."

[GrandpaN1947]

Outsourced Spying

is no different than outsourced products. If you put your logo on the outsource, it's yours. You get all the credit for it, you get all the flack for it. At H-P, outsourcing is so matter of fact, they don't think twice about it. Apparently, they are now outsourcing their internal affairs.

I hope they send all the crooked b'tards to jail. But, like our traitor politicians, they are wealthy and immune.

[marileev]

Takin' Credit

GrandpaN1947, your right -- Patricia Dunn made the decision to obtain those phone records, email addresses and spy on reporters like CNET's Dawn Kwamoto. She outsourced this bad decision for the organization -- let her take the fall along with those like Kevin Hunsaker, HP's former Chief Ethics Officer http://www.iwantmyess.com/?p=104

[GlennAl]

HP?

A congressional committee member said "pretexting and spying on private citizens is not corporate behavior that inspires public trust."

Does he/she say the same when 'corporate' is replaced with 'governmental'? Another 'do as I say but not as I do' moment?

Does your representative inspire your trust? I'm less than inspired.

[TerabyteMIKE]

Who holds the phone companies accountable?

The root cause analysis shows that phone companies are really to blame. There are many safeguards they can put in place to protect our privacy. How about a simple "we will call you back on your home phone line before we can continue"?
Let's stop this charrade and get right to it.

[Seaspray0]

Telco's also at fault

No doubt they'll fall on the lame excuse of "the regulators didn't tell us we couldn't run our business this way."

[fred dunn]

You Are Correct Sir! But there are some ways

Currently if you are an AT&T customer you can request a password be placed on your account and the only way (even when we call) to get beyond "what's your number and address" is to give them the password.
Although that being said I do not know if the wireless carriers have the equivalent practice in place.
I might also mention that AT&T just changed it's privacy notice for their Internet and Uverse customers to read "all usage data is the sole property of AT&T" so if you have AT&T as your Internet carrier they can and will share your usage data with others as they see fit. That part of the privacy notice just changed about three months ago when the EFF had filed suit against AT&T for the release of records to the NSA.
Thomas Jefferson once said "The cost of freedom is eternal vigilance" and that is still true today but in our modern world the cost of privacy is eternal vigilance.
Once we as a nation become complacent to the government's wishes to minimize those privacy rights we will be in no better shape than the Soviet Union.
I often draw parallels between what George Bush is doing and the old KGB, it's true and it's scary.

[mikekrause]

The Pot Calling The Kettle Black

You nailed it! The hypocrisy of our government when it comes to what is ethical and what is not is truly stunning.

Their motto seems to be "Do as I say, not as I do"

[Chendol]

Posturing and hypocrisy at its finest

With elections coming, this is all posturing. My thoughts exactly on the hypocrisy when the government is spying on citizens. Sure, what HP did might've been illegal/unethical but let law enforcement deal with it. Aren't there more important issues for them to deal with?

[marileev]

...and -- selective memories

Don't for get the part about trying to pass the buck and having selective memories about he event that have actually been documented on email.

[marileev]

Dunn's Doings

Patricia Dunn won't have a scrap of credibility after this trial. Saying that "Mr. DeLia had previously been based solely on publicly available information," then why also plant fake materials with email viruses... er' tracking on it http://www.iwantmyess.com/?p=104

Her authorization of this investigation sullied the Hewlett-Packard brand. When former board member Tom Perkins got a whiff of the actions he stepped down from HP.

This was no responsibility to those HP shareholders. There's a difference between maintaining your edge and being unscrupulous http://www.essentialsecurity.com/news.htm?id=43

[ajbright]

Congressional Cowards

Why anyone supposedly representing the people of the United States in Congress has the gall to question the morals of even the worst criminal is beyond me.

Today they've shown their ultimate cowardice, today Congress has decided that the United States no longer offers justice and freedom for all. Today Congress has fouled the memories of every veteran of every war, every American killed in the defense of freedom and democracy.

Being scared by the enemy is no excuse to authorise torture. It's no excuse to make the United States liars, to break agreements we made to protect our troops from violations of the Geneva Convention.

Today, if any person (including US Citizens) is charged with terrorism, he will not be able to see the evidence against him if the government decides to arbitarily declare it classified - evidence that can include no more than hearsay and rumour.

He will not be able to declare his rights violated, particularly rights guaranteed by the Geneva Convention - if he does, he has broken the law and can be punished accordingly.

Any crimes confessed to whilst being tortured or otherwise inhumanely treated prior to 2005 can be considered as valid evidence against him - and in fact said torture is now officially legalised, meaning the 100% innocent Canadian we sent to be tortured has no recourse whatsoever.

Only a coward would say we need to torture and violate human rights in order to protect ourselves. Only the worst kind of pandering, terrorist loving, Nazi scumbag would prefer America to have the international reputation of violators of basic human decency simply because they're scared.

A bill that authorizes the President to decide what can be considered torture, rape and death and what is not - a bill that denies an innocent until proven guilty suspect the basic legal right to appeal a judgement from a kangeroo military tribunal - on the grounds that if we allow people tried this way to appeal, they will tie up the courts with technicalities (such as I made that confession whilst being sexually assaulted and tortured) - this bill is the final proof that those we voted for to represent us have proven themselves to be the champions of tyranny, no better than Bin Laden or Hussein.

The have said the morality of terrorists and dictators is the level at which we wish to be judged - if we are a bit better than those we consider a threat to our country (i.e. a threat to their cowardly selves) then anything we do is okay.

This CEO has simply followed their example. He's spied and cheated as they have spied and cheated before him. For them to accuse him or any other employee of HP of wrongdoing is simply an acknowledgement that everything they've authorised the President's intelligence agencies to do over the last 5 years illegal.

For myself, I pity the fates of the veterans of future wars and conflicts who will have to bare the consequences of the actions of the most cowardly and morally reprehensible Congress that has ever represented the people of the United States of America.

[fred dunn]

Pass the Fifth around...

Ann Baskins resigns from HP and pleads the fifth and as part of her severance (from another article):

In an 8-K filing (download PDF) to the SEC, HP reported that under the conditions of Baskins' resignation she will be eligible to exercise options to purchase 465,858 shares of HP's common stock that are vested as of today. Those shares have a value of about $3.6 million based on the closing price of HP's common stock yesterday.

Baskins has until Nov. 22 to exercise the options.

Additional conditions of her resignation allow her to retain control of the $432,768 in her 401K retirement plan, as well as payments from several other HP-provided benefit plans, according to the 8-K filing. Baskins is eligible to receive a lump sum of $199,646 or a monthly payment of $1,075 from an HP retirement plan; a lump sum of $203,296 or a monthly payment of $1,094 from an HP deferred profit sharing plan; and a lump sum of $946,210 from an HP excess benefit plan made up of the nonqualified portion of the HP retirement plan.

She will also be paid in cash for any unused vacation time she has accrued, according to the filing.

Wow. They should all just quit, plead the fifth and retire. Must be nice at the top.

[doxiadis]

Dunn's mistake

Dunn's mistake was treating board members--successful high rollers--as though they were employees.

In this job depressed environment, most employees would accept that kind of intrusion and not make a fuss. If they kept their job, they'd be grateful. If not, they wouldn't want to risk severance pay, benefits, etc.

Board members don't have to put up with that.