Feeds

HP admits to spy op, lawyers dig in

SEC and California want answers

Secure remote control for conventional and virtual desktops

HP today divulged some of the grimy details behind its boardroom mole hunting operation.

In a filing with the US Securities and Exchange Commission (SEC), HP confirmed that it used a form of surveillance known as "pretexting" to snoop on its board members. The company hired a team of investigators that tricked phone companies into revealing the call logs of directors' home and cell phone accounts. HP hoped this process would reveal which director had leaked information to CNET about a planning session. And, in fact, the questionable technique worked.

HP will not put up longtime director George Keyworth for reelection to its board after outing him as the mole, according to the SEC filing.

In addition, HP for the first time disclosed that veteran board member Tom Perkins resigned in May over a disagreement as to how the company handled the witch hunt. Companies are required to issue a specific filing with the SEC when directors quit their post due to objections over corporate practices. HP did not make such a filing back in May even though Perkins had expressed his displeasure with the pretexting operation okayed in secret by Chairman Patricia Dunn.

HP today explained its failure to make the nature of Perkins' resignation clear in its SEC filing.

"At the time of his resignation, Mr. Perkins did not provide any written communication to HP concerning the reasons for his resignation," HP said. "Following his resignation, and after HP on May 22 had disclosed the fact of Mr. Perkins’ resignation on Form 8-K in accordance with the applicable federal securities laws, Mr. Perkins notified HP that he had concerns with the HP Board’s handling of investigations that had been conducted into leaks of confidential HP information from meetings of the HP Board of Directors.

"HP is filing this Form 8-K to report the following additional information about the circumstances relating to Mr. Perkins’ resignation, to report the findings of its leak investigations, and to report other related events that have occurred subsequent to the completion of those investigations and Mr. Perkins’ resignation."

Perkins, a renowned venture capitalist and former HP executive, disagrees with HP's portrayal of the nature and timing of his objections to the pretexting operation.

In a letter sent to HP's directors, Perkins wrote, "I am hereby providing the company notice that I consider the company's Form 8-K filed on May 22, 2006, relating to my resignation to be defective because it did not describe my objection to and disagreement with the company's operations, policies and practices as they relate to the chair's improper and likely unlawful investigation. I therefore disagree with the company statements concerning my resignation . . . "

"As the company failed to make a full and accurate report (as required by federal law) and having given the company several opportunities to correct the record, I am now legally obliged to disclose publicly the reasons for my resignation. This is a very sad duty.

"My history with the Hewlett-Packard Company is long and I have been privileged to count both founders as close friends. I consider HP to be an icon of Silicon Valley, and one of the great companies of the world. It now needs, urgently, to correct its course."

The letter also details how Perkins discovered that investigators had misrepresented their identities to secure his phone logs from AT&T. According to the telephone company, a person obtained Perkins' January 2006 phone bill by providing his telephone number and the last four digits of his Social Security number. The AT&T report also says the person used the e-mail account mike@yahoo.com to register an account and accessed the bill information from the IP address 68.99.17.80, which traces back to Cox Communications in Atlanta.

California's attorney general has vowed to investigate how HP obtained the information about its directors. In its SEC filing, HP said it will cooperate with the state's investigation and will also provide any relevant information to the SEC as the commission examines how HP handled Perkins' resignation.

"(HP's Nominating and Governance Committee) was then advised by the Committee’s outside counsel that the use of pretexting at the time of the investigation was not generally unlawful (except with respect to financial institutions), but such counsel could not confirm that the techniques employed by the outside consulting firm and the party retained by that firm complied in all respects with applicable law," HP said in its filing.

The US Federal Trade Commission says that the Gramm-Leach-Billey Act forbids anyone from using false or fictitious statements or documents to secure customer information from a financial institution. The law is less clear on how pretexting can be used to get consumer information from non-financial institutions such as telcos, as it only "generally prohibits" the practice.

Perkins stature in Silicon Valley and his deep ties to HP make this a particularly embarrassing episode for the company.

HP maintains that it had to do everything necessary to protect the information passed between board members. The company had endured a series of leaks leading up to CEO Carly Fiorina's termination and after, as the company transitioned to new CEO Mark Hurd. Revelations of HP's long-term strategy in the press - although vague and not terribly gripping - were too much for Dunn.

But going behind the directors' backs to conduct an investigation with a dubious social engineering technique undermines HP's reputation built up over the decades by the company's founders and employees. The scandal now also proves a massive distraction at a time when HP has been enjoying consistent financial performance and a rising share price. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
What a Mesa: Apple vows to re-use titsup GT sapphire glass plant
Commits to American manufacturing ... of secret tech
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?