By Ellen Nakashima
Washington Post Staff Writer
Thursday, September 7, 2006
The state of California is looking into methods used by Hewlett-Packard Co. to determine who leaked confidential information to the news media, the company said yesterday.
In documents submitted to the Securities and Exchange Commission, the computer company also said it had reviewed private phone records of its board members obtained by a private contractor.
The company said this week that it would not renominate board member George A. Keyworth II, who the company concluded had leaked confidential information about discussions on potential acquisitions and supplier changes during the board's annual off-site strategy meeting in January.
In May, Hewlett-Packard's board of directors asked Keyworth to resign, but he declined. Another board member, Thomas J. Perkins, did resign in protest over the methods used to investigate the leak to the Cnet technology news service.
According to the SEC filing, HP hired a consultant, who hired a contractor to investigate the leak. That contractor used a practice known as "pretexting," which involves deceiving a phone company into believing it is providing information to a real customer.
While "no recording or eavesdropping had occurred . . . some form of 'pretexting' for phone record information . . . had been used," the filing said.
In the case of Perkins, the co-founder of the Silicon Valley venture capital firm Kleiner Perkins Caufield & Byers, the contractor set up a phony e-mail address to access home-phone records through an online billing account. The contractor also posed as Perkins on the phone to access his long-distance records, according to Perkins's lawyer Viet Dinh.
"Obviously, he felt violated and betrayed," Dinh said. "You sign on to become a director. You don't sign on to have your personal phone records fraudulently accessed by nefarious investigators."
According to the SEC filing, the company reviewed phone calls to determine that Keyworth was the source. Keyworth told fellow directors that, if he'd been asked, he would have admitted to being the leak, according to an article on Newsweek magazine's Web site Tuesday.
Keyworth could not be reached for comment yesterday.
"Pretexting" comes in several forms, including special technology that fools automated phone systems. Private investigators sometimes use it to obtain information in divorce cases or other disputes.
This year, AT&T Inc., Sprint Nextel Corp., Verizon Wireless and Cingular Wireless LLC, as well as the state of Florida, have filed lawsuits against data-broker firms that specialize in gathering and marketing data, claiming they fraudulently obtained customers' phone records.
"There were no established laws in the United States prohibiting" the practice at the time HP's contractor was investigating the leaks, company spokesman Ryan Donovan said.
Federal Trade Commissioner Jon Leibowitz disputed that assertion.
"Trafficking in consumers' confidential telephone records is unacceptable and it's illegal," he said, adding that it violates an FTC act prohibiting unfair or deceptive acts.
The FTC in May filed complaints against five data brokers, charging that they violated that law.
"It is an unfair act to take someone's private information, to pretend that you are that person to get that information, to make someone's private telephone information public," Leibowitz said.
In addition, anti-fraud laws in California prohibit the release of phone records without the customer's consent.
California Attorney General Bill Lockyer is investigating whether state laws against identity theft or theft of computer information were violated, according to Bloomberg News. He declined to say who was subpoenaed and said "all parties" were cooperating.
"We are in the middle of our inquiry, which began a few weeks ago, and subpoenas were issued" yesterday, Lockyer said in an interview with news services. "I don't have a settled view of whether anyone at HP broke the law but it certainly was colossally stupid."
The company defends its actions, saying it was "responding to a serious threat posed by unauthorized leaks of its boardroom deliberations and confidential information," Donovan said.
The company has conducted its own investigation into the leak probe, concluding that "it should have monitored more closely the actions of its outside agency and the actions of the subcontractors that its agency retained."
Staff researcher Richard Drezen contributed to this report.