The HP hearing is underway right now. You can tune in to the hearing here, but RealPlayer is required (I didn't have it, so I got a late start). I've turned on my recorder and will podcast what I've captured later. But to summarize what I'm hearing so far (and I'll update this blog as I hear noteworthy quotes), members of U.S. House of Representatives Committe on Energy and Commerce are each taking a 5-minute turn in speaking their minds about HP's questionable conduct when the company invaded the privacy of directors, employees, and journalists in the course of investigating a leak from its boardroom. The criticism from each Congressperson has been extremely harsh, often citing HP's stature as an American corporation that should be setting the example rather than stooping to the salicious tactics it has so far. Said one Congressperson, "it is the most notorious case of pretexting to date."
One of the things I find interesting is that some of the Representatives are taking the opportunity to point out how they have have written and/or approved bills that, had they become laws by now, would have federally outlawed a technique known as "pretexting" for fraudulently obtaining phone records. Third party investigators working on behalf of HP engaged in the practice of pretexting in the course of their investigations. Specific references have been made to bill H.R. 4943: Prevention of Fraudulent Access to Phone Records Act. According to the bill:
Despite the protections in existing law, there is a healthy Internet market for the sale of telephone records. The primary method of obtaining such records is through `pretexting,' by which the data broker pretends to be the telephone account holder to access customer account information. A `pretexter' can place a call to the telecommunications carrier, and with a few pieces of personal information, such as a social security number or phone number, persuade an employee to release the secured information. A `pretexter' can also take advantage of situations in which a consumer has not set up an online account for a given phone number. With those same personal identifiers, a `pretexter' can set up the online account and access all of the targeted customer's personal information.
Perhaps it may not be the case, but, in saying they have been looking to pass "anti-pretexting" legislation, it feels a lot like these Congresspeople are saying to voters "Hey, I saw this coming and have made efforts to protect you."
- [11:00 approx] Representative Jay Inslee (D-Washington) blames the GOP for holding up a bill that would have outlawed pretexting
- [11:05 approx] Representative Anna Eshoo (D-California) whose jurisdiction includes Palo Alto, CA where HP is headquartered is railing about her hard-working honest constituents who work for HP that will be impacted by this scandal. She notes that Palo Alto means "tall tree" and how HP is considered to be one of those tall trees.
- [11:13 approx] Representative Ed Markey (D-Massachusetts) - "[HP is suffering from Sgt. Schultz Syndrome] (a reference to the old TV series Hogan's Heroes): 'I heard nothing I saw nothing. I knew nothing.' That is their defense. It is not believable."
- [11:17 approx] All of those testifying take the oath and are being asked if they have legal counsel with them to represent them. Many do.
- [11:19 approx] Those tesitfying are offered an opportunity by committee Chairman Ed Whitfield to make opening statements and no one takes him up on the offer.
- [11:21 approx] Ann Baskins (who announced her resignation as HP general counsel this morning) is the first to go on the hot seat. She is shown some of her handwritten notes (as an exhibit) and she is asked if she though the techniques were legal, ethical, etc. Baskins takes the fifth ammendment for "any and all questions that will be asked today." She is dismissed.
- [11:23 approx] It's former HP senior counsel Kevin Hunsaker's turn to take the hotseat and he is asked the similar questions referring to different exhibits (including e-mails he authored) and he takes the fifth.
- More "witnesses" to which Whitfield directs questions (some of which work for Security Outsourcing Solutions, Eye in the Sky Investigations, and In Search Of Inc. ... the third-party companies that were involved in the fraudulent acquisition of phone records) are excused as they also take the fifth ammendment.
- [11:35 approx] Resigned HP director George "Jay" Keyworth, the board member who is alleged to be the "leaker" of confidential information takes the fifth but says that he has information that would be useful to the Committee in its efforts to pass a law.
- [11:40 approx] Committee Chairman Joe Barton and Congressperson Diane DiGette (Colorado) express their disappointment at the fact that no one is willing to testify citing the fact that they were told ahead of the hearing that only two people would be exercising their fifth ammendment rights. Barton talks about how he's never seen anything like this before.
- [11:43 approx] Former HP chairwoman Patricia Dunn is given an opportunity to speak for five minutes and takes that opportunity. She recounts how she ended up taking the lead on the investigation and how obtaining phone records in the course of such investigations was a "standard practice" at HP and that the records were obtained through publicly available information, in a legal fashion. She says she was "pretexted" too, that she isn't a lawyer, and speaks of how she was let down by those she relied on for determining the legality of the techniques that were used to obtained the phone records.
- [11:49 approx] Outside counsel to HP Larry Sonsini, who claims his phone records were pretexted too says "In my opinion, the use of pretexting.... is plainly wrong."
- [11:52 approx] HP IT Security Investigations chief Fred Adler "take the stand" and says he volunteered to be at the hearing (he was not subpoenaed). Adler says that he questioned the practices of pretexting when he first found out that they were being used in the course of the investigations but was assured that at least two separate legal opinions verified that the technique was legal.
- [11:58 approx] Questioning of Patricia Dunn begins. She says she didn't know where the information could be found publicly. Dunn says she has no recollection of a conversation with Ron DeLia, operator of Security Outsourcing Solutions Inc., regarding pretexting. She says the first time that pretexting entered her consciousness and that it could involve the "fraudulent misrepresentation of identity" DeLia has previously said otherwise (saying he clearly discussed the method including impersonation with Dunn in mid 2005). My guess is that if charges are brought against Dunn, this will be a major point of contention. Dunn reaffirms her denial that DeLia discussed pretexting and impersonation with her.