The question no one is asking (the answer no one wants) about pre-texting

The question no one is asking (the answer no one wants) about pre-texting

Summary: I just finished reading Robert Scoble's electric rail analogy when it comes to the line that was recently crossed (in terms of privacy violation) and started to think about how, HP board chairwoman Patricia Dunn is trying to draw her own line between the investigation she ordered and the methods that were used to get the results she was asking for.

TOPICS: Hewlett-Packard

I just finished reading Robert Scoble's electric rail analogy when it comes to the line that was recently crossed (in terms of privacy violation) and started to think about how, HP board chairwoman Patricia Dunn is trying to draw her own line between the investigation she ordered and the methods that were used to get the results she was asking for. Apparently, in her book, she deserves to keep her job because ordering such an investigation is OK and it's the investigators' heads that should roll for using the highly dubious technique of pre-texting to complete their investigation. "Oh, the shock. The horror. The investigators I hired to uncover information that's not readily available did what?" Scoble has been screaming for Dunn's head on a silver platter.  During the Dan & David show last week, my colleague Dan Farber rightfully said it doesn't matter whether she knew or not.  She's accountable. 

I'm having a tough time believing she didn't know what her hired guns were up to. When I come across information that's considered to be confidential (this happens to the press from time to time), one of my first questions is "where did you get this from?" Ms. Dunn is a pretty smart lady. But she's currently in a no-win situation. If she knew something and she's not telling the truth, the truth will come out. If she didn't know anything, then that's just as damning.  Here, we have a person who clawed their way from a secretary's job to one of the most powerful positions in one of the world's largest IT companies, and she never held a meeting with the investigators to go over "the plan" or the results. I'm sorry. Maybe she really is the ultimate delegator. But with a project of this sensitive nature, you don't  just make a few phone calls, delegate, and tell the people to get back to you.  Not if you're the sort of person that come from where Dunn has come from. There's more to this story that's not being told.

But, forgetting for a minute what is right, what is wrong and who knew what and when they knew it, "PatriciaGate" as some are calling it already raises another question.  I'm reminded of how, at first, it was just a handful of companies that were outted for backdating stock options (one of which was ZDNet's parent CNET).  But, as time went on, the practice turned out to be rather common (involving over 100 companies) despite the fact that anybody and everybody who was involved had to have known in their heart that something wasn't right about it if it wasn't being disclosed (the practice is legal as long as it's publicly disclosed but even that seems odd because of how its the same as printing money). I'm not a stock whiz. But I know enough to know that "the system" is designed to prevent insiders from getting an unfair advantage over outside investors and I know of no one involved in any sort of stock trading that doesn't sense when insiders may have such an advantage.

So, here's my question: where else is (or has) pre-texting happening/happened? I estimate the chances that similar inquisitions have been conducted at other companies at about, oh, 100 percent. Two powerful incentives -- money and blood -- routinely motivate people to do stupid things (while putting the blinders on right around the time it's appropriate to do so). Dunn smelled blood and deputized someone to get it. Then, if we're to believe her, they went out and got that blood without telling her how. We'd be idiots to assume that investigations just like this one (involving third party investigators to keep executives at a healthy distance) aren't being ordered all the time and that those investigators aren't stooping to unscrupulous means in order to get paid. Knowing what I know now about pre-texting, it's clearly easy money if you're an investigator. So easy, it has its own name (cool productive techniques need short-hand like that so everybody can talk about it).  And just like all the questionable executive practices that came before this episode (the ones that land people in the cross-hairs of the SEC's lawyers), the behavior continues until someone pays the ultimate price.

That's why I like Scoble's punchline:

Note: the electric rail doesn’t care if you have a reason to touch it. You touch it, you pay severe consequences. Why does that need to be true? So no other company thinks of touching it in the future.  

Bug zapper anyone?

Topic: Hewlett-Packard

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Command Responsibility

    There was a time when "the buck stops here" applied at the [i]top[/i] of an organization. If something bad happened under General Principle's command, [u]he[/u] was responsible, whether he ordered it or not, whether he even knew about it or not.

    In that time, resignations at the top following events (like, say, Pearl Harbor) were part of the system and in many cases didn't reflect badly on the person resigning. (Unfortunately, Pearl Harbor didn't follow that pattern. Hmmm ...)

    Unfortunately, we now have the opposite. Janet Reno might have "taken full responsibility" for Waco, but that was because nothing could touch her -- she certainly never paid any personal price for it. At least in that case, though, she didn't hang any underlings out to dry.

    All too often, like with Waco, we have the scene that's developing at HP: the buck-passing, like other forms of sewage, flows downhill and spreads out so that in the end, the responsibility is so widely shared that no one person has enough of it to justify sanctions. Thus, miraculously, "everyone is responsible" once again becomes "nobody can be held accountable."
    Yagotta B. Kidding
    • Ultimate Responsibility Vs. Screwtape

      I agree with you completely. In the Navy, the captian of a ship is "ultimately responsible" for everything that goes on within his command. The burden of leadership is to carry that responsibility... not to shrug it off on someone else.

      Of course, that's not the way corporations tend to work. And with the ubiquity of corporate jobs, our societal culture starts to resemble a corporate culture.

      Some would say that's not necessarily a bad thing. However, I tend to agree with C.S. Lewis' reasoning when he chose to model the culture of Hell after corporate America (see "The Screwtape Letters").

      If we want our leaders (business, government, etc.) to exercise authority responsibly, we need to hold them accountable for what happens in their area of cognizance. The time-proven method of holding someone ultimately responsible is still a practical model.
      • Responsibility

        You can bet that if the stock had gone through the roof FOR ANY REASON, she would be hailed as a savior and deserving of a gigantic bonus, etc. even if she was not directly involved. Her excelent management skills would have been "the catylist".
  • Are you certain?

    I mean a few days ago you were claiming loudly (in your headline) that HP "ordered" the illegal activity. Why the sudden back peddling? Get a call from the lawyers?

    Interesting that you say you "ask where did it come from"? Appently that doesn't seem to matter. I mean YOU SHOULD KNOW that having a reporter walk in with HP's marketing plans did not come from a released statement and something "shady" was going on.

    I mean you seem to be saying such things are an invasion of privacy, either for a person or for a company.

    Hmmm, a little double standard there David? Yes, I do believe that to be the case...
    • Holes in logic

      First the good:

      Backpedaling about how much Dunn knew = True

      Now the bad:

      Board member leaking to reporter = Not subject to criminal charges, but can get fired over it
      Pre-texting = Can face criminal charges
      Dunn hiring contractor who performed pre-texting = Stupid, principal can and has gotten fired for it
      Dunn knowingly authorizing pre-texting for contractor = Can face criminal charges (if true)
  • Pretexting, the

    art of obtain information from a source that would not divulge it if s/he knew who you really were, is as old as the second oldest profession itself. It is a necessary evil in a world of truths, half-truths and lies. The fact that the investigators used one or more pretexts to gain information not otherwise available is not, in and of itself, an issue legally or morally, that is except for the always naive crowd who think everyone always tells the whole truth all the time. The issue in the HP matter is that legally protected information was obtained. That is not the fault of pretexting -- that is called 'Invasion of Privacy' and carries both civil and criminal penalties for the investigator(s) who actually did the deed and their company. As to whether or not the HP boss knew, should have known, or even found out about the techniques used prior to this incident, that is highly debateable. Investigators from all walks, be they PI's or CIA or whatever, protect their sources AND their techniques and do not readily reveal them to a client.
    • (continuing)

      (Thought I ran out of space) The fact is, in most high-end corporate investigations, the report given to the client is results-only. This is especially true if the client has no investigative background and/or is not an attorney. Suits want a brief report of salient facts; not a litter yard of detailed notes displaying what worked, what didn't, why, etc. In this case, the PI blew it; the AG and local DA will decide whether or not to prosecute; and they and their company face substantial liability. They'd better have real good E&O insurance. As to HP current lady, if her head rolls most probably it's strictly a decorative scape-goat and nothing more. She didn't ge where she is by micro-managing a profession she probably knows nothing about.
      • Hitman OK?

        So your wife is cheating on you and you hire a hitman to "make her disappear", that's OK as long as you don't ACTUALLY say "Kill her?"

        This is the corporate version of hiring a hitman, it's that simple. Only an idiot would think that there was a legal way to obtain the information she wanted. Dunn is not an idiot. She was fully aware that this investigation needed to use illegal tactics to get her answer or she wouldn't have given them social security numbers and other confidential personal information.

        Even if you do NOT believe that she was fully aware, do you want an idiot running your company? Probably not. She needs to go.
    • Pretexting: geoff is right on

      geoff is right on, except that he also should have included the media and the phishers online.
  • Morally repugnent banding together to take the moral high road?

    I love how these journalists, who will do absolutely anything to be the first to break or get a story, are joining together on this one. Why? Because it was the privacy of CNET journalists that was attacked. Unbiased... Whatever.
    • Not hardly.

      If reporters were installing bugs into the boardroom and tapping the phonelines of HP's CEO, then you would be right. But that's not what happened. An HP employee was leaking information to a reporter who publised it. That's what reporters do - they report stuff. There was nothing illegal about this act at all. There is really no difference here between this situation and what goes on all the time with reporters finding out about new unannounced products, potential layoffs, mergers, new partnerships, etc. Sometimes a company may get dinged financially due to the premature release of this kind of information, but it's a part of doing business and it's legal.

      HP however hired "hitmen" to illegally search records of employees and reporters which crosses the line. It matters not that they didn't give explicit instructions on HOW the information was to be obtained, they KNEW that there was no possible way to get the information legally. That crossed the line.
      • Ever heard of investigative journalism?

        Journalists will routinely pose as someone they're not in order to get an angle on a story they otherwise would not have offered to them. The illicitness of the deception is typically less severe than what was seen here, but the deception occurs all the same. But since the end result is usually the exposing of some injustice, then the means get justified. All in all, not much different than what transpired at HP, other than a lot of innocent people had their privacy trampled on in order to find the guilty party.
        • Wow! Some people have got to get real here?

          You know I have grown more then a little tired of some of the things I see particular journalists doing, like the so called paparazzi or the ones who stick an unwelcome microphone in the face of someone who has just undergone some tragedy, but most of this talk comparing a journalist receiving unsolicited information from someone and then reporting on that information to corporations hiring someone who ends up doing something illegal is complete crap.

          I think at least a few people around here seem to have forgotten what the role of the press is. And the point about ?investigative journalism? being similar to other investigators who obtain information by illegal means is a very very weak comparison as well. Sure, an investigative reporter might engage in some illegal practice to obtain information, and when that happens and it is found out, they too are guilty of an illegal act. But let?s keep in mind what the role of the press is and what reporters are actually doing when they report. The press reports stories and information to ?THE PEOPLE? for broad dissemination so that all people will have access to the information reported on. Personal motivations of the reporter aside, as the man on the street could care less if the reporter is going to get a raise or promotion for reporting on a big story so long as the reporting is accurate, the fact the information is released broadly to the public tends to remove nefarious motivations for the press obtaining information and in the end the public at large has whatever advantages there was to be gained from the reporting of the information obtained.

          This is a far cry from the head of a corporation hiring investigators to obtain information that is so difficult to get it requires professional investigators, and knowing that investigators of this type very likely had at their disposal methods of obtaining that information illegally. You do not have to be some kind of expert in investigative procedures to know that such illegal methods exist and any investigative firm would be remiss if they were not aware and informed on how such procedures work. If you were acting responsibly when you hired such investigators you would want to ensure that no such illegal methods were to be used to obtain the information considering the obvious negative impact the revelation of such a thing could have upon the corporation and your own reputation.

          There is nothing relevant in the comparison between the press and this type of corporate run investigation. The corporate investigation is made for the sole benefit of the corporation and typically the information gleaned from such an investigation is not shared with the public or has any significant public benefit at all, and is sometimes even to the public detriment. The press reports to the public at large and to that extent all reporting is a public service to the benefit of the public. Its highly unfair to compare reporting publicly on information to secretly obtaining information through illegal methods.
  • Privacy laws

    This whole issue brings to light yet again the fact that our privacy laws are totally inadequate. Nobody is safe from unreasonable invasions into their private life.

    It's one thing to investigate an employee's work email and work phone records. HP crossed the line when home phone records are illegaly searched.

    Why is an employer allowed to hand out personal data such as social security numbers without the employee's written permission for any reason other than administration of benefits and government reporting requirements? Why aren't there federal laws protecting people from identity theft in all forms (not just "credit fraud")?

    These breaches of privacy should not be civil violations - they should be criminal acts that carry serious jail time.

    There are those that claim that HP didn't actually preform the act of "pretexting" and shouldn't be held liable. This is like saying that hiring a hitman is OK ("I want X to disappear forever. I don't want to know the details of how you do it, just get it done") since you didn't actually pull the trigger. HP obviously knew that there was no way to legally obtain the information they wanted or they would not have turned over personal private employee information to the investigators to use.

    Sorry HP - your hands are dirty. You should pay the price for hiring a hitman. If the board does not immediatly seek Dunn's (and anyone else involved at HP) removal, then they are just as liable.

    There are those that think that it's OK in this case because a director did something improper by leaking info. Sorry, two wrongs don't make a right. Again, the hitman anology: "My husband was cheating on me, that's why I hired a hitman."
    • Hit Man Schmitt Man Bla Bla Bla

      I don't know much about the story but all I keep hearing is tha HP "obviously knew" and hiring a "hitman". Although you do make an analogy you corss the line every time when you refer to an illegal activity vs a legal one. And you cannot continue to use the word "obviusly," that in itself "assumes" a perspective in a situation that you yourself were not personally involved.

      Like I said, I don't know anything about the case. But it seems like the CEO or President of HP ordered an investigation to discover who was leaking company private information to the press. It sounds like the investigators used some illicit techniques to get the information. So now we are hanging the head of HP out to dry because she was trying to protect the interest of her company.
      And why does everyone seem to think there is a natural born right to privacy. Is it in the constiution or bill of rights. I don't think so. Privacy is a private matter. If you want your life to be private than it is up to you to make it so. But there are no guarentees.
      • Privacy

        "If you want your life to be private than it is up to you to make it
        so. But there are no guarentees."
        Hurrah for you! Conduct your life as if everybody can see it. That
        way privacy is unimportant.
      • Re:Hit Man Schmitt Man Bla Bla Bla

        I would think that if this were to be argued that your 4th Admendment rights would be a very good argument, but then too I'm just an innocent bystander with no horse in this race.
        • 4th Amendment is for criminal, not civil law

          The 4th Amendment doesn't apply here. It applies only in -> criminal <- investigations by government entities.

          -> Civil <- law (which this is) is an entirely different matter, and uses a different set of rules. Even though laws may have been broken getting the information, there is no automatic blocking of use of such evidence. A judge may find the actions reprehensible and forbid a plantiff from presenting such illegally-obtained evidence in court, but it's not due to the 4th Amendment.
  • Call it what it is.

    Pretexting is simply fraud. Period. Using deception for personal gain. A crime, in other words.

    It's the same thing as con-artistry, and I hope there's a special level of Hell reserved for the people who engage in it.

    Wolf (who has a hatred of liars, cheats, and con artists)
    • Fraud has been around, and illegal, for a long time.

      Giving it a new name doesn't make it legal.