Internal HP food toss stirs pretexting and phone records pot

The news is awash with the corporate in-fighting at Hewlett-Packard, raised to the level of mass appeal because the HP Board apparently initiated an investigation in which Directors’ telephone subscriber records were obtained by pretexting the telephone company. The Daily Caveat has been tracking the story of the internal tussling at HP, providing background to the current phone records mess.

AT&T and other telcos are attempting to assign responsibility for their release of subscriber information to unreleated parties through lawsuits against Web-based companies. There is no law in California, or most states, that explicitly ascribes civil or criminal penalties to a nonsubscriber who obtains calling records from the telcos. And the question of who owns this information — the subscriber or the telco– has not been definitively answered. (More on Attorneys General and private party litigation, and government regulation is available at my prior posts).

As an added internal regulation, the telcos are more stringently enforcing a two-factor authentication on any subscriber customer service calls. Meaning, the subscriber has to provide the customer ID listed on their telephone bill, along with their social security number.

Okay, that’s the issue of telephone records. Lying to gain information from any variety of sources –neighbors, co-workers or the subject him or herself– is a separate matter, sometimes necessary, but, in the scope of all investigations, used infrequently.

No matter, professional private investigators do not support breaking the law to achieve an objective. But often we are working in a realm occupied by people who are violating other people’s legal rights and security. In those cases, we sometimes need to lie. I gave some examples in a prior post discussing the recently defeated California bill SB1666.

There’s no distinction in the bill’s language between a pretext, a person representing themselves as the subject, and subterfuge, a deception which does not involve use of a real person’s identity. There are many situations in which a subterfuge is necessary to protect a client, a witness to a legal case or a person’s medical status. All of these require lying but none rely on impersonation. An investigation of theft, fraud, missing persons or business due diligence could be hampered by disallowing deception to gather any information on a business customer or employee, which this legislation currently does.


Leave a Reply