It was classic data-mining: Dunn’s consultants weren’t actually listening in on the calls—all they had to do was look for a pattern of contacts. Dunn acted without informing the rest of the board. Her actions were now about to unleash a round of boardroom fury at one of America’s largest companies and a Silicon Valley icon. That corporate turmoil is now coming to light in documents obtained by NEWSWEEK that the Securities and Exchange Commission is currently deciding whether to make public. Dunn could not be reached for comment. An HP spokesman declined repeated requests for comment.
On May 18, at HP headquarters in Palo Alto, Calif., Dunn sprung her bombshell on the board: she had found the leaker. According to Tom Perkins, an HP director who was present, Dunn laid out the surveillance scheme and pointed out the offending director, who acknowledged being the CNET leaker. That director, whose identity has not yet been publicly disclosed, apologized. But the director then said to fellow directors, “I would have told you all about this. Why didn’t you just ask?” That director was then asked to leave the boardroom, and did so, according to Perkins.
Close to 90 minutes of heated debate followed, but Perkins, the Silicon Valley venture capitalist, says he was the only director who rose to take Dunn on directly. Perkins says he was enraged at the surveillance, which he called illegal, unethical and a misplaced corporate priority on Dunn’s part. In an interview with NEWSWEEK, Perkins says he was particularly annoyed since he chaired the HP board’s Nominating and Governance Committee and had not been informed by Dunn of the surveillance, even though, he says, she had told him for months that she was attempting to discover the source of the leak.
After a divided board passed a motion asking the leaker to resign, Perkins closed his briefcase, announced his own resignation and walked out of the room. In media mentions the next day, Perkins’s sudden resignation was noted, but without explanation and without any indication that his departure was a form of protest. (According to Perkins, the leaker-director himself refused to resign, saying it was up to shareholders to make such a decision; that director continues to serve on the board.) Thus began nearly four months of warfare between HP and Perkins about whether the surveillance would ever come to public light.
Any time a director resigns from a U.S. public corporation, federal law requires the company to disclose it to the SEC in what’s called an 8-K filing. If the director resigned for reasons related to a “disagreement” with the company about “operations, policies or practices,” that, too, is now required. HP reported Perkins’s resignation to the SEC four days after it happened—back in May—but gave no reason for the resignation, instead including only a press release thanking Perkins for his years of service. Perkins has twice challenged that omission in e-mails to the HP board and, he says, he received no response from HP.
In early August, Perkins—represented by his own non-HP lawyer, Viet Dinh, a former Bush administration official—formally asked the SEC to force HP to publicly file his written explanation for resigning. According to a source who requested anonymity because of his closeness to HP, the company objected on the grounds that when Perkins resigned at the May board meeting he didn’t indicate why. Perkins says his reasons for resigning were obvious and he stated them at the meeting. Now, sources say, the company could file such a document with the SEC as soon as Wednesday.
The entire episode—beyond its impact on the boardroom of a $100 billion company, Dunn’s ability to continue as chairwoman and the possibility of civil lawsuits claiming privacy invasions and fraudulent misrepresentations—raises questions about corporate surveillance in a digital age. Audio and visual surveillance capabilities keep advancing, both in their ability to collect and analyze data. The Web helps distribute that data efficiently and effortlessly. But what happens when these advances outstrip the ability of companies (and, for that matter, governments) to reach consensus on ethical limits? How far will companies go to obtain information they seek for competitive gain or better management?
The HP case specifically also sheds another spotlight on the questionable tactics used by security consultants to obtain personal information. HP acknowledged in an internal e-mail sent from its outside counsel to Perkins that it got the paper trail it needed to link the director-leaker to CNET through a controversial practice called “pretexting”; NEWSWEEK obtained a copy of that e-mail. That practice, according to the Federal Trade Commission, involves using “false pretenses” to get another individual’s personal nonpublic information: telephone records, bank and credit-card account numbers, Social Security number and the like. Pretexting is heavily marketed on the Web.
Typically—say in the case of a phone company—pretexters call up and falsely represent themselves as the customer; since companies rarely require passwords, a pretexter may need no more than a home address, account number and heartfelt plea to get the details of an account. According to the Federal Trade Commission’s Web site, pretexters sell the information to individuals who can range from otherwise legitimate private investigators, financial lenders, potential litigants and suspicious spouses to those who might attempt to steal assets or fraudulently obtain credit. Pretexting, the FTC site states, “is against the law.” The FTC and several state attorneys general have brought enforcement actions against pretexters for allegedly violating federal and state laws on fraud, misrepresentation and unfair competition. One of HP’s directors is Larry Babbio, the president of Verizon, which has filed various actions against pretexters.
Legal experts vary in their views on the extent to which pretexting is a violation of criminal law. The Gramm-Leach-Billey Act of 1999 bars a range of fraudulent activity related to financial records, but its applicability to phone records is unclear. Experts agree that pretexting is often used to accomplish identity theft—to borrow money or buy merchandise—that clearly is criminal. But the pretexting itself may be harder to prosecute. Civil liability would seem to be much more a risk for pretexters, as they obviously engage in an invasion of privacy, achieved through misrepresentation.
Perkins himself was pretexted as part of Dunn’s leaker probe. In the materials he sent to the SEC, Perkins includes an Aug. 11 letter from an attorney at AT&T spelling out to Perkins that he was a victim of pretexting in January 2006; Perkins had requested that AT&T examine whether he had been pretexted. The AT&T letter explains that the third-party pretexter who got details about Perkins’s local home-telephone usage was able to provide the last four digits of Perkins’s Social Security number and that was sufficient identification for AT&T. The impersonator then convinced an AT&T customer-service representative to send the details electronically to an e-mail account at yahoo.com that on its face had nothing to do with Perkins. Records for Perkins’s home AT&T long-distance account in northern California were similarly obtained, except by someone using another yahoo.com e-mail account; both e-mail accounts are registered to the same Internet Protocol address, but for which AT&T says it does not know the identity of the user.
The materials before the SEC indicate that Dunn’s consultants used pretexting for her investigation. In mid-June, according to a letter Perkins sent to the full HP board, Perkins contacted HP’s outside counsel—Larry Sonsini, of Wilson Sonsini Goodrich & Rosati—and asked him to look into the Dunn investigation. In an e-mail to Perkins obtained by NEWSWEEK, Sonsini acknowledged that Dunn’s security consultants “did obtain information regarding phone calls made and received by the cell or home numbers of directors” and that it was “done through a third party that made pretext calls to phone service providers.” Sonsini’s e-mail emphasized that the security consultants engaged in “no electronic surveillance,” “no phone recording or eavesdropping” and “no recording, review or monitoring of director e-mail.” His legal defense of the use of pretexting was that it is “apparently a common investigatory method” and that “there was no ‘secret spying,’ i.e., no electronic gear, listening devices, etc.” Perkins quotes Sonsini’s e-mail in the materials he sent to the SEC, Sonsini could not be reached for comment.
In the documents before the SEC, Perkins also protests that he was not allowed to review and approve the initial 8-K filing about his May resignation, which he says is required under SEC rules. And he requests that the HP board appoint a special committee to examine the legality and propriety of Dunn’s investigation. In the documents before the SEC, after Perkins notes he was not the source of the CNET leak, he excoriates Dunn. “I resigned solely to protest the questionable ethics and the dubious legality of the chair’s methods,” Perkins writes. In his interview with NEWSWEEK, he added that he believed he was “legally obligated to do so” in his directorial capacity.
Perkins says he has asked other government agencies to investigate the sub rosa surveillance of the HP directors. Those agencies include the California attorney general’s office, as well as the FTC, the Federal Communications Commission and the Justice Department.
title: “Our Guide To Congressional Hearings On Hp” ShowToc: true date: “2023-01-06” author: “James Baur”
All of that is surely disheartening to HP, which Tuesday announced a shakeup designed to mend the company and steer it away from the scandal. Company chairwoman Patricia Dunn will leave her post in January; the current CEO, Mark Hurd, will then replace her as chairman; and George (Jay) Keyworth, the leaker Dunn sought to root out, resigned immediately. And the company apologized to Tom Perkins, the HP director who resigned when Dunn first revealed her spying operation to the board and who then agitated for HP to make the reason for his resignation public. Still, the news that the company hired private investigators to spy on its own directors—as well as journalists—will not be quickly forgotten. Yes, HP remains secure in the iconography of Silicon Valley—the high-tech company born in a garage, whose “HP Way” practiced egalitarianism and civility that became the benchmark for every start-up that followed. But the question is how much—and for how long—the current controversy will tarnish that status. That, in large part, will depend on prosecutors. Herewith, 11 big questions about the corporate-spying furor:
Why did California Attorney General Bill Lockyer recently tell an interviewer that his office had “sufficient evidence to indict people both within Hewlett-Packard as well as outside”? After all, just last week, Lockyer said that, while he had concluded that a crime was committed, he remained unsure if any individuals would be prosecuted. One explanation is the A.G. simply meant what he said. Another may be that he’s engaged in a tactical ploy. Sources with knowledge of different government investigations tell NEWSWEEK that various officials at HP have retained independent lawyers and that those officials have told investigators their clients will not be answering questions for the moment. That kind of “lawyering up” seems at odds with HP’s stated promises this week to “cooperate” with state and federal probes. But it may be that HP officials, concerned about possible criminal prosecution, have concluded that cooperation is not the wisest course at the moment. By issuing a public statement about imminent indictments, the A.G. may be trying to pressure HP officials to break their silence. An HP spokesman declined to comment and also declined to confirm which, if any, HP officials may have been contacted by government investigators.
Who’s the loser in all this? It depends on whom you ask, but most observers agree it’s Dunn, the chairwoman, who has agreed to step down from that position in January, even though she’ll continue as a director. Even as she has apologized for HP being involved in hiring private investigators who impersonated directors and journalists in order to get their personal phone records, she has defended her motivation to root out leakers from the boardroom. In attempting to separate out her ends from the means, she has given the impression she still doesn’t understand the seriousness of the hacking of private phone records.
Is Dunn a target of prosecutors? Prosecutors decline to name any targets, but she surely would be a primary person of interest. The question is not only, “What did she know and when did she know it?” Prosecutors also want to know if she intentionally turned a blind eye: “What didn’t she know and when didn’t she know it?” In addition to possibly charging Dunn, prosecutors could target the general counsel of HP, Ann Baskins, or other lawyers in that office who may have supervised the contractors who hacked personal phone records of directors or journalists. And the company itself could be indicted; while a corporate entity can’t be sent to prison, it can be subject to hefty fines.
Why was Dunn allowed to continue on the board of directors? It was part of a compromise. She saves face by getting to stay on as chairwoman through the end of the year and then also remaining as a director until March 2007. But don’t expect her to be running for re-election to the board at that time.
Any winners? Mark Hurd, the CEO. He gets to handle the day-to-day operations of the company for the four months while Dunn remains in the center of the vortex. If someone has to testify in Congress, for example, Hurd will be all too happy to let Dunn do it. By the time he becomes chairman in January, there will likely be less glare on HP. He will continue to be CEO after becoming chairman.
What was Hurd’s view about the spying on directors, which presumably included himself? In statements earlier this week, Hurd assailed those activities and distanced himself from what the company’s contractors had done. But a key open question is what Hurd said back in May when Dunn first revealed to the board of directors that her investigators has obtained the personal phone records of directors.
What happened in that boardroom on Sunday and Monday? Why did it take so long? The HP board remains fractured. According to sources close to HP who requested anonymity given the sensitivity of the information, some directors wanted Dunn to soldier on, while others wanted an immediate resignation. The deal allowing Dunn to continue as chairwoman through the rest of the year was part of a carefully negotiated settlement that also involved the immediate resignation of Jay Keyworth, the director who anonymously gave information to a CNET reporter back in January; it was that leak that launched Dunn’s investigation that led to the most recent hacking of phone records.
He’s no longer a director, so why did Tom Perkins get his apology? What leverage did he have? Perkins, like Keyworth and other directors, could sue the company for invasion of privacy and related civil claims. Keeping him happy—and apologizing to him in a statement—were in HP’s interests. And he still has supporters in the boardroom, even though the scandal became public in large part due to his behind-the-scenes actions.
Press accounts have said that Perkins wanted back on the board. True? Perkins denied this in an interview with NEWSWEEK.
Is there not rich irony in that the leaks out of the HP boardroom seem to have continued in the press unabated? Yes. But that says less about HP than it does human nature. When many people in a controversial situation know something, at least some of them will invariably talk to the press at some point. Sometimes they do it to promote personal agendas; sometimes they do so because they believe shareholders or the public really ought to have the information; sometimes they want to correct what regard as bad information already out there in the journalistic marketplace. That’s just how it works.
OK, my HP printer is jammed. Does the current controversy make it more or less likely someone at customer support will be able to help me? It doesn’t matter one way or the other. As important as the scandal is as a touchstone for evaluating corporate regard for privacy, as well as a look into the dysfunctional culture of the HP boardroom, it means little to the day-to-day functioning of the company or its continuing ability to thrive. HP stock has not yet suffered since the scandal broke and few expect Hurd to be distracted, at least while Dunn continues as chairwoman of the board for the rest of the year.
