Infrastructure // PC & Servers
Commentary
10/3/2006
03:19 PM
Sharon Gaudin
Sharon Gaudin
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Will HP's Troubles Change The MO Of Your Own Corporate Investigations?

The Hewlett-Packard scandal shines a spotlight on the world of corporate intelligence. Private investigators. Surveillance. Pretexting. Using Social Security numbers that employees had entrusted to the company. It's been a bright light on what's appearing to be a pretty shady world. How much will that world change now? Will companies rethink their investigative tactics now that it's glaringly clear their sneaky deeds might end up on the front page or in front of a congressional hearing? Will ex

The Hewlett-Packard scandal shines a spotlight on the world of corporate intelligence. Private investigators. Surveillance. Pretexting. Using Social Security numbers that employees had entrusted to the company. It's been a bright light on what's appearing to be a pretty shady world.

How much will that world change now? Will companies rethink their investigative tactics now that it's glaringly clear their sneaky deeds might end up on the front page or in front of a congressional hearing? Will executives ask investigators for written agreements that laws won't be broken? Maybe more importantly, will executives keep tabs on who's being investigated and how it's being done?

Is it time for corporate intelligence to change its MO?I've been working on a story about corporate intelligence that will run this week. What tactics are both legal and ethical? Which lie in a gray area and maybe should be avoided? And which tactics are way over the line and should never be engaged in? Legal types and investigators have quite a few interesting things to say on the subject. Stay tuned for that piece.

In the case of HP's boardroom leak investigation, it plowed headlong into an intelligence mine field. HP president and CEO Mark Hurd admitted in a press conference on Sept. 22 that investigators hired by the company engaged in pretexting. In case you missed it, pretexting simply means pretending to be someone else so you can con a company into handing over personal information about that person. It's fraud. It's cheating. It's lying. HP's investigators used pretexting to obtain the phone records of board members and their families, as well as members of the press.

While laws about pretexting are fairly new and sketchy at this point, the California Attorney General's Office says crimes were committed, and it's just trying to figure out who committed them at this point. The U.S. Attorney's Office is engaged in its own investigation. That means some HP execs and their investigative bloodhounds could be looking at both state and federal charges. Talk about being between a rock and a hard place. And if that does happen, I think a lot of executives will be even more inclined to keep their investigators on a short leash.

Pretexting is pretty cut-and-dried. Not so legal. Several states, including California, have laws against pretexting. There's also a federal law, but it only pertains to obtaining financial records. Legislation is currently pending that would put more legal constraints around pretexting.

But what do you do when the waters get a little murkier? HP's Hurd also admitted that its investigators sent out fictitious e-mails with tracers or Web bugs attached. In an attempt to lure a reporter into their trap, they pretended to be a disgruntled high-level HP manager e-mailing her phony "inside information." HP was hoping the reporter would forward the e-mail on to her contact on the board, in which case the tracer would provide the company with the board member's IP address, effectively identifying him. But is that an invasion of privacy? Does attaching a Web bug or a tracer break computer fraud laws? Only time will tell if charges are levied over this aspect of the HP investigation.

But if the waters are that murky, do you really want your company doing it? Do you really want your company linked to using a Web bug or tracer?

So I guess it comes down to thinking about the headline. If you run an investigation and it becomes public, what headline would you not want to see? I'm thinking you don't want to see the words "scandal" or "fraud." When you're planning an investigation (no matter how justified it is), you'll have to seriously think about what tactics you feel comfortable using. You'll have to consider how the company will look if news of your investigation came out, and what that news might do to customer relations or your stock price.

And will that change your mind about what investigative tactics you'll use? Will you just try to keep your corporate intelligence maneuvers more undercover, or will you try to stay on this side of the law?

You tell me. Give me your thoughts here, and take our poll on how the HP debacle will affect the way your company runs investigations.

Comment  | 
Print  | 
More Insights
Server Market Splitsville
Server Market Splitsville
Just because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.