HP's E-Mail Tracer Plan Pushes Ethical, Legal Envelope - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Business & Finance

HP's E-Mail Tracer Plan Pushes Ethical, Legal Envelope

More commonly used by spammers than corporate investigators, use of e-mail tracers, commonly known as Web bugs, is serious enough for federal investigators to seek court approval before employing one.

Hurd has said he knew about the plan to send false e-mails to a journalist, and he approved of it. However, he says he doesn't recall seeing or approving the use of tracer technology.

Trolling Some Murky Waters

While it's not clear why the ruse didn't work, it is clear that HP was treading in some ethical and legal gray areas.

"If this kind of thing happens without the user's knowledge...it's a sneaky thing," says Shipp. "Legally, it's a very gray area. Ethically, the reason you're doing it is to get information, and you haven't gotten the person's permission to do that. Nowadays people accept it's not a good thing to do."

Scott Christie, who formerly headed up the computer hacking and intellectual property section of the U.S. Attorney's Office in Newark, N.J., says using an e-mail tracer or Web bug is serious enough for government investigators to seek court approval before they head down that road.

"Arguably, you are conducting a remote search of the user's computer by virtue of causing an involuntary transfer of information back to you," says Christie, who now heads up the information technology practice group at McCarter & English, a New Jersey-based law firm. But Christie says some in the government argue that since actual e-mail content isn't being intercepted, a lesser court order would suffice. Regardless of whether it calls for a full-blown search warrant or a court order, Christie says the feds seek court approval before unleashing a Web bug.

"The Web bug does a search on the recipient's computer," says Christie. "Is it a search because it divulges the IP address? Some might argue yes. You are invading the computer to gather information about the user of the computer and the computer itself."

Investigators outside the government aren't bound by the Fourth Amendment, which calls for obtaining search warrants. But the fact that federal investigators seek court approval testifies to the seriousness of the tool, says Christie.

Using e-mail tracers isn't something he says he ever saw in a corporate setting.

"To hear that in a corporate context these were used without court oversight or approval is troubling" says Christie. "It's a rather aggressive technique."

But does it break any laws?

Christie says it comes close to being an unlawful intercept of electronic communications, which would be a violation of the wiretap act. It also skirts around breaching privacy laws. But he says he doesn't think there are any federal laws specifically targeting tracers or Web bugs.

California law, though, could be a whole other ball game.

The state of California, where much of the HP investigation took place, has tougher privacy and computer fraud laws than most other states, according to Christie. That would fall under the purview of the state Attorney General's Office, which is investigating the HP media leak scandal. Tom Dresslar, spokesman for California Attorney General Bill Lockyer, said in an interview last week that he couldn't say if they were looking into HP's use of e-mail tracers.

"It certainly is a shade of gray," says van Wyk. "If they sent something to a reporter and an attachment runs without the reporter's knowledge or permission, then I think the gray just got a hell of a lot darker."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
News
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Slideshows
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll