Greetings. This story hasn't been getting all that much play in the mainstream non-business media, buried as it is among 9/11-anniversary political posturing and related shenanigans.

Hewlett-Packard has yet another problem on their hands (and Chairwoman Patricia Dunn is in the middle of this one as well).

In an attempt to discover who was leaking company information that she felt to be of concern, she (or entities working under her direction) reportedly hired a private detective firm. This organization then used likely illegal methods to obtain the private phone records of HP board members and -- as if that weren't bad enough -- outside reporters as well, including the esteemed John Markoff of the New York Times.

The gumshoes apparently used the time-honored technique of "pretexting" (aka "fraud") to convince AT&T that they were the phone subscribers themselves, and asked for copies of related phone records.

Dunn claims that she'd never heard of pretexting and that she didn't authorize such methods -- but one does have to wonder where the blazes she thought the private phone records were coming from -- the phone fairy, perhaps?

AT&T doesn't appear to be blameless, either. As I've reported many times in the past, major firms' lax security policies, depending on widely available information such as social security numbers, zip codes, or the like as security firewalls for personal information, are incredibly ineffective and just short of criminal themselves. Even worse, if you try to establish passwords or other additional security on your accounts, it's often easy for interlopers to bypass them simply by claiming that they are you, and that you "forgot your password" or the like.

At least two key points can be derived from the current situation.

First, HP's dedication to privacy -- judging by this series of events anyway -- is somewhere south of picayune. You might want to keep that in mind the next time you're pricing out notebook computers or other privacy-sensitive equipment.

Secondly, companies like AT&T who make "pretexting" so easy need to be soundly penalized (in ways not passed on to subscribers) when this occurs, and must be forced to take strong steps to prevent repeat performances. They certainly shouldn't be rewarded for these continuing gaffes with total residential services deregulation -- as the California Public Utilities Commission granted them recently. Nor should they be allowed virtually unfettered access to the cable TV marketplace, as provided by newly passed California legislation.

But then again, money talks, and bul... well, you know. Take care, all.

--Lauren--