Take a look at the way the Hewlett-Packard filing describes the use of identity-theft and lying to obtain the telephone records of board members:
The Committee was further advised that the Chairman and HP had instructed the outside consulting firm to conduct its investigation in accordance with applicable law and that the outside consulting firm and its counsel had confirmed to HP that its techniques were legal. After its review, the Committee determined that the third party retained by HP’s outside consulting firm had in some cases employed pretexting. The Committee was then advised by the Committee’s outside counsel that the use of pretexting at the time of the investigation was not generally unlawful (except with respect to financial institutions), but such counsel could not confirm that the techniques employed by the outside consulting firm and the party retained by that firm complied in all respects with applicable law.
There’s a technical term for this kind of legal reasoning—“Ass Covering Bullshit.” Now corporate clients often like to get ACB from lawyers because it gives them plenty of room to maneuver. They can say that the lawyers told them the conduct wasn’t necessarily illegal. Meanwhile, lawyers like to hand their ACB because they can always say that they never said the conduct was necessarily legal either.
Here the opening for ACB is that while some pretexting is clearly illegal, some of it hasn’t been tested by the courts. Federal law clearly prohibits “pretexting” to get information from a financial institution. But the law is less clear about whether “pretexting” in other cases is illegal.
But any lawyer worth his Gucci’s would tell a client to avoid pretexting unless the rewards were great enough to justify the legal risk. What legal risk? The risk of prosecution, which in the case of what seems to have gone on with the Hewlett-Packard board members is quite high. Any creative prosecutor could find at least four ways to prosecute someone who obtains a target’s social security number and uses it to dislodge phone records from a phone company.
The four ways of prosecuting the HP spying after the jump.
First, it’s illegal for a phone company to hand over records to third parties (except to law enforcement under special circumstances). Here the phone companies were tricked into handing over the records—and that would be their defense—but they could still have violated the law if their security procedures were inadequate. So the phone companies could be in trouble here.
But so could the investigators who tricked the phone companies. Think of a similar circumstance where Patty NoGoodnik asks Innocent Liz to drive her car home for her. Only the cars not Patty’s—it belongs to someone else—and so Liz has stolen it. Liz won’t be prosecuted because she was unaware. But Patty induced Liz into committing the crime and can be prosecuted for this. By analogy, an investigator who tricks the phone companies into violating nondisclosure rules can probably be prosecuted for that inducement.
Second, the investigators used Social Security numbers to get the information. We haven’t checked but we’re pretty sure that somewhere on the books there is a law barring the deceptive use of some one else’s Social Security number to pretend to be them.
Third, many states have newly enacted “identity theft” statutes that would cover this sort of thing.
Finally, the investigators were paid to carry out this activity. This means that they may have violated rules against selling illegally obtained property. Another count on the docket.
We’re not sure how creative the California Attorney General’s office is, so we don’t know how far they’ll push this kind of reasoning. But, come to think of it, now that we’ve spelled it out for them they don’t even have to be that bright or creative. They just have to read DealBreaker.