TMCnet News

When Good Telephone Records Go Bad: Hewlett Packard in the News
[September 27, 2006]

When Good Telephone Records Go Bad: Hewlett Packard in the News

By TMCnet Special Guest
Joseph Sanscrainte , Marketing and Privacy Attorney with Bryan Cave, LLP
With all the attention swirling around Hewlett Packard and its investigation to discover the source of leaks to the media, it is easy to forget that unauthorized access to and use of telephone records has been a “hot” topic for quite a while.  The U.S. House Energy and Commerce Committee began investigations into telephone record “pretexting” early in 2006 (several Hewlett Packard executives, including Mark Hurd, Chairman and CEO, and Patricia Dunn, former Chairman, will be appearing before this committee on September 28). 

In May, the FTC sued five data brokers that obtained and sold telephone records to third parties.  In the past year alone, eleven states have passed laws protecting such information, and most of the remaining states have such legislation pending.

For those just tuning in, Wikipedia defines pretexting as “is the act of creating and using an invented scenario (the pretext) to obtain information from a target, usually over the telephone. It is more than a simple lie, as it regularly involves some prior research and the use of pieces of known information (e.g., birthday, Social Security Number, last bill amount) to establish legitimacy in the mind of the target.” Pretexting is used to obtain utility and financial information, and it is also used to obtain private telephone records.
Under Section 222 of Title 47 of the United State Code, every telecommunications carrier in the U.S. has a duty to protect the privacy of telephone records.  Normally sought after by investigators pursuant to a lawful search warrant in a criminal investigation, such information provides a “telecommunications fingerprint” that can point to additional accomplices, undo alibis, and even, in the case of mobile service, provide information about a suspect’s location at a given time. 
Telephone records also come in awfully handy in private investigations - and the persons conducting such investigations are not in a position to apply for a search warrant.  One of the more dramatic uses for such information is to prove infidelity in a divorce case, and phone records are also extensively used to track people for debt collection purposes.
As noted above, there are eleven states that have passed laws specifically aimed at telephone record pretexting. California (the state where Hewlett Packard conducted its investigation) is, however, not one of them. California Senate Bill 202, which would make it a crime to procure, purchase or sell, without the consent of the subscriber, a telephone calling record, was sent to Governor Schwarzenegger on September 12 for his signature. 
In the absence of a law that specifically impacts the unauthorized procurement of telephone records, California Attorney General Bill Lockyer has stated publicly that he is seeking to determine whether Hewlett Packard’s actions violate California laws related to identity theft, unauthorized access to personal records through the use of computers, and provisions regarding the communication of social security numbers.  In addition, AG Lockyer has noted that the right to privacy is guaranteed under the California Constitution.
Counsel for Hewlett Packard, although conceding that the outside investigator did engage in telephone record pretexting, has made it clear that Hewlett Packard did not authorize the use of an online account to procure personal information; that no wiretapping took place pursuant to the investigation; and that no computer “spyware” software or devices were deployed to record keystrokes of another person’s computer. 
Without a law specifically aimed at using pretexting to obtain telephone records, much remains to be seen in terms of whether existing California laws will apply to the actions of the entity that conducted the investigation on behalf of Hewlett Packard, and ultimately, to Hewlett Packard itself.
Joseph Sanscrainte is a Marketing and Privacy Attorney with Bryan Cave, LLP; he can be contacted at [email protected].

[ Back To's Homepage ]