In a scandal that has rocked the business world, technology giant Hewlett-Packard has admitted to spying on journalists as well as members of its own board in an attempt to discover the source of information leaked to the media. The case has already led to the resignation of the company’s chairperson and two board members. We speak with Declan McCullagh, Chief Political Correspondent for C-Net News.com — one of the news groups targeted by the spying. [includes rush transcript]
We end today’s program by turning to the business world and a scandal that has rocked technology giant Hewlett-Packard. Over the past two weeks details have emerged of how the company spied on journalists as well as members of its own board in an attempt to discover the source of information leaked to the media. HP has since admitted to the secret surveillance and the case has already led to the resignation of the company’s chairperson and two board members.
In the course of the investigation, the company hired private investigators to obtain the phone records of journalists and considered planting spies in the newsrooms of at least two media organizations. The journalists targeted worked for the New York Times, the Wall Street Journal and CNet.com. The detectives hired by HP executives top also tried to plant spy software on at least one journalist’s computer and followed members of the company’s board and possibly a journalist. Declan McCullagh is the Chief Political Correspondent for C-NET News.com who has been writing about the case. He joins us on the line from Boston.
- Declan McCullagh, Chief Political Correspondent for C-NET News.com.
AMY GOODMAN: Declan McCullagh is Chief Political Correspondent for CNET News.com. He has been writing about the case. He joins us on the line from Boston. Welcome to Democracy Now!, Declan.
DECLAN McCULLAGH: Why, thank you. A pleasure.
AMY GOODMAN: What is going on at HP? Explain exactly what’s happened.
DECLAN McCULLAGH: Well, I think we’d like to know, and we’ll find out in about an hour and 15 minutes, when the hearing before the House of Representatives starts up, but what we’ve had is a company with apparently a dysfunctional board that had an investigation that involved apparently — I mean, I keep saying "apparently" since we don’t have all the details — but apparently on unethical and illegal means to obtain information about board members and nine reporters, including three of my colleagues who sit just a few doors down from me in the newsroom. And we don’t know how widespread this is in corporate America, but the interesting thing is that because this did leak, thanks to the courage of one board member, Tom Perkins, we’ve had probably an unparalleled glimpse into how this kind of investigation works in practice, and that glimpse has shown us some pretty disturbing things.
AMY GOODMAN: Now, explain exactly how HP went after journalists and tried to get phone records.
DECLAN McCULLAGH: Okay, but they didn’t just try to get phone records. They actually succeeded in at least some cases. We’ve been able to find that through talking with prosecutors, other government officials and some of the telecommunications providers themselves. The technique that HP’s outside investigators used — and this was outsourced to sort of multiple levels, to subcontractors even — the technique they used was called "pretexting," and that is simply lying to a telecommunications company and saying that, "I am Declan McCullagh, a reporter with CNET News.com, and I just need another copy of my bill, maybe for an expense report resubmission. Can you fax it to this cell phone number?"
And so, it’s a form of social engineering, is what hackers call it. It’s trying to work on someone and try to convince them to give you access to information that you’re not entitled to. This is done with bank records, as well, but in this case HP’s outside investigators used this with a bunch of different companies. We’ve been able to confirm that AT&T, Cingular, T-Mobile and Sprint Nextel all leaked information about their customers.
AMY GOODMAN: And the planting of people in the newsrooms of your company, CNET, of the Wall Street Journal, how exactly was that going to be carried out?
DECLAN McCULLAGH: We don’t have all the details. We have some sort of vague statements from HP on this. I went to the press conference that HP held at its headquarters in Palo Alto, California on Friday, and they were saying things like this was being discussed, this might have happened, they don’t have all the information. And so, it’s still a little sketchy.
But the idea was, as I understand it, HP’s outside investigators would hire people to pose as folks interested in being hired by C-Net as a cleaning crew, a security, janitorial services. And then they’ll have unfettered access to the newsroom at night. I mean, folks leave in the evening. We don’t run quite a 24-hour news organization. And so after a certain time, there’s no one else on that floor of the building at our headquarters in San Francisco. And so, there they could go through papers. They could turn on computers, that kind of thing.
AMY GOODMAN: You write, Declan, in a piece you just did, "Hewlett-Packard’s phone records scandal might be enough to spur Congress into approving federal legislation banning the practice that’s been stuck in committee for most of the year. The problem, though, is that the proposals in front of Congress aren’t likely to stop some of the most aggressive users of 'pretexting': the FBI, the Department of Homeland Security and other law enforcement agencies." Can you go into this term, "pretexting," in the larger picture?
DECLAN McCULLAGH: Sure. Congress has, throughout the last few decades at least, when it comes to privacy sort of reacted in a very emotional way. Instead of saying, "Well, okay, we need legislation. Let’s take a sober look at it," instead they tend to say, 'Well, here's a big emotional issue that’s captured the headlines, and so we’re going to respond by rushing legislation into law.’ And this seems to be happening a little now, in that you have Congress saying, 'Well, of these bills that we've sort of sat on and haven’t approved yet, 11 anti-pretexting bills have been introduced in the last 18 months, but none have been sent to President Bush so far for his signature.’ So Congress is now saying, 'Well, the HP thing means that we should do it.'
But there’s an interesting subtext here, and that is, almost all of these 11 bills, all but four of them exempt police from pretexting. According to a bunch of reports, including in Time magazine, MSNBC.com, and my own conversations with folks who know what’s going on in the industry, there’s one of the biggest customers of private investigators, firms that conduct pretexting, that is commit probably fraudulent activities to get access to someone’s phone records without a court order, one of the biggest customers is law enforcement. It’s Homeland Security, it’s the U.S. Marshals office, the Department of Justice, the FBI, and so on. And the Bush administration has exerted a lot of pressure on Congress to exempt pretexting done for customers of — or sorry, done when law enforcement is a customer. So this is a really big loophole that nobody seems to be talking about.
AMY GOODMAN: So do you think it’s going to change now? Do you think the HP scandal has gotten enough attention?
DECLAN McCULLAGH: I think it’s gotten enough attention that Congress is probably going to do something pretty quickly. But they are not talking about changing the legislation as written to affect law enforcement, so law enforcement will benefit from this pretty big loophole.
AMY GOODMAN: I mean, this is really astounding, what has taken place. You also have them trying to plant spy software on a journalist’s computer, as well as others, like members of the board and staff at HP? What was this about?
DECLAN McCULLAGH: Yeah, again, we don’t have all the details yet about this. We just have HP’s admission that their current CEO, Mark Heard, approved of this sort of attempt in principle, without maybe knowing all the details. He said he never opened the memo. Again, we’ll find out more when he’s questioned by the House of Representatives subcommittee in an hour or so. He wouldn’t take any questions from reporters on last Friday. He actually just sort of ran from the room when people tried to ask him questions.
But the spy software seems to have been a tracking device that was implanted in an email message sent my colleague Dawn Kawamoto. And that tracking device, we don’t know what it could have been. It probably was a web bug or a web beacon that loads an image on a remote server, and you can tell when the email is opened. It was designed to see who she forwarded the email to. But it apparently didn’t work, because she didn’t forward the email, and so HP was not able to find their leaker through that sort of ethically dubious method.
AMY GOODMAN: The core of the scandal that HP was so concerned about leaking out, that Hewlett-Packard has been involved in, explain what that is, the original story.
DECLAN McCULLAGH: HP had two different investigations, Kona I and Kona II. But both were aimed at finding who the leaker was. HP had some articles that appeared in CNET News.com, my publication, and other publications including the Wall Street Journal, that had information that was discussed at board meetings. It’s unclear how damaging this information was. In fact, it seems to have been something that painted HP in a good light. I mean, this wasn’t ’HP’s a dysfunctional company.’ It’s more like 'HP is taking the next step to improve the quality of its products.'
And so it really wasn’t damaging information, but its CEO and chairman, current and former CEO and former chairman, did not like this at all. And so they said, 'What are we going to do?' They eventually enlisted HP’s internal investigators, who outsourced this. And that’s when they came up with the idea of investigating their board members, investigating some of their employees and investigating journalists. And so it was basically to try to find out who was leaking.
But the interesting thing is that they never actually asked the board members. If they just would have gone to a board meeting and said, 'Okay, anyone who had" — or you just ask each person directly, "Did you have contact with this reporter at this time?" The person who actually was doing the leaking, we found out, George Keyworth, a board member, said he was actually never asked directly and he would have said so, if asked. So it's sort of a bizarre process.
AMY GOODMAN: Declan McCullagh, I want to thank you very much for joining us. We’ll certainly follow these hearings today and report on them tomorrow on Democracy Now! Declan McCullagh is Chief Political Correspondent for CNET News.com.