FCC Queries AT&T About HP Call-Data Scandal

Telecom Policy Report, Sept 11, 2006

It didn't take long for the Federal Communications Commission (FCC) to jump into the mushrooming privacy scandal over Hewlett-Packard (HP) last week, admitting it had hired detectives to investigate board members and journalists secretly and to obtain their phone-call records in order to find sources of corporate news leaks dating back to at least 2005.

The U.S. regulator reportedly initially targeted AT&T with a "letter of inquiry" on its potential role in the HP affair in what could be the start of multiple Enforcement Bureau investigations into possible carrier security breaches normally associated with violations of customer proprietary network information (CPNI) protection rules, i.e., obtaining information without proper authorization.

FCC sources say the inquiry was sent to the San Antonio, Texas-based AT&T (formerly SBC Communications) late last Thursday, but it is not yet known whether the probe may widen to include other major carriers already canvassed late last year and earlier this year by the FCC about compliance with CPNI measures (TelecomWeb news break, Jan. 31). The HP scandal also comes as AT&T and other telcos are alleged to have collaborated with the National Security Agency (NSA) warrantless phone-call surveillance activities.

AT&T spokesman Michael Balmoris neither confirmed nor denied receipt of the FCC letter but he issued a company statement saying "AT&T is committed to both protecting the privacy of our customers and to weeding out those who fraudulently obtain access to customer information. We are working closely with all law-enforcement officials to bring these data thieves to account."

These words are comparable to others made by AT&T and rival carriers earlier this year when local, state and federal government officials reacted to media reports that wireline and wireless call records were easily available for purchase from online brokers. The suspected technique in getting the private information was via fraudulent "pretexting" methods - pretending to be bona fide subscribers to dupe carrier employees and third parties to release such information.

Deepening Inquiry In California

The flap at Palo Alto, Calif.-based HP started when the vendor admitted to national press and government authorities at the Securities and Exchange Commission that its private investigators used pretexting to obtain personal call information. Investigators working for the company allegedly gave false identities - posing as their targets - to obtain calling records from telcos. California Attorney General Bill Lockyer says his office is investigating HP and the private detectives, with HP Chair Patricia Dunn - also vice chair of Barclays Global Investors in San Francisco - said to be under scrutiny in the state criminal investigation, but no charges have been filed yet.

According to Lockyer, HP has been cooperating with an investigation focusing on violations of two California state laws: identity-theft statutes that make it illegal to use someone else's personal information to commit a crime, and computer-crime statutes that make unauthorized access to databases illegal. He said subpoenas were issued in the case, but he declined to name the recipients. "A crime has been committed, we're convinced of that," Lockyer says. "It's unclear exactly who is liable, how severe it is and who had specific knowledge. It's likely if evidence continues to come in the way it has that there will be a prosecution, but we're not ready to go file a complaint. We're still investigating."

One major aspect of the inquiry involves unauthorized access to AT&T's records for venture capitalist Tom Perkins, a founder of Kleiner Perkins Caufield & Byers, who quit HP's board in May supposedly in protest over the company's leak probe. He reportedly received confirmation from AT&T that his records were obtained illicitly, and he wrote to HP's board accusing the company of betrayal, and questioning the propriety and the legality of the activity. California reportedly issued search warrants to investigate the Perkins breach.

Another key figure in the investigation is said to be George Keyworth II, another longtime HP board member who reportedly was identified as the source for some major news leaks. California's investigation is looking at whether HP's private eyes impersonated board members, including Perkins and Keyworth (who are friends), by using such personal details as social security numbers to get online access to call lists. Although Perkins has departed, Keyworth still is on the board. He also holds board posts at Keyworth Company, General Atomics and the Progress & Freedom Foundation.

The news leaks involved a series of HP developments, including disagreements between HP board members and managers over strategic issues, management meetings with semiconductor suppliers Intel and Advanced Micro Devices, the wisdom of HP's merger with Compaq as well as HP's hiring of CEO Mark Hurd to replace the ousted Carly Fiorina. Extensive speculation over the weekend - an anticipated to continue - dwells on legal and liability ramifications for HP along with the future of Dunn and others with knowledge of the internal probe.