California Atty. Gen. Bill Lockyer may have a difficult time convicting Hewlett-Packard Co. officials involved in the company's spying scandal because it's not at all clear that state law will enable him to put anybody behind bars, lawyers and privacy experts said Thursday.
No single state statute specifically outlaws "pretexting," or the use of deception to obtain a person's private or personal information. One such measure passed by the Legislature this summer is awaiting Gov. Arnold Schwarzenegger's approval, but he has not indicated whether he will sign it.
Lawyers in Lockyer's office say several state laws, especially one forbidding the use of "false or fraudulent pretenses" to obtain confidential information from a public utility, are likely to apply to the case.
"That one is very on point," Senior Assistant Atty. Gen. Mark Geiger said. "It describes very well what seems to have happened in this case."
He added, "Further interviews are being conducted and further analysis of electronic records is being done."
But legal experts say officers and executives at Hewlett-Packard may be insulated from any wrongdoing committed by their investigators, especially if they gave instructions not to do anything illegal in the course of their work.
HP and some of its corporate officers, including Chairwoman Patricia C. Dunn, are under scrutiny for an investigation the Palo Alto-based technology company staged to identify which company director leaked confidential board information to the media. Private investigators working for HP allegedly impersonated HP directors and reporters covering the company to obtain their call logs from phone companies. The investigation eventually identified George A. Keyworth II as the source; he has resigned from HP's board.
Dunn in interviews has said the HP board was unaware of the privacy breaches. Moreover, an outside lawyer for HP has contended that the investigation did not violate the law. It is unclear whether the lawyer was aware of any pretexting, or whether he regarded it as legal.
The state's ability to tie HP officials to any alleged crime "will be a question of fact," says Robert Weisberg, a professor of law at Stanford University and an expert on white-collar crime. Lockyer would need "some information that they were pretty well clued in."
The case has placed pretexting and its legal implications under a spotlight. The term, a coinage of the private investigation industry, has been used since at least the mid-1990s. Although it carries an air of formality, it was defined in 1998 by then-Federal Trade Commissioner Mozelle W. Thompson as "plain, old-fashioned lies." In 1999, the federal Gramm-Leach-Bliley Act outlawed using false pretenses to obtain private financial information from a financial institution or a customer of the institution.
The investigation industry defines pretexting broadly as almost any form of deception employed to obtain private information. For a hearing in June, the House Energy and Commerce Committee compiled examples such as the extraction of personal information from utilities, phone companies or banks that included not only posing as the customer but also as a roommate, neighbor, spouse or deliveryman.
A favorite maneuver to obtain an unlisted phone number involved asking an operator to contact the subject regarding an emergency involving a family member and to give the target a number to call (say, the private investigator's office). When the frantic subject called that number, his or her unlisted number could be read off the investigator's caller ID screen.
One investigating service's rate sheet published by the committee listed prices for obtaining unlisted phone numbers, utility records and long-distance calls. The service's client list included individuals, bail bondsmen, collection agencies and banks.
Federal and state authorities have taken action in numerous cases in which investigators or data collection agencies have obtained information under false pretenses, but those cases seldom involve criminal charges. In May, for example, the Federal Trade Commission filed court complaints against five online firms that offered consumers' private telephone records for sale to the public. The agency, which contends that the companies obtained the records through fraud, theft or misrepresentation, is asking for a permanent halt to the sales and for the companies to return the money they earned. The agency, however, isn't empowered to seek further fines in the cases.
In March, Lockyer filed a $10-million lawsuit against San Diego-based Data Trace USA Inc., charging that the company posed as phone customers to obtain their records for third parties. The case is pending.
Because no California law specifically bans pretexting to obtain phone records, Lockyer's office is trying to cobble together a criminal case from four provisions of the state penal code, each of which designed with other crimes in mind.