‘Hacking by proxy’ moves closer to ban
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Efforts to ban “pre-texting” – the act of impersonating another in order to gain access to their telephone records or other sensitive information – received an unexpected boost this week after Hewlett-Packard revealed that investigators hired by its board had used the technique to ferret out a suspected leak.
Thomas Perkins, the legendary venture capitalist and longtime HP board member, resigned suddenly in May after the company’s chairman revealed that investigators had used pre-texting to uncover alleged leaks by George Keyworth II, a fellow HP director.
The dust-up became public this week after HP filed a report with the Securities and Exchange Commission outlining the reasons for Mr Perkins’s departure.
Although there is widespread agreement that the methods employed in the board’s investigation raise numerous ethical and governance concerns, experts disagree over the legality of what HP did.
In 1999, US lawmakers passed the Gramm-Leach-Bliley act, which made it a crime to use pre-texting to acquire financial information. But there is no explicit federal law that prohibits pre-texting to obtain other information, such as telephone records, and companies that sell information gained by pre-texting insist it is perfectly legal.
“The absence of a specific federal law is causing many people to believe they can pre-text,” says Chris Hoof-nagle, a privacy expert at the Samuelson Law, Technology and Public Policy Clinic at the University of California at Berkeley.
In its SEC filing, HP said outside counsel engaged by the board had concluded that the use of pre-texting was “not generally unlawful,” further highlighting the legal grey area surrounding the practice.
Efforts to pass a law that would make it a felony to obtain telephone records through fraud have stalled in Congress. Legal experts say pre-texting can be pursued under other laws that do not specifically mention it, such as the federal Computer Fraud and Abuse Act and other state laws that ban “hacking by proxy”.
In an e-mail to HP’s board dated July 28, Mr Perkins said his personal phone records had been “hacked“, and expressed dismay that HP had “authorised, induced and benefited from the “illegal fraud.”
Comments