In Depth

5 Things About Corporate Investigations That Won't Change...

...As a Result of the Hewlett-Packard Pretexting Scandal

By Sarah D. Scalet

than HP's black eye to make them move investigations in-house.

Assumption #3 Congress will pass an antipretexting law because of the revelation that

HP investigators obtained phone records using false identities.

"Are you familiar with the term 'pretexting?'" Rep. Joe Barton (R-Texas) asked one of the witnesses who

had been called to testify before a House Energy and Commerce subcommittee, not about the HP

investigation but about consumer privacy. "There are companies now," he continued, "that are in

existence to proactively invade your privacy and sell the results of their ill-gotten gains to anybody with

100 bucks."

Rep. Barton should know. After extensive hearings on pretexting, he and 29 cosponsors—both

Republican and Democrat—already had introduced legislation, H.R. 4943, to "prohibit fraudulent

access to telephone records." The bill had passed Barton's committee unanimously. Several competing

pretexting bills had been introduced. A bipartisan Senate bill, S. 2178, would "make the stealing and

selling of telephone records a criminal offense." Another House bill, H.R. 4709, set criminal penalties

for obtaining phone records under false pretenses.

The date of this particular hearing at which Barton brought up pretexting was June 20, 2006—a

full three months before HP executives would again find themselves on the stand at another hearing

that involved telephone pretexting. Rep. Barton had introduced his legislation back in March 2006;

competing bills were introduced even earlier, and H.R. 4709 won unanimous House approval in April

2006.

Although he wasn't questioned about pretexting, Scott Taylor, the chief privacy officer of HP, spoke that

day of his company's commitment to protecting the personal information it collects about customers.

"[P]rivacy is actually a core value at HP," he said.

The HP investigation scandal brought new awareness to pretexting for telephone records, but the fact is

that Congress was already well aware of the practice and was taking steps to criminalize it. Indeed, as

far back as 2000, a committee had investigated why pretexting—yes, they used that exact

word—for personal banking records was still proving successful despite the passage of privacy

provisions in the Gramm-Leach-Bliley Act.

The federal telephone pretexting bills stalled, however, and even the HP hearings in September didn't

budge them. It wasn't until after the elections, on Dec. 8, 2006, that the Senate passed H.R. 4709,

advancing the bill to the White House.

What HP did make clear was that everyone agrees on the need for a federal law clarifying who can and

cannot access phone records. Enforcing it will be another story.

Reality check: Federal law protecting the privacy of customer phone records is likely, but it was already

in the works.

Assumption #4 Investigators will stop using telephone call records to build cases.