Wednesday, September 06, 2006

HP Spying on Board of Directors' Phone Records

Whether a healthy paranoia, or a series of detailed leaks to the press on HP's future long term strategy, it prompted HP's chair woman to hire experts that obtained access to the call histories of its board of directors' home and cell phone communications thinking possible insiders :

"Last January, the online technology site CNET published an article about the long-term strategy at HP, the company ranked No. 11 in the Fortune 500. While the piece was upbeat, it quoted an anonymous HP source and contained information that only could have come from a director. HP’s chairwoman, Patricia Dunn, told another director she wanted to know who it was; she was fed up with ongoing leaks to the media going back to CEO Carly Fiorina’s tumultuous tenure that ended in early 2005. According to an internal HP e-mail, Dunn then took the extraordinary step of authorizing a team of independent electronic-security experts to spy on the January 2006 communications of the other 10 directors-not the records of calls (or e-mails) from HP itself, but the records of phone calls made from personal accounts. That meant calls from the directors’ home and their private cell phones."

The case highlights that :
- Classification programs type of protection is rarely utilized of companies aiming to balance the trade off of achieving productivity while keep the left hand not knowing what the right is doing when it's necessary -- remember it's the HP way and the management by open spaces that made the company what it is today
- Didn't bother to disinform suspicious parties and decoy them, thus limiting the circle of "suspects"
- Didn't build transparency into the process and that's just starting to make impact
- It's shorthsighted thinking on whether the information defined as leaked wasn't easy to construct through public sources, or that the internal changes weren't already spotted by industry analysts
- They're about to lose their current talanted HR, and the one that was about to join HP. Soft HR dollars are on stake, as I can imagine what will be the faith of a HP blogger if that's how board of directors members threat each other

Here's the article of question, and what provoked this to happen :

"According to the source, HP is considering making more acquisitions in the infrastructure software arena. Those acquisitions would include security software companies, storage software makers and software companies that serve the blade server market. The acquisitions would dovetail with HP's growth plans for its Technology Systems Group, which has already bought companies such as AppIQ for storage management. Hurd has previously said market trends indicate a movement away from mainframe computers and a shift to blade servers, as well as virtualized storage. HP is likely to follow those trends. Meanwhile, in HP's Imaging & Printing Group, the long-term plan to develop commercial printers is likely to continue. "We want to develop the next Heidelberg press," the source said. Of course, HP said basically the same thing back in 2002."

In a previous post, When Financial and Information Security Risks are Supposed to Intersect, I commented on Morgan Stanley's case of knowing who did what, and the growing enforcement of security policies, thus firing employees violating them by forwarding sensitive information to home email accounts. But with the media trying to generate buzz while keeping it objective by mentioning its "sources" and putting the emphasise on "inside company source" no wonder HP is thinking insiders, rather than talkative directors who when asked does the Sun come out in the morning and goes down in the evening, would think twice before answering -- and question the question itself!

Privacy monster courtesy of the EFF.

Related resources and posts:
Espionage
Insider
Wiretapping
Surveillance
Smoking Emails
Insider Competition in the Defense Industry
Espionage Ghosts Busters

No comments:

Post a Comment