Sunday, September 17, 2006

The New York Times



September 18, 2006

Hewlett Spying More Elaborate Than Reported

A secret investigation of news leaks at Hewlett-Packard was more elaborate than previously reported, and almost from the start involved the illicit gathering of private phone records and direct surveillance of board members and journalists, according to people briefed on the company’s review of the operation.

The effort received some degree of supervision from three officials — Patricia C. Dunn, the company’s chairwoman, along with its general counsel and another staff attorney — but was quickly farmed out to a network of private investigative firms early last year, according to descriptions of the findings. It is still unclear how much they knew about the details.

Those briefed on the company’s review of the operation say detectives tried to plant software on at least one journalist’s computer that would enable messages to be traced, and also followed directors and possibly a journalist in an attempt to identify a leaker on the board.

The revelations at Hewlett-Packard, the computer and printer maker that helped define Silicon Valley, have provided a rare glimpse of boardroom turmoil — resulting in Ms. Dunn’s agreement to step down as chairwoman in January, and two resignations from the board.

But they have also cast a harsh light on the questionable and possibly illegal techniques used in the episode, raising the possibility of criminal charges in investigations under way by the California attorney general and the United States attorney in San Francisco.

The hunt for a boardroom leaker began as early as January 2005, with a focus on disclosures immediately preceding the ouster of Carleton S. Fiorina as chairwoman and chief executive, with a second phase that began a year later. Hewlett-Packard has said that as a public company, it had a responsibility to stop unauthorized disclosures.

But the review reveals that the investigation by its detectives was notable for a lack of close supervision by company officials.

The people briefed on the internal review said that at various times, questions were raised about the legality of the methods used. They did not identify who raised the questions, when, or to whom they were addressed. But a crucial legal opinion was supplied by a Boston firm that shares an address and phone number with one of the detective firms working on the case.

Those speaking about the company’s review would do so only if they were not identified. A Hewlett-Packard spokesman yesterday declined to comment on their account.

In addition to the scrutiny by prosecutors, a House subcommittee has also entered the case, asking for documents on the internal investigation to be delivered today in advance of a Sept. 28 hearing in Washington.

Some of those documents are expected to reveal that detectives made several attempts at direct surveillance of some directors, and were given photos of reporters to help identify them.

At least one reporter, Dawn Kawamoto of the online technology news service CNET, may have been followed as part of the 2006 investigation, said a person briefed on the investigation. Ms. Kawamoto was the co-author of an article on a senior management meeting held in January.

The detectives also tried to plant software in the computer of a CNET reporter that would communicate back to the detectives, people briefed on the company review said. Ms. Kawamoto said in an interview earlier this month that prosecutors had told her that such a ploy may have been used, but said she was not aware of any surveillance.

Representing themselves as an anonymous tipster, the detectives e-mailed a document to a CNET reporter, according to those briefed on the review. The e-mail was embedded with software that was supposed to trace who the document was forwarded to. The software did not work, however, and the reporter never wrote any story based on the bogus document.

On Saturday, the company identified one of two employees who it said had been a target of scrutiny in the internal operation. It said the private phone records of the employee, Michael Moeller, director of corporate media relations, were taken.

It is not clear why Mr. Moeller, whose job it is to speak with reporters, was included in the operation. Robert Sherbin, Hewlett-Packard’s vice president for external communications and Mr. Moeller’s boss, said yesterday, “Investigators’ suspicions were misdirected and were unfounded.” He would not elaborate.

Although the company said others outside the company were also targets of detectives, it has not identified those people.

According to those briefed on the internal review, the Hewlett-Packard investigation had two stages: from January to August 2005, when nothing of substance was turned up, and again in January 2006, after the CNET article appeared.

The first call for an investigation from the board came in January 2005 after The Wall Street Journal published an article that cited discussion of the board about a management reorganization and changes in the responsibilities of Ms. Fiorina, then chairwoman and chief executive.

An article in The New York Times on Feb. 10, recounting Ms. Fiorina’s ouster by the board, contained extensive details of a directors’ meeting and fueled the desire to plug leaks.

Reporters from those two newspapers, CNET and Business Week have been told by the California attorney general’s office that they were targets in the operation.

Within 60 days, the investigation into the leaks was up and running, according to those briefed on the company review. Responsibility for the investigation was delegated to the company’s global investigations unit, based in the Boston area. Those company officials turned the effort over to Security Outsourcing Solutions, a two-person agency that hires specialists for investigations.

That firm hired Action Research Group, an investigative firm in Melbourne, Fla.

The actual work of obtaining the phone records was given to other subcontractors, one of which is said to have worked in or near Omaha. The methods were said to have included the use of subterfuge, a practice known as pretexting.

Federal and California law enforcement officials, as well as the Congressional subcommittee, are examining that chain of detectives for possible criminal wrongdoing in obtaining the phone records of directors and journalists. The California attorney general said last week that he had enough evidence to indict people inside and outside the company.

Hewlett-Packard has steadfastly refused to identify any of the investigators it used, including its own.

People briefed on Hewlett-Packard’s review of its internal investigation say that it was authorized by Ms. Dunn, the chairwoman, and put under the supervision of Kevin Hunsaker, a senior counsel who is the company’s director of ethics. But it is not clear what level of supervision he gave to the project.

Ms. Dunn has said in recent interviews that she could not supervise the investigation because she was also a potential target. She has said she turned to the company’s security department in April or May 2005 for an initial investigation, then asked Ann O. Baskins, the company’s general counsel, for help in the further investigation last January. Ms. Baskins supervises a team of more than 100 lawyers around the world.

At at least one point, the company’s lawyers sought a legal opinion. But it did not come from Hewlett-Packard’s own outside counsel, Larry W. Sonsini of Wilson Sonsini Goodrich & Rosati, an eminent Silicon Valley law firm.

Instead, the company asked one of its contractors, Security Outsourcing Solutions, for the opinion. It turned to a Boston lawyer, John Kiernan of Bonner Kiernan Trebach & Crociata, for that opinion. Mr. Kiernan’s office shares a Boston address and phone number with Security Outsourcing Solutions.

The company, in a recent filing with the Securities and Exchange Commission, said it had received an outside counsel’s opinion that the investigative methods were legal, but it did not identify the source of that opinion.

It is also not clear whether company lawyers were aware of the close business and personal ties between Mr. Kiernan, Ronald R. DeLia, the owner of Security Outsourcing Solutions, and Anthony R. Gentilucci, the Boston-based manager of global investigations for Hewlett-Packard.

Executives and lawyers back in the company’s Palo Alto, Calif., headquarters remained in the dark even after a summary report was produced for them about each of the two phases of the operation, according to those briefed on the review. Neither of the reports, they said, outlined the methods used.

There were discussions of phone numbers and calls in the report. But it is not clear why that fact apparently did not raise the alarm among any Hewlett-Packard lawyers about the means used to gain the information.

The findings were ultimately presented to the board at a meeting in May, with George A. Keyworth II, the board’s longest-serving member, identified as a source of leaks. He refused a request to resign, but a fellow board member, Thomas J. Perkins, a prominent Silicon Valley venture capitalist, resigned over the handling of the investigation.

It was only through subsequent inquiries that Mr. Perkins learned more about the methods used in the investigation. It was his determination to get the company to acknowledge the reasons for his departure that brought the internal investigation into the spotlight this month.

“There are only two ways to get an individual’s phone records, through a subpoena or the voluntary disclosure by the individual,” Viet D. Dinh, a lawyer for Mr. Perkins in his dispute with the company, said in an interview earlier this month. In an e-mail message to Mr. Sonsini on June 19 , Mr. Perkins raised the question of the legality of obtaining private phone records without a subpoena. Mr. Sonsini responded that Ms. Baskins had “looked into the legality of every step of the inquiry and was satisfied that it was conducted properly.”

According to those briefed on the company’s review of its investigation, there is no indication that Mr. Sonsini, considered the most powerful lawyer in Silicon Valley, was involved in seeking outside investigators for Hewlett-Packard in 2005 or 2006. He became involved, they said, only when the board asked him for a legal opinion of the investigation and the methods used.

Mr. Sonsini has said that his direct involvement in helping the board trace news leaks was limited to interviews with directors conducted in early 2005.

Mr. Sonsini told the board in August, after his firm’s investigation of the detectives’ methods, that the use of pretexting “was not generally unlawful.” The law firm could not say whether the detective agencies hired by Hewlett-Packard, or the subcontractors any of them used, “complied in all respects with applicable law.”