Modernizing Authentication — What It Takes to Transform Secure Access
Or is it?
Mac vs. Linux: Which is More Secure?
Is the Mac Really More Secure than Windows?
Silicon Valley was rocked late last summer with news that Dunn ordered company executives to root out the source of leaks about internal company matters in the wake of HPs latest round of corporate upheavals.
In the course of that effort, investigators hired by HP used a well-known and highly illegal tactic, called pretexting, to trick telephone company personnel into turning over the private phone records of the investigations subjects, including board members and news reporters.
News of the spying came out when HP board member, and spying victim, Thomas Perkins, resigned in disgust. In the wake of the revelations, Dunn was forced to resign along with the companys in-house lawyer, and eventually criminal charges were brought against the pair, along with two private investigators.
When news of the scandal first broke in September 2006, I wrote a column suggesting that the long-term impact of HPs excesses would probably be fairly minimal.
But I must confess, it never occurred to me that among those who would be unimpressed with the gravity of the offenses would be the judge hearing the subsequent court cases!
The brutal wrist-slaps doled out by Santa Clara County Superior Court Judge Ray Cunningham send a clear message that fraud, identity theft, and invasion of privacy are inconsequential when theyre done for white-collar reasons.
The message being sent by the judges decisions is pretty clear: try harder not to get caught next time or you too may have to spend two weeks picking up roadside garbage.
I cant help feeling, however, that if those same acts had been committed for some frivolous reason, such as to get money to pay for a drug habit, the defendants would be facing hard time instead of community service.
But when youre engaged in the serious business of ferreting out whos telling stories out of school, the penalties for fraud and identity theft apparently slide below the mandatory minimums for jaywalking.
At least the crack addict has a chemistry-based explanation for their motivations; could there be a similar reason for the illegalities committed in the name of finding HPs internal leaker? A pathological fear of reading embarrassing newspaper articles while enjoying their mornings coddled eggs and toast-points?
The affront to personal privacy and the idea that corporate executives might order illegal privacy invasions is why the HP spying scandal attracted such widespread attention and evoked such powerful visceral reactions from the public, lawmakers, and prosecutors.
Yet, as time wore on and people began to ask Ok, so what harm was really done? the wagging fists soon turned to shrugs.
Indeed, this is a common occurrence when privacy-related problems arise: how do you quantify the harm?
The reality is that most privacy issues have a high shock value, but people have a much more difficult time assessing a real value to a privacy problem.
Privacy is an inherently difficult state to quantify. For too many people, privacy is more valued after its loss than before. As a result, too many people treat their privacy in a very cavalier fashion, scribbling their intimate details on an entry form to win the Jaguar parked in the atrium of their local shopping mall.
In a monetary sense, the victims of the HP spying may well have suffered very little. But how do you put a price tag on peace of mind?
How do you assign a dollar amount to the fear that your phone records are an open book for anybody who can trick a customer service operator?
More importantly, for those of us who invest in public companies like HP, what value can be placed on the ability of newspaper reporters to freely cover the internal shenanigans of a companys leadership team without fear that they will be spied upon in retaliation?
As long as privacy is undervalued as an individual right, it will be difficult to argue that its protection is worth the effort. And as long as privacy is undervalued, it will be difficult to justify harsh penalties for those who willfully breach it for their own petty purposes.
When given the opportunity to assign a value to the fraud, privacy invasions, and breaches of ethics exhibited in the HP spying case, the judge weighed everything and concluded that it was roughly equivalent to the quantity of trash three people could collect during 96 hours of community service.
So, to those corporate executives who might be considering engaging in pretexting to gather some juicy info on your board members, the court wants you to remember something very important: when it comes time to do your community service, the government will provide you with that little orange vest and all the trash bags you need!