HP has an identity crisis - with other people's identities

* HP board scandal raises questions over the integrity of ID mgmt. at HP

Last issue, we looked at privacy and I ended by asking how trustworthy should the vendors be from whom you buy your identity management products. This usually isn't a question that arises. It's not that the more dubious spammers or adware purveyors are getting into the identity management fields, but what one particular vendor in the identity management space is accused of brings this to mind.

<disclaimer> LavaSoft, maker of the Ad-Aware antispyware tool, defines its targets as "Datamining, aggressive advertising, parasites, scumware, keyloggers, selected traditional Trojans, dialers, malware, browser hijackers, and tracking components." I don't mean to associate any identity management vendor with those practices. At least not yet. </disclaimer>

The recent board scandals at HP have been front-page stories in the San Jose and San Francisco papers on many a day recently. Beyond that, they've been fodder for the New York Times, Wall Street Journal, and other prestigious nontechnical publications. It is alleged that HP used a number of unethical, and possibly illegal, methods to try to stop leaks of information from its various board of directors squabbles (the Compaq purchase, the firing of Carly Fiorina, etc.) over the past few years.

It's alleged that the company employed private investigators to engage in what's euphemistically called "pretexting." This is defined as "when a caller poses as someone else to obtain information" (See "FAQ: HP board scandal"). The investigators allegedly used this method to obtain telephone records of board members, HP employees and newspaper reporters.

Pretexting is, by the way, covered in the Gramm-Leach-Bliley (GLB) Act, written in order to protect consumers’ personal financial information held by financial institutions. As I just read in the white paper “Corporate governance and business continuity and availability,”: “The Pretexting provisions of the GLB Act protect consumers from individuals and companies that obtain their personal financial information under false pretenses, a practice known as ‘pretexting’.” The really interesting thing is that the paper was sponsored and published by … HP!

When someone "poses as someone else" in order to obtain banking or credit card information, though, it's called something else - identity theft. Do you really want your identity vendor to be an admitted identity thief?

According to the San Jose Mercury News, the company also used invisible tracking devices within e-mail messages to reporters, to determine who they might forward the messages to. That would put them in the same league with the "parasites and scumware" purveyors LavaSoft talks about. Makes you wonder what tracking devices might be in the software HP sells you, doesn't it?

It is alleged that investigators, in an investigation led by HP Board Chairman Patricia Dunn, lied, committed identity theft, used unethical tracking means and other questionable methods to, in effect, keep the company's shareholders in the dark about the turmoil going on in the boardroom. In addition, it has emerged that HP CEO Mark Hurd knew of plans for a disinformation campaign designed to find the source of leaks from boardroom discussions (see: "Report: Hurd knew of planned deception campaign").

HP hasn't even begun to make amends for its behavior. Dunn remains chairman of the board until January (when she'll still be on the board of directors). At that time, Hurd will take that post in addition to his role as president and CEO!

There are a lot of good vendors in the identity management field, vendors that offer good products and are trustworthy and show integrity. There's no need to traffic with organizations that can't seem to understand what identity theft is.

** AT DEADLINE: Dunn resigned from the board last Friday, but Hurd took it upon himself to conduct the investigation into the scandal - one in which he may have been a willing participant!

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

IT Salary Survey 2021: The results are in