HP case wraps up but pretexting problem remains

Although the criminal case involving the pretexting scandal at Hewlett-Packard is coming to a close and a new federal law makes pretexting illegal, it will likely remain a problem for phone companies and other potential victims of the practice.

"There are always people out there who are looking to get around systems," said Walt Sharp, a spokesman for AT&T, whose customer phone records, along with those of other carriers, were fraudulently obtained in the HP case.

It wasn't the first time records were taken from AT&T. The operator is expecting a resolution soon to two lawsuits, not related to the HP case, that it filed last year in federal courts in San Antonio and San Francisco against data brokers it accuses of using pretexting to obtain AT&T customer records, Sharp said.

On Wednesday, a state judge in San Jose, California, dismissed the felony charges against ousted HP Chairperson Patricia Dunn, and also will dismiss felony charges against former HP legal counsel Kevin Hunsaker, private investigator Ronald DeLia, and data broker Matthew DePante if they perform community service and pay restitution. The investigators, hired by HP to identify which directors were leaking board deliberations to reporters, were charged with fraudulently obtaining records from a public utility, identity theft, and conspiracy.

The HP case is still being investigated by the U.S. Attorney's Office in San Francisco, which obtained a guilty plea in January from another figure in the case, data broker Bryan Wagner, who faces sentencing June 20 in San Jose.

But pretexting was a problem before the HP case and will be after, said Sharp.

"This is a constant process of reviewing our security measures," he said. AT&T now requires that someone requesting phone records present "very precise identifying information" to prove they are the person seeking their records, he said.

The HP case also hastened passage of federal legislation that makes obtaining private records under false pretenses, or pretexting, illegal. The bill President George Bush signed in January also prohibits the selling of such illegally obtained records.

The Electronic Privacy Information Center (EPIC), an advocacy group, says the criminal statute sends a clear message.

"It's now illegal, so any entity with a storefront that would be engaging in this now has a strong incentive not to," said Lillie Coney, associate director of EPIC.

It'd be up to the U.S. Department of Justice to prosecute violations of the new law. EPIC also thinks the Federal Communications Commission and the Federal Trade Commission should step in to stop pretexting, Coney said.

The FTC filed a civil suit in Federal District Court in Orlando, Florida, in February seeking "a permanent halt to operations" that engage in pretexting.

The FTC complaint names as defendants Action Research Group, of Melbourne, Florida, the firm implicated in the HP case, and its father and son owners, Joseph and Matthew DePante. It also names Wagner, who actually did the pretexting in the HP case, and another investigative firm not charged in that case.

The suit isn't related solely to the defendants' conduct in the HP case, but that certainly brought them to the FTC's attention. "I think that played a role and it provided us with additional evidence that these individuals were, in our view, violating the law," said Joel Winston, an FTC spokesman.