There must be something illegal here somewhere

| Comments (3) |
The list of people/organizations investigating the HP pretexting scandal now includes:

Here's the thing: it's reasonably clear what HP's investigators did, and while a lot of people seem to want to get in on the action, what we're a little short on is specifics about exactly what law they think has been broken. Typically, this is a sign that while everyone thinks something bad has happened, it's not clear it's actually illegal. Not that that interferes with getting your name in the newspapers by investigating it, though...


I think the fact that Congress is involved is actually a signal that it wasn't illegal. After all, their job is to make new things illegal.

LA Times reports that CA AG Bill Lockyear says he has "enough evidence to indict." on three three CA state laws:

  • the first bars obtaining utility records illegally,
  • the second prohibits "unauthorized use of personal identifying information," or identity theft,
  • and the third covers "unauthorized use of data."
Groklaw speculates that the first refers to California Penal Code Section 538.5:
Every person who transmits or causes to be transmitted by means of wire, radio or television communication any words, sounds, writings, signs, signals, or pictures for the purpose of furthering or executing a scheme or artifice to obtain, from a public utility, confidential, privileged, or proprietary information, trade secrets, trade lists, customer records, billing records, customer credit data, or accounting data by means of false or fraudulent pretenses, representations, personations, or promises is guilty of an offense punishable by imprisonment in the state prison, or by imprisonment in the county jail not exceeding one year.

I'm just glad that the government is getting involved because then that means some new law will come of it. It seems totally absurd that hackers accessing our personal information is against the law but yet if someone internal does it, it's questionable?

Security always has focused around the need to block out external threats, but rarely ever is there discussion about internal threats, which in actuality could be more detrimental to a company.

In my opinion, Dunn's actions were uncalled for and raised many eyebrows but hopefully, much progress will be made in security laws and security compliance of business practices.

Leave a comment