September 22, 2020

HP Spokesman Says Company Regrets Spying on Him

As most people know by now, Hewlett-Packard was recently caught spying on its directors and employees, and some reporters, using methods that are probably illegal and certainly unethical. Throughout the scandal, we’ve heard a lot from HP spokesman Mike Moeller. This got my attention because Mike was my next-door neighbor in Palo Alto during my sabbatical five years ago. Mike and I spent more than a few evening and weekend hours chatting over the fence.

Now it is reported that one of the targets of HP’s spying was … Mike Moeller. An HP internal email turned over to investigators says, “New monitoring system that captures AOL Instant Messaging is now up and running and deployed on Moeller’s computer”. The company also reportedly had a detective follow Mike at a trade show, and they acquired his private phone records.

I wouldn’t have figured Mike as the type to leak boardroom secrets to the press, and indeed the spies found he had done nothing improper.

What’s interesting is that he is still serving as spokesman for HP. I’m not sure what to make of this. He must have been unhappy about being targeted; who wouldn’t be? But the essence of the spokesman’s job is to stay on message – the company’s message, not your own. Resigning in anger is not the spokesmanlike thing to do, and can’t be a good career move.

Heads have rolled at HP over the spying incident – as they should have – but the investigation is far from over. Executives claim not to have known what was going on, and not to have known it might be illegal, but those claims are hard to believe. Why would the company’s lawyers have allowed this to happen without getting careful legal opinions in advance? The most plausible reason is that they didn’t want to find out whether the spying tactics were legal, just as the executives probably didn’t want to find out how the information they received had been collected.

Obviously HP is not the only organization that did this. The investigators HP hired had plenty of other customers, and they are only part of a larger industry of private spies. Obtaining others’ phone records by identity theft is common enough to have its own euphemism: “pretexting”.

After the fallout at HP, expect more revelations about spying by other organizations. People will be more alert for spying, and they’ll know that revealing it can bring down the mighty. Meanwhile, law enforcement will be prying open the records of the “investigators,” finding more examples of reputable organizations that wanted information but didn’t want to be told where it came from.

Eventually the scandal at HP will blow over, and Mike Moeller’s job will return to normal. But maybe he’ll think twice before sending that next email or instant message to his family.

Comments

  1. One solution for staff is to overtly forward all their communication to all senior colleagues. Alternatively, publish it on the intranet.

    A) It stops you kidding yourself you enjoy truly private communication channels – as opposed to notionally private.
    B) It completely disincentivises scrutiny of your communication, because the value only accrued on the assumption the person spied upon thought they enjoyed privacy. And what’s the point of spying on those who have live webcams?

    A far bigger challenge is for companies to conduct all their communications in the open, e.g. via a public facing Wiki. They can still keep their private intellectual property under lock and key, but I wonder if keeping all internal communication publicly visible engenders strength rather than vulnerability?

  2. Ned Ulbricht says:

    Resigning in anger is not the spokesmanlike thing to do, and can’t be a good career move.

    Who makes up these idiotic rules?

  3. Spokesmen leave their sense of social ethics at home under lock and key until such time as they choose a different career. The point is, they represent the company – and by definition, companies don’t have a sense of social ethics. The spokesman may be asked to pay lip service to them of course.

    So, the last thing a spokesman can exhibit is indignation at the company’s violation of their privacy, or other employee rights – that is a matter for another department.

    I’d rather be a cesspit service engineer than a spokesman, at least I’d be expected to let people know when the shit the company was shovelling didn’t smell right to me.

  4. Ned Ulbricht says:

    Crosbie,

    Is he allowed to resign after the California Attorney General announces which criminals have been indicted?

  5. He can resign any time he likes. He may well be in a lose-lose situation, but as you suggest, those who choose to live by idiotic rules…

  6. So pretty much nobody is safe from spies anymore. We are always being watched by someone. Creepy.

  7. To gain access to any corporate intranet/domain, you usually have to click “OK” to a message saying “Anything done on this computer may be monitored”

  8. Ned Ulbricht says:

    From “transcript
    of remarks made at a September 22 press conference by Michael Holston, partner with law firm Morgan Lewis, legal counsel to Mark Hurd, CEO of Hewlett-Packard:”

    · At this point in our investigation, there is evidence that SOS, directly or indirectly, obtained telephone (landline or cell) or facsimile call information through “pretexting” for:o Two (2) current HP employees

    So, Shadyman,

    Does an agreement that an employee’s use of corporate computing infrastructure extend to an agreement that the company may hire an outside contractor to impersonate the employee and obtain their personal telephone records?

    Or is that covered by a different agreement?

  9. He may have signed an employment contract that grants to the employer ownership over all intellectual property that the employee receives from them or creates whilst in their employ, which includes permission for the employer to take such steps as necessary for the protection of this IP both inside and outside the organisation.

    More idiotic rules. No ethics.

  10. Ned Ulbricht says:

    […] contract […]

    Crosbie,

    I said “agreement.” A contract must be for a lawful purpose.

  11. the_zapkitty says:

    Crosbie Fitch Said:

    “More idiotic rules. No ethics.”

    “More rules. Less ethics.”

    Zeitgest?… 😉

  12. A voluntarily signed contract is still an agreement – a legally binding one.

    Although, perhaps you are suggesting it ceases to be a valid contract when unlawful, and consequently ceases to be an agreement?

    That contracts are supposedly for lawful purposes doesn’t stop nefarious employers using them as plausible grants of jurisdiction within the employee’s private domain.

    Anyway, it doesn’t matter. Until principle precedes profit, corporations will tend toward ethical delinquency.

  13. Ned Ulbricht says:

    Generally, an agreement to perform an unlawful act is not an enforcable contract. For instance, an agreement to obstruct justice is not a contract.

    In your earlier post, you suggested that he may have purportedly agreed that any “intellectual property” he created belonged to the company. That agreement may be contrary to public policy in Californa. See California Labor Code Section 2870:

    (b) To the extent a provision in an employment agreement purports to require an employee to assign an invention otherwise excluded from being required to be assigned under subdivision (a), the provision
    is against the public policy of this state and is unenforceable.

    Closer to the facts at hand, an agreement which purports that an employer may violate the law in the course of an employee investigation is just not an enforcable contract.

  14. “What’s interesting is that he is still serving as spokesman for HP. I’m not sure what to make of this.”

    Um, how about HP writes him a paycheck every other week that he prefers over none? Finding another (agreeable) job, even for somebody good and with stellar track record, typically doesn’t happen in a snap, and carries substantial risks of various sorts.

    One thing that works for some is “internal resignation”. Probably difficult to execute for a spokesperson.

  15. Ned, I’m aware of unenforcability. However, just as the DMCA makes some companies think they can prosecute for any violation (as opposed to a copyright infringing violation), so a contract (irrespective of its legality) can ‘persuade’ both sides that the employer has carte blanche unless the employee can afford a lawyer.

    The conduct of the government in granting itself the ability to invade privacy probably gives corporations the confidence that they can do the same – and vice versa.

    Remember, every good citizen is surrendering their privacy in order to help root out the rot. Anyone who defends privacy is a witch, commie, paedophile, terrorist… etc.

  16. Ned Ulbricht says:

    Remember, every good citizen is surrendering their privacy […]

    So, Crosbie, when HP’s Global Master Privacy Policy states—

    HP provides notice and choice to individuals regarding the type of personal information collected and its intended uses.

    …and when it states…

    * HP obtains personal information by lawful and fair means.

    * HP complies with relevant privacy and data protection laws in the locations in which HP operates

    —does that show that HP doesn’t belong among the “good citizens”? Or is that just false advertising?

  17. Ned,

    That shows that they have a privacy policy and that they’re not scared to publish it.

    Perhaps they have a global master security policy covering their IP and commercial secrets?

    Perhaps some employees have employment contracts that are at odds with one or more policies?

    Perhaps some staff are over zealous in pursuing some contracts or policies at the expense of others?

    Perhaps the Dept. of Homeland Security has legal instruments that overrule HP’s policies?

    I don’t know. Perhaps the courts will find out? Perhaps this is all sub judice and we should all keep our musings of hypotheticals to ourselves?

    Naturally, HP will take pains to demonstrate it is a good citizen.

    And so should we all take pains to demonstrate ourselves as good citizens – defending or surrendering our privacy as necessary for the safety of us all.

  18. Ned Ulbricht says:

    Perhaps this is all sub judice and we should all keep our musings of hypotheticals to ourselves?

    According to today’s San Francisco Chronicle, Ms. Dunn’s attorney, Jim Brosnahan has issued a statement to the press, calling the charges:

    “the culmination of a well-financed and highly orchestrated disinformation campaign.”

    “These charges are being brought against the wrong person at the wrong time and for the wrong reasons,” he said.

    Later in that same story, Loyola University law Professor Laurie Levenson is quoted:

    “You have an attorney general running for political office […]”

    When a respected defense attorney publicly charges that a prosecution is brought to further an election campaign, the citizenry has a right to be concerned and ask questions.

  19. Ned Ulbricht wrote:
    “respected defense attorney”

    Eh — and where do you find one of those? 🙂

  20. Crosbie Fitch makes an exellent point “DMCA makes some companies think they can prosecute for any violation (as opposed to a copyright infringing violation)?