In late January, Kevin Hunsaker, a compliance lawyer at Hewlett-Packard (HPQ) picked up the phone to call his boss, Ann Baskins, with some bad news. There had been another leak of confidential corporate information to the press.
It was the weekend of Jan. 21, and Baskins, HP's general counsel, and other top-level executives were in Palm Springs, Calif., for an off-site meeting. The company had been subject to a string of leaks dating back to early 2005, when BusinessWeek and the Wall Street Journal got tips of the executive upheaval that eventually led to then-CEO Carly Fiorina's ouster. An investigation into those leaks was inconclusive. Now, Baskins and HP Chairwoman Patricia Dunn were outraged at news of the latest breach. After consulting with the board, Baskins gave Hunsaker the go-ahead to investigate.
He did so with a vengeance.
Dozens of pages of internal HP e-mails, memos, and other documents released by congressional investigators on Oct. 2 show that Hunsaker determined the scope of the investigation's direction and made pivotal decisions that later would come to light and put HP's reputation on the line (see BusinessWeek.com, 10/3/06, "Memo 1: 'That person is liable in some sense…," "Memo 2: 'I have serious reservations about what we are doing…," and "Memo 3: 'This is 'Don't Ask, Don't Tell'…"). The probe ultimately led to Hunsaker's departure from the company and forced the resignation of Dunn and other high-ranking company officials, including Baskins. It sparked congressional, Justice Dept., and California state investigations. And it has given the corporation a black eye (see BusinessWeek.com, "Controlling the Damage at HP").
NO COMMENT. How did a lawyer responsible for overseeing HP's business conduct find himself at the center of a company ethics scandal? Hunsaker appears to have been put in a difficult position, one that required steely corporate ethics mettle. The staff lawyer, part of a 100-person-plus legal team, was under direct orders from the tech giant’s chairwoman and chief counsel, who put him in the questionable position of playing corporate advocate rather than dispassionate compliance advisor.
Hunsaker also seems to have relied too heavily on the assurances of his own investigators that their methods were legally valid. And, if his e-mail exchanges with his investigative team are any indication, he quickly grew passionate about the cat-and-mouse challenge he had been assigned. He was determined to find the source of the leak.
Michael Pancer, Hunsaker's lawyer, said he had not examined the hundreds of pages of documents released by House investigators and could not comment in detail for this story. But he said impersonating a phone customer to get telephone numbers—the most controversial tactic used by HP investigators—had been initiated by Dunn back in 2005, when she first began investigating company leaks. "Kevin Hunsaker was not involved in that investigation. He had nothing to do with it," Pancer said.
POSITIVE FEEDBACK. Pancer said Hunsaker was doing the job that had been assigned by his superiors, and at no time did he sanction or conduct any illegal activity. "A lawyer's ethical obligation to a client is to do anything legal to get the correct result. It's the client's job to say, among all the legal things you could do, there are some things I'd rather you not do," Pancer said.
Hunsaker never got that sort of direction, at least not from Dunn, Baskins, or anyone above him. What he did get, on several occasions, was approval from Dunn and Fiorina's successor, CEO Mark Hurd, to employ certain tactics at critical junctures during the probe. And he received Dunn's consistently positive feedback on several occasions throughout the months-long investigation.
Days after getting his assignment, Hunsaker had assembled an investigative team and formed a plan of action. He conceived an e-mail sting operation to use against a reporter. He mulled intercepting text messages from HP directors' cell phones. He gave outside gumshoes the O.K. to tail reporters, HP employees, and director George "Jay" Keyworth, a prime suspect. He directed his investigators to track down the thieves who had stolen Keyworth's laptop on an October, 2005, trip to Italy so the computer could be examined for unauthorized communication with reporters. And, on numerous occasions, he ordered expansive use of "pretexting"—the tactic of lying to phone company employees to obtain the confidential billing records of HP employees, board members, reporters, and others.
FAKE SOURCE. One tactic was nixed before it could be employed. HP internal investigator Fred Adler, a member of the Hunsaker team, quickly shot down the idea of obtaining text messages from directors' cell phones. "Even if we could legally obtain the records, which we can't unless we either pay the bill or get consent, I would highly suspect text-messaging records are not kept due to volume and expense," Adler wrote in a Jan. 28 e-mail.
Copied on Adler's e-mail were the core members of Hunsaker's investigative team: HP's global security chief, Anthony Gentilucci, who quickly became a Hunsaker confidant and advocate, and Vincent Nye, also an internal HP investigator who, along with Adler, expressed concerns about the direction the investigation was taking. Adler's comment was the first of many concerns he and others would raise in the coming months about the legality of the team's tactics.
The team might have balked at obtaining text messages, but it quickly bought into another Hunsaker idea—creating a fictitious "source" named Jacob to win the trust of CNET reporter Dawn Kawamoto. E-mails from "Jacob" would then be embedded with "Web bugs" that could be traced if Kawamoto forwarded the e-mails to someone else, such as her HP sources.
"DOOZY" OF A SCOOP. In an e-mail to Gentilucci the night of Jan. 23, Hunsaker hammered out a draft of "Jacob's" first e-mail. "We DEFINITELY need to get the approval of Ann [Baskins], Mark [Hurd], and Pattie [Dunn] before doing it, but I think it's a very creative idea that just might work," Hunsaker said. He and Gentilucci brainstormed on what sort of persona to give the fake source, and by the end of the night had a workable draft in hand.
Hurd and Dunn signed off on the e-mail before it was sent. But even Hunsaker himself did not seem totally at ease with the tactic. "Of course, I'm not sure we want this directly traceable back to HP…," he told Gentilucci. Later, in a Feb. 3 e-mail to the team, as well as to Timothy O’Neill in HP’s IT Security Div., he sought assurances that the Web bug could not be linked to HP. If CNET "ultimately trace[s] it back to us somehow, we could end up with some seriously bad publicity," Hunsaker said.
On Feb. 5, Hunsaker sought the O.K. from Dunn and Fiorina's successor, Hurd, before going ahead with the e-mail sting. By Feb. 8, the team had come up with "a doozy" of a scoop to give Kawamoto. "STRAP ON YOUR HELMETS FELLAS, WE'RE GOIN IN!!!," Nye wrote as the team pushed the button on "Jacob's" first e-mail to Kawamoto.
A BREAK IN THE CASE. The team was less gung-ho about the use of ruses to obtain confidential phone records. Hunsaker had enlisted Ron DeLia, a Boston-based investigator who had been working for years as an HP contractor, to gain access to accounts to determine if and when HP insiders had contacted reporters. "Is it all above board?" Hunsaker asked Gentilucci on Jan. 30, after taking flak from Nye and others. "I think it is on the edge, but above board," Gentilucci replied. Hunsaker's response: "I shouldn't have asked…."
By Feb. 6, DeLia's investigators had made a break in the case, uncovering a call from CNET's Dawn Kawamoto to Keyworth's home phone. "Is Keyworth's [phone number] in the phone book? If not, how the hell did Kawamoto know the number?" Hunsaker wrote. He called the discovery "great news." Hunsaker told his team: "I'm starting to get excited."
Nye was not in a celebratory mood. "I have serious reservations about what we are doing," he shot back in an e-mail. "It is very unethical at the least and probably illegal. If [it] is not totally illegal, then it is leaving HP in a position [that] could damage our reputation or worse," Nye wrote."I am requesting that we cease this phone-number-gathering method immediately and discount any of its information."
"WILD IDEA." In a later e-mail to Adler, Nye questioned whether Baskins, HP's general counsel, was being kept in the loop on the team's methods. It was clear, Nye wrote, "that this is a 'Don't ask, Don't tell,'" situation, with regard to the use of pretexting.
But the practice continued, and Nye remained uneasy. In early March, he detailed his concerns in a memo. "If one has to hold his nose and then conduct a task, then [it] is logical to step back and consider if the task or activity is the right thing to do," he wrote in a draft memo he sent to an HP security colleague for review. "Speaking for myself, I won't use this particular tactic on those cases I have been assigned to lead." Documents released by House investigators don't indicate whether Nye ever sent his memo to Hunsaker.
By then, Hunsaker was making broad use of the tactic. In a Mar. 21 e-mail exchange with Gentilucci, he said he had "a wild idea" to get the goods on Keyworth. "It involves pretexting [Keyworth] or his wife at their house," he wrote. Gentilucci's response: "Just don't tell Fred [Adler] and Vince [Nye]." "No kidding," Hunsaker said.
NO DOUBT AT THE TOP. Hunsaker had sought and received assurances from DeLia, the outside investigator, that pretexting was legal. And Gentilucci had commissioned his own research that seemed to put HP in the clear. According to research done for Gentilucci by an unidentified law clerk, an investigator obtaining "a wire, oral, or electronic communication" is not civilly or criminally liable unless the information is used to commit a criminal act.
But if Hunsaker had any doubts about the direction of the investigation, Patricia Dunn herself put them to rest. After a February briefing on the investigation, including an overview of the methods being employed, Dunn gave Hunsaker's heroes two thumbs up. "She was impressed with what we put together for her and is confident we are on the right track," Hunsaker said in a Feb. 3 e-mail to his team.
On Apr. 24, after the investigation had wrapped up, concluding that Keyworth was, in fact, the source of the leaks to CNET, Hunsaker was promoted. His new title: director of HP's standards of business conduct team, the company's chief ethics officer. But by the end of September, after details of his investigation became public, his fortunes had turned and Hunsaker had left the company.