Crimes were committed after Hewlett-Packard hired private investigators to obtain the phone records of its own board members as part of a probe into press leaks. It's just not clear who committed those crimes.

So declares California Attorney General Bill Lockyer, who said in an interview Thursday that he's now focusing on how high up the corporate food chain his investigation will lead him.

"In this case, clearly a crime has been committed," he said. "The question is by whom. How far does the liability extend?"

Once Lockyer determines that, he said, criminal charges are likely.

Ryan Donovan, an HP spokesman, declined to comment on the attorney general's remarks, except to say that the Palo Alto company hasn't received any subpoenas from Lockyer's office.

"We are of course cooperating fully with their investigation," he said.

A spokesman for the attorney general's office confirmed that no subpoenas have been issued.

Meanwhile, security pros say HP's spying should serve as a warning not just to corporate insiders in Silicon Valley and beyond, but also to ordinary citizens who might be unaware that the official-sounding voice at the other end of the phone may belong to a professional snoop.

"Most private investigators do this quite a bit," said Scott Newby, an investigator with offices in San Jose and Merced.

"Typically, I'll call someone and say I'm doing a survey on such and such," he said. "This allows me to get information that people might not otherwise give me."

In HP's case, the Palo Alto tech giant acknowledged in a regulatory filing Wednesday that "some form of 'pretexting' for phone record information" had been used to delve into the calling habits of its board members.

It can turn insidious

Pretexting is a fancy way of saying "lying." The art of pretexting lies in being slick enough to persuade your target that you're someone who you're not. This can be relatively benign, such as impersonating a survey taker. Or it can be more insidious.

HP's investigators are believed to have obtained at least the last four digits of board members' Social Security numbers -- a feat that security pros say isn't all that tough if you know where to look.

The investigators are believed to have obtained the numbers through data brokers, companies that sell people's personal information to qualified (or ostensibly qualified) buyers.

An investigator then allegedly contacted AT&T and, posing as a specific board member, persuaded the phone company to send him that person's confidential phone records.

All this took, apparently, was knowledge of the board member's Social Security number and phone number, and a smooth delivery.

Cnet, a San Francisco tech-news service, reported Thursday that phone records of one of its reporters also were accessed by HP's investigators.

Private investigators say they're not barred from pretexting -- as long as they don't do anything untoward with the information they receive. Lockyer doesn't quite see it that way.

"The law doesn't require injury or fraud," he insisted. "It's an invasion of privacy."

Lockyer acknowledged that some pretexting -- the bogus survey, say -- may not constitute a crime under certain circumstances. It depends on how the elicited information is used.

But he said all bets are off if the pretexter is impersonating someone to gain access to that person's data. This is what appears to have happened in the HP case, he said.

Lockyer said a crime -- identity theft -- was committed when the company's investigators pretended to be board members. He said a second crime was committed when the investigators gained access to AT&T's phone records.

"You've falsely impersonated someone else's identity to illegally get computer records," Lockyer said.

"Do I think a crime has been committed? Yes," he said. "But we have to prove who did it."

Lockyer said he's now focusing on whether HP's chairwoman, Patricia Dunn, is a party to the crime. The company's regulatory filing says she ordered the probe into the press leaks.

If Dunn explicitly instructed the investigators to gain access to the board members' phone records, Lockyer said, she is likely a party to the crime.

'Potential conspiracy'

If, on the other hand, Dunn told the investigators (or any go-betweens) that she wanted information about who the board members may have called but was vague about how such info should be obtained, Lockyer said, HP's leadership may not have direct liability.

But the company wouldn't be off the hook.

"At the very least, there's a potential conspiracy case," Lockyer said.

Chris Hoofnagle, a privacy expert and senior attorney at UC Berkeley's Boalt Hall School of Law, agreed that it appears the pretexting methods employed by HP's investigators violate the law.

"Pretexting like this is technically hacking," he said. "This is illegal under state and federal law."

Specifically, Lockyer said, the HP case runs afoul of California Penal Code Section 502, which prohibits "tampering, interference, damage, and unauthorized access to lawfully created computer data and computer systems."

He also said the case involves Penal Code Section 530.5, which bars use of people's personal info "for any unlawful purpose, including to obtain, or attempt to obtain, credit, goods, services or medical information in the name of the other person without the consent of that person."

"Pretexting is a serious problem," Lockyer said.

And in HP's case, he said, the company is guilty of breathtaking arrogance if nothing else.

"The idea of a corporate official spying on another official is outrageous," Lockyer said. "It's also incredibly stupid."

David Lazarus' column appears Wednesdays, Fridays and Sundays. Send tips or feedback to dlazarus@sfchronicle.com.

Page C - 1

An investigator for Hewlett-Packard Co. secretly obtained phone records of nine journalists, including reporters for Cnet Networks, the New York Times and the Wall Street Journal, adding a bizarre twist to a boardroom drama that has transfixed Silicon Valley and has prompted an investigation by the state attorney general.

The snooping, disclosed Thursday by Hewlett-Packard, follows recent revelations about similar spying by the company's hired investigators on its own board members as part of an effort to unmask who on the board leaked inside information to the media.

Business ethicists have almost universally panned Hewlett-Packard for its role in the spying, which has gained a high profile even when compared to some of Wall Street's corporate scandals in recent years. Many legal experts, along with state Attorney General Bill Lockyer, have said Palo Alto-based Hewlett-Packard's intrusions were against the law.

The episode, which comes at a time when Hewlett-Packard is emerging from a financial slump and is regaining its place among the technology industry's leaders, provides a rare glimpse behind the closed doors of one of Silicon Valley's most storied companies.

Ryan Donovan, a spokesman for Hewlett-Packard, said his company gave the attorney general's office a list of nine reporters whose personal information was compromised during the company's investigation and that those reporters subsequently were notified.

The names of four of the reporters have become public: Dawn Kawamoto and Tom Krazit of Cnet, an online publication in San Francisco that covers the technology industry, John Markoff of the New York Times and Pui Wing Tam of the Wall Street Journal.

Kawamoto was told by the attorney general's office Thursday that her home phone records had been accessed by Hewlett-Packard's investigators. The investigators, who have yet to be identified, used a technique called "pretexting" to surreptitiously obtain Kawamoto's information through impersonation.

The practice, roughly defined as posing as someone else to obtain information, is relatively common among Internet fraudsters, who often buy or steal Social Security numbers for the purpose of thievery. In this case, investigators hired by Hewlett-Packard allegedly obtained Social Security numbers, or sometimes even partial Social Security numbers, to open accounts and obtain personal information.

According to Cnet, on Jan. 30 an individual used the last four digits of Kawamoto's husband's Social Security number to create an online account with AT&T, the telephone company, and get the phone records. The phone is under her husband's name, and she never authorized that the information be shared, according to Cnet.

A week earlier, Kawamoto and Krazit had written an article about a private meeting of Hewlett-Packard's board in which members talked about the company's long-term strategy. The article, which relied on an anonymous source for much of the information, led Hewlett-Packard's chairwoman, Patricia Dunn, to call for an investigation of her company's board to uncover the source of the leak.

The Internet address of the person who established the AT&T account matched that of the person who had tried to obtain the phone records of Tom Perkins, a Hewlett-Packard board member who subsequently quit the board in anger after learning of the investigation. He has since led vociferous attacks against the company and has complained to authorities, tarnishing Hewlett-Packard's reputation and prompting the attorney general's investigation.

In a statement, Cnet said it takes the hacking of its employees' records seriously:

"These actions not only violated the privacy rights of our employee, but also the rights of all reporters to protect their confidential sources. We are continuing to gather all relevant facts and to analyze appropriate next steps. We have requested that HP provide us with a full accounting of all actions taken in connection with this matter."

Hewlett-Packard also gained access to the personal phone records of Tam, the Wall Street Journal reporter, using undisclosed methods, her newspaper reported on its Web site Thursday. Tam broke news in January 2005 about concerns Hewlett-Packard's board had about Carly Fiorina, the chief executive at the time who later was fired.

In addition, Markoff of the New York Times was the target of pretexting in 2005, according to an article in the Times, suggesting the practice has been going on for a long period.

Donovan, the HP spokesman, apologized about the investigators' spying on reporters, saying the company "is dismayed that the phone records of journalists were accessed without their knowledge, and we are fully cooperating with the attorney general's investigation." He declined to provide any other details.

Shawn Berman, a management professor at Santa Clara University, called Hewlett-Packard's behavior Big Brother-like and said that the scope of its board's mismanagement is breathtaking.

"I've seen this whole saga as really pushing the frontier as to what's acceptable in the world of ethics," he said. "I don't think there's any board that has spied on its own members and private citizens."

Berman added that Hewlett-Packard's actions -- if ever commonplace among companies -- would put a chill on journalism.

"If we are going to take away from the ability to keep sources private, then that kneecaps a reporter's ability to do the job."