Compliance Toolkit

HP's email bugging secrets revealed

Tags:
Bug,
Tracking,
HP,
Email

Joris Evers CNET News

Published: 29 Sep 2006 09:35 BST

…when viewing the source of the email, for example through a program such as Notepad. A firewall could alert the user of the Web traffic, however.

"ReadNotify uses a combination of up to 36 different simultaneous tracking techniques," Chris Drake, the company's Sydney, Australia-based chief technology officer said in an email interview. "One or more of these usually works in all different email clients and operating systems, making us the most powerful and reliable tracking service on the Internet."

In short, ReadNotify uses more technologies than simple Web bugs, Drake said. "All good email programs have blocked these now and most anti-spam programs reject them too, so we no longer rely on this simplistic tracking idea."

During testimony before Congress on Thursday, the legality of including a bug in email messages was questioned.

"I think the law regarding that is not as clear as it should be," Larry Sonsini, HP's outside lawyer, said in response to questions from Representative Jay Inslee, a Washington state Democrat. "Depending on how it is used and the methodologies, it could very well implicate federal or state statutes," Sonsini said.

In the terms of use posted on its Web site, ReadNotify stipulates that its services should be used for "lawful purposes only". The company goes on to say that its product should not be used to transmit "intentionally deceptive email messages".

"Occasionally, we're asked about privacy and legal issues," Drake said. Essentially, ReadNotify believes an email author can do whatever he pleases with the message, including tracking it. "It is important to understand firstly that just because an email comes into your inbox, it does not make it yours. When a person puts the effort into thinking up an email and composing it: that email is theirs."

ReadNotify doesn't monitor its clients, but Drake has had praise and questions about the service, he said. "We do know that we are heavily used by law enforcement in combating both online crime, and real-world crime that has online aspects," Drake said. "The most interesting event was about two years ago, when our service helped recover a kidnapped child when a tracked email provided an international location that led to a safe recovery."

Use of the email bug is one of the possibly illegal methods used in HP's investigation into boardroom leaks. The company is also facing heat over the use of "pretexting", which refers to the use of fraudulent means to obtain someone else's personal records.

In testimony on Thursday, chief executive Mark Hurd said it is important for the company to lead, not follow when it comes to consumer privacy. "I am going to go back to that technology and look specifically at every use of that kind of send-receive technology and make sure there is absolute clarity," he said of the use of email tracing.

Adler's testimony was part of a full day of hearings into the HP spying scandal by an oversight and investigations subcommittee of the House of Representatives' Energy and Commerce Committee. Hurd and former chairman Patricia Dunn also testified, but several other HP employees and contractors invoked their Fifth Amendment rights against self-incrimination.