Former HP Chief Security Strategist: Company's Leak Investigation Crossed The Line - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Former HP Chief Security Strategist: Company's Leak Investigation Crossed The Line

Ira Winkler, a former CSS at HP, talks about the bad decisions the company made in its boardroom leak investigation, where he thinks investigators crossed the line, and how common intelligence schemes are in corporate America.

A former chief security strategist at Hewlett-Packard says executives should have called in federal investigators to handle the boardroom leak instead of getting caught up in shady spying tactics.

Ira Winkler, now president and acting CEO of Internet Security Advisors Group (ISAG), joined HP in 2001 and served as both chief security strategist and chief security evangelist until he resigned in 2004. He served as a consultant there, advising HP clients on their own security strategies. Winkler says he left because of changes in HP's management style, which he saw as moving away from "The HP Way" style and toward a focus on shorter-term goals.

The trouble HP has found itself in in recent weeks can be traced to a particular decision, he says: Executives decided to handle the internal investigation into a boardroom media leak on their own, instead of calling in law enforcement. The company turned to intelligence ruses that are more common in the murky world of corporate espionage, he claims, than in interactions with employees and the press. When they did that, Winkler says HP stepped out of any kind of gray area and went way over the line.

Before Winkler worked at HP, he spent seven years as an intelligence and computer systems analyst with the National Security Agency from the mid-1980s to 1991. He went on to work at Computer Sciences Corp., an information technology services company, and the SAIC, a research and engineering company. He founded ISAG, a consulting and security services marketing firm, in 1997.

He is also the author of Spies Among Us and Corporate Espionage and is a frequent speaker at conferences in the security community.

In an interview with, Winkler talks about bad decisions he believes the company made in its boardroom leak investigation, where he thinks investigators crossed the line, and how common he thinks these kinds of intelligence schemes are in corporate America.

Q: Do you think the investigation was warranted? Let me clearly state that this George Keyworth deserves to be strung up by his toes. He's the guy who actually leaked the information. But the investigative tactics they used were lower than the behavior of this guy. ... You can't turn up all these private records unless [you're] handing out Social Security numbers. An HP executive got somebody's Social Security number from HP records and provided that to the investigator. That's dirty hands, clearly. ... These people should go to jail and never be in corporate America again. You don't take a Social Security number and hand it over for somebody to commit fraud against an individual.

Q: HP's CEO, Mark Hurd, says he was unaware that anything illicit or unlawful was going on in the investigation. Should he have known? If he didn't know, he should have known. When you're overlooking it, you're even worse than that person himself. You could stop that behavior, and you could prevent it in the future. You give a monkey a gun, and it's your responsibility what happens.

Q: With Patricia Dunn's resignation last week, do you think she's taking the fall? She didn't take the fall until the stock price dropped. The "fall" she initially took was resigning as chair effective four months from now, but remaining on the board. That's laughable. It sounds like she was in charge, so she was the most visible. Her leaving was a visible modification.

Q: Did you see any of these investigative tactics, like pretexting and sending out e-mail tracers, while you were with the company? I didn't see it when I was there. I wasn't involved in those matters, [but] I would have gone to the police with that.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Why IT Leaders Should Make Cloud Training a Top Priority
John Edwards, Technology Journalist & Author,  4/14/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Lessons I've Learned From My Career in Technology
Guest Commentary, Guest Commentary,  5/4/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll