You are hereBlogs / FZ's blog / Hunton & Williams, ‘Privacy Expert,’ Snared In Invasion-Of-Privacy Scandal

Hunton & Williams, ‘Privacy Expert,’ Snared In Invasion-Of-Privacy Scandal


By FZ - Posted on 15 March 2011

Originally published in the Privacy Times Newsletter, March 2, 2011- Reposted with permission.

A major law firm that perennially has won a so-called “Best Privacy Adviser” award, is
embroiled in an invasion-of-scandal and the target of a complaint to the District of Columbia Bar Association for violating the code of legal ethics.

The controversy stems from a proposed campaign involving Hunton & Williams to
discredit both the liberal opponents of the U.S. Chamber of Commerce and the supporters of WikiLeaks through collection of personal data and dirty tricks.
The Feb. 23rd bar complaint, filed by the group “StopTheChamber” against Hunton &
Williams Partners John W. Woods, Richard L. Wyatt Jr., and Robert T. Quackenboss, accuses the attorneys of being involved in a conspiracy to filch data from the Facebook sites of the Chamber’s political critics – and their families and children – in possible violation of federal law.

The alleged conspiracy, reportedly involving Hunton & Williams and private security
companies Palantir, HBGary Federal and Berico Technologies – collectively known as “Team Themis” – came to light because of e-mails leaked by “Anonymous.” “Anonymous” reportedly hacks the e-mail and data systems of organizations that attack groups it supports, like WikiLeaks and StopTheChamber.

The leaked e-mails indicated that as part of an effort to win a $2 million contract with
Hunton & Williams, Aaron Barr, an executive at HBGary. circulated numerous e-mails and documents detailing information about political opponents’ children, spouses, and personal lives.

One of the targets was Mike Gehrke, a former staffer with “Change to Win.” Among
the information circulated about Gehrke was the specific “Jewish church” he attended and a link to pictures of his wife and two children. (Portions of these e-mails, with sensitive information redacted by the group “ThinkProgress,” are available at: http://thinkprogress.org/2011/02/10/chamberleaks-target-families/. Many of the leaked e-mails are at http://search.hbgary.anonleaks.ch/.)

Another target was Brad Friedman, co-founder of “The Brad Blog.” Barr’s profile of
Freidman included information about his “life partner” and his home address.

“This tactic of targeting opponents’ personal lives and family was not simply a random
event,” wrote ThinkProgress. “Rather, it was a concerted and deliberate effort to use anything possible to smear the Chamber’s political opponents. To dramatize his firm’s intimidation tactics, Barr sent an e-mail to Hunton & Williams Partner John Woods that contained personal details about fellow Hunton attorney Richard Wyatt, who was representing the Chamber. Thee-mail was intended to show Woods and Wyatt “how ‘vulnerable’ they are.”

The e-mail posted by ThinkProgress shows Barr stating, “BTW, might want to tell
Richard to have his wife [redacted name] hide her friends list. He doesn’t seem to have a presence in social media (besides a very old LinkedIn account, but [wife’s name redacted] has enough to profile her to him based about 20 min. of analysis. I would recommend adding a brief training course for partner/employees on the state of the art for social media analysis and how people and systems can be exploited using social media. As an example. Richard probably has a network at home. Richard and [wife’s name redacted] probably share the same network, maybe even the same computer Either way, If I can exploit her account through one of her social connections, I can exploit the home network/system. Lots of vulnerabilities in social media but first step is reducing your exposure for someone to identify you as a target.”

Facebook and LinkedIn specifically prohibit the use of software programs to harvest
information from their sites. For example, Facebook states: “You will not collect users’ content or information, or otherwise access Facebook, using automated means such as harvesting bots, robots, spiders, or scrapers without our permission.”) (https://www.facebook.com/terms.php)

The Bar complaint cites both Facebook’s and LinkedIn’s policies, and goes on to allege
that Robert Woods and his firm Hunton & Williams may have conspired with Themis to commit “identity theft” in violation of the “Digital Millennium Copyright Act, 18 U.S.C. § 2511 (intercepting electronic communications), 18 U.S.C. § 2701 (accessing stored communications), and 18 U.S.C. § 1030(a)(2) (accessing a computer and obtaining information).”

For the past four years, Hunton & Williams has won Computerworld’s “Best Privacy
Advisers” award, based on a “survey of more than 4,000 global corporate privacy leaders, citing the firm's extensive experience and global presence.”

The firm’s privacy specialists include Paula Bruening (formerly of the Center for
Democracy & Technology), Marty Abrams (formerly of Experian) and Indiana Law Professor Fred Cate. International specialists include Lisa J. Sotto (New York), Christopher Kuner (Brussels) Bridget C. Treacy (London). Neither these specialists, nor the law firm, responded to Privacy Times’ request for a comment.

The deal never happened, according to the U.S. Chamber of Commerce. Legal Times
reported that the Chamber said in a statement that it knew nothing of the proposals and never made any payments for them. “No money, for any purpose, was paid to any of those three private security firms by the Chamber, or by anyone on behalf of the Chamber, including Hunton and Williams,” the Chamber said.

SOURCE DOCUMENT HERE: