Private investigators are wary of the increasing uproar over the tactics used by HP's investigators, because many professional investigators still make use of pretexting in some form and still want to be able to access phone records.

"There should be a way to access these records for legitimate reasons," said Bruce Hulme, legislative director and former president of the National Council of Investigation and Security Services, a national association for private investigators. "What if this was a case of an HP employee leaking information to Dell? I don't want to see a general law passed that outlaws the use of subterfuge or pretext or pretense, because there are legitimate applications as an investigation tool."

Every field has its euphemism for lying and deception. In politics, it's spin. In computer security, it's social engineering. And in the world of private investigators, it's pretexting. In the past, private investigators have not assumed someone else's identity using pretexting, but taken on a role to gain access to information, said Jimmie Mesis, a private investigator and the editor-in-chief for PI Magazine.

"Pretexting is perception management," Mesis said. "You can't go up to someone and say, I'm a private investigator, you won't get information that way. It can be as simple as calling up a neighbor to get the target's phone number or some other piece of information."

Mesis also worries that legislation drafted in response to the HP scandal could result in less access to phone records for responsible private investigators. He points out that the public can benefit when investigators are allowed to do broader searches on records, what computer security experts call data mining.

"Closing up the records is not just a bad thing for PIs, but a bad thing for the public," Mesis said. "It helps protect the criminals."

Access to such records helped find the six-year-old daughter of a man whose wife took the child and left four years prior, Mesis said. While the police could not broaden the search to include relatives phone records, Mesis's firm was able to find a call from the woman to her father by searching his phone records. Less than a day later, the private investigators had located the woman and the child.

Despite the scandal surrounding it, Hewlett-Packard's investigation into the board member leaking information to the media also shows the utility of using phone records. The investigation pinpointed the person, Dr. George A. Keyworth II, a former science advisor to late U.S. President Ronald Reagan, who was asked to resign at a board meeting on May 22, 2006. He refused, but noted Silicon Valley venture capitalist Thomas Perkins resigned in protest over Dunn's actions. He later requested information on how the information had been obtained, and his requests led to HP filing an additional statement with the U.S. Securities and Exchange Commission that touched off the current furor.

On Tuesday, HP announced that Keyworth would resign after all. In a statement announcing his resignation, Keyworth said it was time to move on past the controversy.

"The comments I made to the CNET reporter were, I believed, in the best interest of the company and also did not involve the disclosure of confidential or damaging information," Keyworth stated. "There is but one issue now and that is that (CEO) Mark Hurd and the company have every opportunity to move beyond the current morass."

Keyworth called the investigators unauthorized access to AT&T's systems "an invasion of my privacy and that of others" that "was ill-conceived and inconsistent with HP's values."

Even among private investigators, the legality of lying to convince someone to hand over information continues to be a big question mark. Some investigators believe that consumer protection laws, which outlaw deceptive trade practices, are applicable to pretexting situations.

"Pretexting is illegal and it always has been--it really isn't a gray area," said John Healy, the principal investigator for Litigation Intelligence Services and a retired NH state police officer. "The consumer protection laws are all identical. When you get a gallon of gas, you get a gallon. And it applies to any deception in any business, so it applies to pretexting."

However, most private investigators do not know enough of about computer crime laws to differentiate between simple deceptions and gaining unauthorized access to a computer system through fraudulent claims. Moreover, some believe that the records are so poorly secured that no true security measures are being bypassed.

Mesis believes that an argument could be made that AT&T's lack of security essentially put the records into the public domain. A person's phone number and social-security number are so easy to obtain that the two pieces of data are more a way of identifying someone, not bypassing a security system, Mesis said.

"The phone company has a flaw in how they give out information," said the private investigator. "The PIs have not gotten the data by impersonating someone else, but by providing information to get information."

Privacy experts are also taking AT&T to task for its weak system for protecting consumers' call records. While accessing the online systems and gaining the information likely falls afoul of state and federal law, telecommunications providers need to take better steps to protect information, said Lillie Coney, associate director for the Electronic Privacy Information Center (EPIC).

"The key thing to remember is that the private sector's reliance on social-security numbers as a default ID number has led to this potential for abuse and has proved itself to be a bad decision," Coney said.

While AT&T would not comment on whether they would seek to change their security measures in the future to protect against such attacks, the company's spokesman did say they company is always looking at the possibility.

"This is a constant process of revisiting security measures," said AT&T's Sharp. "These people out there are always looking for ways to work around the security, and we have to look at that and determine what's the best way to deal with it."