Here’s how Web bugs work: The bug’s author puts an image on a Web server with a unique website address, or URL, and then sends an e-mail that contains a link to this image. The image can be hidden from sight or within plain view—a corporate logo, for example.

When the e-mail is opened, the subject’s computer looks up the image and in doing so sends the information to the Web server. Another way of doing this is for ReadNotify users to add ".readnotify.com" to the end of the recipient’s e-mail address.

While Drake characterized ReadNotify’s e-mail tracking tools as sophisticated, security consultant Smith noted it uses the same techniques as other Web bugs.

When the question of whether Web bugs are legal has been tested in the United States, courts have tended to focus on whether this type of technology violates federal wiretapping laws, said Chris Jay Hoofnagle, senior staff attorney with the Samuelson Law, Technology and Public Policy Clinic at the University of California, Berkeley.

Hoofnagle said state courts could take up the issue of Web bugs, considering antihacking laws in states like California. California law prohibits certain use of computer resources without the permission of the user, and nobody knows for sure whether HP’s actions would violate this law or similar statutes in other states, Hoofnagle said. At the hearing before House Energy and Commerce Committee members, HP’s Adler said his company had used them "a dozen to two dozen" times in the three years he had worked there and considers them to be a legitimate investigation tool.

-Robert McMillan, IDG News Service (San Francisco Bureau)

Keep checking in at our HP Spying Scandal page for more CIO.com coverage of this unfolding story.

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.