Forgot your password?
typodupeerror
Privacy Government Democrats Politics

US Democrats Accidentally Publish Whistleblowers' Email Addresses 352

Posted by CowboyNeal
from the oh-whoops-our-bad-honest dept.
iluvcapra writes "The US House Judiciary Committee recently emailed all of its potential whistleblowers information about how it was restructuring its whistleblower program. Unfortunately for its sources, it emailed them this information with their addresses in the "To:" field (and not the Bcc: field) It also cc:'d this email to the Vice President. I'd like to think think this is some sort of ingenious subterfuge, but I'm doubtful."
This discussion has been archived. No new comments can be posted.

US Democrats Accidentally Publish Whistleblowers' Email Addresses

Comments Filter:
  • by doyoulikeworms (1094003) on Saturday October 27, 2007 @10:10AM (#21139759)
    I'd surely use a free, disposable email account.

    Why didn't the person just go the Anonymous Coward route?
    • Re: (Score:2, Insightful)

      by chakmol (88099)

      I'd surely use a free, disposable email account.

      I agree, and I'd probably use tor to connect to it.

      This type of e-mail behavior is so common. I give my e-mail address to a trusted friend assuming I'll get e-mail from one person to ONE person, but no, let the mass openly addressed forwarding begin. Even worse, the recipients do a "reply all" and start having a conversation in my inbox. When I write to the trusted friend and gently try to explain the pitfalls of mass address sharing or how to use BCC, they invariably respond with a "huh?", or get al

      • You think *thats* annoying - theres someone with my name using a *very* similar gmail address (I think he suffixes his with jnr), but puts down mine on anything he needs to, including his friends social mailing list, his lawyers correspondance, his childrens school contact form and lots of other stuff.

        I'm receiving all sorts of what should be privileged information, and I have informed him of this to just be told 'stop reading my email!' and various threats.

        What do you do?!
        • by khallow (566160)
          Reply to all the emailers.
        • by Detritus (11846)
          Post all of it on usenet.
        • by Khaed (544779)
          I've gotten someone's tax returns. He like, e-mailed them to himself, but our names are the same, and so he e-mailed them to me instead. I forget what I mailed him, but I was clear that I hadn't looked at it. He seemed appreciative.

          I've gotten a few e-mails I wasn't sure what to do with, including mail from some dude's dad about their vacation.

          I'm almost ready to get a domain name and run my own e-mail, just so there's no more of this crap.

      • You have friends who are email incompetent and choose not to learn? I suggest you change your definition of friend. Those who choose not to learn from their friends and continue to abuse that trust I would no longer consider a friend.

        If they willing buy me beer and discuss technology, politics, and women, I may not call them friend but I would certainly give them my gmail address!

        • Re: (Score:3, Interesting)

          by TheLink (130905)
          You just learn what you can trust your relatives/friends/colleagues/employees/subordinates/bosses with.

          Nobody can be trusted in everything. Nor is everyone competent in everything.

          I do get impatient/annoyed/angry with stupidity and ignorance, but it's malice and dishonesty I find hard to accept in a friend.

          So, even dogs could be my friends as long as they're not too malicious or dishonest (stealing a dog treat and pretending not to have done so is tolerable ;) ).

          Anyway on the subject of competence and trust
      • I agree, and I'd probably use tor to connect to it.

        Tor has significant weaknesses [wikipedia.org], especially in the face of government resources. You'd be better off using (or at least combining tor with the use of) public wifi access from a workstation that is ideally not linked to you. Obviously, the security of public wifi access is another issue. Unfortunately, true anonymous communications are a bit of a technical hurdle to the average would-be whistleblower.

    • Re: (Score:2, Insightful)

      by MikeUW (999162)
      Wouldn't an anonymous whistleblower be far less credible than an identifiable one?
    • by cmacb (547347)

      Why didn't the person just go the Anonymous Coward route?

      I think the article states that that was not an option.

      Using a free disposable e-mail account would of course be a good idea, but the committee has all the real names in a file somewhere and who knows what dumb-ass things they are doing with it.

      I'm quite sure that some of the people involved don't have a clue about setting up e-mail AT ALL on their own. They use their government provided e-mail capabilities because unless they have gotten a friend, r

  • by Ranger (1783) on Saturday October 27, 2007 @10:11AM (#21139769) Homepage

    Narrator: In A.D. 2007, investigation was beginning.
    Conyers: What happen ?
    Whistleblower: Somebody not set up us the Bcc.

    Staffer: We get chat window.
    Conyers: What!
    Staffer: Main chat turn on.
    Conyers: It's you!!
    Cheney: How are you gentlemen!!
    Cheney: All your email are belong to us.
    Cheney: You are on the way to destruction.
    Conyers: What you say!!
    Cheney: You have no chance to impeach make your time.
    Cheney: Ha Ha Ha Ha ....

    Staffer: Conyers:!! *
    Conyers: Take off every 'DOJ'!!
    Conyers: You know what you doing.
    Conyers: Move 'HJC'.
    Conyers: For great justice.
  • by NoTheory (580275) on Saturday October 27, 2007 @10:11AM (#21139773)
    Nice inflammatory title line!

    Why exactly do we have to make an IT gaff, even as massive as this one, partisan? Do we know who's staffers actually sent out the email? You do understand that the Judiciary committee does have Republican members right? Beyond the fact that Republicans don't seem to do inquiries into the Bush Administration, it's not like this wouldn't have happened if Republicans were in charge of the judiciary committee.

    That said, this is absolutely unacceptable.
  • by HotdogsFolks (1145369) on Saturday October 27, 2007 @10:22AM (#21139837)
    This reminds me of that Army guy who "anonymously" complained about the torture of Iraqi prisoners, only be thanked by name by the Secretary of Defense on TV while in an Army canteen in Iraq. The message is clear: if you are a whistleblower, you will regret it.
  • by gambolt (1146363) on Saturday October 27, 2007 @10:22AM (#21139841)
    Tips were submitted from a web form with no email verification. Some joker likely thought it would be funny to use the public address for the VP's office when submitting a tip. When the mass mailing was sent it out, it got sent to that address as well.
    • Some joker likely thought it would be funny to use the public address for the VP's office when submitting a tip. When the mass mailing was sent it out, it got sent to that address as well.
      Or maybe it's simpler than that, maybe the Vice President wants to be a whistle blower. Personally, I think he's got a lot of whistle blowing to do. Mostly on himself, but there are a few others.

      Think: a blubbering Chunk from The Goonies talking about shooting a man in the face.
  • Of course (Score:5, Insightful)

    by YrWrstNtmr (564987) on Saturday October 27, 2007 @10:22AM (#21139849)
    Next year, they can point to Cheney, and screech that he obtained (and implying that he will use) personal information on the whistleblowers. The exact mechanism of how he got it will be brushed away.

    Or so my tin-foil hat wearing buddy told me.
    • by mikelieman (35628)
      With the widespread Unlawful Domestic Surveillance, it's not like Cheney didn't already have his own list of whistle-blowers.

  • by PeeAitchPee (712652) on Saturday October 27, 2007 @10:23AM (#21139851)
    Someone should email them an apology. ;-)
  • I'm kidding, but I'm sure you will find a few comments who aren't.
    • Re: (Score:3, Insightful)

      by OakDragon (885217)
      Yeah. Sometimes I don't know if Slashdot has devolved into DailyKos parody, self-parody, sarcasm, or just old-woman shrillness.
  • You meant: US Democrats "Accidentally" Publish Whistleblowers' Email Addresses (Note the scare quotes) Now *that*'s a Slashdot headline.
    • You meant: US Democrats "Accidentally" Publish Whistleblowers' Email Addresses (Note the scare quotes) Now *that*'s a Slashdot headline.
      No its not you seem to have missed the key word in the headline: Democrats. If it was exactly the same article but with Republicans, than the slashdot headline would have the scare quotes you added. Remember, this is slashdot, until proven otherwise, all Democrats are good, and all Republicans are evil.
      • by PHAEDRU5 (213667)
        Come to think of it, you have me dead to rights there.

        I love your handle: a nice mix of the brutal and subtle, but all conveying power. I think it's one of the top three all-time scary names, along with "Dick Armey" and "Rod Johnson".
         
  • The White House fires the entire Justice Department.
    • by GaryOlson (737642)
      How? After the Justice Department investigates itself? Now there's a metaphor for bureaucratic masturbation.
  • If brains were dynamite everyone on capitol hill would find it impossible to blow one nose!

    Regardless of party they are just a thundering herd of dumbass!
  • Shift the blame (Score:5, Informative)

    by GaryOlson (737642) <slashdot@garyol s o n.org> on Saturday October 27, 2007 @11:30AM (#21140241) Journal
    "A technological error in a recent communication inadvertently disclosed certain email addresses."

    I call bullshit on the source of the error. By implicating the technology as the source of the error, the Justice Department is failing to address the real cause -- human error and incompetence in the Justice Department. This single statement alone reinforces the point of the original investigation -- the politicizing of the Justice Department.

    • by kestasjk (933987)
      "A technological error" - An error of misunderstanding the software.
      It's not exactly obvious that when you use the "To" field instead of the "Bcc" field the e-mails of everyone on the "To" list is published to everyone else.

      "inadvertently disclosed" - It wasn't deliberate.

      I don't see where the bullshit is. Would you prefer "We fucked up, our bad. But in our defense what gives with all the e-mails being sent to everyone else if you don't use this "Bcc" field? Seriously what the hell is "Bcc" anyway? D
      • Bcc = blind carbon copy.
      • by ashitaka (27544)
        This is simply it.

        They got the task given to someone using Outlook who has probably only sent brief emails between themselves and other staffers one recipient at a time. If they are relatively new to large email distributions their mindset maybe that it is like a paper mailout where a separate email is automatically sent to each individual address on the list. I've seen older secretaries in law firms who are masters at paper filing, shorthand and typing but for whom the intricacies of email are totally bey
      • by Blakey Rat (99501)
        To = "send the email to this person"
        CC = Carbon Copy = "send the email to this person as well" (with an old-fashioned memo, you'd actually make a carbon copy of it to do this)
        BCC = Blind Carbon Copy = "send the email to this person, but don't reveal their address to the To or CC list"

        To and CC are functionally identical, they're just an artificial distinction between who directly receives the email and who indirectly receives it. For instance, "send a copy of that task to me, but CC my boss so he knows I wo
    • Re:Shift the blame (Score:5, Informative)

      by MillionthMonkey (240664) on Saturday October 27, 2007 @03:04PM (#21141769)
      Someone gave you a Funny but I'm not sure I get it:

      "A technological error in a recent communication inadvertently disclosed certain email addresses."
      I call bullshit on the source of the error. By implicating the technology as the source of the error, the Justice Department is failing to address the real cause -- human error and incompetence in the Justice Department. This single statement alone reinforces the point of the original investigation -- the politicizing of the Justice Department.
      Is this is a joke? Learn who the players are: The House Judiciary Committee (legislative branch) is in the process of investigating the Department of Justice (executive branch). Someone in the HJC, not the DOJ, made the email screwup here, when emailing whistleblower recipients within the DOJ, about how the HJC was going to do such a swell job of keeping the whistleblowers' identities hidden from the DOJ. This excuse that you are mocking came from a spokesman for the HJC, not the partisans running the DOJ- who were the beneficients, and not the perpetrators, of this particular email gaffe. The DOJ would have the political interest in their whistleblowers' email addresses being exposed, not the HJC. Maybe there is a rogue low level Democratic staffer with secret Republican sympathies who "pretended" to make the mistake in order to sabotage the HJC investigation, but there is no reason to think that, because people do this all the time, especially when they use a stupid program like Outlook that doesn't want to confuse you with a BCC field and hides BCC in a dropdown somewhere.

      And since some retard went to the HJC page and registered as a whistleblower using Dick Cheney's public email address at whitehouse.gov, which the HJC did not notice and remove, he got included in the CC.

      "The politicization of the Justice Department" refers to all the maneuvering to get political partisans in top DOJ positions who are willing to influence elections with carefully timed prosecutions and selective prosecutions at least partially based on party affiliation. Things like that are true hallmarks of fascism in a way that simple human error and technical incompetence are not.
    • Re: (Score:3, Interesting)

      "A technological error in a recent communication inadvertently disclosed certain email addresses."

      Gee, did that technological error happen twice? It sounds like someone tried to activate Microsoft Outlook's 'Recall' feature afterwards, which is only intended for MS Exchange networks (And even on Exchange, recall rarely works).


      Compounding the mistake, the committee later sent out a second email attempting to recall the original email; it, too, included all recipients in the "to:" field, according to a reci
  • by hey! (33014) on Saturday October 27, 2007 @11:35AM (#21140269) Homepage Journal
    Almost.

    So imagine you're some legislator guy who graduated from law school back in the day when lawyers never touched a keyboard because people might think they were a lowly paralegal. You're a damn good lawyer, and at least try to be as good a politician as you can and still be a successful one. You actually know a great deal about things like the Internet, but in general, high level terms. You are well up on its legal, economic, sociological and even philosophical implications. You just don't know a damned thing about how it works, although unlike Sen. Stevens you are smart enough not to venture an opinion.

    So, you hand this message to an aide, "get this to all the whistleblowers on our list." The aide has exactly the same background as you, although he has a bit more practical skill at things like making PowerPoint presentations. The order goes down the line through a sequence of people with similar backgrounds and aspirations but increasingly less experience and seniority, until it reaches somebody with so little experience and seniority he actually has to do the typing.

    That is the person who has to make the right information security decision.

    Contrast this with the executive branch. The executive branch has something at its disposal called a bureaucracy. Bureaucracies are notoriously slow at getting things done, because their primary function is to preserve an institutional memory of every mistake that has ever been made and is worth remembering. They do make new mistakes of course, but provided you apply the appropriate feedback, they will remember that mistake and adapt to avoid it in the future. In minor cases they will adjust by simply engraving additions to the relevant procedures they follow. Given severe feedback, they respond by sprouting entirely new organs and body parts whose function is to stop the rest of its body from doing that thing again.

    So, in the executive branch, the order goes down the chain of command, but with two differences. The least experienced person probably has a manual which contains a procedure to do these things, a procedure that has provisions for avoiding disclosure of distribution list recipients. Secondly, if the mistake contemplated is grave enough, the work flow is designed so that once a task is complete, it doesn't simply go out the door. It is passed up through multiple layers of review until it reaches somebody senior enough to authorize that. His job is not to check that the proper procedure has been followed; that has been taken care of at a level below him but above the person doing the work. This guy's job is to use his experience in determining whether the standard procedure has failed in its purpose.

    When the next administration comes in, and all the people "at the top" of the organizational chart are changed, and all of the political philosophies have been duly stood on their head, the procedure, work flow, and personal memory have all been retained intact. Of course it makes it completely impossible for those politicians to implement the policies they've promised as quickly as they've promised.

    It is entirely possible that the bureaucracy has neither a procedure nor a work flow nor a person to prevent any particular problem. But if the problem is sufficiently serious, it will immediately sprout all three features. If you lay aside your well earned dislike of the thing, bureaucracy is actually remarkably quick and effective at adapting to avoid routine mistakes, provided (and this is important) that it is actually ordered to do something about them.

    About the only problem a bureaucracy can't quickly adjust to is not getting something fast done or cheaply enough. Fixing that problem requires paring down work flows and streamlining procedures and cutting staff (particularly middle management), which are the very things that embody the institutional memory that is their reason for existence. It is probable that some institutional memory is lost as minor changes are made, which is why bure
    • Re: (Score:3, Informative)

      by cmacb (547347)
      Since there may be people (no there most certainly are people) reading this who don't know any better than what you are suggesting, could you provide some data to support your claims above?

      Now if you are considering all of the federal agencies (Labor, HHS, State and so on) simply extensions of the White House staff your assertion would be correct, but that is hardly an accurate representation of how our government works.

      Congressional staffs as a whole are huge with respect to the White House. I think the a
  • I am not surprised (Score:5, Interesting)

    by microcars (708223) on Saturday October 27, 2007 @11:41AM (#21140313) Homepage
    I participate in a Product Testing group maybe once or twice a year and I had to sign a strict Non Disclosure Document and was assured in return that my Identity would also be kept private.

    One day I get an email FROM: The President of the Company thanking me for my help in the past year.

    The TO: field also had the emails of EVERYONE else who had apparently participated.

    Some of the email addresses were work emails or similar with things like: john.smith@example.com
    Not difficult to figure out who they were.

    After replying and tearing the President a new one, I got a polite email back saying there had been an "error" and they apologized.
    "They would never intentionally disclose my personal information."

    So I replied again and said that if this was not intentional then it was incompetence and if it was incompetence what plans did they have for ensuring this would not happen again?
    If I happened to "accidently" disclose what products I was testing would I be able to use the same excuse? Or would I get sued?

    I got no answer to that one.
  • by rbrander (73222) on Saturday October 27, 2007 @12:56PM (#21140785) Homepage
    A new organization called "Law Enforcement Against Prohibition" ( leap.cc ) was organized to give a way for (sometimes former) law enforcement and justice personnel to voice their opposition to the "drug war".

    Anybody can join, you get a newsletter and you get asked to contribute so that they can afford to send volunteer speakers around to various conferences or on speaking tours to talk about the pointlessness and active harm they saw the "drug war" causing when they were part of it.

    Well and good, but they were clearly amateurs at first with the Internet side; the first newsletters were plain text and HTML expertise came slowly. And on November 15, 2006, they sent an E-mail to 5000 addresses with all of them in the TO: line, blowing out the capacity of my webmail service at least to even process it properly; about 3000 of the addresses wound up in the text of the E-mail itself.

    Just for grins, I spent about half an hour cutting and pasting the list into a file, and using simple Unix text tools to organize them into a nice sorted text database, revealing how many of them were outright duplicates, how many were obviously for the same guy at two addresses, did a few simple stats on locations and agencies.

    I thought of sending them the benefits of my work, so they could clean out the dupes, but decided they'd probably (a) not be pleased and (b) weren't smart enough to use the help anyway.

    A good number of people gave addresses that didn't reveal their name outright, others were fully named, along with the government service they worked for, after the "@". I'm sure a number of them were uncomfortable with the thought of their boss or chief knowing they were not solidly behind department policy. Many would not have been law enforcement types, just rank & file citizens like myself - but also not comfortable with the idea of it getting out they were part of an organization that many bosses would tend to assume was joined by stoners. (As opposed to civil libertarians, certainly MY only reason for joining!)

    "Only Nixon could go to China", and only 50-something narcotics cops can speak out against the drug war without automatically falling under suspicion of being on drugs.

    I haven't donated LEAP any money yet, though I've received a few letters; I'm only slowly coming to the belief that they are bright enough to pound sand.
  • by belg4mit (152620)
    It's unfortunate and all, but if you were an informant would you really use an account readily traceable to you?
  • "Any request that an e-mail be withdrawn should state in the subject space "PLEASE WITHDRAW E-MAIL," and should include in the body of the request the e-mail address under which your e-mail was submitted"

    If only I had a list of all the email addresses used to submit to this form...
  • The proper term is "Team-Killing Fucktards"
  • Anyone have the full headers from this e-mail? It would be interesting to see the details of who sent it.

  • by mabu (178417) on Saturday October 27, 2007 @03:54PM (#21142145)
    Seriously, the notion that this was accidental is amusing.

    I remember years ago when I worked on the recall campaign for an infamous governor (who is currently in prison) - we tried to oust him from office and had to collect 10% of the voting public's signatures on petition in order to force a recall election. The governor laughed at the recall effort going on television saying, "I do not think these signatures are legitimate. I plan to look over each and every name of whoever signed these petitions just to check" *wink* *wink* This kind of subtle intimidation of activists and people who take a stand against wrongdoing is nothing new. I wouldn't be surprised if the exposure of the whistleblowers was intentional.

Are you having fun yet?

Working...