Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
United States Privacy Your Rights Online

US Treasury to Post Previously Private Email Addresses Online 339

An anonymous reader writes "After receiving around 10 thousand comments about a government proceeding and after promising not to reveal personal info from those comments online, the US Treasury department decided to post email addresses of those who commented online. Sounds like they don't want any more comments about government proceedings. The email harvesters are going to have a great time."
This discussion has been archived. No new comments can be posted.

US Treasury to Post Previously Private Email Addresses Online

Comments Filter:
  • by Eyah....TIMMY ( 642050 ) * on Thursday January 08, 2004 @07:35PM (#7922793)
    Here's a consumer alert [ftc.gov] from the Federal Trade Commission [ftc.gov] on why you shouldn't post your email address online... how ironic!

    Maybe people whose address is posted should file a complaint [ftc.gov] with the FTC against the U.S. Treasury Department. I know, the Treasury dept is technically not a "business" (although it's arguable) but it would be funny if the FTC received tons of complaints because of this.
    • Here's a consumer alert from the Federal Trade Commission on why you shouldn't post your email address online... how ironic!

      Also ironic: the FTC posts their own email address online (uce@ftc.gov) at the bottom of their webpage!
    • by eugene ts wong ( 231154 ) on Thursday January 08, 2004 @08:05PM (#7923050) Homepage Journal
      Exactly. I don't understand why people give out their regular addresses in this day & age. I have a semi-disposable address that I use for giving out to the untrusted public [& a few mailing lists] & only them. If I'm not expecting a reply, then I don't need to monitor or check it.

      Of course, there is always www.spamgourmet.org.

      In the end, I blame the email address owners & that organization.
      • Isn't this why one has an hotmail address? :)
        • No.. that is why you have spamgourmet.com [spamgourmet.com] or if you have cash to burn you can buy similar service here. [yahoo.com]

          Just a pbs work - not affiliated with yahoo or spamgourmet.

    • That is despicable, all the more so because the article makes it sound as if this is a technical issue, not a privacy issue for them, there are so many posts that they can't keep up with stripping out personal information.
    • by javacowboy ( 222023 ) on Thursday January 08, 2004 @08:28PM (#7923248)
      Sure... you can file a complaint with the FTC. But you must include your email address.
    • by Anonymous Coward on Thursday January 08, 2004 @09:00PM (#7923524)
      Have a look at the front page of ftc.gov [ftc.gov]

      If you highlight the section just below Last Updated: Thursday, January 8, 2004 10:05 AM you'll see two "hidden" email addresses (font color set to white.)

      Anyone know what this is about? Spam trap?
  • Thanks for nothin' (Score:5, Insightful)

    by BWJones ( 18351 ) * on Thursday January 08, 2004 @07:37PM (#7922814) Homepage Journal
    Aside from the rather obvious gold mine for Spammers that this would provide (thanks to the knuckleheads in the Treasury Department), this is an example of openness in government which could be good except that the problem is that they are breaking a promise. Most disturbing is this little item "we will post comments received on that notice on our Web site in full, including any street addresses, telephone numbers, or e-mail addresses contained in the comments." It seems that nobody is allowed privacy in this White House administration except GWB and friends.

  • by CoffeeCrusader ( 660043 ) on Thursday January 08, 2004 @07:39PM (#7922836) Journal
    maybe it's just that the department of treasury figures that spammers support the industry more than they do harm to it. Thus they decided to support the spammers.
  • by clifgriffin ( 676199 ) on Thursday January 08, 2004 @07:41PM (#7922849) Homepage
    We have anti-spam laws now.

    Those will stop the spammers and email harvesters.

    Clif
  • by Kenja ( 541830 ) on Thursday January 08, 2004 @07:41PM (#7922853)
    Just show the treasury you disaprove by not using their products. If enough people do this they'll get the message and change their policies.
  • by UberOogie ( 464002 ) on Thursday January 08, 2004 @07:41PM (#7922855)
    If the Treasury Deaprtment didn't post the comments, there would be talk of a government conspiracy to keep the public's voice from being heard.

    I don't agree with the Treasury Department violating its stated policy. It's frankly chilling coming from a government agency. (Imagine if they had the same policy with witness protection. "Yeah, well, we were going to give you a new identity, but we ran out of budget money this month.") But either way, they were screwed.

    • Yeah but its really not that hard to remove addresses. I would bet they could do it in a matter of hours if they really wanted to but they would rather intimidate people into not sending them comments.
    • by DetrimentalFiend ( 233753 ) * on Thursday January 08, 2004 @07:55PM (#7922982)
      What are you talking about? The only reason the treasury is doing this is to punish everyone for sending their comments in. Any one of us could write a perl script in 20 minutes that would process the data and output it in a usable manor. Either everyone at the treasury is an idiot (possible), or they just decided that they didn't care. Honestly, do you think most of these people will send their comments next time the treasury asks for them? I doubt it.
    • by segmond ( 34052 ) on Thursday January 08, 2004 @08:35PM (#7923309)
      Listen, 10000 emails.
      I can pretty much go through 10000 emails in one week. One, start by grepping "@" in the comments. Then the 2 letter abbreviation code for states. Then reading it. So their excuse that they cannot go through it all, is bull.

  • by DAldredge ( 2353 ) <SlashdotEmail@GMail.Com> on Thursday January 08, 2004 @07:42PM (#7922857) Journal
    But the public can not find out about the VP's secret energy taskforce.

    Sad.
    • But the public can not find out about the VP's secret energy taskforce.
      Secret energy? It must use Uranium from Niger - because that leaves absoutely no trace.
    • And our favorite "Kenny Boy" of Enron [enron.com] fame seems to be getting away unharmed.
  • by jlowery ( 47102 ) on Thursday January 08, 2004 @07:42PM (#7922858)
    If you drink, don't scribe.
  • Perl?!? (Score:5, Insightful)

    by Dalroth ( 85450 ) * on Thursday January 08, 2004 @07:42PM (#7922860) Homepage Journal
    WTF?! Have they never heard of Perl??

    Bryan
  • Not so bad (Score:5, Informative)

    by Nasarius ( 593729 ) on Thursday January 08, 2004 @07:42PM (#7922866)
    They're only not bothering to strip email addresses contained within the submitted comments themselves. As long as you didn't sign your comment or anything, it should be more or less anonymous.
    • well think about it if you are posting something and dont want people to know who you are dont sign it.

      Its like kidnapping someone sending a ransom note to the fam and being like dont send this to the police signed john doe
  • Is this evel legal? (Score:3, Interesting)

    by Spazholio ( 314843 ) <slashdot@l[ ]l.net ['exa' in gap]> on Thursday January 08, 2004 @07:44PM (#7922883) Homepage
    Usual disclaimers apply (IANAL), but when you decide to post on a public website under the auspices of privacy, you have a right to expect that their end of the bargain will be held up, no? Couldn't it be viewed that the privacy statement was a sort agreement between the department and the poster? Now that the department has broken its promise, is there any form of redress a person can seek?
    • by Kneo24 ( 688412 )

      I was wondering the same thing. Isn't a privacy policy a form of a legal agreement? I swore I've heard of people suing websites (or companies) for breaking privacy policies before, but nothing comes to mind as to which companies.

    • Something I thought about with your post. I work for a local gov't agency, and any electronic transmission is, by law, public record. We have lots of disclaimers throughout the site and when you submit forms to notify you of this.

      One has to wonder if it really matters anyway. Like a previous poster said, you can probably file a FOIA request to get all of the email addresses anyway. But, if that is the case, they should have never made the innuation that the information you sent in would be private.

  • Sue Them (Score:5, Interesting)

    by core plexus ( 599119 ) on Thursday January 08, 2004 @07:45PM (#7922890) Homepage
    The Bureau of Land Management's (BLM) website has been taken off several times due to lawsuits over their inability to protect information. Maybe a lawsuit would provide for an injunction, at least. Then Treasury could find the time to remove the addresses.

    -cp-

    President Bush to Liberate Alaska [alaska-freegold.com]

  • I could do it pretty quick with a regExp search/replace in UltraEdit, my fav text editor.
  • They're going to wait for spammers to harvest the addresses and then call in air strikes on Alan Ralsky. :P
  • Are they kidding? Their database is one SQL statement away from having them removed.
  • in fear of flame from regex super gods, i won't dare post my regex example here... but really, could it be that hard to remove something@place.com ???
  • the camel says ... (Score:4, Informative)

    by Heisenbug ( 122836 ) on Thursday January 08, 2004 @07:54PM (#7922971)
    perl -pi -e 's/\S+\@\S+/\[email_ommitted\]/g' comments_file.txt

    Do I win the prize?
  • I Protest. (Score:5, Funny)

    by Murmer ( 96505 ) on Thursday January 08, 2004 @07:58PM (#7923009) Homepage
    I, for one, plan to boycott money.

    Of course I'm a student, so I'm pretty much doing that anyway.

  • by jbs0902 ( 566885 ) on Thursday January 08, 2004 @08:01PM (#7923024)
    You know this is what dead drop email accounts are for. It is an address that I use to send information but never to receive it, or just receive things once. Simple reuseable 1 way communication.

    Free email accounts like Yahoo/Hotmail are great for this.

    My Slashdot email, a dead drop yahoo account. That email account I need for registration that sends me a temp password in the email, drop dead account. MSN Messenger and the MS Passport thing, drop dead account.

    People I WANT to talk to, my personal email account. People work pays me to talk to, my work email account.

    Running my own email server allows another level of indirection. Every company I do business with gets their own email address (well alias to a mail_order@myemail.com address).
    • Yeah works great, until some "friend" of yours does a reply to all or doesn't know how to use BCC or some moron that should definately know better leaks your email (linked no less) onto usenet and your pristine private address is now junk (I'm not bitter ;)

      qmail is your friend (I'm sure the others do something similar) me-somejunk@example.com for every place that needs an address.

      [OT] does anybody know an easy way to use a '.' in addition to a '-' for the extension addresses? I have been unable to find an
  • by scaldef ( 704048 ) on Thursday January 08, 2004 @08:01PM (#7923026)
    This is why it's good to use email addresses like me+treasurydept@mydomain.com. Then when the spam starts coming in, you can set up a forwarding rule to send it all to the bonehead who made that decision.
  • by Anonymous Coward on Thursday January 08, 2004 @08:04PM (#7923046)
    I assume they aren't going to post the names, addresses, and e-mails of children?

    I assume they ensured everyone posting was of legal age?

    I assume they know the rules of the Child Online Privacy Protection Act?

    If not, they're dumb.
  • Comment removed based on user account deletion
  • Prediction (Score:4, Insightful)

    by Otter ( 3800 ) on Thursday January 08, 2004 @08:15PM (#7923128) Journal
    Here's my prediction: This is going to change in a few days. What happened is that due to laziness or cluelessness, the webmasters at the Treasury site claimed "Oh, no. Deleting those addresses is impossible." They're going to get a slew of posts calling them idiots and explaining that the fix can be made in 15 seconds. At which point the boss will go back, chew out the webmasters and tell them to fix it.

    Certainly this is no reason to stop commenting on proposals. We're talking about a tax on malt liquor-based beverages, for crying out loud! Fighting that is worth a little exposure to spammers!

    (Are there really "malt beverage aficionados"? And they communicate with one another)

  • Regex free of charge (Score:3, Informative)

    by ispel ( 266661 ) on Thursday January 08, 2004 @08:15PM (#7923132)
    Blockquoth the article:
    "The unusually large number of comments received...has made it difficult to remove all street addresses, telephone numbers and e-mail addresses from the comments for posting on our Internet Web site in a timely manner," the Treasury Department...


    Its clear they didn't ask a programmer to try.

    Just search and replace the following:
    [^ ]+@[^ ]+?\.[^ ]+ that should take care of your emails

    [()0-9+-]+ should take care of many phone numbers

    \d+.{,25}(dr|st|pl|ave|rd|blvd|highway|hwy|tr|terr ) - should take care of many street addresses

    (Above are not tested-just some off the top of my head)

    I'd suggest replacing them with "x"'s so have some idea what was removed, esp. in cases of false positives.
  • They claim that they cannot process all of the e-mails to remove the e-mail addresses in a reaonable time.

    What do they have, some moron using MS Outlook copying the messages by hand? Someone needs to clue them into Perl, C, or any of the dozens of tools for this job.
  • For crying out loud. Please tell me you're compelled by the law or by a Supreme Court decision. Tell me you didn't notice. Tell me you don't care about privacy. Tell me it's an April Fools Joke. But please, please, don't tell me you're posting them because you can't get rid of them. It just makes you look silly. The answer is Perl and a competent scripter. Send the data to me after I sign a nondisclosure and I'll clean it for you. It's not that much data anyway.

    For Pete's Sake!

    RP
    • Send the data to me after I sign a nondisclosure and I'll clean it for you.

      Why should you have to sign an NDA? This is, after all, information they are just going to throw out there for everybody unless something smart gets done. Giving it freely to one person has to be a lot less damaging than that, and if they think you might try to munge more than email addresses, a simple scan by eye of the diff would show that.

      It's not that much data anyway.

      More importantly, it is data that by procedure

  • by kmahan ( 80459 ) on Thursday January 08, 2004 @08:26PM (#7923234)
    Since it is "public" information the Dept of Treasury should be required to provide (maybe with a FOIA request) the home addresses/telephone numbers/email addresses of all of their employees. That would be inline with what they are doing.
  • by ZPO ( 465615 ) on Thursday January 08, 2004 @08:48PM (#7923409)
    The following makes no excuses for the US Department of the Treasury. They need to stick by their contract with the commenter at the time the comment was posted. This is an explanation of how the whole process works....

    The "public comment period" is standard in most US federal government rulemaking actions. Before the advent of access to rulemaking data via the web you were lucky if you knew there was a rulemaking in process unless you were part of an affected industry or had a lobbyist on staff.

    Typically, comments were filed by mail, fax, or courier. The courier provision is provided for the convenience of all those lobbyists and interest groups in Washington D.C.

    An issue such as changing the tax rates on malt beverages might get something like 10-100 comments filed. The GS-5 (maybe a 7) in charge of handling the comments would log them properly on a 12th generation photocopy of the "comment log sheet" (or some other similar name) and the comments would be either published with personal information removed (via a big black marker) or more likely ceremoniously placed in a large manilla file and trucked to a records vault.

    Enter the Internet - Now the rulemaking process is often posted for the whole world to see. Even with a requirement

    Now we've moved to having the rulemaking documents available on the Internet. While still requiring postal/fax/courier hard-copy replies this may have raised the comment quantity by an order of magnitude (100-1000). This greatly perplexed the government. Now they were getting comments from ordinary citizens. In fact, it is likely that the majority of the comments came from individual citizens. What are they to do? Not only is the filing clerk overloaded with the number of comments (and having to make a 13th generation of the log sheet to file them all), but they can't just take the lobbyist/interest group positions and claim it as public opinion.

    Now open an avenue to submit comments via email. Post the information to a few lists/newsgroups/web sites and suddenly you've got what happened here. The file clerk is totally overwhelmed. They can't do an automated strip of all personal information because they might miss some. They can't hire more people because its not in their budget. If they did hire more people there might not be funds for all those "fact finding" trips to places that coincidentally have excellent golf courses.

    Besides the most important point - now the *VAST* majority of the received comments are from individual american citizens. Whats is a government agency to do without the firm and easily heard voice of lobbyists to guide them? They might actually have to *READ* the comments and do some data analysis on what the citizens actually want.

    The best way to deal with this is for everyone that commented to send a written formal request that their personally identifiable be removed from the filing direct to the Treasury Department. Then send a similar dead-tree complain to the FTC. A letter to all 3 of your congressmen won't hurt either. It will give them a great opportunity to posture.

  • Back in the old days (94-96 range) I remember this free service from something like anon.pennet.fi, where you could "bounce" email messages through an anonymizer. You could send emails to... say... newsgroups without revealing your true identity or email address.

    I remember this service being shut down for some nefarious reason several years ago. Perhaps the rise of spanmming lead to this -- I certainly see how an email anonymizer could cause problems. However, if designed and implimented correctly, I can i
  • Everytime something like this comes up, I tend to want to plagerize an unknown pair of authors as follows:

    Politicians and diapers need changed from time to time, for the same reason.

    Freedom depends on four boxes.
    The soapbox.
    The ballot box.
    The jury box.
    The cartridge box.

    Cheers, Gene
  • Um... interesting... (Score:4, Informative)

    by Guppy06 ( 410832 ) on Thursday January 08, 2004 @09:07PM (#7923586)
    Wouldn't this violate the Privacy Act of 1974 [usdoj.gov]?
    No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, unless disclosure of the record would be--

    (1) to those officers and employees of the agency which maintains the record who have a need for the record in the performance of their duties;

    (2) required under section 552 of this title;

    (3) for a routine use as defined in subsection (a)(7) of this section and described under subsection (e)(4)(D) of this section;

    (4) to the Bureau of the Census for purposes of planning or carrying out a census or survey or related activity pursuant to the provisions of Title 13;

    (5) to a recipient who has provided the agency with advance adequate written assurance that the record will be used solely as a statistical research or reporting record, and the record is to be transferred in a form that is not individually identifiable;

    (6) to the National Archives and Records Administration as a record which has sufficient historical or other value to warrant its continued preservation by the United States Government, or for evaluation by the Archivist of the United States or the designee of the Archivist to determine whether the record has such value;

    (7) to another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request to the agency which maintains the record specifying the particular portion desired and the law enforcement activity for which the record is sought;

    (8) to a person pursuant to a showing of compelling circumstances affecting the health or safety of an individual if upon such disclosure notification is transmitted to the last known address of such individual;

    (9) to either House of Congress, or, to the extent of matter within its jurisdiction, any committee or subcommittee thereof, any joint committee of Congress or subcommittee of any such joint committee;

    (10) to the Comptroller General, or any of his authorized representatives, in the course of the performance of the duties of the General Accounting Office;

    (11) pursuant to the order of a court of competent jurisdiction; or

    (12) to a consumer reporting agency in accordance with section 3711(e) of Title 31.
    I don't see "published on a public website" anywhere in there...
  • If... (Score:3, Troll)

    by saberworks ( 267163 ) on Thursday January 08, 2004 @09:11PM (#7923614)
    If we can't trust the government with our email addresses, WHY oh why do we trust them with 55% of our income each and every year?
  • Next (Score:2, Insightful)

    by craw ( 6958 )
    The cynic in me tells me that Treasury's "solution" to this is to have people send them comments/complaints.

    Via e-mail.
  • by Vlad2000 ( 146227 ) on Thursday January 08, 2004 @09:27PM (#7923732)

    Look, it was crappy that they went back on their word but this isn't the beginning of some totalitarian state. The TTB normally receives around 20 comments for something like this and this time they received close to 15,000. They got slahdoted.

    The TTB announced their plans to publish the full content of the emails and letters on Dec 2, 2003 [ttb.gov]. They gave everyone who contacted them a way to prevent their addresses from being published. Granted, not many people read the Federal register but given the budgetary constraints that the TTB has this was the best way.

    Also, everyone is assuming that it is the emails that are the problem. TTB also received 4,800 letters and faxes. Normally they receive about 20 comments. It's really easy to redact information from 20 comments but 4,800 letters, that will take a lot of time and manpower. Taking the info out of the emails requires a technical know-out that maybe out of reach of the person who's main job is dealing with 20 comments at a time. Is the TTB supposed to put out bids for a contractor to come in a write a Perl script to do a job that a person normally does in two minutes with a marker and hitting a few control x's? Is it worth the delay in the public posting the comments?
  • by Suppafly ( 179830 ) <(ten.ylfappus) (ta) (todhsals)> on Thursday January 08, 2004 @09:58PM (#7923944)
    If you are one of those email addresses, you should sue to get an injunction against the gov't. Where is the EFF on this one?
  • by Chordonblue ( 585047 ) on Thursday January 08, 2004 @10:04PM (#7924000) Journal
    If this is done, why not show the people at the treasury WHY it's a bad idea through a little.. Uh. Kinesthetic Learning Excersise.

    Why get the personal names, email addresses, and street addresses of those who made the decision and share the love? Wasn't this sort of thing done with a certain spammer in Michigan?

    You could start with Treasury Secretary John Snow...

  • by Zhe Mappel ( 607548 ) on Thursday January 08, 2004 @11:22PM (#7924585)
    ...they're all Democrats! ;-)
  • by coaxial ( 28297 ) on Friday January 09, 2004 @12:12AM (#7925070) Homepage
    The Bush administration doesn't give a damn about public comments. In fact they despise all input from the "little guy". When they started getting too much negative email about the invasion, they made it so you had to jump through many hoops to send a comment, and then you could only comment on their "approved topics" [slashdot.org]. Not only do they not want to listen to you, they won't tell you who they are listening to [csmonitor.com].

    They're not conservatives. They're plutocrats.

God made the integers; all else is the work of Man. -- Kronecker

Working...