Via Slashdot: House Panel Screw-Up Reveals Whistleblower Email Addresses

["Richard M. Smith" <rms () computerbytesman com>]

http://www.tpmmuckraker.com/archives/004576.php
 
D'Oh: House Panel Screw-Up Reveals Whistleblower Email Addresses 
By Paul  <http://talkingpointsmemo.com/paulkiel.php> Kiel - October 26,
2007, 10:07PM

Here's a whoops with a capital W. 

This summer the House Judiciary Committee
<http://www.tpmmuckraker.com/archives/003488.php> launched an effort to
collect tips from would-be whistleblowers in the Justice Department. The
U.S. attorney firings scandal had shown that much was amiss in the
Department, and with the danger of retaliation very real, the committee had
set up a  <http://judiciary.house.gov/WriteCongressToRightJustice.aspx> form
on the committee's website for people to blow the whistle privately about
abuses there. Although the panel said it would not accept anonymous tips, it
assured those who came forward that their identity would be held in the
"strictest confidence."

But in an email sent out today, the committee inadvertently sent the email
addresses of all the would-be whistleblowers to everyone who had written in
to the tipline. The committee email was sent to tipsters who had used the
website form, including presumably whistleblowers themselves, and all of the
recipients of the email were accidentally included in the "to:" field --
instead of concealing those addresses with a so-called blind carbon copy or
"bcc:". 

Only the email addresses were exposed; none of the names or other
identifying information of the whistleblowers was revealed. The blunder,
however, was noticed by a number of people who had used the website form and
received today's email. One disgruntled recipient replied to the entire list
of whistleblowers angrily complaining about the snafu; two others forwarded
the committee email to TPMmuckraker with similar complaints.

Compounding the mistake, the committee later sent out a second email
attempting to recall the original email; it, too, included all recipients in
the "to:" field, according to a recipient of the emails.

A committee spokesperson emailed the following statement in response to
TPMmuckraker's questions:

The tip line was created to be a confidential method for Justice Department
employees to provide the Judiciary Committee with information that might aid
the Committee in its ongoing investigation of politicization at the Justice
Department. Because of the confidentiality agreement, the Committee will not
discuss any emails sent on this tip line. A technological error in a recent
communication inadvertently disclosed certain email addresses. The Committee
has not begun its review of the emails, and does not know if any of them are
in fact from Justice Department employees as opposed to private citizens
expressing more general views. The Committee apologizes for any concern this
error may have caused, and is making every effort to protect the
confidentiality of those who chose to provide information on the tip line. 

It's not immediately clear whether the mistake will lead to the exposure of
those who had contacted the committee. There are more than 150 recipient
addresses revealed in the email. Some of the email addresses appear to be
transparently fake, but there's also, much more troubling, a
vice_president () whitehouse gov carbon copied on the email, which is the
<http://www.whitehouse.gov/contact/> public email address for Vice President
Dick Cheney. In other words, an email containing the email addresses of all
the whistleblowers who had written in to the committee tipline was sent to
public email address of Vice President Cheney. 

...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.