E-mail snafu exposes names of confidential witnesses in federal probe

Computerworld - From the how-not-to-keep-a-secret department comes the tale of an official at U.S Attorney Patrick Fitzgerald's office in Chicago who inadvertently e-mailed a document containing the names of more than 20 confidential witnesses in a federal probe to the media.

According to reports published by the Chicago Tribune and The Smoking Gun Web site, the snafu happened yesterday, when a spokesman for Fitzgerald attached the document to an e-mail message announcing felony charges against individuals named John Walsh and Charles Martin. The two men were partners in a foreign-exchange futures dealer called One World Capital Group, located in the Chicago area but now defunct, that is accused of defrauding customers of $15 million.

Included along with the 62-page complaint filed against Walsh and Martin was a one-page chart that identified 24 sources who were mentioned only in an anonymous fashion in the complaint itself. The sources included former One World employees, customers and "other" individuals, according to a copy of the document that was posted by The Smoking Gun with the names blurred out. The document also apparently identified two investment groups that hadn't been publicly named.

Once the error was discovered, Fitzgerald spokesman Randall Sanborn quickly sent out another e-mail asking all of the media members who received the original document to quickly destroy it, according to the two reports.

A woman who answered the phone at Fitzgerald's office — which currently is also involved in the high-profile corruption investigation of Illinois Gov. Rod Blagojevich — referred all questions about the e-mail snafu to Sanborn. "I have no comment about this matter," he said via e-mail.

Such inadvertent exposures involving e-mail aren't uncommon. In October 2007, for instance, the U.S. House's Committee on the Judiciary had to apologize to about 150 would-be whistle-blowers for accidentally exposing their e-mail addresses to other individuals who, like them, had used a committee Web site to secretly submit tips about alleged abuses at the Department of Justice.

That mix-up occurred when one of the committee's clerical employees accidentally included all of the e-mail addresses in the "To" field of a message that was sent out to each tipster informing them of certain changes in access conditions. Many of the addresses contained the names of the whistle-blowers.

Earlier that same month, an e-mail glitch exposed the names, telephone numbers and other personal details of several thousand security professionals and military officers who had subscribed to a daily news roundup e-mailed by the Department of Homeland Security. That error resulted in DHS networks eventually being deluged with more than 2 million e-mails as messages from people on the distribution list were repeatedly copied to everyone else.

Read more about privacy in Computerworld's Privacy Knowledge Center.