Whistle-blower e-mail addresses exposed in Judiciary Committee snafu

Microsoft Outlook message goes horribly sideways

The House Judiciary Committee yesterday apologized to would-be whistle-blowers for accidentally exposing their e-mail addresses to other individuals who, like them, had used a committee Web site to secretly submit tips about alleged abuses at the Department of Justice.

The snafu resulted when a clerical employee at the committee accidentally included the e-mail address of all the whistle-blowers in the "To" field of a message that was sent out to each tipster informing them of certain changes in access conditions. A substantial number of the more than 150 e-mail addresses in the distribution list included portions of individuals' real names.

Also included in the list was the public e-mail address of Vice President Dick Cheney, as well as some apparently fictitious individuals, according to a statement released yesterday by the Judiciary Committee.

"An erroneous communication was sent that may have compromised the anonymity of recipients of the e-mail," the unattributed statement said. "The committee apologizes for the concern this error may have caused, and is making every effort to protect the confidentiality of those who chose to provide information on the tip line," the statement said. The House Judiciary Committee is chaired by Rep. John Conyers Jr. (D-Mich.)

The Web tip line was set up around June 20. It was designed to give Justice Department employees a way to confidentially provide the Judiciary Committee with information that could potentially aid the committee's ongoing investigation of the "alleged politicization" at the Justice Department.

Soon after the Web site was set up however, committee minority members argued that any tips that were submitted to the site were committee records to which they rightfully had full access as well. On Oct. 24, an agreement was reached between the majority and minority members of the committee under which both sides agreed to limit access to committee members and specifically designated staff. The sides also agreed that any broader release of the tips would require a full committee vote.

A nonpartisan clerical employee was selected to send out an e-mail to all tipsters informing them about the changes in the access conditions and offering them an option to "withdraw any information" submitted if they chose to.

In carrying out this task, the statement said, the employee apparently misunderstood the "private" checkbox in Microsoft Outlook's Distribution List function. "The employee mistakenly believed that this would hide the names on the distribution list from the recipients," and that only the name of the distribution list itself would appear in the "To" field. "As a result of this mistake, all e-mail addresses of all recipients were visible to everyone who received the e-mail," the statement said.

"This was an inadvertent clerical error, and contrary to speculation, not the result of hacking or any malicious act," the statement added.

The TPMmuckraker blog called the gaffe a "whoops with a capital W." The blog, which claims to have been forwarded copies of the e-mail by someone who received it, said the original message was followed by another one recalling it a few hours later. However, the recall notice also had all of the e-mail addresses exposed in the "To" field.

This is the second time recently that a government entity has been embarrassed by an e-mail snafu. Earlier, this month, the Department of Homeland Security managed to flood government and business mail servers with over 2 million messages and exposed e-mail addresses of thousands of security professionals when someone hit Reply All to a daily news roundup e-mail.

Copyright © 2007 IDG Communications, Inc.

Shop Tech Products at Amazon