Peacemaker trailer Xbox Series X mini fridge The Flash trailer NASA's Lucy launch Apple October event: How to watch PS5 Pro

D'oh! FTC reveals attendees' email addresses before privacy conference

The agency tries to recall the email containing the comprehensive list, but the information is already out there.


On the eve of a conference about digital privacy, the FTC sent a mass email to every registrant, leaving all the addresses visible. A classic email blunder, this one hits a little close to home.

68/Joelle Icard/Ocean/Corbis

Maybe I'm naive to expect a certain savviness about privacy from the FTC, especially just before it convenes a group of experts in privacy and cybersecurity at a conference in Washington, DC, next week. I certainly didn't expect the agency to accidentally send out a list of every attendee's email address. But, it did.

The Federal Trade Commission on Friday sent an email advising participants to show up early to get a seat, and left all the recipients on the list visible to each other. A classic email blunder -- using the "cc" function instead of the "bcc" function -- in any normal situation, this particular mistake smacked of irony.

The agency apologized and blamed the mishap on an unknown error with its email distribution list. "We are assessing how this happened and will work to ensure that this does not occur in the future," two FTC representatives said in a follow-up email, this time with the recipients' email addresses blocked. "We sincerely apologize for the error."

The FTC sent a recall notice and encouraged participants to delete the email from their inbox so they wouldn't retain the list of addresses, which included more than 600 businesspeople, academics, government workers and journalists such as yours truly. But the damage was already done.

"I find it surprising that team would not hide all of the email recipients on a blast in regards to a conference on... digital security and best practices," wrote Shane Unrein, director of digital marketing and social media at an automotive company in Virginia, in a reply-all message to the agency's email. Unrein had his contact information revealed along with the rest of us. "Just saying :-/," he added.

Mass emails that don't mask the list of recipients do more than violate privacy. They can be really annoying. Unrein's choice of emoji at the end of his message closely resembles a grimace, and anyone caught up in a storm of unwanted reply-all messages can likely relate to the feeling behind it. Frustrating "reply-all gates" have hit many institutions in the wake of similar mass emails, including one that targeted 33,000 employees at Thomson Reuters in August. The most horrific and ironic problem resulting from such antics is often the steady stream of people hitting "reply-all" to ask everyone to stop hitting "reply-all."

Luckily, some email providers offer the ability to hit the electronic "shush" button, muting unwanted conversations. Don't tell anyone, but it is my favorite button.