Privacy group in email gaffe

An electronic magazine devoted to privacy on the Internet mistakenly exposes dozens of subscriber names and email addresses, ironically repeating the sort of gaffe it normally criticizes.

2 min read
An electronic magazine devoted to privacy on the Internet mistakenly exposed dozens of subscriber names and email addresses this morning, ironically repeating the sort of gaffe it normally criticizes.

PrivacyPlace, a start-up magazine launched at the beginning of this month, sent out a newsletter to some 79 subscribers notifying them of new articles and updates to its Web site. But instead of sending "blind carbon copies" to each of the recipients, the company listed names and addresses in the "to" field.

"All I can say is I screwed up," said PrivacyPlace editor Tom Maddox, who sent out the email. "Thank God the list was not larger at this point."

Earlier this year, a number of larger companies had similar problems with mass emailings. In April, Nissan exposed the email addresses of some 24,000 potential customers. That same month, AT&T exposed the addresses of 1,800 of its long-distance customers. Normally, PrivacyPlace would aim to be on the other side of the fence.

Maddox said he manually sent out the email to users who had signed up to receive updates about PrivacyPlace. Although the company plans to use mailing list software to generate future messages, Maddox said he sent out this message using Eudora, a popular software program.

The mailing list included the names of everyone who had signed up for the newsletter. Maddox placed the list name in the "to" field, thinking recipients would only see the name of the list and not the individuals within it, he said.

"It was genuinely pilot error," Maddox said. "It was an artifact of doing this by hand and not understanding what the software would do. It simply didn't occur to me that it would generate the whole list of names."

After being notified of the problem by CNET News.com, Maddox emailed recipients of the newsletter, apologizing for his "inadvertent but somewhat ghastly error."

Despite the uproar over earlier privacy breaches, subscribers seemed to be a bit more forgiving of Maddox and PrivacyPlace.

"I got the email," one subscriber wrote in a note to CNET News.com. "No harm done," the subscriber said.

Added Melissa Covelli of public relations firm Waggener Edstrom, who was also on the list: "This probably does make for good reading, but people sometimes forget that though we are in the digital age, humans are behind the technology, and humans make mistakes."

PrivacyPlace provides consumers news and information about protecting their privacy online. Among the contributing columnists to PrivacyPlace is Mike Godwin, who previously served as the staff counsel of the Electronic Frontier Foundation.