FTC apologizes for leaking attendee details … to privacy conference
Yep, the classic cc/bcc cock-up
The Federal Trade Commission (FTC) has put in a strong bid for the 2016 Ironic Idiocy Award when they sent the details of every attendee to one of its conferences to every other attendee. The conference? Privacy CON.
The conference, taking place today in Washington DC, is heavy on university research and covers topics like "the current state of online privacy" and the "economics of privacy and security."
Its keynote speakers are FTC Commissioners, and FTC staff members are acting as the moderators for discussions.
The conference is free and places are limited (you can follow it online), so the regulator sent out an email just prior to the conference advising attendees to arrive early to get a seat to hear FTC chair Edith Ramirez's opening remarks.
Except of course, in the classic cc/bcc blunder, the email contained the details of every other attendee's email address.
And that, of course, sparked a second email asking people to delete that email, only drawing attention to the fact that the contact details of all the people attending a privacy conference in Washington DC are now sitting in your inbox.
That list included over 500 academics, business folk, journalists and of course government workers. Which is one way to achieve the conference's stated goal of "bridging the gap between the academic, tech, and policy worlds."
"We are assessing how this happened and will work to ensure that this does not occur in the future," the follow-up noted. "We sincerely apologize for the error."
Meanwhile, Ramirez opened the conference with the line: "Today, companies in almost every sector are eager to scoop up the digital footprints we leave behind when we post, shop, and browse online."
To the FTC's credit, it then immediately acknowledged its own privacy blunder:
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Sandbox
- Trusted Platform Module
- Zero trust