U.S. Embassy exposes names of citizens

September 26, 2001
Did you register with the U.S. Embassy in Bangkok? If so, I might have your full name and email address courtesy of an embassy emailing! The embassy sent out security precaution emails to registered citizens and wardens on September 26, 2001 without BCCing the send addresses (this would hide the recipients' names from each other). Everyone who received the message could see the names of everyone else.
The messages were sent alphabetically by surname and the message I have contains the full names (first, middle, and last) of 13 other people. (Hi, Frederick, William, Joshua, Jane, Marshall, Sally, Steven, Robert, Kathryn, Donald, Richard, Sally, and Katherine!)
No one should expect the careless disclosure of this type of information by one's own embassy (especially in these times). The embassy should learn to use their email system before sending any more notices.
September 27, 2001 - The U.S. Embassy responds to my email complaining about this: I agree with you that all addressees should be blind, and that was my instruction yesterday morning. Unfortunately, technical problems prevented the message from going out to large numbers of blind addressees, and it was decided that it was important to get this particular message out as soon as possible rather than waiting until the address problem was solved. I apologize for this, and I hope that we will not have to face the same choice again.
Sincerely,
Jeffrey C. Schwenk
Chief, American Citizen Services Unit
US Embassy Bangkok

[This story got a mention on techdirt and the Inquirer.]
UPDATE - A further warning message sent on October 2, 2001 was apparently BCCed. However, they did send me six copies....
This entry was posted in 2Bangkok News. Bookmark the permalink.