Blooper of the Century

IN A JAW-DROPPING EMBARRASSMENT, the state of Utah has mistakenly divulged kids' e-mail addresses on its so-called child-protection do-not-e-mail list — a registry proponents claim is foolproof.

The gaffe stems from four citations the state issued recently against companies it alleges sent e-mail promoting alcohol, gambling and pornography to children's addresses on its do-not-e-mail registry.

When Justin Weiss, director of legislative affairs for the E-mail Sender and Provider Coalition (ESPC), requested copies of the citations from Utah, the state complied but failed to remove the e-mail addresses of the children in the complaints, court papers show.

“I have no personal knowledge of how many other unredacted copies may have been sent out to other individuals that made information requests like mine,” said Weiss in an affidavit.

State officials reportedly are mortified over the incident.

“A fair amount of trust has been placed with us and this is not a good thing,” Utah Department of Commerce director Francis Giani reportedly told the Salt Lake Tribune. “I'm sick about it.”

Though the incident in Utah was not a breach of its do-not-e-mail registry per se, critics argue it's proof the system puts children's addresses in danger.

“It's unfortunate, sad and a concern that the fallibility of the registry had to be demonstrated in this way, but regardless of the technological protections in place on any registry, human error is always an issue,” said ESPC executive director Trevor Hughes. “Where[ver] we have a central database of children's e-mail addresses, the risks are simply too high.”

Recently, Matthew Prince, CEO of Unspam Technologies — the company that runs children's no-e-mail registries in Michigan and Utah — claimed in court papers it is impossible for people to get e-mail addresses off those lists.

“Even if ordered by a court or held at gunpoint, there is no feasible way that I, any Unspam employee, or any state official could provide you even a single address that has been submitted for compliance by any sender,” Prince said in an affidavit.

Utah's mistake clearly demonstrates otherwise, said Hughes.

“The concerns that industry, the FTC, e-mail advocates and children's advocates have been raising for over two years have been glaringly demonstrated in this situation,” he said.

Utah and Michigan have “child protection” do-not-e-mail laws in place requiring e-mail marketers that want to promote anything illegal for minors to view or buy to screen their lists against the states' registries monthly for a fee.

Marketers argue that the registries place an unfair burden on law-abiding companies while doing nothing to stop illegal spammers from polluting people's e-mail inboxes.

Moreover, critics like the Federal Trade Commission argue that do-not-e-mail registries can't be made secure. As a result, they say, Utah and Michigan's registries put children's addresses at greater risk of being exposed to predators.