Utah Exposes Kids' E-mail Addresses

In a jaw-dropping embarrassment, the state of Utah has mistakenly divulged e-mail addresses of kids on its so-called child-protection do-not-e-mail list -- a registry proponents claim is foolproof.

The gaffe stems from four citations the state issued recently against companies it alleges sent e-mail to children's addresses on its do-not-e-mail registry promoting alcohol, gambling and pornography.

According to court papers, when Justin Weiss, director of legislative affairs for the E-mail Sender and Provider Coalition, requested copies of the citations from Utah, the state complied but failed to redact the e-mail addresses of the children in the complaints.

"I have no personal knowledge of how many other unredacted copies may have been sent out to other individuals that made information requests like mine," said Weiss in an affidavit.

State officials are reportedly mortified over the incident.

"A fair amount of trust has been placed with us and this is not a good thing," Utah's Department of Commerce Director Francis Giani reportedly told the Salt Lake Tribune. "I'm sick about it."

Though the incident in Utah was not a breach of its do-not-e-mail registry per se, critics argue it is proof the system puts children's addresses in danger.

"It's unfortunate, sad and concerning that the fallibility of the registry had to be demonstrated in this way, but regardless of the technological protections in place, on any registry, human error is always an issue," said Trevor Hughes, executive director of the ESPC. "Where we have a central database of children's e-mail addresses, the risks are simply too high."

Recently, Matthew Prince, chief executive of Unspam Technologies, the company that runs children's no-e-mail registries in Michigan in Utah, claimed in court papers it is impossible for people to get e-mail addresses off the registries.

"Even if ordered by a court or held at gunpoint, there is no feasible way that I, any Unspam employee, or any state official could provide you even a single address that has been submitted for compliance by any sender," Prince said in an affidavit.

Utah's mistake clearly demonstrates otherwise, said Hughes.

"The concerns that industry, the FTC, e-mail advocates, children's advocates have been raising for over two years have been glaringly demonstrated in this situation," he said.

Utah and Michigan have so-called child protection do-not-e-mail laws in place requiring marketers who want to include anything it is illegal for minors to view or buy in e-mail to screen their lists against the states' registries monthly for a fee.

Marketers argue that the registries place an unfair burden on law-abiding companies while doing nothing to stop illegal spammers from polluting people's e-mail inboxes.

Moreover, marketers and the Federal Trade Commission argue that do-not-e-mail registries cannot be made secure. As a result, they argue, Utah and Michigan's do-not-e-mail registries put children's addresses at greater risk of being exposed to predators.