Member of European Parliament sends "Thank you for fighting ACTA" email with 2K emails in the body

Lee sez,

As part of my protest against ACTA I signed up to the web page, and asked them to contact my MEP on my behalf, which they did.

Now that ACTA has been defeated, Paul Nuttall, UKIP MEP for the North West and UKIP Deputy Leader, emailed people who had protested, en masse. (I am in Devon in the South West, so he is not my particular representative).

I include the email below, but the interesting part is the forwarded message underneath, which includes a list of all TWO THOUSAND AND TWENTY ONE people who signed up...

33 minutes after receiving the email I received another from Paul Nuttall requesting the recall of the email, a little late really.

I frequently hear from career Euro activists that the Members of the European Parliament have little or no IT expertise and support. Everyone has mixed up CC and BCC at some time or another, but using CC or BCC to send an email to 2,021 people in the first place is poor solution to a common problem. It's the kind of thing that your IT department should be able to sort out for you, by creating a mailing list with a single address whose membership MEPs can manage through a browser.

Update: Lee, who submitted the item, clarifies: "The email wasn't BCCd or CCd to the 2021 petitioners, the email that Paul Nuttall forwarded contained the list of emails in it's body. Indeed it seems very much like this list of emails was used to create an email group, which Paul Nuttall then used. He just made the very foolish mistake of forwarding an email containing peoples personal information, whilst saying how UKIP will defend UK citizens rights and privacy."

It's possible that some of the people whose identities were revealed in the email could face workplace sanctions for opposing ACTA (I know a lot of people in the entertainment industry who privately oppose many of their employers' initiatives), so revealing their identities is a potential big deal.

It would be great to see a free/open web service that let people securely send messages to their MEPs, and then also made it easy for the MEPs to reply to them, individually or as a group. If the European Parliament and individual MEPs' parties and staffers can't handle interaction with their constituencies, then the constituents may have to handle it for them.

Update: I received this from Paul Nuttall's office:

May we please ask that you publish our response and apology - and we of course also extend that apology personally to you.

Please find the statement below.

Yours sincerely,

Office of Paul Nuttall

As a libertarian party we are in favour of internet freedom.

We oppose ACTA in its entirety and we are currently campaigning against the EU-Canada trade deal (CETA) which contains many ACTA-like provisions.

I can only tell you the simple truth; I was seeking to distribute an email protecting confidentiality using the bcc button but in error sent it out with a full list of emails attached.

I can only apologise, explain that it is the kind of mistake all too easy to make with modern technology and assure you that I have taken every step I can to rectify the situation since it happened.

We did not originally gather the data, nor did we intend to send it round. We did "bcc" (blind copy) all correspondents to protect identity. The list was sent to us and a number of other MEPs from an anti-ACTA campaign group which invited us to correspond with the list of contacts they had provided.

I hope you will accept our sincere apologies and can understand that this is the kind of thing that can happen to anyone.

Office of Paul Nuttall



  1. why did you email someone who wasn’t your rep? you clearly don’t know how politics work, the killacta page, didn’t split the emails up into the euro constituencies.

    1. Reading is fundamental…

      “Lee sez…”

      Someone named Lee got the letter, and forwarded the tip to BB/Cory, and then  Cory wrote the story… and the first post is from someone who didn’t read, but needed to somehow discredit the people who see ACTA for the hugely bad thing it is and try to pretend it was all outsiders who weren’t actually in a position to have a say in it complaining…

    2. I am the Lee who submit the article. I didn’t email this guy at all, I went to the fightforthefuture page and submit my details there, and they then forwarded that on.
      I don’t know why it went to Paul Nuttall, maybe he requested a list of everyone who had petitioned or maybe it’s the way fightforthefuture generally works.
      Maybe it was my fault, I can’t recall the sign up procedure now but maybe if I had to select the rep I mis clicked, who knows.

      There is one pretty important correction to the article though.

      The email wasn’t BCCd or CCd to the 2021 petitioners, the email that Paul Nuttall forwarded contained the list of emails in it’s body.
      Indeed it seems very much like this list of emails was used to create an email group, which Paul Nuttall then used.
      He just made the very foolish mistake of forwarding an email containing peoples personal information, whilst saying how UKIP will defend UK citizens rights and privacy.


      1. And so I will take my lumps for my comment….

        It is possible they were doing wide outreach to show how much UKIP cared, he is, as you stated, the Deputy Leader so would be a “good” spokesman to do such.  Capitalizing on the defeat of ACTA seems to be a good way to drum up more supporters… letting everyone know who they were seems like a way to drive more of them away.

        Insert ironic comment about privacy in the UK here.

      2. Are you sure it was two thousand and twenty-one Lee? Mine had 2621. If we received different lists then that’s even more worrying: there could be multiple versions of that email with an even bigger final tally…

        1. You are absolutely right, it was 2621, obviously in my haste to inform the world I lost the ability to read numbers successfully.

      3. but this is the point the killacta page didn’t break the areas down by region, the killacta people should  have directed european people to a european email campaign site which would have directed people to only email their own meps. i emailed to point this out they never replied.

  2. The local realtors and mortgage brokers here sign up for every charity mailing list because they know that some idiot will eventually CC the whole list, which they can then add to their own mailing list.  Without, of course, first checking to see if they’re already on there.

  3. I challenged them about this on twitter and got a gently unsatisfactory reply – they claim it was Paul Nuttal making a classic CC/BCC mistake:

    It wasn’t, though – the email addresses were plain-text in fightforthefuture’s original email. They say this was to reduce server load, but that doesn’t seem like much of a reason to openly list private email addresses like this.

    Kind of tragic, really – I expect this sort of mild incompetence from a UKIP MEP, but I’m surprised a net-savvy bunch like Fight For The Future would make this sort of error. Just makes people more leery of signing up for organisations like this…

  4. I am also on the list… now if only I had a way to contact the other people in the list to perhaps start a legal class action suite against Mr Nutall… OH WAIT!

  5. Kind of cute that he requested “a recall of the email”.

    Because we all know emails are physical objects and sending it back to him would solve everything…

    1. The actual text was “NUTTALL Paul would like to recall the message, “Vote NO on ACTA”.” Which I found hilarious because it doesn’t actually recall the message, it just lets everyone know that he’d really like to.

      “Paul would like to recall the message”? No shit, so would I in his shoes!

      1. Oh look! Apparently there _is_ such a thing as recalling a sent email! 

        Works with Exchange only (much like “Urgent” tags do), but in his shoes I would be taking every step possible to minimize the distribution. If that means attempting to retract the message from those few who use Exchange at the cost of others getting a pointless follow-up email, so be it.

        But don’t let me keep you two from snarking.

        1. I’ve just had my email address shared with 2600 strangers! I’m hoping I can be forgiven a little snark…

        2. This is true. However, as a user in an exchange environment, I can tell you that it hardly ever works anyway.  Don’t know why, but it seems to just NOT do anything for some inboxes except give a notice that the message wants to be recalled and doesn’t take action.

  6. I got the email.  I’m hopin’ the wallies come knockin’ on my door – I’d love an audience 121 with ’em!

  7. I like how he contacted BoingBoing to get them to publish their apology, yet my my inbox remains entirely apology free……

      1. As one of the BCC’ed, I didn’t, made fun of him with my friends and I’m still waiting for my own apology mail, hasn’t arrived yet.

  8. Holmes here from Fight for the Future.   When you write your elected officials, they require an email address to reply to.   So any tool that let people write their officials has to give them your email address.

    For the US Congress, we send each member of Congress an individual email for every user who signs a letter.  They require an email address to count it.  And this way, members of Congress can reply to people who write them–which is exciting for people, and it sometimes yields useful information when people post those replies.

    For MEPs, a few insiders we trusted suggested we not send individual emails for every signature, but we obviously needed to include the email addresses of signers somehow.  So for people who signed a prewritten email we sent the email along with their signatures (emails) below the letter.   Enter Paul Nuttall.

    He either quoted the original email or copy-pasted the emails into a CC (he didn’t “reply-all” because the signers weren’t recipients of the email).  I totally agree with the comments here that the way we did things made it to easy for him to do this.

    So, Paul Nuttall.  Thanks for taking the time to respond to your constituents.  We’ll build a more parliament-proof system the next time around. 

    To reply to the first comment re: districts, countries have different ways of electing MEPs, and there’s no good common source of data for the EU.  In most cases you’d be entering your party affiliation and not your address, anyway.  I think the UK is the only or one of just a few countries that does it geographically.  At the same time, I asked somebody knowledgable about this and they said on paper at least, each MEP represents everyone in their country (not just voters in a certain party or region, even if they’re voted in that way).  Based on that information it made sense to send by country.

    1. technically every member of parliament represents everyone in country but i wouldn’t set up an email campaign that sent it to every all 650 MPs in the UK, same goes for the EU countries

      1. There’s just 78 or so MEPs (Members of European Parliament) for the UK, I believe:,,687211,00.html

        Between arbitrarily dividing them up, and sending to all of them, it seemed best to send to all.  Especially since we were condensing individual emails into one letter, signed by many (so we weren’t sending them an absurd number of emails).

  9. Could be worse. If you live in the East Midlands, you’re represented by the MEP (LibDem, former Conservative) Bill Newton Dunn. Here’s his take on ACTA, from his most recent newsletter. Features patronising use of the word geek and a belief that everyone who disagrees with ACTA wants everything for free:

    ACTA (the Anti Counterfeiting Trade Agreement) MEPs experienced a prolonged deluge of emails from geeks around the world – but less than forty came from the East Midlands – using identical wording arguing that the ACTA treaty should be destroyed because of dangers to their personal freedom.

    Western industries, on the other hand, argued strongly that they need protection from counterfeiting and from free downloading from the internet. But they were too logical and they failed to deluge MEPs in a similar way.

    The result was an overwhelming defeat for the treaty.   I was one of the few who defied the torrent and voted in favour because I believe that if you have to pay for something in a shop you should also pay for it on the internet, but geeks say everything should be free on the internet. The Commissioner says the treaty is not dead and will be brought back.

    Afterwards, triumphant geeks emailed from around the world. Two geeks unwisely gave their game away, by warning about their next targets, the EU-Canadian free trade agreement and also “INDECT” which is a research project in the area of intelligent security systems performed by several European universities since 2009 and funded by the EU.

  10. Hey, I’m in that list.  I’d deleted it because, frankly, UKIP are an offensive joke, but now there’s opportunity for great lulz.  Dear Nuttall, explain why I shouldn’t report you to the ICO…  :)

  11. [Declaration of Interest: I have worked for the mySociety in the past, both as a volunteer and paid. This isn’t written on their behalf.]

    > It would be great to see a free/open web service that let people securely send messages to their MEPs

    So WriteToThem (in the UK) from mySociety then? 

    > and then also made it easy for the MEPs to reply to them, individually or as a group.

    This functionality exists in the mySociety epetitions system. But it’s difficult to write to people as a group if you’re not pre-categorising what people are writing to their MEPs for.Mostly, it just irks me that there’s free, open source software out there to help with these sorts of things; but getting adoption of them inside government is really difficult…

Comments are closed.