It’s become the email equivalent of separating church and state: work email is for official communications while private accounts are for personal — and sometimes inappropriate — messaging.
But as the scandal that has enveloped former CIA director David Petraeus and Gen. John Allen has shown, Gmail and other Web-based email services are not completely safe zones.
The FBI probe into Petraeus — which led to his resignation last Friday — serves as a reminder that even the most private emails sent on commercial online services among people using pseudonyms can be discovered and thrown into the harsh light of scrutiny.
Here are Gmail lessons to be learned from the Petraeus affair:
1. It’s not anonymous.
Petraeus and his biographer Paula Broadwell apparently took steps to protect their communication, such as using pseudonyms to set up an online service account and in communicating with each other. But FBI investigators were able to figure out some information about the account from looking at emails sent from the account to another party. Reportedly this is what led authorities investigating threatening emails to Tampa socialite Jill Kelley from Broadwell.
“Who you are saying it to and where you are saying it from has the least protection under the law,” said Chris Soghoian, principal technologist at the ACLU. “A warrant is needed to find out what you are saying.”
Internet service providers and most websites keep complete records of the Internet Protocol addresses of those who use their services for 18 months, and then slightly blurred records of IP addresses after 18 months.
Investigators can obtain that information under the Electronic Communications Privacy Act as long as they have reasonable grounds to believe that it is relevant to an ongoing criminal investigation — less than the probable cause needed to secure a warrant. In the Petraeus case, the FBI reportedly got the necessary court clearances.
The only way that people can use pseudonymous webmail accounts safely is via an anonymizing service like Tor, said Peter Eckersley, technology projects director for the Electronic Frontier Foundation. Tor is installed on a computer and reroutes website visits, instant messages and other communications to other Tor users so it is not possible to identify a single computer, sort of like hiding in a crowd.
2. Government requests for access are increasing and Google and other services play ball.
Google reported Tuesday that law enforcement and courts in the United States made nearly 8,000 requests for user information in the first half of 2012 from all of Google’s products — including Gmail, search, Google Docs, etc. The number of requests from the American law enforcement alone jumped 26 percent from the previous six months, when 6,321 requests were made.
Government officials wanted information on 16,281 accounts, Google said, and Google complied roughly 90 percent of the time.
The report shows governments around the world not only wanted more data for law enforcement purposes but also increased requests to Google to remove content..
“Government surveillance is on the rise,” Dorothy Chou, a senior policy analyst at Google, wrote in a blog post announcing the report.
3. You’re not in cyberspace.
A person’s physical location when sending an email can often be pinpointed from the email they send. Email metadata contains IP addresses of the computers and servers they come in contact with, as well as the unique number associated with the device that sent the emails. Sometimes, the traceable IP of the sender’s device is visible in a sent email — email services such as Yahoo and others reveal information about the sending computer, while messages sent from Gmail’s Web interface do not reveal the information about the sending computer, privacy experts say. Even if it isn’t visible, investigators can obtain it with the use of a subpoena or court order, and determine other accounts accessed from the same location.
In the Petraeus case, authorities reportedly used location data in the headers of emails to trace them to Broadwell. Once they pinpointed her as a suspect, FBI investigators were able to obtain a warrant to look at her other email accounts, including the Gmail account she reportedly shared with Petraeus.
4. A draft email folder does not offer magical protection.
The Associated Press reported Monday that Petraeus and Broadwell sometimes communicated by writing messages and storing them in the draft folder of a jointly accessed email account, rather than sending them. The idea is to avoid creating a digital trail of email transmissions, a technique reprtedly used by Al Qaeda operatives to hide traffic but dismissed by one privacy expert as “security folklore.”
The technique doesn’t work because emails kept in the draft folder are sent to service providers’ servers. In fact, they may be more vulnerable. Government may have easier access to the unsent emails, because draft communications might not meet the technical definition of “electronic storage” in ECPA. That would allow access to the communications without a full-blown warrant.
5. Off-record chats can linger — somewhere.
When using instant messaging in Google Talk or Gmail, many users choose to chat “off record,” meaning that nothing said is saved in either person’s Gmail account. But if using a third-party service to access chat, the history may be saved to the users’ computers, Google says. “We can only guarantee that when you go off the record, the chat history is not being automatically saved or made searchable in either person's Gmail account,” the company reports.
But Soghoian said that “Google's off the record isn't bulletproof.”
“If the government sends Google a preservation order” — a stipulation requiring a company to preserve data, even if it’s not yet signed by a judge — “then Google can be forced to retain future records for that account,” he said.
This article first appeared on POLITICO Pro at 5:26 a.m. on November 14, 2012.
Gen. David Petraeus is dumb, she’s dumber
http://www.politico.com/news/stories/1112/83733.html
By ROGER SIMON | 11/13/12 4:23 AM ES
David Petraeus never should have resigned as director of the Central Intelligence Agency because he was involved in a sex scandal.
Petraeus should have resigned because if he were any more dimwitted, you would have had to water him.
I know this is not what we have been told for years about Petraeus. I know we have been told he is some kind of towering genius: West Point grad, Princeton Ph.D., four-star general. But add one other quality: blockhead.
No, not because he committed adultery. Adultery is commonplace in our society. It may someday be mandatory.
And his paramour was perfect for him. Paula Broadwell — a name, as someone said, that could have come from a James Bond novel — is also a West Point grad, has a master’s degree from Harvard and is a fitness freak with biceps that could crush walnuts.
Oh, yeah, one more thing: She is as smart as a bag of hammers.
Leaving aside the sordid, yet fascinating, details — as CIA director, Petraeus demanded fresh pineapple be placed by his bedside every night — here is what did in these two soaring intellects:
Petraeus sends Broadwell sexually explicit messages through his Gmail account, messages so explicit that they leave no doubt in the minds of FBI investigators that the two are having an affair.
Got that? The head of the Central Intelligence Agency thinks Gmail accounts are secure and untraceable. What, he couldn’t have checked with a tech-savvy 12-year-old first? (Which is about every 12-year-old in America.)
Still, Petraeus might have skated, kept the affair private, gone on to a life of running clandestine operations for his country during the day and consuming tropical fruits at night.
But no, Paula Broadwell sends a series of allegedly threatening messages to a woman she thinks might be a rival for Petraeus’s affections. These messages apparently are so aggressive that the woman goes to the FBI. Oh, yeah, I am forgetting one thing: Broadwell sends these messages from an email account she shares with her husband.
Wow. I am surprised the spy master and his Harvard-educated girlfriend didn’t decide to conduct their affair by Podcast.
And just to add to the general weirdness of the story, the Wall Street Journal reported Monday evening that an FBI agent involved in the case is under investigation for allegedly sending shirtless photos of himself to the woman Broadwell was allegedly harassing. But this is collateral damage.
Some see the main story as involving two brilliant people brought low by true love. I don’t see it that way. Petraeus and Broadwell are not Abelard and Heloise. They are more like Dumb and Dumber.
When Bill Clinton was caught in a sex scandal, he acted sensibly: He lied through his teeth until they came up with the DNA.
Not Petraeus. He folded immediately when confronted by the FBI and admitted everything. Still, Petraeus did not have to resign. The FBI determined he did not breach any security, nor had he committed any crime. Clinton gutted it out, and today is one of the most popular figures in the world.
But fooling around always had been part of Clinton’s good ole boy image. Not Petraeus. His image was so straitlaced that it was almost sexless. “I spent a lot of time with him, and I never heard him say, ‘Wow, she was hot,’” one former aide told The Washington Post. “I never recalled hearing him say anything crass or even mentioning the good looks of a person.”
That was not the Petraeus way. He was intent on building his image and (mainly) seducing people who could help him climb to the top.
John McCain was dazzled by him. On a small plane from Cedar Rapids to Davenport, Iowa, in February 2007, I taped an interview with McCain that included the following exchange:
McCain: By the way, did you have a chance to see Petraeus in action? He’s very good.
Very impressive. Most impressive guy I’ve met, seen in action in a long time.
Me: What do you mean by action?
McCain: Testifying, talking, interfacing.
Me: What is it that he's got?
McCain: Charisma, a lot of charisma.
Me: Obviously, charisma alone is not enough to make a difference [in Iraq].
McCain: One thing he did was he had a bag of money, and he would go around and say, “OK, build this irrigation ditch, buy yourself a generator.”
This impressed me. Having started out as a columnist in Chicago, I knew the value of carrying around bags of money with which to dispense favors. But I was never convinced Petraeus was the savior of Iraq or of Afghanistan. (Have we saved either country?)
But many influential people were impressed by him and now blame Broadwell for seducing Petraeus and bringing him down.
Google the name “Paula Broadwell” — and I know you probably already have — and you find headlines like “Broadwell Depicted as Aggressive and Unhinged” with a link to a New York magazine column that appears with the more demure headline: “Paula Broadwell Depicted as Ambitious and Inappropriate.”
Most of her inappropriate behavior in public seems to have involved clothing. She wore “tight shirts and pants” in Afghanistan, according to The Washington Post, “where Western-style attire can offend local sensibilities.”
Big deal. I say if we’re going to spend $1.7 trillion, nearly 20,000 casualties and 12 years conquering a country, we get to wear what we want and the locals get to wear what they want.
More ominously, however, the Post reported that once back in the United States, Broadwell helped Petraeus “pick out a wardrobe of tailored suits he would wear at the CIA.”
Ladies, here is a tip: If a buff, beautiful, younger woman helps your husband pick out his clothes, they are probably doing it.
But now the shopping trips are over. And the blazing star that could have landed David Petraeus in the White House has now landed him in the soup.
A tragedy, his friends and acolytes, say. An American tragedy.
Me, I don’t see that.
“Tragedy requires unmerited suffering,” historian David Goldfield has written.
If you deserve the suffering, it isn’t tragedy. It’s justice.
Roger Simon is POLITICO’s chief political columnist.
No comments:
Post a Comment