Trying to Keep Your E-Mails Secret When the C.I.A. Chief Couldn’t





If David H. Petraeus couldn’t keep his affair from prying eyes as director of the Central Intelligence Agency, then how is the average American to keep a secret?




In the past, a spymaster might have placed a flower pot with a red flag on his balcony or drawn a mark on page 20 of his mistress’s newspaper. Instead, Mr. Petraeus used Gmail. And he got caught.


Granted, most people don’t have the Federal Bureau of Investigation sifting through their personal e-mails, but privacy experts say people grossly underestimate how transparent their digital communications have become.


“What people don’t realize is that hacking and spying went mainstream a decade ago,” said Dan Kaminsky, an Internet security researcher. “They think hacking is some difficult thing. Meanwhile, everyone is reading everyone else’s e-mails — girlfriends are reading boyfriends’, bosses are reading employees’ — because it’s just so easy to do.”


Face it: no matter what you are trying to hide in your e-mail in-box or text message folder — be it an extramarital affair or company trade secrets — it is possible that someone will find out. If it involves criminal activity or litigation, the odds increase because the government has search and subpoena powers that can be used to get any and all information, whether it is stored on your computer or, as is more likely these days, stored in the cloud. And lawyers for the other side in a lawsuit can get reams of documents in court-sanctioned discovery.


Still determined? Thought so. You certainly are not alone, as there are legitimate reasons that people want to keep private all types of information and communications that are not suspicious (like the contents of your will, for example, or a chronic illness). In that case, here are your best shots at hiding the skeletons in your digital closet.


KNOW YOUR ADVERSARY. Technically speaking, the undoing of Mr. Petraeus was not the extramarital affair, per se, it was that he misunderstood the threat. He and his mistress/biographer, Paula Broadwell, may have thought the threat was their spouses snooping through their e-mails, not the F.B.I. looking through Google’s e-mail servers.


“Understanding the threat is always the most difficult part of security technology,” said Matthew Blaze, an associate professor of computer and information science at the University of Pennsylvania and a security and cryptography specialist. “If they believed the threat to be a government with the ability to get their login records from a service provider, not just their spouse, they might have acted differently.”


To hide their affair from their spouses, the two reportedly limited their digital communications to a shared Gmail account. They did not send e-mails, but saved messages to the draft folder instead, ostensibly to avoid a digital trail. It is unlikely either of their spouses would have seen it.


But neither took necessary steps to hide their computers’ I.P. addresses. According to published accounts of the affair, Ms. Broadwell exposed the subterfuge when she used the same computer to send harassing e-mails to a woman in Florida, Jill Kelley, who sent them to a friend at the F.B.I.


Authorities matched the digital trail from Ms. Kelley’s e-mails — some had been sent via hotel Wi-Fi networks — to hotel guest lists. In crosschecking lists of hotel guests, they arrived at Ms. Broadwell and her computer, which led them to more e-mail accounts, including the one she shared with Mr. Petraeus.


HIDE YOUR LOCATION The two could have masked their I.P. addresses using Tor, a popular privacy tool that allows anonymous Web browsing. They could have also used a virtual private network, which adds a layer of security to public Wi-Fi networks like the one in your hotel room.


By not doing so, Mr. Blaze said, “they made a fairly elementary mistake.” E-mail providers like Google and Yahoo keep login records, which reveal I.P. addresses, for 18 months, during which they can easily be subpoenaed. The Fourth Amendment requires the authorities to get a warrant from a judge to search physical property. Rules governing e-mail searches are far more lax: Under the 1986 Electronic Communications Privacy Act, a warrant is not required for e-mails six months old or older. Even if e-mails are more recent, the federal government needs a search warrant only for “unopened” e-mail, according to the Department of Justice’s manual for electronic searches. The rest requires only a subpoena.


Google reported that United States law enforcement agencies requested data for 16,281 accounts from January to June of this year, and it complied in 90 percent of cases.


GO OFF THE RECORD At bare minimum, choose the “off the record” feature on Google Talk, Google’s instant messaging client, which ensures that nothing typed is saved or searchable in either person’s Gmail account.


You're reading an article about
Trying to Keep Your E-Mails Secret When the C.I.A. Chief Couldn’t
This article
Trying to Keep Your E-Mails Secret When the C.I.A. Chief Couldn’t
can be opened in url
http://towernewster.blogspot.com/2012/11/trying-to-keep-your-e-mails-secret-when.html
Trying to Keep Your E-Mails Secret When the C.I.A. Chief Couldn’t