David Petraeus ran the largest, best-funded, most capable intelligence service in the history of the world, but even he failed to learn the lesson learned long ago by small-time mobsters and corner drug dealers: If you want something to remain a secret, stay off the phones and—more important—stay off e-mail.
You have to presume that anything sent electronically can be discovered, duplicated, decoded, and undeleted—because it can. Digital files can be infinitely reproduced, and they leave a trail of data wherever they go.
General Petraeus was not entirely unaware of this. He did make some attempts to conceal his communication with his paramour, Paula Broadwell. But it wasn’t like he used NSA-level encryption and bounced his e-mails off 17 satellites to make them hard to trace (I’m not sure that would even work, but it always seems to do the trick in the movies).
No, the director of the Central Intelligence Agency set up a Gmail account under a pseudonym, which both he and Broadwell had the password to. They would write messages to each other but, instead of sending them, they would leave their hot-and-heavy missives in the drafts folder. By not transmitting them, there was no way to trace them back to a specific PC.
Except, of course, when Broadwell sent messages to that account. Whoops. That established a connection the FBI could follow, and led to the “secret” e-mails the two were sharing.
Petraeus and Broadwell could have taken things a step further by using an e-mail service that encrypts messages. With an encrypted e-mail, only the sender and the recipient would be able to read the contents—anyone else would see gibberish. Sites like Hushmail automatically encrypt messages, and downloadable software patches like GPG and Enigmail can encrypt messages on Gmail and other webmail sites. Sites like 10minutemail create e-mail addresses that can only be used for 10 minutes before the address expires.
But even these measures have loopholes. Encrypted messages have encoded content, but not address and subject information. So even though the main text may be garbled, an investigator could, for example, see that 39 messages were sent to the same person in one day, including one at 1:37 a.m. with the subject line “You just left—still cleaning the maple syrup off my chest.” At that point, does it even matter what was written in the e-mail?
There is a distinction made regarding who is trying to retrieve old electronic messages. The government—local, state, or federal—is bound by the Stored Communication Act, part of the Electronic Communications Privacy Act of 1986 (that’s not a typo). That means electronic communications less than 180 days old require a search warrant to be viewed by law enforcement. Messages older than 180 days, however, are able to be viewed by the government with a subpoena. (Except at the U.S. Court of Appeals for the Sixth Circuit, which includes parts of Michigan, Ohio, Kentucky, and Tennessee. The court ruled that the SCA is in violation of the Fourth Amendment and therefore even messages that are more than 180 days old require a search warrant.)
As for private investigations, like divorce attorneys’, the bar is much, much higher. “Private parties have a much harder time accessing e-mail than the government,” says Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation, a legal nonprofit. Private investigators may be able to access the header information on an e-mail (addressee and subject fields), but the content of the e-mails will remain off limits.
Even deleted messages are not always truly deleted. For starters, anything “deleted” off a local hard drive may still be recoverable by savvy law-enforcement technicians (most data are not really deleted on a hard drive, just overwritten). On many webmail services, you have the option to archive or delete messages, but even deleting them doesn’t banish them to oblivion. Here’s what Google’s (GOOG) Gmail help page says about deleted messages:
“Please be aware, residual copies of deleted messages and accounts may take up to 60 days to be deleted from our active servers and may remain in our backup systems for an additional period of time.”
The same can be true of instant messages and texts. In the case of the former, most IM programs let you choose whether you want to archive your conversations or not—retired (and not retired, in what appears to be the case of General John Allen) four-star generals may want to uncheck that box.
Businessweek.com — Top News
Subj: Emailed Secrets Will Be Found Out
This article
Subj: Emailed Secrets Will Be Found Out
can be opened in url
http://newstipie.blogspot.com/2012/11/subj-emailed-secrets-will-be-found-out.html
Subj: Emailed Secrets Will Be Found Out