You’d think that being the head of the CIA would give you all the ins-and-outs and James Bond tools to conceal your email. Think again.
Less than two weeks ago, David Petraeus was a decorated four-star army general (ret.), Director of the Central Intelligence Agency, and a husband of 38 years. Today, his reputation has been hit with a massive dose of shock and awe.
Petraeus cheated and got caught, largely due to a lot of eyebrow-raising email activity from a man many would assume to know more about how to cover his tracks.
Here’s how the Petraeus email fiasco unfolded, and some hints on better ways to conceal private email conversations, no matter what their purpose.
The general created a fake Gmail account with a pseudonym to communicate with his lover and biographer Paula Broadwell. In order to communicate, Petraeus and Broadwell wrote messages to each other that they each dropped in a draft folder, to eliminate an email chain. This is called a “dead drop,” and has been used by terrorists, including the guys behind the Madrid train bombing in 2004.
They both had access to the account, and would write and save draft messages for each other to read. While we don’t know if the drafts were deleted after reading, or if the same draft was used over and over with old text deleted, we do know the basic pattern of this kind of interaction. Basically one person writes a note and logs off, then the other party logs on and reads the draft. This way no email is actually ever sent, and no email chain is created. In Gmail, draft messages are called conversations. Once these messages are “discarded,” they are notoriously hard to recover. So, one of two things is likely in this scenario: Either they kept the draft conversations at the time that the FBI intercepted their communications, or the FBI worked with Google to retrieve the deleted drafts.
Further mucking things up was the fact that Broadwell used a different Gmail account to send her threatening messages to Kelley. And both she and the General used the same Gmail account to share and write messages. So with all that, it would have been pretty easy for the FBI to lean on Google to reveal the IP addresses of the account in question, alerting the bureau of the location and numeric label of both the computers and networks behind the messages. (Note to all you cyber-lovers out there, the very outdated Electronic and Communications and Privacy Act states any content older than six months and stored in the cloud can be obtained by the government without a warrant.)
Game. Set. Match.
What They Should Have Done
Remember, when trying to hide things from the FBI, no method is perfect, especially when they’re already on your trail. The following tools are not 100% foolproof, but if employed early would have made for a much more convoluted game of cat and mouse, and might even have concealed the amorous activity long enough for the general and his fatal attraction to have escaped unscathed.
1. PGP Encryption: PGP stands for “pretty good privacy,” and that’s exactly what it is. The service encrypts data, like emails, which would have been another hurdle for the FBI to jump through. If this method would have been used, it would have forced Uncle Sam to deploy Trojan-style spyware onto Broadwell’s computer to uncover the emails. With Google snitching the General out, PGP might not have worked. For regular folks though, this tool is a good start.
2. Hide Your IP: Tools like Tor, an open source method to conceal real IP addresses and Web browsing, would have masked their IP address identification. Another is Hamachi, an app that creates free, encrypted Virtual Private Networks (VPNs) between computers. Just use the VPN every time you log in, and don’t log in from your home IP, and you should be safer. Well, unless you’re LulzSec that is.
3. Disposable Email: This message will self destruct after reading. Really. If the General really was 007, or even 007-ish, he would have used this method. Disposable email functions much like it sounds, with messages that are deleted after reading. Disposable email services include Spamex and Mailinator, which were originally designed to keep out spam, not the Feds.
4. Don’t Send Messages Online Period! Keep it offline! If this was 1972, short of the U.S. Postal Service intercepting their mail, this would have been the ideal method, and some inquisitive papparazzi snapping a photo would have been all they would have had to worry about. While the two did spend a good deal of time together in-person (Broadwell apparently traveled overseas to Iraq and Afghanistan to visit Petraeus), they might have been safer to keep the relationship in person only. The only truly private way to use email? Don’t!
Besides, what’s the best way to keep passion in a relationship? Charles M. Schulz said it best: “Absence makes the heart grow fonder.”
Photo by hectorir.