ACCOUNT LOGIN

Email privacy lessons from former CIA director Petraeus

If the head of the Central Intelligence Agency cannot keep his email messages private, then is it unrealistic to assume most others could send untraceable messages?

Over the past weeks, investigators with the U.S. Federal Bureau of Investigation (FBI) have exposed a complex plot involving jealous lovers and threatening e-mails that have forced the head of the Central Intelligence Agency (CIA) to abruptly resign.

The case centers around Jill Kelley, an events planner and friend of former CIA head David Petraeus. Starting this May, Kelley said she began receiving menacing emails detailing events she had attended in which the U.S. general and other military personnel had attended. Eventually, FBI officials were able to piece together the existing paper trail to determine that the messages had originated from Paula Broadwell, the official biographer of Petraeus with whom the ex-CIA director had been having an extramarital affair, NBC News reported.

How the FBI exposed the plot
Even though Broadwell had tried to make sure the emails would not be traced back to her or Petraeus, the FBI was able to in part use IP addresses to determine the sender of the online threats.

First, the agency collected the IP addresses of the locations that menacing messages had been sent from. According to the Wall Street Journal, many of the emails had not been sent from Broadwell’s home, but rather from hotels and public Wi-Fi hotspots. The FBI then collected information about the people registered at each of IP address location, using sources such as hotel registries to find Broadwell was the only repeat name on the list.

“Because the sender’s account had been registered anonymously, investigators had to use forensic techniques – including a check of what other [email] accounts had been accessed from the same computer address – to identify who was writing the [emails],” The New York Times wrote.

With that information in hand, the FBI was able to obtain a search warrant to look at Broadwell’s computer and her email addresses. With that information, the agency determined that Broadwell had been sending sexually explicit emails to Petraeus with the former CIA official using accounts under a pseudonym, and that she had in her possession classified U.S. military documents, WSJ reported.

What the Petraeus affair can teach us about email privacy
Chris Soghoian, Principal Technologist and Senior Policy Analyst for the American Civil Liberties Union (ACLU), wrote in a November 13 blog post that perhaps the most important lesson to take from the scandal is no email correspondence can ever be considered completely private. After all, if the head of CIA cannot keep his messages private, then it is unrealistic to assume most others could send untraceable messages.

In particular, Soghoian found fault in the subpoena-based system by which the FBI was able to conduct the initial part of its investigation. He said law enforcement officials should not have been able to so easily obtain the IP addresses, nor should the FBI have obtained hotel registry logs without more stringent privacy safeguards in place.

“There is no independent review, no check against abuse, and further, the target of the subpoena will often never learn that the government obtained data (unless charges are filed, or, as in this particular case, government officials eagerly leak details of the investigation to the press),” Soghoian wrote. “Unfortunately, our existing surveillance laws really only protect the “what” being communicated; the government’s powers to determine “who” communicated remain largely unchecked.”

Are there any steps Broadwell could have taken to better shield her identity online? Should any additional safeguards be in place to make it harder for law enforcement officials to track emails? Leave your comments below to let us know what you think about this scandal!

About The Author

Kate Beckham

Kate has been lighting up the blogosphere for over 5 years, with a keen interest in social media and new malware threats. When not sitting at a café behind her Mac, you’ll usually find her scouring the racks for vintage finds or playing guitar.

Sign Up For A 30-Day Trial

BOXAE

Deep Freeze Enterprise

Centralized deployment and management as well as a host of configuration options for the Enterprise.

  • This field is for validation purposes and should be left unchanged.

Ready to find out more about Faronics? Let us know how to reach you.

We're here to help you in any way possible.