Lesson from Petraeus CyberClusterFuck: Email isn't safe.

Geoffrey Fowler and Evan Perez in the Wall Street Journal write about one practical (and, yes, obvious) takeaway from the Petraeus scandal: "Privacy protections for even the most sophisticated users of consumer-email services actually protect very little." Or, as Kurt Opsahl from the EFF puts it in the article, "If the director of central intelligence isn't able to successfully keep his emails private, what chance do I have?"


  1. If nothing else comes out of this, that’s a good message.  It’ll be good to have a good example to point to when trying to explain this.
    I’m always amazed when people think that email is secure, and pretty irritated when companies have a policy of sending what should be fairly private information in the clear via email (passwords for instance).

  2. “If the director of central intelligence isn’t able to successfully keep his emails private, what chance do I have?”

    Above average if you stick to sleeping with only your own wife.

    1. Apparently you’re new to this story, so I’ll bring you up to date.

      The FBI was not digging through the general’s email because he was suspected of infidelity – they found out about his affair after digging through his mistress’s email, not because she was suspected of a crime, but because a second woman felt vaguely threatened by anonymous emails she had received, and she complained to her nutjob FBI agent friend.

      1. Apparently you’re new to humor.

        if you respond to a one liner with a paragragh…. well, whoosh.

        Perhaps you’re new to women. Hell hath no cryptographer like a woman scorned.

  3. The safety of email is in it’s sheer volume and banality, the resources required to get at his email didn’t come cheap (although they probably get cheaper every year), so generally speaking no one is going to bother trying to read your email.

    1.  If you’ve been following the NSA whisleblowing that’s been going on, you’ll find that three high-ranking NSA officials have disclosed this year that the agency conducts massive automated searches of vast amounts of email. NSA’s position is that as long as human eyes don’t see it, it’s not a privacy violation.

      As soon as they get red flags, they bump them for further analysis.

      This problem is actually very bad, and it’s only going to get worse. NSA and FBI has direct pipelines into central internet routers, and their ability to analyze vast amounts of data just gets better and better (think of what Google can do with the entire Internet).

    1. This. Unless you use good encryption, know exactly what you’re doing, and are 100% certain that the message’s intended recipient is just as savvy, assume your messages will be intercepted, decrypted and read.

      That goes double when planning illegal stuff, or stuff that might be worth money.

      1. I know about three people who fit those criteria and by world standards that is a huge number. Most people don’t know any. But nobody is interested in anything which we might encrypt. The set of people who know crypto hardly intersects with the set of people who need crypto.

      1. Abusing or avoiding the truth is often necessary, unfortunately, because you can’t just kill everyone.  So make sure that your lies are ethically, morally, and legally defensible.

        And remember communication is not private and you’ll be fine.

        1. Are lying or killing the only other alternatives to telling the truth? Sounds like what people tell themselves.

          1. Well, you tell me.

            He asked me something about his wife on his deathbed.  I let him die happy, instead of destroying his ideas about his wife and their mutual best friend (who was not me, let me be clear on that).

            I lied.  Was that wrong?

            I can give you other examples, because when I was in my early twenties, I got kind of full of myself, and stopped lying for any reason, for several years.  I left a trail of heartbreak and devastation in my path that still exists today, and I deeply regret it.

          2. I have no idea how I wandered into the middle of that story, but I had a similar time in my 20’s. I don;t regret it, but that’s a different conversation, and here is why I think that:

            A tip for professionals that they “Don’t write anything in an email that you wouldn’t want to read aloud from the witness stand” is what I was responding to. I think your example is more personal than professional. How you handle a friends moment of death is a long hard slog away from how not to say something and then get caught having to read it from the witness stand, while doing work for the highest levels of government, or any other profession.

          3. @AcerPlatanoides:disqus My apologies, I thought you were discussing ethical behavior in toto.  I don’t use separate rules for email, so it was an easy mistake for me to make!  Sorry about the digression.

  4. Considering that they were just using Gmail as a dead drop they could have achieved the same effect using an encrypted disk image or encrypted file and a sync service like Dropbox.

    1. Yeah, the problem was actually the mailing functionality of gmail. If Paula Broadwell had not used that everything probably would have worked.  (Well nothing works forever).  I suppose you could say it was human factors that messed up their scheme.

  5. The assumption here is that the Director wasn’t a flaming idiot.   In light of the evidence, where is the basis for this assumption?

    The CIA isn’t filled with James Bond and Marty Bishop types, that’s just in movies.  Come to think of it, what hasn’t the CIA screwed up during its history?  “Oh, but they’re the CIA”.  Yeah, nice folklore you have there.  “Oh, but all their successes are secret, it’s just that we only know about all their colossal failures”.  Sure.

    If you have to run Gmail, at least GPG protect sensitive communications:


    (and you’re far more likely to be attacked by a competitor than the FBI).

    But, really, run your own mailserver and encrypt everything coming in and out of networks and disks if you want real security.  You can get a VM image with a GUI if you don’t know how to do it directly.  Yes, you’ll have to console in with a passphrase if the machine reboots.  Use ssh with pubkey authentication for that.  If you have to use a VPS and you think you’re under ‘attack’ and find your server mysteriously rebooted, write it off.  You do have a backup (encrypted, naturally), right?

    1. Well, we’re all human, so we’re all flaming idiots. It’s one of our primary traits.

      We’re just idiotic in different spheres of activity.  Petraeus was evidently an idiot in the context of managing his sex life, but he seems to have done pretty well directing a vast and powerful army during the military occupation of a foreign power.

    2. Senior management in technical fields seems to need to demonstrate their non-technical outlook, so that they fit into the “general management” club. Thats my experience anyway. If Petraeus understood crypto then he would have been stuck in a job doing crypto and would not have gotten nearly as much tail.

  6. The director of central intelligence was not a computer security expert, didn’t come from the spook world, and was not using CIA resources to create a secure communication channel. He was just another amateur who thought that using email drafts and a shared Google account was a secure-enough method of communication. And it might have gone unnoticed, but his f-buddy pissed off a woman who had a friendly FBI agent to sic on her, and even if they had used a more secure communication method, the affair would still be exposed at some point, because his fling was with an out-of-control publicity hound.

  7. Email is safe enough if you follow a few basic rules.

    Don’t use Hotmail or Gmail or any solution where mail is permanently stored on some company’s computer. If possible, set up your own mail server and host it yourself. And encrypt – use pragmatic SSL/TLS and X.509  or PGP public key encryption.

    1. With all that there are still records of mail from user1@host1 going to user user2@host2.  If you send thousands (like that other guy) it looks suspicious.

    Version: GnuPG v1.4.2 (MingW32)


Comments are closed.