The big story right now is about how the head of the Central Intelligence Agency (CIA) was busted by FBI investigators after they found that he was having an affair with writer Paula Broadwell, principal author of his biography, perhaps ironically called All In: The Education of General David Petraeus. It happens, I suppose, and whether that’s the real reason – and only reason — for his resignation or whether there were other issues that haven’t come to light yet, well, we might never know the full story.
What we do know is that the details of the FBI investigation into General Petraeus’ communications with Paula Broadwell have spurred much discussion about privacy, security and the wisdom of having a mail service like Google’s Gmail — which they used — archive your email forever.
So how much does Gmail archive? For how long? And once you delete something, is it really deleted? For that matter, what does “sharing drafts” mean when the investigators explained how David and Paula communicated without actually sending messages to each other?
This is a bit of a tricky subject to write about because I want to honor the 37 years of service that General Petraeus gave to our country while in the U.S. Army, and his 18 months or so as head of the CIA. A life of service is a respectable thing indeed. But an affair? Stupid.
Let’s start with how they used Gmail to communicate. Once they realized that sending email back and forth was going to be a potential disaster (because it’s so easy to track and analyze) they came up with the pretty smart idea of communicating via draft email messages in a shared Gmail account.
The idea is that if you share login credentials with someone else, you can write a message to them and leave it unsent in the “drafts” folder. They then log in later, see a message in Drafts, read it, delete the content of the message and write their own message back.
In fact, you could both be writing messages simultaneously, though at that point it’s probably easier to just use Gtalk to chat with each other. But… that again leaves a digital trail that the draft messages, deleted after being read, does not.
How would this look? When one of them logged in to Gmail, they’d have see this on the left side:
A click on “Drafts” and it might have looked like this:
Probably they deleted messages as they went along, but it’s entirely possible that they kept them, even though that would rather defeat the purpose of their stealth communications channel. People in love can do daft things, after all.
In terms of how long Gmail saves messages? That’s forever, as far as I can tell, as long as you don’t push a message into the trash. I signed up for Gmail back in 2004 and can still find messages from August of that year in my “All Mail” folder.
Spam messages are automatically trashed after 30 days. And drafts? As far as I can tell, they’ll stick around until you shut down the account, send them or delete them.
Testing reveals that if you “discard” a draft message, however, it doesn’t move into the trash folder, it just vanishes. Can you recover it? It doesn’t appear so, but it could be in the computer or Web browser’s cache so if an investigator has access to either person’s computer system, they can circumvent a lot of the privacy measures that Broadwell and Petraeus put in place.
It also turns out that email that’s sitting on a server for more than six months, according to the Electronic Communications Privacy Act, can be considered abandoned and examined by law enforcement personnel. The Petraeus investigation brings this issue to light again: Under current U.S. law, federal authorities only need a subpoena approved by a federal prosecutor — not a judge — to obtain electronic messages that are six months old or older.
Do you have email that’s more than six month sold, sitting on an IMAP server or on Gmail? If you think about it, a system like Gmail, Yahoo Mail, Windows Live, and even Facebook can be considered a “server” according to the ECPA. Something to think about, indeed.
So that’s the scoop, that’s how the two of them communicated via computer without actually sending email messages or using a chat service — or text messages — that could be easily monitored. And yet, somehow, they were busted. Curious indeed.
I have to take issue with Brandy Ray over one remark: “. . . when an unlisted number does not keep others from looking it up online . . .”. I can think of one very significant class of unlisted number that you will almost never find on-line, and that’s the Customer Services department of an on-line trader. In the rare event that you do find one, it is almost certainly a premium-rate number, which will take good care to answer your call instantly and then place you in a queue on a line that is not actually manned. After about 20 minutes and 40 cycles of the same 20-second snatch of music alternating with a recorded message saying “All our agents are busy. Please hold: your call is important to us” [you bet it is: that’s how they make most of their money], there will be a sudden click and then silence.
Sorry – it doesn’t have much to do with General Petraeus, but it’s one thing that really gets my goat!
I have a couple of Yahoo accounts, but read and send all messages via Outlook Express (I’m still on XP). Thiis means that as soon as they are received on my computer, or sent, they are removed from the Yahoo server, which I think should make things much more secure, and I assume the same could be done with Google mail.
That was interesting, but–I don’t understand any more now than I did then why a friend of mine called them stupid for using the Draft idea. I thought it was pretty clever myself. Of course, they *did* get caught. But then he was the head of the CIA. He should have known better. In many ways.
As an ex-US Navy intelligence person with a high security classification, I know that all communication I sent was perused by someone before it left the ship. People with access to highly classified information should expect to have some monitoring. I do not believe it is generic to all internet users, although there could be some red flagged key words.
What would be so hard about obtaining info from Google since they feed on our info. Tl had a good point about why in the first place they would be investigating him. Actually who really cares….Clinton did it no? I think this should be between him and his family. Ooops I’m late for my manicure.
So an opportunity to respond here…hum, but you want my email address!!…nah pass…lol
Kidding aside, have we reached a point in time where a form of democratic government can check anything? just in case something in there is worthwhile? Is that not what communist governments do?
“Drafting” used to be something automobile drivers did to save fuel by following close behind a large truck on the highway. New meaning now, huh?
The wisdom of extramarital affairs aside, I have to wonder if there is ANY way to keep a secret these days? Recently there was a news item about the actual user of a (supposedly anonymous) disposable cell phone being identified. Prior to that news item, I would have said Petraeus and Broadwell should have just picked up a couple of $10 burn phones at their local supermarket and thrown them away each time the initial allotment of talk minutes was used up. In fact that probably WOULD work for the average Joe or Jane so long as the full force of the FBI doesn’t come down on them. That begs the question, just why DID the FBI get involved anyway? They don’t normally investigate love letters do they? What’s going on here?
I have had a gmail account since what seems forever. But I can bet that I have never used the mail account for anything more than youtube and for my android phone.
I would NOT be caught dead using an online email account for communications. Look up how many times the government has asked (and received) google for peoples information. Worse, I use my ISP mail and that too can be delved into by the government. So do not expect any type of privacy in email or anything to do with google, facebook, twitter or any of the rest. Zuckerberg and google are seeing to it they and the authorities know anything about you they want
Ah, yes, what is privacy anymore? When satellites can spy on you in your yard, when an unlisted number does not keep others from looking it up online, when your emails (and other documents- if you are storing them ‘in the cloud’) can be accessed by others, when people post extremely personal pics and comments, even their life stories, on Facebook, etc. – what is privacy anymore?
haha… that’s how I transfer small amounts of text data from desktop to laptop…
I’m too lame to setup a home network