General David Petraeus, a man who, throughout his career, has appeared invincible to the best-laid plans of his enemies, was apparently felled by email.
The much vaunted career military professional, who served both Republican and Democrat presidents in several capacities, resigned on Friday as director of the Central Intelligence Agency (CIA) after the FBI discovered he had been involved in an affair with his biographer, Paula Broadwell.
The FBI began investigating because of harassing emails sent to a second woman -- which the Associated Press identifies as Jill Kelley. Over the course of its investigation, the department began questioning whether a computer used by Petraeus had been compromised, and discovered evidence of the affair along with other security concerns. One of these concerns was the four star general's use of Gmail, a cloud-based free email service, under a pseudonym.
So, what began as a "potential cybercrime, or a breach of classified information," as the Wall Street Journal writes, became the electronic fingerprint that destroyed Petraeus's career when the FBI ran into "sexually explicit emails between two lovers, from an account Mr. Petraeus used a pseudonym to establish."
The FBI and local federal prosecutors worked together to see whether any cyber-stalking laws were broken, reports BoingBoing. They used forensic methods, such as the other email accounts the user had accessed from that computer, to identify the writer of the malevolent emails. Working with Gmail metadata, investigators eventually identified Broadwell as a prime suspect, accessed her email account, and discovered evidence of her relationship with the general.
It's the same kind of analysis that security teams do to search out breaches within corporate ranks -- or on crime TV shows, drilling down IP addresses until all but one is eliminated.
The FBI's case didn't solely revolve around computer forensics. They had to observe legal niceties, too. Under the Stored Communications Act, a "government entity" can force an electronic communication service provider to disclose "contents of a wire or electronic communication" that's been stored for 180 days or less, with a warrant, reports ABC News. To get a warrant, an agency must show probable cause that a particular crime is being, or has been, committed.
Should the email, or other communication, have been stored for more than 180 days, then the agency has to produce an administrative subpoena or court order which does not require probable cause.
Additionally, the Uniform Code of Military Justice specifically addresses -- and forbids -- adultery. Those who break this code face a maximum penalty of dishonorable discharge, forfeiture of all pay and allowances, and confinement for up to one year. Petraeus has said the affair did not begin until he began heading up the CIA.
Whether you're in public or private industry, the downfall of Petraeus certainly serves as a cautionary tale -- and a reminder that love may be fleeting, but email seldom is.
Yes, I started using Gmail for personal mail in 2007, and I haven't thrown out any of it since then. I think I even imported some older mail into Gmail at some point.
Electronic privacy laws need to be updated. But the government has no incentive to do so, because the laws as they stand make it easier to spy.
This brings up one of those recurring issues: The problem law and government have in keeping up with technology. As you say, @Mitch, in the 1980s it may have made sense to think email was 'abandoned' after 180 days. Today, so many of us use email as a filing system; I know I have personal emails that go back several years, in part because it's an easy way for me to know exactly where to find that information if/when I need to look it up. (It's not particularly interesting to anyone else, btw!)
The Stored Communications Act dates back to the 80s. It was assumed then that if the email was still on the server 180 days later, it had been abandoned. Might have been true then in the days of MS-DOS, but certainly not today.
Lippencotte, I tend to agree with you. These days, it doesn't hurt to play it safe and to be as clear as possible in your emails. Obviously there's no way to do that (and get away with it) if what you're doing or saying is wrong. This only works for those who really have nothing to hide.
This does give everyone something to think about. While email doesn't necessarily last 'forever', sometimes it lasts for far too long than you'd like it to. And sometimes, that's when the problems begin.
is that between the national security aspects and the limitations of the mainstream media, we don't actually know what's going on. I've seen a lot of articles, for example, that conflated "20,000-30,000 pages" with "20,000-30,000 emails," and that sort of ignorance makes it difficult to figure out what's really going on.
I'm sure you're right, Alison, and a lot of companies are just putting this whole issue aside as too difficult. They'll regret it when a lawsuit arrives and they find either that responsive electronic records have been deleted, or that they've kept enormous quantities of records which now have to be searched and possibly disclosed.
Yes, Kim, retention policies should be part of every company's governance and risk management process. But from speaking to risk management professionals, I'd say that is not always the case. Far too often, companies either delete emails they should keep or hold onto emails they can destroy, opening themselves up to unnecessary liability. That's why it's so important for legal and IT to work together, especially at those organizations that don't have a specific risk assessment or governance department/individual.
There are also third-party companies that specialize in providing this service. They come in and do a risk assessment, recommend steps to take, offer best practices, and so on. It is, to me, a wise investment.
I guess you learn something new every day. I know companies and organizations have email and retention policies but I did not realize there are policies set up for personal email accounts. Thanks for publishing this article. Gives us all something to think about.
Enterprises should already have considered how their document retention policies apply to electronic records. Apart from anythint else, in the case of a lawsuit, e-discovery might be necessary. It's important to know what you need to keep -- for business, regulatory or legal purposes -- and to make a conscious decision about whether the rest should be retained or disposed of.
Unnecessarily retained records can cause all kinds of problems down the road.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
When David E. Sanger of The New York Times broke the news that the United States was responsible for the Stuxnet malware exploit against Iran's nuclear program, Senator John McCain accused the administration of deliberately leaking the story to enhance President Obama's national security record.
The Gamma Group's business of supplying surveillance technology exclusively for use by government agencies may be legitimate. But not when it poses as the popular, free, open-source web browser Firefox.
Yesterday's hack of the official Associated Press Twitter feed demonstrated the enormous risk attached to the platform's lazy, single factor approach to security.
Cybercriminals don't hesitate when they see an opportunity to spread malware. Not even when it means exploiting as horrific an event as the Boston Marathon bombing.
US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
Dave Austin, communications director for Multnomah County, discusses why he's excited to move from the county's "old and clunky" intranet and onto an open-source platform, and how this change will help him do his job.
In the final episode of this series about the death of Internet anonymity, Saunders describes how the Internet of the future will start to attain a level of intelligence that requires no human intervention. Scary.
What can users today do to protect their online privacy? The simplest and most obvious option is to not use the Internet – at all. However, once all digital information is consolidated over the Internet, trying to protect digital identity by simply unplugging from the Internet becomes impossible – a fact that has manifest implications for civil liberties, Saunders says.
By 2011 the number of Internet-connected sensors will exceed 1 trillion, making your chances of doing anything or going anywhere unnoticed pretty much zero. Saunders talks about how the 'sensortization' of the Internet is eliminating the traditional divide between online and offline populations.
The 20th Century Internet was characterized by the ability to interact with other people and information on the Internet largely without anyone knowing who you were. The Internet of this century, conversely, will be defined by identity. Saunders explains how Internet users are unwittingly contributing to the demise of the anonymous Internet.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Subsidized handsets, rather than locked handsets, should be the focus of regulators. We're not getting good deals, not fostering innovation, and weakening our power as buyers.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
