General David Petraeus, a man who, throughout his career, has appeared invincible to the best-laid plans of his enemies, was apparently felled by email.
The much vaunted career military professional, who served both Republican and Democrat presidents in several capacities, resigned on Friday as director of the Central Intelligence Agency (CIA) after the FBI discovered he had been involved in an affair with his biographer, Paula Broadwell.
The FBI began investigating because of harassing emails sent to a second woman -- which the Associated Press identifies as Jill Kelley. Over the course of its investigation, the department began questioning whether a computer used by Petraeus had been compromised, and discovered evidence of the affair along with other security concerns. One of these concerns was the four star general's use of Gmail, a cloud-based free email service, under a pseudonym.
So, what began as a "potential cybercrime, or a breach of classified information," as the Wall Street Journal writes, became the electronic fingerprint that destroyed Petraeus's career when the FBI ran into "sexually explicit emails between two lovers, from an account Mr. Petraeus used a pseudonym to establish."
The FBI and local federal prosecutors worked together to see whether any cyber-stalking laws were broken, reports BoingBoing. They used forensic methods, such as the other email accounts the user had accessed from that computer, to identify the writer of the malevolent emails. Working with Gmail metadata, investigators eventually identified Broadwell as a prime suspect, accessed her email account, and discovered evidence of her relationship with the general.
It's the same kind of analysis that security teams do to search out breaches within corporate ranks -- or on crime TV shows, drilling down IP addresses until all but one is eliminated.
The FBI's case didn't solely revolve around computer forensics. They had to observe legal niceties, too. Under the Stored Communications Act, a "government entity" can force an electronic communication service provider to disclose "contents of a wire or electronic communication" that's been stored for 180 days or less, with a warrant, reports ABC News. To get a warrant, an agency must show probable cause that a particular crime is being, or has been, committed.
Should the email, or other communication, have been stored for more than 180 days, then the agency has to produce an administrative subpoena or court order which does not require probable cause.
Additionally, the Uniform Code of Military Justice specifically addresses -- and forbids -- adultery. Those who break this code face a maximum penalty of dishonorable discharge, forfeiture of all pay and allowances, and confinement for up to one year. Petraeus has said the affair did not begin until he began heading up the CIA.
Whether you're in public or private industry, the downfall of Petraeus certainly serves as a cautionary tale -- and a reminder that love may be fleeting, but email seldom is.
The email angle has been developing today, with the revelation of voluminous online correspondence between another senior general, and a woman "involved in the case." This is General John Allen, senior commander in Afghanistan, engaging in "flirtatious" emails with one Jill Kelley, who in turn claims to have received email threats from the woman with whom Petraeus seems to have had an affair.
Confused? Me too, but it's a heck of mess for two of the country's top soldiers to have become embroiled in.
It truly is more like Melrose Place than the Pentagon. From what I've seen and read, the second general's involvement came to light after Kelley initially began the investigation into the threatening emails; General John Allen was pushed out of the investigation after his 'relationship,' whether just friends or something more, was discovered. You'd imagine that two men so adept at war games would be better equipped at hiding something they didn't want found out.
Yes, email lasts forever but in cases where secondary issues do not compromise them, they may be secret forever as well.
I think another angle to this is that we must note that in life we cannot control everything, no matter how careful we think we are. This is a case of quite secure communication plan being accidentally compromised.
Great points, @abdiah. The FBI was obviously given a big clue and a trail to follow; this wasn't an accidental uncovering after a sweep of Gmail. I guess it's like any security scenario. If someone wants you, they most likely will succeed. But if they're jiggling on door handles, then as long as your door is locked you're probably okay. At least for now.
@Alison Diana: Okay help me with the thought on the security scenario. lets say some one wanted Patreous or Mrs. Broadwell that bad, how would they have orchestrated either of their downfalls had Mrs. Broadwell acted the way she did?
I'm uncertain whether this "Gmail metadata" was in fact Gmail-specific, or whether it was simply ordinary email headers.
NBC Nightly News reported Monday night that the FBI investigated started (as this blog notes) with an investigation into threatening emails sent to Jill Kelley. Investigators became alarmed when the person sending the threats appeared to have intimate knowledge of Gen. Petreaus's locations. Investigators accessed the account sending the threats and discovered sexually explicit email that was evidence of the affair.
Do we know how the investigators accessed the account? Was it definitely through a warrant served on the ISP? Was the ISP in this case Google?
The thinking is that by having an affair, Petreaus left himself open to blackmail. If he was having the affair while in the Armed Forces, he broke a military law, which is one reason it's been reported he said the affair began after he left the service. It also could be argued it distracted him from his duties, and it puts his moral character into question. As head of the CIA, the fact that he was doing something illicit is dangerous to the nation because, if discovered by an enemy country, that nation could have held it over Petreaus' head, arguable. (I disagree, really: He fessed up immediately, it appears, rather than argue over it or disavow it, only to have the truth come out after a protracted PR nightmare. But you can't know how an individual will react.)
Despite earlier reports, it was not Gmail headers. Rather, it was Petreaus' mail client, reported Digital Trends. According to my understanding of the case and the law, the FBI must have got a warrant. They need one to access emails that are 180 or fewer days old. To gain access to older emails, however, they don't need to show probably cause... something to ponder before clicking send. Here's the User's Guide to the Stored Communications Act.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Extending existing US wiretap laws to give federal agencies easier backdoor access to Internet communications -- especially real-time P2P services like VoIP -- will give, not only aid and comfort, but also technical assistance, to the country's enemies. Not to mention cyberthieves.
When David E. Sanger of The New York Times broke the news that the United States was responsible for the Stuxnet malware exploit against Iran's nuclear program, Senator John McCain accused the administration of deliberately leaking the story to enhance President Obama's national security record.
The Gamma Group's business of supplying surveillance technology exclusively for use by government agencies may be legitimate. But not when it poses as the popular, free, open-source web browser Firefox.
Yesterday's hack of the official Associated Press Twitter feed demonstrated the enormous risk attached to the platform's lazy, single factor approach to security.
US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
Dave Austin, communications director for Multnomah County, discusses why he's excited to move from the county's "old and clunky" intranet and onto an open-source platform, and how this change will help him do his job.
In the final episode of this series about the death of Internet anonymity, Saunders describes how the Internet of the future will start to attain a level of intelligence that requires no human intervention. Scary.
What can users today do to protect their online privacy? The simplest and most obvious option is to not use the Internet – at all. However, once all digital information is consolidated over the Internet, trying to protect digital identity by simply unplugging from the Internet becomes impossible – a fact that has manifest implications for civil liberties, Saunders says.
By 2011 the number of Internet-connected sensors will exceed 1 trillion, making your chances of doing anything or going anywhere unnoticed pretty much zero. Saunders talks about how the 'sensortization' of the Internet is eliminating the traditional divide between online and offline populations.
The 20th Century Internet was characterized by the ability to interact with other people and information on the Internet largely without anyone knowing who you were. The Internet of this century, conversely, will be defined by identity. Saunders explains how Internet users are unwittingly contributing to the demise of the anonymous Internet.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
Email This
