Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/13/2012
06:43 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

The Petraeus Affair: Surveillance State Stopper?

Lawmakers, now reminded of their own vulnerability, need to strengthen email privacy protections. Companies need to do more to help customers protect content.

When the Director of the Central Intelligence Agency can't maintain his privacy, nobody else has a chance.

The only way to win the self-surveillance game -- played by everyone who uses a network-connected computer -- is not to play. That's why U.S. Homeland Security Secretary Janet Napolitano doesn't use email.

David H. Petraeus resigned as head of the CIA, according to reports, because of an FBI inquiry into confrontational emails sent by his biographer and mistress, Paula Broadwell, to Jill Kelly, a friend of Petraeus and a rival in Broadwell's eyes.

[ Do you know how to protect yourself when using free email services? Read Petraeus Fallout: 5 Gmail Security Facts. ]

The FBI's investigation appears to be more the result of Kelly's friendship with an agent than the content of the messages. According to The Daily Beast, the FBI could barely muster a legal justification for opening an investigation. The agency would have to hire a lot more agents if it routinely investigated every email message deemed to be mildly harassing.

Nevertheless, in this course of its investigation, the agency discovered that Petraeus and Broadwell had been communicating covertly, by saving messages as unsent drafts in a single Gmail account, so they could login to the account and read what the other had written.

Petraeus evidently failed to consider the privacy implications of a change Google made to Gmail in 2008. That was when the company began providing Gmail users with the ability to track the IP address used to access accounts as a way to improve online security. As I noted at the time, "The information listed includes the Gmail user's type of access (browser, mobile, POP3), IP address, date and time. Not only will this new feature improve Gmail security, but it's also likely to please law enforcement authorities. In cases where a suspect's Gmail use is an issue, investigators who might otherwise have to request or subpoena log data from Google may only need access to the Gmail account itself."

What's more, now we're learning that the same inquiry -- which is unlikely to result in any criminal charges -- has claimed another victim. On Monday, the Department of Defense said it had been informed that the FBI's investigation had identified issues that affect Gen. John R. Allen, the commander of U.S. and NATO troops in Afghanistan. The Washington Post reports that the FBI found some 20,000 to 30,000 pages of "potentially inappropriate" email messages between Allen and Kelly, the woman who sought the FBI inquiry in the first place.

There are conflicting accounts about whether or not the FBI obtained a warrant for its inquiry.

"This is a surveillance state run amok," writes Glenn Greenwald in The Guardian. "It also highlights how any remnants of Internet anonymity have been all but obliterated by the union between the state and technology companies."

The careers of two of the nation's top military men have unraveled because the FBI started pulling threads from an inbox without any real evidence of a crime. Maybe that's just the wakeup call the government needs to recognize the value of privacy.

If that happens, it won't be the first time. In 1987, Supreme Court nominee Robert Bork's video rental history was revealed by reporter Michael Dolan, who obtained the information from Bork's local Washington, D.C. video store. Dolan justified his actions in part by noting, "[T]he judge indicated during his confirmation hearings that he's not necessarily a rabid fan of the notion of a constitutional guarantee of privacy."

Washington legislators were so shocked that their indiscreet viewing choices might be revealed that they promptly passed the 1988 Video Privacy Protection Act, which would have to wait until the Facebook era to be rendered obsolete by the marketing-surveillance complex's promotion of sharing as a social good.

Now that it's clear government officials stand as naked before online investigators as lowly citizens, maybe we'll see privacy exhumed from its grave, embalmed, and propped up as if it were alive and well again.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
11/16/2012 | 1:13:38 AM
re: The Petraeus Affair: Surveillance State Stopper?
I too question this, and wonder whether or how much of FBI's procedures for launching an investigation (and whether they properly were followed here) will be discussed as part of any Congressional investigation into the matter.
macker490
50%
50%
macker490,
User Rank: Ninja
11/14/2012 | 4:08:47 PM
re: The Petraeus Affair: Surveillance State Stopper?
once could of course use PGP or ENIGMAIL, or just use zip with an pre-agreed symetrical password

but there is still traffic analysis: why is Bob texting to Alice ?

best to keep msg in plain text and innocuous
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
11/14/2012 | 3:08:41 PM
re: The Petraeus Affair: Surveillance State Stopper?
That FBI agents are conducting or initiating investigations on little more than a complaint based on a personal relationship should be disconcerting to anyone. That the investigation has revealed little which can be placed in the "illegal" realm beyond movements of senior military officials or harassment only further questions the basis of a continued investigation. The issue seems to have been completely blown out of proportion and I believe that as much as the generals actions, the actions of the FBI or agents involved need to be analyzed.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10287
PUBLISHED: 2020-07-15
The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default cre...
CVE-2020-10288
PUBLISHED: 2020-07-15
IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.
CVE-2020-15780
PUBLISHED: 2020-07-15
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.
CVE-2019-17639
PUBLISHED: 2020-07-15
In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This...
CVE-2019-20908
PUBLISHED: 2020-07-15
An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.