NNSquad - Network Neutrality Squad
[ NNSquad ] General Petraeus, CIA, and Gmail
General Petraeus, CIA, and Gmail http://lauren.vortex.com/archive/000999.html How the blazes did Gmail get dragged into this story? That's the question I was asking myself when I awoke today and saw my inbox loaded with queries about the ramifications of a reported connection between the resignation in disgrace of CIA Director General David Petraeus, and an FBI email investigation. I've been piecing this saga together from available public sources, and here's what I suspect may have been going on, subject to change as more data hits the fan. First, we can quickly devalue the various conspiracy theories that are floating around. Even with the worst possible interpretation of the events at Benghazi, there's nothing in this situation that would have driven a man of Petraeus' stature to resign in such an ignoble manner, humiliating himself, his wife, his family, and various third parties. Plus, we now know that the FBI investigation that led to his resignation stretches back for a significant span before the recent attack in Libya even occurred. It's also a fact that anything Petraeus might have testified about to Congress regarding this event can be equally well presented by the acting CIA director, who would have had access to the same reports -- neither of them was present in theater when the attack occurred. And if necessary, Petraeus could likely be called to testify even after resigning. Sorry, conspiracy fans. So what actually led to the resignation, and how is Gmail apparently involved? For obvious reasons, government officials dealing with classified information are routinely prohibited from using their official computers for personal matters. But of course everyone has a personal computer and personal accounts, and Petraeus reportedly used Google's Gmail for this latter purpose. Nothing wrong so far. So long as data that should be restricted to official systems isn't communicated using a personal system, all's pretty much right with the world. But there are always concerns about possible leakage of inappropriate data to a personal account through user error or carelessness, and for some officials, even unclassified personal data may potentially have some degree of intelligence value (e.g., calendars, contact lists, etc.) Reports are now suggesting that the sequence of events leading to Petraeus' resignation began months ago, when third parties (apparently a female acquaintance of Petraeus) received "anonymous" harassing email, which was reportedly traced back to Petraeus' biographer Paula Broadwell. The FBI became involved when it became apparent that the target's email addresses might have been obtained from Petraeus' personal Gmail account, opening up questions as to who else might have had access to that account and whether or not it had been compromised in some manner -- a potentially significant national security concern. The FBI reportedly gained access to Petraeus' personal emails, apparently on Gmail -- presumably through legal process served on Google requiring them to make this information available. (Please note that you should only consider this to be speculation on my part at this time, based on public statements to date. I will update as additional relevant information becomes available.) When the FBI inspected those emails, they reportedly found "hundreds or thousands" of communications between Petraeus and Broadwell, indicating in no uncertain terms that an affair was involved. This is a big deal especially at this level of the intelligence community, given the sordid history of "honey traps" in the espionage world. No criminal activity was reportedly alleged, but there are indications that the story was beginning to leak out. The FBI ultimately notified Petraeus about what they had found, and he chose to get "ahead of the story" and resign. There are several questions left unanswered but they all point to weaknesses on the part of Petraeus, likely not of Gmail. If the allegations are correct that Broadwell (or some associate of Broadwell) gained access to Petraeus' Gmail account, was that access given freely, or was the access clandestine? Given Google's extensive support of two-factor authentication, illicit access would suggest at least sloppiness on Petraeus' part regarding available Google security regimes. It may seem inconceivable that the man in charge of CIA could make such errors regarding his own personal email. But again and again we see that high officials live in a kind of "bubble" that they believe anoints them with a certain entitlement, insulating their private lives from the sorts of constraints that apply to "ordinary" folks like us. Based on what we know right now, it appears that General David Petraeus -- in league with Paula Broadwell -- fell into this trap of self-assumed superiority, and has now indelibly tarnished not only his long and previously distinguished career, but also the lives of people around him who deserved far better. I don't quote the Old Testament very often (to say the least!) -- but in this case I'll paraphrase a bit: Don't blame the computers for your misfortune, for pride goes before destruction, and a haughty spirit before a fall. True enough. Online, offline, at CIA Langley, and in the bedroom. Take care, all. --Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info - Data Wisdom Explorers League: http://www.dwel.org - Global Coalition for Transparent Internet Performance: http://www.gctip.org Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ nnsquad mailing list http://lists.nnsquad.org/mailman/listinfo/nnsquad