David Petraeus ran the world’s largest, best-funded, most capable intelligence service in the history of the world, but even he failed to learn the lesson learned long ago by small-time mobsters and corner drug dealers: If you want something to remain a secret, stay off the phones and—more importantly—stay off email.
You have to presume that anything sent electronically can be discovered, duplicated, decoded and undeleted—because it can. Digital files can be infinitely reproduced, and they leave a trail of data wherever they go.
General Petraeus was not entirely unaware of this. He did make some attempts to conceal his communication with his paramour, Paula Broadwell. But it wasn’t like he used NSA-level encryption and bounced his emails off of 17 satellites to make them hard to trace (I’m not sure that would even work, but it always seems to do the trick in the movies).
No, the Director of Central Intelligence set up a Gmail account under a pseudonym, which both he and Broadwell had the password to. They would write messages to each other but, instead of sending them, they would leave their hot-and-heavy missives in the drafts folder. By not transmitting them, there was no way to trace them back to a specific PC.
Except, of course, when Broadwell sent messages to that account. Whoops. That established a connection the FBI could follow, and led to the “secret” emails the two were sharing.
Petraeus and Broadwell could have taken things a step further by using an email service that encrypts messages. With an encrypted email, only the sender and the recipient would be able to read the contents—anyone else would see jibberish. Sites like Hushmail automatically encrypt messages, and downloadable software patches like GPG and Enigmail can encrypt messages on Gmail and other webmail sites. Sites like 10minutemail create email addresses that can only be used for 10 minutes before the address expires.
But even these measures have loopholes. Encrypted messages have encoded content, but not address and subject information. So even though the main text may be garbled, an investigator could, for example, see that 39 messages were sent to the same person in one day, including one at 1.37 a.m. with the subject line “You just left—still cleaning the maple syrup off my chest.” At that point, does it even matter what was written in the email?
There is a distinction made regarding who is trying to retrieve old electronic messages. The government—local, state or federal—is bound by the Stored Communication Act, part of the Electronic Communications Privacy Act of 1986 (that’s not a typo). That means electronic communications less than 180 days old require a search warrant to be viewed by a law enforcement. Messages older than 180 days, however, are able to be viewed by the government with a subpoena. (Except in U.S. Court of Appeals for the Sixth Circuit, which includes parts of Michigan, Ohio, Kentucky and Tennessee. That court ruled that the SCA is in violation if the Fourth Amendment and therefore even messages that are more than 180 days old require a search warrant.)
As for private investigations, like divorce attorneys, the bar is much, much higher. “Private parties have a much harder time accessing email than the government,” says Hanni Farkhoury, a staff attorney at the Electronic Frontier Foundation, a legal non-profit. Private investigators may be able to access the header information on an email (addressee and subject fields), but the content of the emails will remain off limits.
Even deleted messages are not always truly deleted. For starters, anything “deleted” off a local hard drive may still be recoverable by savvy law-enforcement technicians (most data is not really deleted on a hard drive, just overwritten). On many webmail services, you have the option to archive or delete messages, but even deleting them doesn’t banish them to oblivion. Here’s what Google’s Gmail help page says about deleted messages:
“Please be aware, residual copies of deleted messages and accounts may take up to 60 days to be deleted from our active servers and may remain in our backup systems for an additional period of time.”
The same can be true of instant messages and texts. In the case of the former, most IM programs let you choose whether you want to archive your conversations or not—retired (and not retired, in what appears to be the case of General John Allen) four-star generals may want to uncheck that box.
