
What Petraeus and Broadwell could have used instead of Gmail - Libertatea
http://www.washingtonpost.com/blogs/worldviews/wp/2012/11/13/what-petraeus-and-broadwell-could-have-used-instead-of-gmail/?tid=socialss
======
fitandfunction
There are plenty of secure email applications, but Petraeus couldn't use any
of them.

In other words, Petraeus could not be _seen_ using those applications.
Official secure email goes through official secure channels. Personal email
went to through gmail / yahoo / etc.

If someone had found out Petraeus was using a different email app (and I'm
sure they would have), it would have immediately raised suspicions as to why
the Director of the CIA was using a secure email app that wasn't the gov's
official secure email app.

I think the _safest_ thing for Petraeus would have been to only send short
coded messages via gmail (e.g. "talk at 10 pm" but replace that text with code
words) and then to conduct most of the communication infrequently and in
person.

But, clearly, Petraeus wasn't thinking clearly ...

~~~
mbreese
This is exactly it. For Petraeus, even a secure, encrypted email solution
wouldn't have solved the problem. Because he would have been seen to have been
using it. Even something that encrypted the emails in-transit would have been
a problem, because then the FBI still would have discovered a large number of
emails b/w him and the mistress. Even if she was a biographer of his, the
volume of email (and timestamps) would probably have been a good clue that
there was something else going on.

------
zeteo
Frankly, their solution was good enough and could have escaped detection
indefinitely, if only they had stuck through with the discipline required. It
was an emotional, not a technical failure that exposed the whole thing.

~~~
tantalor
Ironically, it was the same technique pioneered by "terrorists",

"An even more secure method of communication is that which involves using one-
time anonymous public email accounts; two terrorists who wish to communicate
to open 30 anonymous email accounts whose usernames and passwords are known by
each side. To communicate, one terrorist creates a web-based email and instead
of sending it, saves it as a draft online. The “recipient” then logs onto this
account, reads this message and deletes. -
[http://en.wikipedia.org/wiki/Internet_and_terrorism#Communic...](http://en.wikipedia.org/wiki/Internet_and_terrorism#Communication_.26_Networking)

------
confluence
It's funny how almost anything that Petraeus could have done to keep this
under wraps would have made it look like he was actually committing high
treason and supplying national secrets to unknown foreign nationals.

Encrypted code words to burner phones, encrypted emails to unknown recipients,
using non-standard apps, using non-standard phones, using multiple
phones/laptops/internet connections - almost any type of non-standard
communication would've looked like he was committing high treason.

Affairs are like that, huh?

~~~
lusr
What I don't understand is all the attention to technical risks of exposure.
Ultimately his physical activities would surely have raised suspicion anyway?
I find it hard to believe that the CIA and FBI rely solely on intercepting
electronic communications to catch spies.

~~~
neurotech1
Intelligence officers sometimes have clandestine meetings, even in DC. Sec.
Gates had at least one such meeting with then President-Elect Obama, before it
was decided he would remain SecDef in the Obama administration.

As for FBI and CIA catching spies, I point to Robert Hanssen, who was brought
down by his own arrogance. As ironic as it sounds, he was brought down by a
system he devised while working counter-intelligence at the FBI. Hanssen came
up with a system for ranking foreign operatives by what they have access to,
not by their rank. When they were searching for the KGB mole, they checked who
could have accessed the compromised reports. In some cases it was actually a
small number of people had the access, including Hanssen.

------
jacquesm
The best thing Petraeus and Broadwell could have done was to either split up
with their respective spouses and join each other openly or to forget about
the whole thing.

~~~
saraid216
I realize that HN is not the place to go if you're looking for people who can
give good relationship advice, but an affair that comes about due to genuine
mutual interest and is the seed for a strong, lasting relationship is pretty
much non-existent outside of fiction. Either the original marriages were open
to begin with, or there are other problems, either with the individuals
involved or with the marriages themselves.

This is one of the more interesting things I've read inspired by the scandal:
[http://www.outsidethebeltway.com/reconsidering-the-
petraeus-...](http://www.outsidethebeltway.com/reconsidering-the-petraeus-
hagiography/)

~~~
altano
> an affair that comes about due to genuine mutual interest and is the seed
> for a strong, lasting relationship is pretty much non-existent outside of
> fiction

What are you basing this on?

~~~
saraid216
Gut, mostly. I haven't seen an effective study on the matter, so there isn't
much else to go on. The terms I'm using are also badly operationalized.

Substantially, all I'm saying is that affairs don't work like your standard
relationship: they're always contextualized by the existing relationships.

------
cynwoody
They should have been careful to access the Gmail account _only_ via TOR. One
slip, and the game would be up.

Actually, using Gmail was a reasonable COMSEC plan for what they were doing.
Much safer than using his official email.

Problem was, she couldn't restrain herself from frightening Jill Kelley into
calling the cops. Once the FBI got on the case, Gmail was worthless. They'd
see the unencrypted texts and get to correlate and trace the IP accesses,
leaving no hope for the communicants to remain anonymous.

Ultimately, this was a case of a general and a major letting their privates
call the shots.

~~~
s_henry_paulson
Accessing anything from TOR in his position would be silly, because that sort
of activity is likely to be picked up on many computers he might use. Why have
to explain why you're trying to hide your tracks?

I would buy a cheap tablet or an iPod touch or something, use it only at
public wifi spots, only ever use it for this purpose, keep music or whatever
on it as a cover, and wipe the device as frequently as possible.

Not foolproof, but reasonably practical.

~~~
cynwoody
I thought about that. But consider, if you are on a book tour or your job as
DCI takes you from place to place. Investigators will map the location of each
access point you used. Airports, coffee shops, hotels, whatever. Then they'll
match their map up with the various possible suspects. They'll look at
security cam video and inspect hotel guest lists and airline passenger
manifests. Bingo!

Thus, you need to be logging on from IP addresses that have no connection to
you or your whereabouts. Maybe if you could arrange to VPN into a Russian
office that does not keep logs and laughs at FBI subpoenas. Even then, there's
the danger they traffic-analyze the data in and out of the VPN server.

------
w1ntermute
If I were in this position, I'd have run an IRCd from static boot media. I
don't think Petraeus should've been fired for being unable to keep his pants
zipped, but I do think that a CIA employee who doesn't know how to cover his
tracks properly when having an affair needs to be shown the door ASAP.

~~~
reedlaw
He was not fired. He resigned [1].

1\.
[http://www.usatoday.com/story/news/nation/2012/11/09/david-p...](http://www.usatoday.com/story/news/nation/2012/11/09/david-
petraeus-cia-resign-nbc/1695271/)

~~~
jacquesm
That's known as keeping the honour to yourself.

It means that you've become a liability to the organization that you serve so
it is better to leave out of your own accord than to be thrown out. This is
the quickest way to kill the storm. Imagine what it would have been like if
this had been drawn out over many months, it's bad enough as it is.

Resigning looks so much better than being thrown out so if someone has messed
up but on the whole has done an ok job (or in the case of Petraeus even a
pretty good one) then giving them the option to bow out rather than to be
tossed under the bus is a good thing. For everybody involved.

~~~
reedlaw
Resigning is honorable, but he might have kept his job if he made a public
apology. The American people are generally quick to forgive public figures
whose sins have come out and then confess. Lance Armstrong, on the other hand,
is not likely to recover his image.

------
rogerbinns
As far as I can tell both Hushmail and Tigertext are US based or have US
operations. As such they can be subpoenaed (and this probably applies to other
countries the US has law enforcement agreements with). Throw in a "matter of
national security" to keep it secret and they would eventually have found out
what is going on.

------
Tangurena
The folks planning 911 used this same technique of using drafts to send
messages back and forth. I'm certain that these are now always saved
permanently for law enforcement use to comply with CALEA.
[http://en.wikipedia.org/wiki/Communications_Assistance_for_L...](http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act)

~~~
eurleif
I don't think CALEA applies to email. Am I wrong?

------
fduran
Hushmail? really? <http://en.wikipedia.org/wiki/Hushmail>

------
molbioguy
_Agents were able to use “digital forensic techniques to determine the person
behind the keyboard at the time the emails in question were sent,”_

How does this work? Does this refer to tracking IP addresses accessing the
account? And is this information provided by Google?

------
diminish
They would share messages using un-flown pigeons in the same location of
Washington d.c.

~~~
testing12341234
Finally a use for RFC 1149

<http://tools.ietf.org/html/rfc1149>

------
olgeni
> What Petraeus and Broadwell could have used

Their brains?

~~~
bribriinlondon
PrivateSky - <http://privatesky.me>

------
haakon
No mention of <http://tormail.net/>? Would be hard to top its degree of
anonymity.

------
bigtech
S/MIME and an email client like Thunderbird?

------
SolarNet
I sort of wish the news reporter would do their own damn job and ask a
security consultant.

------
antihero
They could have just used GnuPG over pretty much any e-mail service?

~~~
rogerbinns
That doesn't really help as GnuPG encrypts the message contents, but doesn't
hide sender and recipients. In this case they could still have figured out who
sent the messages even if they didn't figure out the contents. Then you apply
traffic analysis to proceed to the next step
<http://en.wikipedia.org/wiki/Traffic_analysis>

The only way they could have avoided detection using GnuPG is if they did
something like always sending the same length message at the same time every
day.

~~~
elq
They left messages in the draft folder - no traffic analysis possible, at
least from the messages themselves.

~~~
rogerbinns
The message I responded to was proposing an alternative to what was used
(draft folder) and instead using GnuPG.

However even if they only used encrypted text in the drafts and never sent
them, you could still use traffic analysis techniques to help categorize the
content (size, frequency etc) assuming the drafts could be read.

------
dmritard96
first the trampire, now betraeus lol

