In other words, Petraeus could not be seen using those applications. Official secure email goes through official secure channels. Personal email went to through gmail / yahoo / etc.
If someone had found out Petraeus was using a different email app (and I'm sure they would have), it would have immediately raised suspicions as to why the Director of the CIA was using a secure email app that wasn't the gov's official secure email app.
I think the safest thing for Petraeus would have been to only send short coded messages via gmail (e.g. "talk at 10 pm" but replace that text with code words) and then to conduct most of the communication infrequently and in person.
But, clearly, Petraeus wasn't thinking clearly ...
Clearly, Petraeus is a very smart guy, and has accomplished many great things for himself and for his country.
When this started, he probably said to himself "it's just a one time thing ...," but inevitably, it escalated, and he slid down the slippery slope of bad decisions.
"An even more secure method of communication is that which involves using one-time anonymous public email accounts; two terrorists who wish to communicate to open 30 anonymous email accounts whose usernames and passwords are known by each side. To communicate, one terrorist creates a web-based email and instead of sending it, saves it as a draft online. The “recipient” then logs onto this account, reads this message and deletes. - http://en.wikipedia.org/wiki/Internet_and_terrorism#Communic...
So... basically the article was a waste of time, proposing a technical solution for a social problem.
Encrypted code words to burner phones, encrypted emails to unknown recipients, using non-standard apps, using non-standard phones, using multiple phones/laptops/internet connections - almost any type of non-standard communication would've looked like he was committing high treason.
Affairs are like that, huh?
As for FBI and CIA catching spies, I point to Robert Hanssen, who was brought down by his own arrogance. As ironic as it sounds, he was brought down by a system he devised while working counter-intelligence at the FBI. Hanssen came up with a system for ranking foreign operatives by what they have access to, not by their rank. When they were searching for the KGB mole, they checked who could have accessed the compromised reports. In some cases it was actually a small number of people had the access, including Hanssen.
This is one of the more interesting things I've read inspired by the scandal: http://www.outsidethebeltway.com/reconsidering-the-petraeus-...
What are you basing this on?
Substantially, all I'm saying is that affairs don't work like your standard relationship: they're always contextualized by the existing relationships.
It's beyond me why the Americans feel the need to cannibalise their highest public achievers for trivial personal faults.
> It's beyond me why the Americans feel the need to cannibalise their highest public achievers for trivial personal faults.
I couldn't give a rat's ass about this scandal myself. I've been super-unproductive today, and this comment thread was an effective diversion. But the article I linked suggests that this scandal is a good opportunity to recognize some more interesting things about Petraeus' history that have nothing to do with his personal life, per se.
My favorite part about the article was what it didn't talk about: namely, Broadwell barely figured into it except as a secondary example.
I'm inclined to think that anyone with his success and media profile will inevitably have jealous rivals who think he's a show pony, and that they'd be lining up to stick in daggers now he's down.
So maybe the article is credible, or maybe not, but this kind of thing was always going to to be written regardless of the facts. I'd put far more stock in his undisputable military achievements, which are perfectly sufficient to explain his media profile on their own.
Actually, using Gmail was a reasonable COMSEC plan for what they were doing. Much safer than using his official email.
Problem was, she couldn't restrain herself from frightening Jill Kelley into calling the cops. Once the FBI got on the case, Gmail was worthless. They'd see the unencrypted texts and get to correlate and trace the IP accesses, leaving no hope for the communicants to remain anonymous.
Ultimately, this was a case of a general and a major letting their privates call the shots.
I would buy a cheap tablet or an iPod touch or something, use it only at public wifi spots, only ever use it for this purpose, keep music or whatever on it as a cover, and wipe the device as frequently as possible.
Not foolproof, but reasonably practical.
Thus, you need to be logging on from IP addresses that have no connection to you or your whereabouts. Maybe if you could arrange to VPN into a Russian office that does not keep logs and laughs at FBI subpoenas. Even then, there's the danger they traffic-analyze the data in and out of the VPN server.
Apparently, you're not the only person who feels that way. From an interview on "Fresh Air" last year with Dayna and Robert Baer, two former CIA clandestine service agents, came this bit of institutional wisdom:
GROSS: Yeah, sometimes when people start seeing each other who work together, they try to keep it secret for a while because they don't want everybody in the office to know. Did you do that?
Ms. BAER: A little bit, to some extent.
Mr. BAER: We used good tradecraft.
(Soundbite of laughter)
Mr. BAER: Car pickups, dead drops and the rest of it. You know, in the CIA they say if you can't carry on an affair in secret, you're not worth your salt.
(Soundbite of laughter)
GROSS: Is it that common that there's sayings about it?
Ms. BAER: Yes.
Mr. BAER: Oh, absolutely.
Ms. BAER: Absolutely.
Mr. BAER: I mean the divorce rate there must be astronomical. You know, they won't - that's a secret too, but I'm sure it is.
It means that you've become a liability to the organization that you serve so it is better to leave out of your own accord than to be thrown out. This is the quickest way to kill the storm. Imagine what it would have been like if this had been drawn out over many months, it's bad enough as it is.
Resigning looks so much better than being thrown out so if someone has messed up but on the whole has done an ok job (or in the case of Petraeus even a pretty good one) then giving them the option to bow out rather than to be tossed under the bus is a good thing. For everybody involved.
How does this work? Does this refer to tracking IP addresses accessing the account? And is this information provided by Google?
The only way they could have avoided detection using GnuPG is if they did something like always sending the same length message at the same time every day.
However even if they only used encrypted text in the drafts and never sent them, you could still use traffic analysis techniques to help categorize the content (size, frequency etc) assuming the drafts could be read.