NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] General Petraeus, CIA, and Gmail

                       General Petraeus, CIA, and Gmail


How the blazes did Gmail get dragged into this story?

That's the question I was asking myself when I awoke today and saw my
inbox loaded with queries about the ramifications of a reported
connection between the resignation in disgrace of CIA Director General
David Petraeus, and an FBI email investigation.

I've been piecing this saga together from available public sources,
and here's what I suspect may have been going on, subject to change as
more data hits the fan.

First, we can quickly devalue the various conspiracy theories that are
floating around.  Even with the worst possible interpretation of the
events at Benghazi, there's nothing in this situation that would have
driven a man of Petraeus' stature to resign in such an ignoble manner,
humiliating himself, his wife, his family, and various third parties.
Plus, we now know that the FBI investigation that led to his
resignation stretches back for a significant span before the recent
attack in Libya even occurred.

It's also a fact that anything Petraeus might have testified about to
Congress regarding this event can be equally well presented by the
acting CIA director, who would have had access to the same reports --
neither of them was present in theater when the attack occurred.  And
if necessary, Petraeus could likely be called to testify even after

Sorry, conspiracy fans.

So what actually led to the resignation, and how is Gmail apparently

For obvious reasons, government officials dealing with classified
information are routinely prohibited from using their official
computers for personal matters.  But of course everyone has a personal
computer and personal accounts, and Petraeus reportedly used Google's
Gmail for this latter purpose.

Nothing wrong so far.  So long as data that should be restricted to
official systems isn't communicated using a personal system, all's
pretty much right with the world.

But there are always concerns about possible leakage of inappropriate
data to a personal account through user error or carelessness, and for
some officials, even unclassified personal data may potentially have
some degree of intelligence value (e.g., calendars, contact lists,

Reports are now suggesting that the sequence of events leading to
Petraeus' resignation began months ago, when third parties (apparently
a female acquaintance of Petraeus) received "anonymous" harassing
email, which was reportedly traced back to Petraeus' biographer Paula

The FBI became involved when it became apparent that the target's
email addresses might have been obtained from Petraeus' personal Gmail
account, opening up questions as to who else might have had access to
that account and whether or not it had been compromised in some 
manner -- a potentially significant national security concern.

The FBI reportedly gained access to Petraeus' personal emails,
apparently on Gmail -- presumably through legal process served on
Google requiring them to make this information available.  (Please
note that you should only consider this to be speculation on my part
at this time, based on public statements to date.  I will update as
additional relevant information becomes available.)

When the FBI inspected those emails, they reportedly found "hundreds
or thousands" of communications between Petraeus and Broadwell,
indicating in no uncertain terms that an affair was involved.  This is
a big deal especially at this level of the intelligence community,
given the sordid history of "honey traps" in the espionage world.

No criminal activity was reportedly alleged, but there are indications
that the story was beginning to leak out.  The FBI ultimately notified
Petraeus about what they had found, and he chose to get "ahead of the
story" and resign.

There are several questions left unanswered but they all point to
weaknesses on the part of Petraeus, likely not of Gmail.

If the allegations are correct that Broadwell (or some associate of
Broadwell) gained access to Petraeus' Gmail account, was that access
given freely, or was the access clandestine?  Given Google's extensive
support of two-factor authentication, illicit access would suggest at
least sloppiness on Petraeus' part regarding available Google security

It may seem inconceivable that the man in charge of CIA could make
such errors regarding his own personal email.  But again and again we
see that high officials live in a kind of "bubble" that they believe
anoints them with a certain entitlement, insulating their private
lives from the sorts of constraints that apply to "ordinary" folks
like us.

Based on what we know right now, it appears that General David
Petraeus -- in league with Paula Broadwell -- fell into this trap of
self-assumed superiority, and has now indelibly tarnished not only his
long and previously distinguished career, but also the lives of people
around him who deserved far better.

I don't quote the Old Testament very often (to say the least!) -- but
in this case I'll paraphrase a bit: Don't blame the computers for your
misfortune, for pride goes before destruction, and a haughty spirit
before a fall.

True enough.  Online, offline, at CIA Langley, and in the bedroom.

Take care, all.

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
 - Network Neutrality Squad: http://www.nnsquad.org 
 - PRIVACY Forum: http://www.vortex.com/privacy-info
 - Data Wisdom Explorers League: http://www.dwel.org
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren 
Tel: +1 (818) 225-2800 / Skype: vortex.com

nnsquad mailing list