Petraeus Case Illustrates FBI Authority To Read Email 228
An anonymous reader writes "Back in April, we discussed how the 1986 Electronic Communications Privacy Act says email that has resided on a server for more than six months can be considered abandoned. The recent investigation of General Petraeus brings this issue to light again, and perhaps to a broader audience. Under current U.S. law, federal authorities need only a subpoena approved by a federal prosecutor — not a judge — to obtain electronic messages that are six months old or older. Do you know anyone these days who doesn't have IMAP accounts with 6+-month-old mail on them?"
Joke's on you ... (Score:5, Funny)
I don't have a useless IMAP account - I keep all my valuable messages on Hotmail
"Schadenfreude" (Score:2)
scha-den-freu-de
[shahd-n-froi-duh] noun
see "General David Petraeus"
I have heard multiple "serious media commentators" refer to this unfolding of events as resembling something like "a Greek tragedy".
I am put more in mind of an Italian sex-farce. Like they used to make when Loren and Lollobrigida were at peak.
Now we will have to be merely content, whilst awaiting the Flynt Production: "This is Not Centcom!"
Don't keep old email. (Score:3, Insightful)
This is why I delete my old emails every 3 months.
Of course, when you're living in "The Cloud©," who's to say that the "Delete" button really deletes your email, and doesn't just shift it off to some secondary storage cache where it sits undisturbed for years until the FBI decides it wants to read it?
Re: (Score:2)
I keep my old emails, but on my own hardware, not on the server. Were there anything of particular risk, it would be deleted as soon as I didn't need it, but I've not run into that issue, yet.
Re: (Score:2)
The problem with emails, obviously, is that just because YOU deleted them, it doesn't mean anybody else did.
Still and all, having one's long term storage of emails on a server that you control makes the most sense. Don't make it easy on them.
And really, it's just trivial. I've got emails stored since 1997 - including pics - takes up maybe 4 GB. That's 30 minutes of shooting on my DSLRs.
Re: (Score:2)
Depends on who is sending it but, TLS at the transport level takes care of that for most of my email. Good luck handing me an order for all of my emails sitting on my server. Abandoned my ass.
Re:Don't keep old email. (Score:4, Informative)
Re: (Score:2)
Why would his mail go to his ISP? Mine certainly doesn't, it routes from my local mail server through a VPN via a VPS and from there to destination and vice versa.
Not that I have anything I'm particularly concerned about, but the asshats in charge can take their retention directive and shove it.
Re: (Score:2)
AC's practice is useless because if they really wanted him, they'd subpoena the email provider to provide them with all of AC's communication moving forward, which they'd decide on how long they kept themselves.
Re:Don't keep old email. (Score:4, Informative)
Re: (Score:2)
Backups. Some people want them.
Heck, I've still got some ASCII porn backed up on tape somewhere. Now get off my lawn!
Re: (Score:3)
Give me something steamy typed in a lovely Comic Sans font and what that does to my eyes won't be the obscene act.
Re: (Score:2)
Define "The Cloud". Who's to say your ISP doesn't store a copy of all emails received by you?
Same reason you don't save every piece of electronic crap your computer shits out on a daily basis.
Cost.
You're making the assumption it's costing them money and not turning them a profit.
For instance, Google uses your emails to make money. Read your eighteen-page legalese documents from your ISP lately? How about their "third party marketers" legalese? There has been a marked increase in companies aggregating such data in a way that "maintains privacy" but we all know how usually pans out, don't we? Also, you have no idea if the data is scrubbed of all personally identifiable information before it's stored in
On Dropbox (Score:3)
Re: (Score:2)
The dropbox trick doesn't work well inside a secure environment. In order to access it, you'd have to authenticate yourself as Petraeus (for example). And they (and many security conscious companies) have methods for detecting 'compromised accounts' like two logons from different locations at the same time.
In fact, one report on this topic had the investigation starting based on some unusual attempts made by Broadwell to access Petraeus' account. Not sure if subsequent news has ruled this out. But it does
Seems like they pulled out old drafts... (Score:2)
An interesting aspect to the drop box they used, is that it seems like the investigators were able to get drafts that had been removed or altered.
Given the degree to which criminal elements already use that technique I would bet all large email providers store every update to a draft.
Public servants (Score:3, Insightful)
While its probably a good idea to erase your personally incriminating emails that you wrote 6 or more months ago (or a week ago!), at some point we want our CIA personnel to not be acting like idiots.
Re: (Score:2, Flamebait)
Re: (Score:2, Insightful)
She was his biographer.
Public servants should be held to a higher standard. Unfortunately it is rare that it actually occurs.
Re:Public servants (Score:5, Informative)
Holy fuck, what is the matter with these people?
Nothing. (Score:3)
Holy fuck, what is the matter with these people?
Nothing.
All Petraeus did was have a girlfriend. So at worst he was a dick to his wife, which is not a crime.
Allen might be in real trouble if he was sharing classified info. 20,000-30,000 is a LOT. That's over 60 a day for a year.
Re: (Score:2)
According to the military code of conduct, committing adultery *is* a crime that can land you in jail. So if the affair started when Petraeus was in the military then it was a crime.
Regardless, having an affair is grounds to revoke a top level security clearance. So at a minimum, Petraeus threw his job away. Something is the matter with any top official who does that.
Re: (Score:2)
Re: (Score:2)
Kind of understandable..I mean, have you SEEN [nydailynews.com] what Holly Petraeus looks like? Ugh...
No wonder he was looking for some strange....
Leaking secrets to a journalist is why they worry (Score:2)
The big news is that his mistress was a journalist and he seems to have been leaking state secrets to her, very poor behaviour when Bradley Manning (for example) was locked up for using his position to leak far more trivial state secrets than Petraeus has access to.
Re: (Score:2)
All Petraeus did was have a girlfriend. So at worst he was a dick to his wife, which is not a crime.
Correct. However, an extramarital affair is one of those things that someone could try to blackmail you for, which could lead you to compromise national security to keep your own secrets.
Re:Public servants (Score:5, Insightful)
Patraeus is a public servant. The military and public servants agree to adhere to a higher standard of ethics when they take their jobs.
IMO, that isn't even the real problem. The CIA, in particular, doesn't care two squats about your dirty secrets, as long as you don't care about them either. The problem with a long-term affair, relative to the CIA, is that the people involved (by the very nature of having gone to those extents to keep it a secret) are now potentially able to be compromised by someone via blackmail.
You could have a long track record of photos of you snorting blow off a shaved donkeys ass while giving it a reach around, and the CIA won't care as long as you're not embarrassed about it.
Re:Public servants (Score:5, Funny)
You could have a long track record of photos of you snorting blow off a shaved donkeys ass while giving it a reach around, and the CIA won't care as long as you're not embarrassed about it.
Wait, how did you get a hold of my family Christmas photos?
Re: (Score:2)
Re: (Score:2)
This strikes me as merely juicy, inconsequential gossip, unless there's evidence she got information she wasn't supposed to have because of her relationship.
Re: (Score:2)
What do ethics have to do with this case? The guy was the director of the CIA. His marriage vows aren't relevant. I don't care about his marital status or how many women he sleeps with who aren't his wife.
If any of it happened while he was still employed by the Army, then he very much did break some laws, per USMJ Article 134, paragraph 62 [about.com]
Not to mention, considering the amount of authority these guys have (Patraeus and Allen), I'm sure there are a few 'classified access' questions the FBI will have for them as well.
Re: (Score:2)
Re: (Score:2)
I'd have to double check, but I think according to the timeline the affair started after he quit the Army.
TL;DR.
I'm sure I'll hear more about it on NPR tomorrow morning, whether I want to or not.
Anyway, why is it illegal for a member of the Army to have an affair?
Dunno, you'd have to ask someone who's an expert on the Uniform Code of Military Justice (Mistyped as "USMJ" in my previous post).
Something being illegal doesn't make it unethical in my book either.
Completely agree with you there; "legal" != "right," just as "illegal" != "wrong." With so many things, right and wrong are often a matter of subjective interpretation.
Of course, if my wife is reading this, what he did was wrong wrong wrong wrong wrong!
Love ya, honey!
Re: (Score:2)
Re: (Score:2)
The UCMJ is not a book of laws, it's a list of regulations. Breaking them is not criminal action.
Violating the 'regulations' listed in the UCMJ can and often do result in some form of punishment, up to and including denial of freedom (AKA imprisonment).
Sounds like law to me.
Re: (Score:3)
Re:30,000 pages might be about right (Score:3, Interesting)
Re:Public servants (Score:5, Interesting)
Patraeus is a public servant. The military and public servants agree to adhere to a higher standard of ethics when they take their jobs.
Making them easier to blackmail. I'd rather have a public servant agree to adhere to the letter of the law (as applicable to the rest of us) and not be put in a position where his/her behavior, acceptable for the general public, would put his/her job in jeopardy.
Patraeus is said to have sent 20 to 30,000 pages of emails to this lady.. What on earth was he sending her?
Probably a lot of copies of his military and CIA correspondence and reports (sanitized of course) for her use in his biography.
What others have said about the head of the CIA not being able to conceal an affair: This guy is an idiot for not knowing that his life is under scrutiny as a condition of having a secret clearance. Heck, here in Boeing territory, we all know that the DIA contacts our neighbors periodically to see if we (those of us with secret clearances) have 'unusual' lifestyle patterns that might signal possible compromise by foreign intelligence.
Funny anecdote: When conducting interviews, they ask my friends and neighbors not to discuss it with me. But their kids come over and say, "Hey mister! The FBI was asking my dad about you. Are you some sort of criminal or something?" [Yeah, I bury pesky kids in my back yard. So stay off my lawn!] So its pretty easy to find out when they do their rounds.
so (Score:2)
Re: (Score:2)
More likely, other spy agencies are storing online data on U.S. citizens, while the NSA stores data on citizens of other countries. Then, they trade information as needed.
Though from what I heard, the NSA has probably removed the U.S. citizen filters, so that it's keeping data on practically everybody under the sun.
Moral of the story (Score:3)
Don't leave behind incriminating evidence!
News at 11.
No Crime here (Score:5, Interesting)
Re: (Score:2)
Re:No Crime here (Score:4, Insightful)
My 1 year old daughter can be deceitful. He did nothing wrong in the course of his duties. The only semi-plausible argument is that the situation could have put in in a position to be blackmailed; which, incidentally was the logic used to deny homosexuals security clearances for decades, effectively blacklisting them from several lucrative industries.
Re:No Crime here (Score:4, Insightful)
The problem with cheating on your wife implies that you can be deceitful. In a position where he stands as pretty much the highest man on the pole, you wouldn't want him to deceive you.
It's more than that, if you're in any job that requires security clearance and you are keeping secrets from your employer then you can probably be blackmailed by foreign interests. One step in getting clearance is to spill EVERYTHING that can be used against you so that it can't be.
Here we're talking about the director of the CIA who is a former senior military officer having an affair. So VERY high level clearance and VERY big secret. Petraeus was an international incident waiting to happen because he's walking with untold numbers of Top Secret info in his head and lying to the CIA.
Re: (Score:3)
the director of the CIA is SUPPOSED to be deceitful... that's the PRIMARY job duty. If anything is a fail, it's that the FBI agents involved weren't killed off... or that they are STILL breathing. KEEPING secrets is the job... if that means cold blooded murder, then it's his job!!!
The CIA and NSA are the two agencies where "rule of man" is more important that "rule of law". Because ultimately dirty, immoral, illegal things have to be done and loyal men have to do them. That's also why those agencies tradit
Re: (Score:2)
He wasn't just any guy cheating on his wife. He was name-dropped as Mitt Romney's VP (around the time the FBI started investigating him... imagine that). He also refused to be thrown under the Libya Terrorist bus and was slated to testify about that... just days before he resigned. Yet that information wasn't leaked until after the election.
Re: (Score:3)
part of being named a VP candidate is the FBI does a VERY THOROUGH background investigation on you. except for Sarah Palin which explains all the allegations about her
Re: (Score:3)
For example, some dead people won in the most recent US elections, and Marion Barry continues to be reelected despite being a putz and a crackhead.
Isn't democracy wonderful? Even idiots get to vote.
Voting for a dead guy doesn't make a person an idiot; it just means they'd rather be led by a corpse than the still-living alternative.
If I were running for office, I think losing to a dead guy would be the second worst thing that could happen, next to being beaten by Hitler as a write-in candidate.
Re: (Score:3)
Re: (Score:3, Insightful)
Anyone suspected of cheating on their wife is fair game apparently.
No. Just people with security clearances who might be blackmailed as they try to hide their behavior, or people with security clearances who demonstrate that their promises are not kept.Secret affair = not worthy of public trust.
Re: (Score:2)
Re:No Crime here (Score:5, Insightful)
Anyone suspected of possibly presenting some kind of unknown, unnamed threat, that may or may not challenge the status quo, or even exist for that matter, is fair game apparently.
FTFY.
Brave new world, Freedom == Slavery, all that jazz.
This is exactly why... (Score:2)
The other reason I run my own IMAP/postfix server is to get around bullshit port blocking at hotels and the like. They might block port 25, can't very well block http: and https: ports, now can they?
Re: (Score:2)
Is your IMAP server hosted on your own machine or co-located, or "in the cloud"?
Re: (Score:2)
Is your IMAP server hosted on your own machine or co-located, or "in the cloud"?
On my own machine. Co-lo would be pretty pointless, now wouldn't it?
Re: (Score:3)
I have wondered about this. I would hope that, if you have your own virtual private server, you could argue that it was analagous to renting an office, in which case, 4th amendment protections would apply.
I think that the argument for goverment snooping on email is that the ISP manages the email, thus you have already given access to a 3rd party. If you host it yourself, on a machine that is not managed by an ISP (beyond providing the virtual machine), there is no 3rd part involved in processing your email.
Re: (Score:2)
They might block port 25, can't very well block http: and https: ports, now can they?
Yes... They can just put all http requests through a transparent proxy and drop https altogether. And many do.
I personally haven't found this to be much of an issue. Port 443 traffic gets passed along pretty much everywhere I've tried it, including places that block 25 and even ssh traffic.
Comment removed (Score:5, Insightful)
Re: (Score:2)
you mean the director of the Central INTELLIGENCE Agency is lacking in same ???
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
POP3 (Score:2)
I thought I was just behind the times with my POP3 email. Apparently, it was foresight.
Not that it matters, really. I think we have to assume they can get anything they want without a warrant anyway and whether or not I think I removed it from a provider's server. Just say the magic words: "national security," aka "sudo," aka "Simon says."
Re: (Score:2)
I thought I was just behind the times with my POP3 email. Apparently, it was foresight.
Morell, is that you?
GPG (Score:5, Insightful)
Re: (Score:3)
For anything interesting - enough said.
Using it isn't the problem. Getting your friends, colleagues and family to is.
Re: (Score:3)
Yes, try getting your psychotic estrange mistress to use GPG and let us know how that goes.
Re: (Score:3)
Otherwise, let me know what GPG is...
Re: (Score:2)
Don't you mean PGP, as in Pretty Good Privacy? Otherwise, let me know what GPG is...
http://www.lmgtfy.com/?q=gpg [lmgtfy.com]
Re: (Score:3)
http://www.lmgtfy.com/?q=gpg [lmgtfy.com]
Sorry, you're right - I was being lazy. I did look on Wiki for GPG, but not closely enough. The GNU Privacy Guard entry didn't jump out at me.
Re: (Score:2)
Re: (Score:2)
Can someone point me to an e-mail vendor who can decrypt my traffic? I mean other then the headers needed for delivery?
I wouldn't deal with an ISP* that insisted on holding my private key. And if I were an ISP, I wouldn't want my customer's keys either. It gives me a level of deniability.
*The issues of corporate or government departmental e-mails being somewhat different. The CIA reserves the right to inspect all traffic coming and going from its premises (both e-mails and briefcases).
oops (Score:2)
Any employer can do it (Score:5, Insightful)
Keep in mind that if you read your email using your work computer, then your employer can read it too - don't trust SSL to keep it private, your employer can transparently decrypt the SSL stream and re-encrypt using their own cert which your (well, your employer's) computer will trust.
If you want to keep your private email private, only read it on your own device, don't trust anyone else's device.
Re: (Score:2)
What you are talking about is your employer redirecting all traffic through a proxy in which they have set up a snake-oil cert which your computer has been set up to trust. Which is neat and all, but quite besides the point. The mail was read on the server, hence the communication TO the server (which might be SSL) is irrelevant. If you encrypt your messages using a GPG identity or some such, then your employer will NOT be able to read your e-mail, or anyone else for that matter.
Moral of this story? Encrypt your data, shocking, I know.
Unless, of course, the employer runs screen capture software on your computer.
The moral of the story is still, don't trust anyone else's hardware. And probably don't even trust your own hardware if you're CIA director, since you never know if its been compromised.
we're not all naive (Score:2)
Do you know anyone these days who doesn't have IMAP accounts with 6+-month-old mail on them?"
Hell yes. Me. POP. Nothing stays on my ISP's server for more than a few days.
Anybody here encrypt their email? (Score:2)
A decade or so ago, we finally admitted that the encryption cat was out of the bag, US rules loosened, and web browsers stopped coming in "128-bit encryption that you can't export" versus "56-bit encryption that the FBI or the teenager down the street can crack" varieties.
At the time, many people were cynical enough to speculate that this new "we won't worry about bad people using encryption" policy meant that NSA mathematicians had discovered algorithms for cracking our strongest ciphers.
Yet I don't recall
Re: (Score:2)
GPG to the rescue (Score:2)
I don't understand why GPG is not baked into everyone's mail client by now. All my geek friends have my public key.
You should be using 4096 bit encryption and a public key server.
For someone in his position, he should know better than that.
Even an idiot can install Thunderbird and then put the Enigmail plugin on top of it.
Welcome to ownership (Score:2)
And this is why, you should simply own your own IMAP server. Since it costs next to nothing. If you own it, the storage is yours, and you haven't abandoned anything.
Or, you know, you could let someone else hold onto your stuff forever, which for this law, and logic, means you've abandoned it.
Makes sense. Why weren't you paying the few pennies to own your stuff?
US Constitution... (Score:5, Insightful)
They do not have authority that is approved by the guidelines the Founders of this country created.
What it means is they are violating the founders intents and any supposed law in violation are not real laws but fabrications of distortions backed by nothing more than brute force using abstract words to make themselves feel better about it.
There are many violations of the founders intents. The Declaration of Independence even acknowledges the probability of corrupt government and the founders in doing so gave us recognition of our rights and duty to put off bad government and replace it with what the founders intended. They even provided us with real life example.
So No they do not have the Authority to try and take advantage of the short comings of technology that they perceive. Especially when the Email account is still actively being used. Being used does mean clearly that it is not an abandon mail.
Me (Score:2)
EINSTEIN 3 (Score:2)
They have systems just for sifting through email and such. I'm pretty sure the main one used by the feds is EINSTEIN 3. It's also available to big businesses, but voluntarily. Email monitoring wasn't in the earlier versions, but EINSTEIN 3 can read the content of email.
That is why.... (Score:3)
When I worked at AT&T it automatically deleted ANY email older than 30 days. Deleted for you. plus they scanned for and deleted any PST files found on any computer.
Gmail is the weak link (Score:2)
"In a parallel process, the investigators gained access, probably using a search warrant, to Ms. Broadwell’s Gmail account. There they found messages that turned out to be from Mr. Petraeus." Source: http://www.nytimes.com/2012/11/14/us/david-petraeus-case-raises-concerns-about-americans-privacy.htm [nytimes.com]
The only reason that the FBI was able to gain access to her e-mails was because Google complied with FBI's request. So it seems that the real question is not about how vulnerable your email is to "hackers", but whether your email provider keeps your communications private.
Stop bragging about running your own mail server (Score:2)
Seriously, its not impressive. Hasn't been for at least 15 years.
Second ... NO ONE GIVES A SHIT ABOUT YOUR MAIL. You are not a former high level military officer or high level politician. You are in fact nobody, just like me. How do I know you are nobody? Cause you have the spare time to dick around on slashdot and ... run your own mail server for no reason other than to wave it around like an epenis. Hell, most of you would be bragging up a shit storm if you had an affair.
All you do by bragging about
Re: (Score:2)
Re: (Score:2)
Well to me it's like having a photocopier instead of having to make copies elsewhere. It's a trivial bit of office equipment that barely needs attention and normally just works for years at a time. Unless of course it's Microsoft Exchange, but even the name tells you what to do with it :)
That's of course for a small office where people typically email each other enormous attachments that would choke an outgoing pipe, but since I run the se
Re: (Score:2)
I keep my email in my home directory on the file server and accesses it locally and remotely using NFS and IMAP. I wonder what FBI would say about my messages.
Re: (Score:2)
Wrong. It must be on someone else's server and not in your home.
Re: (Score:2)
Same here... but my IMAP server is only 2 months old.
Re: (Score:3)
Re: (Score:2)
I'm archived, back to 1999 on some mails - personal account. :-)
Re: (Score:3)
You only have rights if you're beligerent and EXPLICITLY demand them. Quit presuming that the government has any obligations to give you your rights. They do their level best only because of the consequences of them not doing so and somoene calling them out on it. What we're being presented here is explictly UNCONSTITUTIONAL. Yeah, yeah, it costs all sorts of money and effort to stand up for your rights. Freedom's NEVER free.
It's come time to decide, people... Are you slaves? Are you free men? If you're free men, that comes at a price- and you've got to be willing to PAY it.
Firstly, "Freedom's Not Free" as a slogan is already taken, and sadly I report it doesn't mean what you and I would like it to.
Secondly, as the great George Carlin said: "This country is finished, it has been for a long time, but everyone has a cell phone that makes pancakes and rubs their balls, so they dont wanna rock the boat."
Re: (Score:2)
I think I read somewhere that he started having an affair after taking the CIA post, and therefore quite likely after passing whatever poly required. He might well have had problems when trying to renew.
Re: (Score:2)
Would it matter? A bit of voodoo from the guy that wrote Wonder Woman and sold to the FBI when Hoover was getting kickbacks can't do anything useful if you know it doesn't work (and if you don't know any strange object that you are told has magical powers will have the same effect).
GMail is an interesting answer... (Score:5, Interesting)
Nobody keeps lots of mail there for longer than six months.
In fact, people do. However, corporate email accounts at Google auto-delete email after 180 days because of the 1986 act. There was much grumbling when this came about, and there are exceptions for people with an email "litigation hold", but for everyone else, it's part of normal operation that it's deleted.
I believe that this is a settable option for corporate managed accounts (i.e. hosted domain email for commercial companies which pay Google to manage their companies mail).
I know that most other public corporations, such as Penton Media, have similar 6 month deletion policies. IBM's policy when I worked there (circa 2001) was 1 year, and switched to 6 months while I was employed by them.
Apple had a two year policy because it was difficult to establish separate policy for the US vs. Europe for compliance with Directive 2006/24/EC http://en.wikipedia.org/wiki/Data_Retention_Directive [wikipedia.org] and Apple conservatively classed itself as an ISP. I don't know what their current policy is, given that the U.S. equivalent H.R.1076/S.436 http://en.wikipedia.org/wiki/SAFETY [wikipedia.org] never made it into law.
Re: (Score:2)
I don't.
I do. But like any slashdotter worth his slashdot id, it's on my own email server.