Forgot your password?
typodupeerror
Privacy Communications Government United States Your Rights Online

Petraeus Case Illustrates FBI Authority To Read Email 228

Posted by timothy
from the man-vs-state dept.
An anonymous reader writes "Back in April, we discussed how the 1986 Electronic Communications Privacy Act says email that has resided on a server for more than six months can be considered abandoned. The recent investigation of General Petraeus brings this issue to light again, and perhaps to a broader audience. Under current U.S. law, federal authorities need only a subpoena approved by a federal prosecutor — not a judge — to obtain electronic messages that are six months old or older. Do you know anyone these days who doesn't have IMAP accounts with 6+-month-old mail on them?"
This discussion has been archived. No new comments can be posted.

Petraeus Case Illustrates FBI Authority To Read Email

Comments Filter:
  • by Anonymous Coward on Tuesday November 13, 2012 @01:57PM (#41970227)

    I don't have a useless IMAP account - I keep all my valuable messages on Hotmail

    • scha-den-freu-de

      [shahd-n-froi-duh] noun
      see "General David Petraeus"

      I have heard multiple "serious media commentators" refer to this unfolding of events as resembling something like "a Greek tragedy".

      I am put more in mind of an Italian sex-farce. Like they used to make when Loren and Lollobrigida were at peak.

      Now we will have to be merely content, whilst awaiting the Flynt Production: "This is Not Centcom!"

  • by Anonymous Coward on Tuesday November 13, 2012 @01:57PM (#41970231)

    This is why I delete my old emails every 3 months.

    Of course, when you're living in "The Cloud©," who's to say that the "Delete" button really deletes your email, and doesn't just shift it off to some secondary storage cache where it sits undisturbed for years until the FBI decides it wants to read it?

    • by ByOhTek (1181381)

      I keep my old emails, but on my own hardware, not on the server. Were there anything of particular risk, it would be deleted as soon as I didn't need it, but I've not run into that issue, yet.

      • The problem with emails, obviously, is that just because YOU deleted them, it doesn't mean anybody else did.

        Still and all, having one's long term storage of emails on a server that you control makes the most sense. Don't make it easy on them.

        And really, it's just trivial. I've got emails stored since 1997 - including pics - takes up maybe 4 GB. That's 30 minutes of shooting on my DSLRs.

  • by zerosomething (1353609) on Tuesday November 13, 2012 @02:02PM (#41970319) Homepage
    "Rather than transmitting emails to the other's inbox, they composed at least some messages and left them in a draft folder or in an electronic dropbox, AP said" http://www.usatoday.com/story/tech/2012/11/13/petraeus-broadwell-email/1702057/ [usatoday.com] Yea some of them may have been in the drafts folder. Sending email to your secret lover is old school and gone to get you caught. OOPS maybe it did.
    • by PPH (736903)

      The dropbox trick doesn't work well inside a secure environment. In order to access it, you'd have to authenticate yourself as Petraeus (for example). And they (and many security conscious companies) have methods for detecting 'compromised accounts' like two logons from different locations at the same time.

      In fact, one report on this topic had the investigation starting based on some unusual attempts made by Broadwell to access Petraeus' account. Not sure if subsequent news has ruled this out. But it does

    • An interesting aspect to the drop box they used, is that it seems like the investigators were able to get drafts that had been removed or altered.

      Given the degree to which criminal elements already use that technique I would bet all large email providers store every update to a draft.

  • Public servants (Score:3, Insightful)

    by bhlowe (1803290) on Tuesday November 13, 2012 @02:02PM (#41970331)
    Patraeus is a public servant. The military and public servants agree to adhere to a higher standard of ethics when they take their jobs. Patraeus is said to have sent 20 to 30,000 pages of emails to this lady.. What on earth was he sending her?

    While its probably a good idea to erase your personally incriminating emails that you wrote 6 or more months ago (or a week ago!), at some point we want our CIA personnel to not be acting like idiots.

    • Re: (Score:2, Flamebait)

      by Jstlook (1193309)
      Well, she *was* his biographer. I'd guess 20-30,000 emails probably had a lot of "I don't really want to look like a douche", or "I had no idea that was happening, but lets spin it like I meant it to happen".
    • Re: (Score:2, Insightful)

      by schwit1 (797399)

      She was his biographer.

      Public servants should be held to a higher standard. Unfortunately it is rare that it actually occurs.

    • Re:Public servants (Score:5, Informative)

      by PvtVoid (1252388) on Tuesday November 13, 2012 @02:19PM (#41970601)
      That wasn't Petraeus, it was John Allen [washingtonpost.com], who was Petraeus' successor, and until a few hours ago was on track to be the Supreme Commander of NATO.

      Holy fuck, what is the matter with these people?
      • Holy fuck, what is the matter with these people?

        Nothing.

        All Petraeus did was have a girlfriend. So at worst he was a dick to his wife, which is not a crime.

        Allen might be in real trouble if he was sharing classified info. 20,000-30,000 is a LOT. That's over 60 a day for a year.

        • According to the military code of conduct, committing adultery *is* a crime that can land you in jail. So if the affair started when Petraeus was in the military then it was a crime.

          Regardless, having an affair is grounds to revoke a top level security clearance. So at a minimum, Petraeus threw his job away. Something is the matter with any top official who does that.

          • by RoboRay (735839)
            Well, no, it's still not a crime. It's a violation of the UCMJ. So, he disobeyed an order, more or less. Yes, it's punishable by confinement, if so ordered by a court martial. Which no longer has jurisdiction over him. But it's not a criminal offense, either way. And having an affair is not automatic grounds to revoke a security clearance. It complicates maintaining one, yes, but if the adjudicating authority deems that it does not constitute a security risk through either disclosure of information or com
        • by cayenne8 (626475)

          All Petraeus did was have a girlfriend. So at worst he was a dick to his wife, which is not a crime.

          Kind of understandable..I mean, have you SEEN [nydailynews.com] what Holly Petraeus looks like? Ugh...

          No wonder he was looking for some strange....

        • The moral angle is just a way to leave gracefully, nobody in Washington would really give a shit that he had a mistress.
          The big news is that his mistress was a journalist and he seems to have been leaking state secrets to her, very poor behaviour when Bradley Manning (for example) was locked up for using his position to leak far more trivial state secrets than Petraeus has access to.
        • by PhxBlue (562201)

          All Petraeus did was have a girlfriend. So at worst he was a dick to his wife, which is not a crime.

          Correct. However, an extramarital affair is one of those things that someone could try to blackmail you for, which could lead you to compromise national security to keep your own secrets.

    • Re:Public servants (Score:5, Insightful)

      by tgd (2822) on Tuesday November 13, 2012 @02:31PM (#41970851)

      Patraeus is a public servant. The military and public servants agree to adhere to a higher standard of ethics when they take their jobs.

      IMO, that isn't even the real problem. The CIA, in particular, doesn't care two squats about your dirty secrets, as long as you don't care about them either. The problem with a long-term affair, relative to the CIA, is that the people involved (by the very nature of having gone to those extents to keep it a secret) are now potentially able to be compromised by someone via blackmail.

      You could have a long track record of photos of you snorting blow off a shaved donkeys ass while giving it a reach around, and the CIA won't care as long as you're not embarrassed about it.

    • What do ethics have to do with this case? The guy was the director of the CIA. His marriage vows aren't relevant. I don't care about his marital status or how many women he sleeps with who aren't his wife.

      This strikes me as merely juicy, inconsequential gossip, unless there's evidence she got information she wasn't supposed to have because of her relationship.
      • What do ethics have to do with this case? The guy was the director of the CIA. His marriage vows aren't relevant. I don't care about his marital status or how many women he sleeps with who aren't his wife.

        If any of it happened while he was still employed by the Army, then he very much did break some laws, per USMJ Article 134, paragraph 62 [about.com]

        Not to mention, considering the amount of authority these guys have (Patraeus and Allen), I'm sure there are a few 'classified access' questions the FBI will have for them as well.

        • I'd have to double check, but I think according to the timeline the affair started after he quit the Army. Anyway, why is it illegal for a member of the Army to have an affair? Something being illegal doesn't make it unethical in my book either.
          • I'd have to double check, but I think according to the timeline the affair started after he quit the Army.

            TL;DR.

            I'm sure I'll hear more about it on NPR tomorrow morning, whether I want to or not.

            Anyway, why is it illegal for a member of the Army to have an affair?

            Dunno, you'd have to ask someone who's an expert on the Uniform Code of Military Justice (Mistyped as "USMJ" in my previous post).

            Something being illegal doesn't make it unethical in my book either.

            Completely agree with you there; "legal" != "right," just as "illegal" != "wrong." With so many things, right and wrong are often a matter of subjective interpretation.



            Of course, if my wife is reading this, what he did was wrong wrong wrong wrong wrong!

            Love ya, honey!

        • by RoboRay (735839)
          The UCMJ is not a book of laws, it's a list of regulations. Breaking them is not criminal action.
          • The UCMJ is not a book of laws, it's a list of regulations. Breaking them is not criminal action.

            Violating the 'regulations' listed in the UCMJ can and often do result in some form of punishment, up to and including denial of freedom (AKA imprisonment).

            Sounds like law to me.

    • I'm thinking that the these emails are long strings of replies back and forth, with each email repeating the stuff already sent previously. What with all the blank spaces, headers, wrapping of text, I can see how that the page count gets inflated by quite a bit.
    • Re:Public servants (Score:5, Interesting)

      by PPH (736903) on Tuesday November 13, 2012 @02:46PM (#41971141)

      Patraeus is a public servant. The military and public servants agree to adhere to a higher standard of ethics when they take their jobs.

      Making them easier to blackmail. I'd rather have a public servant agree to adhere to the letter of the law (as applicable to the rest of us) and not be put in a position where his/her behavior, acceptable for the general public, would put his/her job in jeopardy.

      Patraeus is said to have sent 20 to 30,000 pages of emails to this lady.. What on earth was he sending her?

      Probably a lot of copies of his military and CIA correspondence and reports (sanitized of course) for her use in his biography.

      What others have said about the head of the CIA not being able to conceal an affair: This guy is an idiot for not knowing that his life is under scrutiny as a condition of having a secret clearance. Heck, here in Boeing territory, we all know that the DIA contacts our neighbors periodically to see if we (those of us with secret clearances) have 'unusual' lifestyle patterns that might signal possible compromise by foreign intelligence.

      Funny anecdote: When conducting interviews, they ask my friends and neighbors not to discuss it with me. But their kids come over and say, "Hey mister! The FBI was asking my dad about you. Are you some sort of criminal or something?" [Yeah, I bury pesky kids in my back yard. So stay off my lawn!] So its pretty easy to find out when they do their rounds.

  • by wbr1 (2538558)
    The NSA looks ant and stores most of them with no oversight anyway. You don't protest that.
    • by steelfood (895457)

      More likely, other spy agencies are storing online data on U.S. citizens, while the NSA stores data on citizens of other countries. Then, they trade information as needed.

      Though from what I heard, the NSA has probably removed the U.S. citizen filters, so that it's keeping data on practically everybody under the sun.

  • by dywolf (2673597) on Tuesday November 13, 2012 @02:06PM (#41970393)

    Don't leave behind incriminating evidence!
    News at 11.

  • No Crime here (Score:5, Interesting)

    by NinjaTekNeeks (817385) on Tuesday November 13, 2012 @02:06PM (#41970401)
    The thing about it is that Petraeus likely won't be charged or prosecuted for anything. So basically the FBI was "just checking" to make sure no law was broken. If they can do it to the CIA director they likely can do it for anyone they damn near please. Anyone suspected of cheating on their wife is fair game apparently.
    • by what2123 (1116571)
      The problem with cheating on your wife implies that you can be deceitful. In a position where he stands as pretty much the highest man on the pole, you wouldn't want him to deceive you.
      • Re:No Crime here (Score:4, Insightful)

        by MozeeToby (1163751) on Tuesday November 13, 2012 @02:32PM (#41970877)

        My 1 year old daughter can be deceitful. He did nothing wrong in the course of his duties. The only semi-plausible argument is that the situation could have put in in a position to be blackmailed; which, incidentally was the logic used to deny homosexuals security clearances for decades, effectively blacklisting them from several lucrative industries.

      • Re:No Crime here (Score:4, Insightful)

        by H0p313ss (811249) on Tuesday November 13, 2012 @02:35PM (#41970923)

        The problem with cheating on your wife implies that you can be deceitful. In a position where he stands as pretty much the highest man on the pole, you wouldn't want him to deceive you.

        It's more than that, if you're in any job that requires security clearance and you are keeping secrets from your employer then you can probably be blackmailed by foreign interests. One step in getting clearance is to spill EVERYTHING that can be used against you so that it can't be.

        Here we're talking about the director of the CIA who is a former senior military officer having an affair. So VERY high level clearance and VERY big secret. Petraeus was an international incident waiting to happen because he's walking with untold numbers of Top Secret info in his head and lying to the CIA.

      • by Mabhatter (126906)

        the director of the CIA is SUPPOSED to be deceitful... that's the PRIMARY job duty. If anything is a fail, it's that the FBI agents involved weren't killed off... or that they are STILL breathing. KEEPING secrets is the job... if that means cold blooded murder, then it's his job!!!

        The CIA and NSA are the two agencies where "rule of man" is more important that "rule of law". Because ultimately dirty, immoral, illegal things have to be done and loyal men have to do them. That's also why those agencies tradit

    • He wasn't just any guy cheating on his wife. He was name-dropped as Mitt Romney's VP (around the time the FBI started investigating him... imagine that). He also refused to be thrown under the Libya Terrorist bus and was slated to testify about that... just days before he resigned. Yet that information wasn't leaked until after the election.

      • by alen (225700)

        part of being named a VP candidate is the FBI does a VERY THOROUGH background investigation on you. except for Sarah Palin which explains all the allegations about her

    • by Eevee (535658)
      Actually, it's just the opposite. If you have a security clearance, you have less privacy because you give the government permission to investigate you.
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Anyone suspected of cheating on their wife is fair game apparently.

      No. Just people with security clearances who might be blackmailed as they try to hide their behavior, or people with security clearances who demonstrate that their promises are not kept.Secret affair = not worthy of public trust.

    • by houghi (78078)

      Anyone suspected of cheating on their wife is fair game apparently.

      Make that Anyone and you are correct.

    • Re:No Crime here (Score:5, Insightful)

      by CanHasDIY (1672858) on Tuesday November 13, 2012 @04:21PM (#41972735) Homepage Journal

      Anyone suspected of possibly presenting some kind of unknown, unnamed threat, that may or may not challenge the status quo, or even exist for that matter, is fair game apparently.

      FTFY.

      Brave new world, Freedom == Slavery, all that jazz.

  • ... I run my own IMAP servers. A third party can't release something that a third party doesn't have. (Nothing, of course, is keeping the upstream mail relay from keeping copies of all the messages they send on to a local IMAP machine, but I would be very surprised if it were currently common practice.)

    The other reason I run my own IMAP/postfix server is to get around bullshit port blocking at hotels and the like. They might block port 25, can't very well block http: and https: ports, now can they?
    • by statusbar (314703)

      Is your IMAP server hosted on your own machine or co-located, or "in the cloud"?

      • by PvtVoid (1252388)

        Is your IMAP server hosted on your own machine or co-located, or "in the cloud"?

        On my own machine. Co-lo would be pretty pointless, now wouldn't it?

      • by whoever57 (658626)

        I have wondered about this. I would hope that, if you have your own virtual private server, you could argue that it was analagous to renting an office, in which case, 4th amendment protections would apply.

        I think that the argument for goverment snooping on email is that the ISP manages the email, thus you have already given access to a 3rd party. If you host it yourself, on a machine that is not managed by an ISP (beyond providing the virtual machine), there is no 3rd part involved in processing your email.

  • by mmell (832646) <mmell@hotmail.com> on Tuesday November 13, 2012 @02:08PM (#41970431)
    Petraeus was the head of our CIA and couldn't keep his own affair secret? If he can't camp a little action off on the side without getting caught, I sure don't want him in charge of our country's Department of Spies.
    • you mean the director of the Central INTELLIGENCE Agency is lacking in same ???

    • by houghi (78078)

      The real issue I have is that having an affair is even an issue. The obvious answer should be: So?
      Next they will go after people who masturbate and lie about that.

    • Actually, I don't think Petraeus exercised bad judgement in his choice of mistress. Why did he get caught? The woman went crazy jealous and harassed a family friend. But it was reasonable for Petraeus not to expect this, for she was married with two minor children. However, I would be worried if he had an affair with some attention-whoring second rate attress.
  • I thought I was just behind the times with my POP3 email. Apparently, it was foresight.

    Not that it matters, really. I think we have to assume they can get anything they want without a warrant anyway and whether or not I think I removed it from a provider's server. Just say the magic words: "national security," aka "sudo," aka "Simon says."

    • by PvtVoid (1252388)

      I thought I was just behind the times with my POP3 email. Apparently, it was foresight.

      Morell, is that you?

  • GPG (Score:5, Insightful)

    by Alain Williams (2972) <addw@phcomp.co.uk> on Tuesday November 13, 2012 @02:16PM (#41970553) Homepage
    For anything interesting - enough said.
  • So, who can point me to an e-mail vendor that keeps all messages encrypted?

    -jcr

    • by PPH (736903)

      Can someone point me to an e-mail vendor who can decrypt my traffic? I mean other then the headers needed for delivery?

      I wouldn't deal with an ISP* that insisted on holding my private key. And if I were an ISP, I wouldn't want my customer's keys either. It gives me a level of deniability.

      *The issues of corporate or government departmental e-mails being somewhat different. The CIA reserves the right to inspect all traffic coming and going from its premises (both e-mails and briefcases).

  • Dang. Someone must have accidentally changed the time on those servers in the cloud and that's why we thought those messages were 6 months older than they really were.
  • by hawguy (1600213) on Tuesday November 13, 2012 @02:19PM (#41970605)

    Keep in mind that if you read your email using your work computer, then your employer can read it too - don't trust SSL to keep it private, your employer can transparently decrypt the SSL stream and re-encrypt using their own cert which your (well, your employer's) computer will trust.

    If you want to keep your private email private, only read it on your own device, don't trust anyone else's device.

  • Do you know anyone these days who doesn't have IMAP accounts with 6+-month-old mail on them?"

    Hell yes. Me. POP. Nothing stays on my ISP's server for more than a few days.

  • A decade or so ago, we finally admitted that the encryption cat was out of the bag, US rules loosened, and web browsers stopped coming in "128-bit encryption that you can't export" versus "56-bit encryption that the FBI or the teenager down the street can crack" varieties.

    At the time, many people were cynical enough to speculate that this new "we won't worry about bad people using encryption" policy meant that NSA mathematicians had discovered algorithms for cracking our strongest ciphers.

    Yet I don't recall

    • We lack an infrastructure for exchanging keys as easily as email addresses, and where sending and receiving encrypted emails is as easy to do as sending and receiving ordinary unencrypted email today.

      I'm not sure we'll ever have that infrastructure either.

  • I don't understand why GPG is not baked into everyone's mail client by now. All my geek friends have my public key.
    You should be using 4096 bit encryption and a public key server.

    For someone in his position, he should know better than that.

    Even an idiot can install Thunderbird and then put the Enigmail plugin on top of it.

  • And this is why, you should simply own your own IMAP server. Since it costs next to nothing. If you own it, the storage is yours, and you haven't abandoned anything.

    Or, you know, you could let someone else hold onto your stuff forever, which for this law, and logic, means you've abandoned it.

    Makes sense. Why weren't you paying the few pennies to own your stuff?

  • US Constitution... (Score:5, Insightful)

    by 3seas (184403) on Tuesday November 13, 2012 @02:40PM (#41971019) Journal

    They do not have authority that is approved by the guidelines the Founders of this country created.
    What it means is they are violating the founders intents and any supposed law in violation are not real laws but fabrications of distortions backed by nothing more than brute force using abstract words to make themselves feel better about it.

    There are many violations of the founders intents. The Declaration of Independence even acknowledges the probability of corrupt government and the founders in doing so gave us recognition of our rights and duty to put off bad government and replace it with what the founders intended. They even provided us with real life example.

    So No they do not have the Authority to try and take advantage of the short comings of technology that they perceive. Especially when the Email account is still actively being used. Being used does mean clearly that it is not an abandon mail.

  • by Murdoch5 (1563847)
    Why would I save an email for 6 months, that's insane. If an email was so important that it needed to be kept for that long I would print it off and tack it somewhere around me so I could see it. If the email wasn't important and I was still mean to keep it I would tell the person who sent it to re-send it later closer to the date and if neither case is true then I delete it or handle it right away and make the idiot who sent it deal with me 6 months early. Email is meant for quick communication, if you
  • They have systems just for sifting through email and such. I'm pretty sure the main one used by the feds is EINSTEIN 3. It's also available to big businesses, but voluntarily. Email monitoring wasn't in the earlier versions, but EINSTEIN 3 can read the content of email.

  • by Lumpy (12016) on Tuesday November 13, 2012 @03:01PM (#41971399) Homepage

    When I worked at AT&T it automatically deleted ANY email older than 30 days. Deleted for you. plus they scanned for and deleted any PST files found on any computer.

  • From a New York Times article about this:

    "In a parallel process, the investigators gained access, probably using a search warrant, to Ms. Broadwell’s Gmail account. There they found messages that turned out to be from Mr. Petraeus." Source: http://www.nytimes.com/2012/11/14/us/david-petraeus-case-raises-concerns-about-americans-privacy.htm [nytimes.com]

    The only reason that the FBI was able to gain access to her e-mails was because Google complied with FBI's request. So it seems that the real question is not about how vulnerable your email is to "hackers", but whether your email provider keeps your communications private.

  • Seriously, its not impressive. Hasn't been for at least 15 years.

    Second ... NO ONE GIVES A SHIT ABOUT YOUR MAIL. You are not a former high level military officer or high level politician. You are in fact nobody, just like me. How do I know you are nobody? Cause you have the spare time to dick around on slashdot and ... run your own mail server for no reason other than to wave it around like an epenis. Hell, most of you would be bragging up a shit storm if you had an affair.

    All you do by bragging about

    • by jittles (1613415)
      I run my own mail server to back up the mail going to my main domain. Everything is automatically forwarded to my server and I can log into it from anywhere and look for that old message from forever ago. Its easier than doing so with my hosting provider, and I control the up-time and reliability on it. But the main reason I run the server at all is for CalDav and CardDav. Sure no one cares about my mail, but Gmail does read through my messages, contacts and calendar info to serve ads. I don't particul
    • by dbIII (701233)

      run your own mail server for no reason other than to wave it around

      Well to me it's like having a photocopier instead of having to make copies elsewhere. It's a trivial bit of office equipment that barely needs attention and normally just works for years at a time. Unless of course it's Microsoft Exchange, but even the name tells you what to do with it :)
      That's of course for a small office where people typically email each other enormous attachments that would choke an outgoing pipe, but since I run the se

A method of solution is perfect if we can forsee from the start, and even prove, that following that method we shall attain our aim. -- Leibnitz

Working...