The Petraeus Scandal And The Surveillance State
The still unfolding Petraeus-Broadwell-Kelley-Allen scandal has raised the specter of just how unsecure the email services that most of us use on a daily basis:
The F.B.I. investigation that toppled the director of the C.I.A. and has now entangled the top American commander in Afghanistan underscores a danger that civil libertarians have long warned about: that in policing the Web for crime, espionage and sabotage, government investigators will unavoidably invade the private lives of Americans.
On the Internet, and especially in e-mails, text messages, social network postings and online photos, the work lives and personal lives of Americans are inextricably mixed. Private, personal messages are stored for years on computer servers, available to be discovered by investigators who may be looking into completely unrelated matters.
In the current F.B.I. case, a Tampa, Fla., woman, Jill Kelley, a friend both of David H. Petraeus, the former C.I.A. director, and Gen. John R. Allen, the top NATO commander in Afghanistan, was disturbed by a half-dozen anonymous e-mails she had received in June. She took them to an F.B.I. agent whose acquaintance with Ms. Kelley (he had sent her shirtless photos of himself — electronically, of course) eventually prompted his bosses to order him to stay away from the investigation.
But a squad of investigators at the bureau’s Tampa office, in consultation with prosecutors, opened a cyberstalking inquiry. Although that investigation is still open, law enforcement officials have said that criminal charges appear unlikely.
In the meantime, however, there has been a cascade of unintended consequences. What began as a private, and far from momentous, conflict between two women, Ms. Kelley and Paula Broadwell, Mr. Petraeus’s biographer and the reported author of the harassing e-mails, has had incalculable public costs.
The C.I.A. is suddenly without a permanent director at a time of urgent intelligence challenges in Syria, Iran, Libya and beyond. The leader of the American-led effort to prevent a Taliban takeover in Afghanistan is distracted, at the least, by an inquiry into his e-mail exchanges with Ms. Kelley by the Defense Department’s inspector general.
For privacy advocates, the case sets off alarms.
“There should be an investigation not of the personal behavior of General Petraeus and General Allen, but of what surveillance powers the F.B.I. used to look into their private lives,” Anthony D. Romero, executive director of the American Civil Liberties Union, said in an interview. “This is a textbook example of the blurring of lines between the private and the public.”
Law enforcement officials have said they used only ordinary methods in the case, which might have included grand jury subpoenas and search warrants. As the complainant, Ms. Kelley presumably granted F.B.I. specialists access to her computer, which they would have needed in their hunt for clues to the identity of the sender of the anonymous e-mails. While they were looking, they discovered General Allen’s e-mails, which F.B.I. superiors found “potentially inappropriate” and decided should be shared with the Defense Department.
In a parallel process, the investigators gained access, probably using a search warrant, to Ms. Broadwell’s Gmail account. There they found messages that turned out to be from Mr. Petraeus.
Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, said the chain of unexpected disclosures was not unusual in computer-centric cases.
“It’s a particular problem with cyberinvestigations — they rapidly become open-ended because there’s such a huge quantity of information available and it’s so easily searchable,” he said, adding, “If the C.I.A. director can get caught, it’s pretty much open season on everyone else.”
As it turns out, the methods that the FBI used to gain access to a wide variety of email accounts during the course of this investigation are both rather common and rather easy for law enforcement to pull off without the target of an investigation even knowing what’s going on:
The downfall of CIA Director David Petraeus demonstrates how easy it is for federal law enforcement agents to examine emails and computer records if they believe a crime was committed. With subpoenas and warrants, the FBI and other investigating agencies routinely gain access to electronic inboxes and information about email accounts offered by Google, Yahoo and other Internet providers.
“The government can’t just wander through your emails just because they’d like to know what you’re thinking or doing,” said Stewart Baker, a former assistant secretary at the Department of Homeland Security and now in private law practice. “But if the government is investigating a crime, it has a lot of authority to review people’s emails.”
Under the 1986 Electronic Communications Privacy Act, federal authorities need only a subpoena approved by a federal prosecutor — not a judge — to obtain electronic messages that are six months old or older. To get more recent communications, a warrant from a judge is required. This is a higher standard that requires proof of probable cause that a crime is being committed.
A subpoena is usually sufficient to require Internet companies to reveal names and any other information that they have that would identify the owner of a particular email account. Google, which operates the widely used Gmail service, complied with more than 90 percent of the nearly 12,300 requests it received in 2011 from the U.S. government for data about its users, according to figures from the company.
Even if a Gmail account is created with a fictitious name, there are other ways to track down the user. Logs of when messages are sent reveal the Internet address the user used to log onto the account. Matching times and dates with locations allow investigators to piece together the chain.
And that trick that Petraeus and Broadwell apparently used of saving messages in the draft folder of a shared Gmail account? That’s no more secure than any sending the email itself. All law enforcement needs in that case is access to the account itself and they can see everything that’s been written and saved. Admittedly, such a technique is much harder to trace than normal email, and darn near impossible if you don’t know what account to look for to begin with. Nonetheless, the FBI was able to discover it in this case so they probably wouldn’t have much trouble tracking down your “secret” email account either. After all, you’re not even the Director of the CIA.
While the media continues to focus on the salacious aspects of this case, though, one does have to wonder whether this entire criminal investigation was justified. After all, there’s no evidence that Petraeus committed any crimes during his relationship with Broadwell, or that he revealed any classified secrets. Although she does seem to have strange habit of holding on to classified documents, there’s no evidence that Broadwell committed a crime either. From their description in the media, for example, it seems rather unlikely that the emails she sent to Jill Kelley constituted cyberharrassment under Federal or applicable state law. So, why exactly was the FBI involved in this case for months, then? And, as Glenn Greenwald asks, what about the surveillance techniques that they used:
So not only did the FBI – again, all without any real evidence of a crime – trace the locations and identity of Broadwell and Petreaus, and read through Broadwell’s emails (and possibly Petraeus’), but they also got their hands on and read through 20,000-30,000 pages of emails between Gen. Allen and Kelley.
This is a surveillance state run amok. It also highlights how any remnants of internet anonymity have been all but obliterated by the union between the state and technology companies.
But, as unwarranted and invasive as this all is, there is some sweet justice in having the stars of America’s national security state destroyed by the very surveillance system which they implemented and over which they preside. As Trevor Timm of the Electronic Frontier Foundation put it this morning: “Who knew the key to stopping the Surveillance State was to just wait until it got so big that it ate itself?”
It is usually the case that abuses of state power become a source for concern and opposition only when they begin to subsume the elites who are responsible for those abuses. Recall how former Democratic Rep. Jane Harman – one of the most outspoken defenders of the illegal Bush National Security Agency (NSA) warrantless eavesdropping program –suddenly began sounding like an irate, life-long ACLU privacy activistwhen it was revealed that the NSA had eavesdropped on her private communications with a suspected Israeli agent over alleged attempts to intervene on behalf of AIPAC officials accused of espionage. Overnight, one of the Surveillance State’s chief assets, the former ranking member of the House Intelligence Committee, transformed into a vocal privacy proponent because now it was her activities, rather than those of powerless citizens, which were invaded.
With the private, intimate activities of America’s most revered military and intelligence officials being smeared all over newspapers and televisions for no good reason, perhaps similar conversions are possible. Put another way, having the career of the beloved CIA Director and the commanding general in Afghanistan instantly destroyed due to highly invasive and unwarranted electronic surveillance is almost enough to make one believe not only that there is a god, but that he is an ardent civil libertarian.
This is the real scandal in L’Affaire Petraeus. A handful of mildly harassing emails lead to a months-long FBI investigation that ends up taking down a CIA Director and potentially implicating the promotion of the next Commander of NATO. In the course of that investigation, they utilized a variety of laws to hack into the email accounts of at least three people and perhaps more in their search for…….what exactly? It had apparently become fairly clear early on in the investigation that there was no national security threat implicated by the Petraeus-Broadwell affair, and there’s no law against having an extra-marital affair. At that point, the investigation should have ended and the matter closed. Instead, agents kept digging into more email accounts until finally revealing what was going on to the Director of National Intelligence, an action which pretty much put the end to Petraeus’s career.
I suppose there’s some value in all of this, though. It has revealed once and for all just how easy it is for Federal law enforcement to access email and other online accounts of pretty much anyone. In most cases, they need only the flimsiest of justifications to get that access and, once they have it, there’s no limit on what they can do with what they find. And much of this will happen without the target of the investigation even being aware of it. If that’s not something to be concerned about, I don’t know what is.