The Petraeus Scandal And The Surveillance State
If nothing else, the Petraeus affair is teaching us a valuable lesson in just how extensive the Surveillance State has become.
The still unfolding Petraeus-Broadwell-Kelley-Allen scandal has raised the specter of just how unsecure the email services that most of us use on a daily basis:
The F.B.I. investigation that toppled the director of the C.I.A. and has now entangled the top American commander in Afghanistan underscores a danger that civil libertarians have long warned about: that in policing the Web for crime, espionage and sabotage, government investigators will unavoidably invade the private lives of Americans.
On the Internet, and especially in e-mails, text messages, social network postings and online photos, the work lives and personal lives of Americans are inextricably mixed. Private, personal messages are stored for years on computer servers, available to be discovered by investigators who may be looking into completely unrelated matters.
In the current F.B.I. case, a Tampa, Fla., woman, Jill Kelley, a friend both of David H. Petraeus, the former C.I.A. director, and Gen. John R. Allen, the top NATO commander in Afghanistan, was disturbed by a half-dozen anonymous e-mails she had received in June. She took them to an F.B.I. agent whose acquaintance with Ms. Kelley (he had sent her shirtless photos of himself — electronically, of course) eventually prompted his bosses to order him to stay away from the investigation.
But a squad of investigators at the bureau’s Tampa office, in consultation with prosecutors, opened a cyberstalking inquiry. Although that investigation is still open, law enforcement officials have said that criminal charges appear unlikely.
In the meantime, however, there has been a cascade of unintended consequences. What began as a private, and far from momentous, conflict between two women, Ms. Kelley and Paula Broadwell, Mr. Petraeus’s biographer and the reported author of the harassing e-mails, has had incalculable public costs.
The C.I.A. is suddenly without a permanent director at a time of urgent intelligence challenges in Syria, Iran, Libya and beyond. The leader of the American-led effort to prevent a Taliban takeover in Afghanistan is distracted, at the least, by an inquiry into his e-mail exchanges with Ms. Kelley by the Defense Department’s inspector general.
For privacy advocates, the case sets off alarms.
“There should be an investigation not of the personal behavior of General Petraeus and General Allen, but of what surveillance powers the F.B.I. used to look into their private lives,” Anthony D. Romero, executive director of the American Civil Liberties Union, said in an interview. “This is a textbook example of the blurring of lines between the private and the public.”
Law enforcement officials have said they used only ordinary methods in the case, which might have included grand jury subpoenas and search warrants. As the complainant, Ms. Kelley presumably granted F.B.I. specialists access to her computer, which they would have needed in their hunt for clues to the identity of the sender of the anonymous e-mails. While they were looking, they discovered General Allen’s e-mails, which F.B.I. superiors found “potentially inappropriate” and decided should be shared with the Defense Department.
In a parallel process, the investigators gained access, probably using a search warrant, to Ms. Broadwell’s Gmail account. There they found messages that turned out to be from Mr. Petraeus.
Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, said the chain of unexpected disclosures was not unusual in computer-centric cases.
“It’s a particular problem with cyberinvestigations — they rapidly become open-ended because there’s such a huge quantity of information available and it’s so easily searchable,” he said, adding, “If the C.I.A. director can get caught, it’s pretty much open season on everyone else.”
As it turns out, the methods that the FBI used to gain access to a wide variety of email accounts during the course of this investigation are both rather common and rather easy for law enforcement to pull off without the target of an investigation even knowing what’s going on:
The downfall of CIA Director David Petraeus demonstrates how easy it is for federal law enforcement agents to examine emails and computer records if they believe a crime was committed. With subpoenas and warrants, the FBI and other investigating agencies routinely gain access to electronic inboxes and information about email accounts offered by Google, Yahoo and other Internet providers.
“The government can’t just wander through your emails just because they’d like to know what you’re thinking or doing,” said Stewart Baker, a former assistant secretary at the Department of Homeland Security and now in private law practice. “But if the government is investigating a crime, it has a lot of authority to review people’s emails.”
Under the 1986 Electronic Communications Privacy Act, federal authorities need only a subpoena approved by a federal prosecutor — not a judge — to obtain electronic messages that are six months old or older. To get more recent communications, a warrant from a judge is required. This is a higher standard that requires proof of probable cause that a crime is being committed.
A subpoena is usually sufficient to require Internet companies to reveal names and any other information that they have that would identify the owner of a particular email account. Google, which operates the widely used Gmail service, complied with more than 90 percent of the nearly 12,300 requests it received in 2011 from the U.S. government for data about its users, according to figures from the company.
Even if a Gmail account is created with a fictitious name, there are other ways to track down the user. Logs of when messages are sent reveal the Internet address the user used to log onto the account. Matching times and dates with locations allow investigators to piece together the chain.
And that trick that Petraeus and Broadwell apparently used of saving messages in the draft folder of a shared Gmail account? That’s no more secure than any sending the email itself. All law enforcement needs in that case is access to the account itself and they can see everything that’s been written and saved. Admittedly, such a technique is much harder to trace than normal email, and darn near impossible if you don’t know what account to look for to begin with. Nonetheless, the FBI was able to discover it in this case so they probably wouldn’t have much trouble tracking down your “secret” email account either. After all, you’re not even the Director of the CIA.
While the media continues to focus on the salacious aspects of this case, though, one does have to wonder whether this entire criminal investigation was justified. After all, there’s no evidence that Petraeus committed any crimes during his relationship with Broadwell, or that he revealed any classified secrets. Although she does seem to have strange habit of holding on to classified documents, there’s no evidence that Broadwell committed a crime either. From their description in the media, for example, it seems rather unlikely that the emails she sent to Jill Kelley constituted cyberharrassment under Federal or applicable state law. So, why exactly was the FBI involved in this case for months, then? And, as Glenn Greenwald asks, what about the surveillance techniques that they used:
So not only did the FBI – again, all without any real evidence of a crime – trace the locations and identity of Broadwell and Petreaus, and read through Broadwell’s emails (and possibly Petraeus’), but they also got their hands on and read through 20,000-30,000 pages of emails between Gen. Allen and Kelley.
This is a surveillance state run amok. It also highlights how any remnants of internet anonymity have been all but obliterated by the union between the state and technology companies.
But, as unwarranted and invasive as this all is, there is some sweet justice in having the stars of America’s national security state destroyed by the very surveillance system which they implemented and over which they preside. As Trevor Timm of the Electronic Frontier Foundation put it this morning: “Who knew the key to stopping the Surveillance State was to just wait until it got so big that it ate itself?”
It is usually the case that abuses of state power become a source for concern and opposition only when they begin to subsume the elites who are responsible for those abuses. Recall how former Democratic Rep. Jane Harman – one of the most outspoken defenders of the illegal Bush National Security Agency (NSA) warrantless eavesdropping program –suddenly began sounding like an irate, life-long ACLU privacy activistwhen it was revealed that the NSA had eavesdropped on her private communications with a suspected Israeli agent over alleged attempts to intervene on behalf of AIPAC officials accused of espionage. Overnight, one of the Surveillance State’s chief assets, the former ranking member of the House Intelligence Committee, transformed into a vocal privacy proponent because now it was her activities, rather than those of powerless citizens, which were invaded.
With the private, intimate activities of America’s most revered military and intelligence officials being smeared all over newspapers and televisions for no good reason, perhaps similar conversions are possible. Put another way, having the career of the beloved CIA Director and the commanding general in Afghanistan instantly destroyed due to highly invasive and unwarranted electronic surveillance is almost enough to make one believe not only that there is a god, but that he is an ardent civil libertarian.
This is the real scandal in L’Affaire Petraeus. A handful of mildly harassing emails lead to a months-long FBI investigation that ends up taking down a CIA Director and potentially implicating the promotion of the next Commander of NATO. In the course of that investigation, they utilized a variety of laws to hack into the email accounts of at least three people and perhaps more in their search for…….what exactly? It had apparently become fairly clear early on in the investigation that there was no national security threat implicated by the Petraeus-Broadwell affair, and there’s no law against having an extra-marital affair. At that point, the investigation should have ended and the matter closed. Instead, agents kept digging into more email accounts until finally revealing what was going on to the Director of National Intelligence, an action which pretty much put the end to Petraeus’s career.
I suppose there’s some value in all of this, though. It has revealed once and for all just how easy it is for Federal law enforcement to access email and other online accounts of pretty much anyone. In most cases, they need only the flimsiest of justifications to get that access and, once they have it, there’s no limit on what they can do with what they find. And much of this will happen without the target of the investigation even being aware of it. If that’s not something to be concerned about, I don’t know what is.
What you said.
Great post. We’ve given up far too much of our privacy for the false promise of security. Time to start taking it back.
Three cheers for the ACLU.
You know, a lot of people have been trying to raise the alarm about this for the last ten years.
It’s pretty impressive how many things the “far left” were dead right about, circa 2002-2004. I wonder if there’s a german word that expresses the feeling you get from thinking “I told you so” too often; it’s sort of a mixture of schadenfreude, nausea, and borderline despair.
I’d like to suggest we focus on this first as an issue for the millions of folks w/out security clearances rather than the thousands with high level clearances who should have little expectation of privacy.
Should the investigation have gotten started? I dunno. Cyberstalking laws are pretty broad, and one of the early emails was directly to the private address of a 4-star (Allen). It seems like you might want to look into that.
Then once they found an email account apparently shared by Broadwell and Petraeus… well, you have to investigate that.
All other issues aside, it is mordantly funny that one of the first public figures brought down by the Surveillance-Industrial Complex was….the head of the CIA.
If you read it in fiction, you’d dismiss it as contrived and unbelievable.
This started out as an investigation of a few (reportedly) mildly harassing emails. Once the FBI confirmed it was Broadwell, what authority did they have to look at all of her other emails and track down the identity of other people? What did it have to do with the original case? Does this mean that once they have access to your email for any reason, they can look at all of it and also the emails of anyone who ever emalied you? Certainly looks like it.
@steve: I’d think looking at her other email activity would be due diligence in a potential cyberstalking case.
And then once they found the shared account with General P….
What should they have done once they discovered it was Broadwell? Said, “Oh okay, we know we sent them now, carry on.”
Well, it seems to me you can’t knowingly give the FBI access to your computer and then bitch about the fact that they read the *rest* of your emails as well….
I write assuming that everything I type, anywhere, can easily get exposed to the broad light of publicity.
One thing that should be noted here is that all the people involved here have security clearances. One of the things you do when you get one is sign a paper explictly giving the government permission to do this sort of thing.
I’m not sure conclusions should be drawn about the general public based on a special case where the government had prior consent to access the accounts.
@Bernard Finel: I love your writing on this. But there’s one big question I haven’t seen addressed yet…
I get all that, but since Kelley was the one who made the initial harassment complaints, how & why did the FBI wind up looking through _her_ emails? At what point, and with what justification, did the initial reporter come under enough suspicion to justify this?
@Folderol & Ephemera:
You are not wrong. It’s amazing how all the rock-ribbed conservatives who wanted the PATRIOT act and all the other increased powers for law enforcement never stopped to imagine that those powers might be used against them just as readily as those DFH’s…
Turns out Gen Allen has been consorting with an agent of the South Korean govt. Jill Kelly is an “honorary consul” working on behalf of South Korea. I guess the FBI will now be looking to how many of those 30,000 pages got forwarded to them.
The plot thickens.
@J-Dub: Ahhhhh… .that explains a few things then. And people say Bond movies and soap operas have unrealistic plots!
Yes, and conservatives responded with comments like “Bin Laden appreciates your support”…
My advice to fellow Americans? Be average.
@anjin-san: I also recall “if you aren’t doing anything illegal, you have nothing to be afraid of and “the constitution is not a suicide pact”.
I agree with the following:
1) It’s really funny (darkly, so, but funny) that the head of the CIA goes down like this.
2) Yes, the National Security State is scary.
3) That said, I’m not worried that the State can investigate the CIA director’s affair.
My hope here is this scares some people in DC who might – just might – consider whether this has gone too far. Not for what I think are the right reasons, of course. That rarely works. Self-interest, on the other hand… that’s a powerful force.
@legion: I presume, and I don’t know, but when Kelley reported the harassment, she presumably gave the FBI access to her account. But I agree, I am not sure why the Kelley-Allen correspondences became an issue.
I think Allen has a better case for having been unjustment investigated than do Petraeus or Broadwell.
In the trade-off between safety and liberty, Americans have for the most part tended to safety since 911. My guess is that a century ago, most citizens would have taken some personal physical danger as a matter of course, and would have been willing to put up with it rather than give up liberty. That is no longer the case – its now seen as the government’s duty to make life risk free from physical attacks.
Oddly enough, the GOP has gone further in this direction in terms of physical (as opposed to financial or medical) attacks than the Democrats. Rugged individualism and citizens taking risks apparently is for them no longer a virtue when it involves such attacks (which makes me wonder why they find a nation of wusses so appealing).
Of course, this is true of most western nations – maybe because so many are office workers/professionals who never run across physical risk as part of their day to day jobs.
Apparently Jill Kelly paid for all those swank parties in Tampa through a fake charity:
You’d think she would have the sense to stay under the radar.
@Bernard Finel: That does seem the most likely thing. And I was just about to reference the article @J-Dub linked, regarding her suspicious “charity”. Considering that this is a woman who just tried to tell police to get the media circus off of her lawn because it’s “diplomatic property”, I have no trouble buying the idea the she just never thought her own dirty laundry would get aired…
@legion: I suppose General Allen is not aware of Jill Kelly’s finances, but to provide anyone that is millions of dollars in debt with 30,000 pages of (does anyone know yet?) is horribly irresponsible in respect to national security.
I have a feeling he will be the next one to go down once it is revealed what those 30,000 pages contain.
@J-Dub: Yeah – it’s looking increasingly like Kelly’s entire extended family is just a basket full of crazy. I’m starting to see why the FBI investigation went the way it did…
This isn’t new. A cop with an agenda has always had the power to f’ up your life. The only difference is that this zealot f’ed up the life of the CIA Director. Do I feel more sorry for Patraeus than the kid in Arizona that looks “illegal”? No. The important thing is that we see the similarity and deal with it.