Does the head of the world's top spy agency really think he can hide behind a Gmail account and a pseudonym?
Apparently so. Even bumbling Boris Badenov from "Rocky and Bullwinkle" would have known better.
The extramarital affair between former CIA Director David Petraeus and his biographer, Paula Broadwell, which was revealed by their incriminating Gmail exchanges, could easily have gone undetected had Petraeus and his paramour followed two simple spy tricks that date back millenia: Write in code and destroy the message after you read it. It sounds simple, and it is. That's why it's disturbing and worth noting that the man in charge of all covert intelligence operations for the United States couldn't manage to keep a secret about his personal life.
According to the Wall Street Journal, Petraeus and Broadwell used pseudonyms to set up separate Gmail accounts which they used to communicate in secret. Their trove of "sexually explicit emails" were discovered only by accident after Jill Kelley, an acquaintance of Petraeus, complained that she was receiving threatening emails, which led FBI investigators to Broadwell's account and, in turn, to her X-rated messages detailing the affair.
The Journal explains:
FBI agents and federal prosecutors used the information as probable cause to seek a warrant to monitor Ms. Broadwell's email accounts.
They learned that Ms. Broadwell and Mr. Petraeus had set up private Gmail accounts to use for their communications, which included explicit details of a sexual nature, according to U.S. officials. But because Mr. Petraeus used a pseudonym, agents doing the monitoring didn't immediately uncover that he was the one communicating with Ms. Broadwell.
Creating separate accounts dedicated to illict communication was a good move, notes Graham Cluley, a senior technology consultant at Sophos, a provider of security software. But his praise ends there.
Petraeus and Broadwell made the mistake of saving their emails, rather than erasing them right away. And Cluley says they also should have communicated in code using freely available online encryption services.
"If you are sharing conversations of a saucy nature, be sure that if anyone stumbles across them, they will be gobbledygook," Cluley said. "Clearly that was not happening in this case."
Using secret code to communicate is a piece of advice for lovers that dates at least as far back as the Kama Sutra: A chapter in the ancient text detailing the "Arts and Sciences to be Studied" recommends that lovers master "the art of understanding writing in cypher, and the writing of words in a peculiar way," according to Sir Richard F. Burton's translation of the text. Also advised: mastering the "[s]olution of riddles, enigmas, covert speeches, verbal puzzles and enigmatical questions."
The modern version of writing in cyphers and code is the relatively simple use of email encryption services that make a message intelligible only to a reader who possesses the encryption key.
CNET's Stephen Shankland and PC World's Eric Geier have put together two in-depth guides to encrypting Gmail messages -- both of which Petraeus or Broadwell could have easily found by searching Google for "Gmail encryption." There are also numerous free tools such as CipherCloud, Cipher.it and Enigmail that can turn, say, "I can't stop thinking about you, baby" into a seemingly random string of Chinese characters, letters and numbers.
There's something even simpler the lovers could have done: hit delete.
"At the most fundamental level, once you've chatted, delete your logs," advised Cluley. "If you need to keep something secret, erase all that stuff and empty your trash."
There are also a host of James Bond-inspired tech tools that ensure messages will delete themselves. Wickr and BurnNote allow users to send emails that self-destruct, and SnapChat enables users to share photos that are visible only temporarily -- say, for ten seconds -- and can't be screenshotted. The appropriately named website This Message Will Self-Destruct, or TMWSD, is a another tool that allows users to create messages that can only be viewed once, after which the page that once displayed the message is gone.