Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Did we learn anything from the recent email scandal?

Regarding the current scandal involving former CIA director, General David
Petraeus, did we learn anything new about email security or the lack thereof?
Were you surprised at what the FBI was able to find out about the parties to
this scandal before the FBI even obtained a court order or a warrant or
subpoena?

In this excerpt from
Answercast #74
, I look at how email can be accessed easily by the
authorities if it is available in an online service.

Become a Patron of Ask Leo! and go ad-free!

Hiding emails online

Was I surprised? Absolutely not.

Did we learn anything? Well, I think a lot of people learned something. But
it’s not something that wasn’t already out there to be learned.

The fact is when you store email on a service provider like Gmail or Hotmail
or whatever, the email in many cases is legally accessible to law enforcement
if they have a good reason.

Online email can be accessed

Now, I don’t want to get into the legalities and picking apart the law. For
one thing I’m not a lawyer. For another thing the law keeps changing. But as I
kind of sort of understand it, if you leave email on your email server for long
enough, the email is (currently under the law, I think) deemed as being
abandoned, or available, or whatever. What that means is that if you are
honestly, truly concerned about the government accessing your email, don’t
leave it on a common server like Gmail – or your ISP, or wherever.

That’s an important lesson to be learned.

Hiding messages in drafts

The other lesson to be learned, by the way, is about this technique they
were using: where they didn’t actually send mail. They were sharing
access to a single account and leaving each other messages in the Drafts
folder.

In other words – they would type up a message, but leave it in “Drafts” and
never hit send.

That didn’t help them. The fact is that the email account is available.
These folders are available to law enforcement.

Apparently this is a technique that’s been used by others before. I think
you can see that it is not something that is particularly secure, and is not
something that adds a real layer of security to what you’re doing.

Email servers are vulnerable

The important things to take away from this are:

  • Mail on a server is vulnerable to inspection by the authorities.

If that’s a problem then you want to take steps to make sure that’s not your
situation.

  • Your email then needs to be on your PC where it’s in your control;
    or it needs to be encrypted in some way that cannot be decrypted, just by
    nature of its storage on the service.

(Transcript lightly edited for readability.)

Do this:

Subscribe to Confident Computing! More confidence & less frustration -- solutions, answers, & tips -- in your inbox every week.

I'll see you there!

8 comments on “Did we learn anything from the recent email scandal?”

  1. So instead of sharing an email account, if I give remote access, through let us say logmein, to me partner and we leave messages there on the pc, would you say our communication is secure enough from prying eyes?

    Depends on the prying eyes. And how secure your computer is. I can envision a few ways that it might still be discoverable.

    Leo
    01-Dec-2012
    Reply
  2. Anybody who expects unencrypted email to be private is seriously fooling themselves if you don’t do it, it can’t come back and bite you.

    Reply
  3. What I found shocking and had me ROTFL, is the fact that the CIA director would use such an ineffective way of hiding his tracks as that. I mean, if he’s that sloppy, how could he have been trusted to oversee the whole country’s security???

    Reply
  4. This sort of touches on a previous question in this newsletter re: how much more capable are men at technology than ‘older’ women. Yep, no question about it. We rock!

    Reply
  5. Even encryption may not save you. Either “they” can decrypt it or you can be compelled in a legal case to decrypt it.

    Bottom line, the only secure communication is to talk to yourself… and don’t do it out loud. 🙂

    Reply
  6. Good News……
    It’s called Wickr
    Its app works like this: You create a text — picture, voice or video — and you set a time for how long you want that message to live. Then you send it to the other person. The timer starts the second they open the message.

    When the timer hits zero the message self-destructs. All digital traces of that communication are gone. The app is free. Wickr plans eventually to make money by charging for a version with a few more features, but the basic security will always be the same.
    Dec. 4th release -NPR
    http://www.npr.org/2012/12/04/166464858/online-privacy-fix

    Cell phone app only for now, but they’re working to expand….but I believe this addresses the primary phone email concern.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.