David Petraeus Proves It: Email Is Not Secure
Wayne Rash asks: how could the head of the CIA not realise he couldn’t trust secrets to Gmail?
I knew that the level of stupidity among government officials had reached a new all-time high when I couldn’t find a Demotivators poster at Despair Inc. that fit the situation. But sometimes there is a level of total absence of thought, such cluelessness, that mere words fail. But with that in mind, we’ll talk about the David Petraeus and his email anyway.
By now you have probably figured out that I’m talking about General David Petraeus, the retired soldier and now former head of the Central Intelligence Agency (CIA), who carried on an illicit affair for months using Google’s Gmail as the medium for the supposedly “secret” communications. Leaving aside the warning I delivered recently (anyone clueless enough to use Gmail for secrets is probably too clueless to read eWEEK or TechWeekEurope), you’d think that the head of the CIA would know with deep certainty how insecure email is.
Email is not secure
But apparently the lesson went unlearned, so for you spymasters and others who haven’t figured this out, here it is again. Pay close attention: Email is not secure. See, I even used bold print so you’d notice. To put it another way, do not use email for anything that you don’t want to see on the front page of The Washington Post.
I’d like to say that this is a recent revelation, but I first wrote this warning in a column I wrote in Byte Magazine back in the mid-1980s. Email’s lack of security hasn’t changed, and I don’t think it is ever likely to change.
While it’s true that many email systems encrypt the email they carry between the time it leaves your computer or smartphone and arrives at their email server, that’s all there is when it comes to security. There’s a good chance that the email on your company’s server is also encrypted, but there’s no guarantee. And you have no way of knowing whether the email service that’s being used by the recipient of your email has any encryption at all.
That’s bad enough, but it gets worse. Depending on your email client, there’s a pretty good chance there’s a copy of most of your email on your computer, and that includes email you’ve sent, email that you’ve received and even email that you thought you’d erased. There’s also a copy of everything you’ve sent or received on the servers of your email provider and on the servers and computers of the person at the other end.
All of that email might be hard for you to find, but trust me when I tell you it’s only a subpoena away.
But, of course, it gets worse than that. Let’s assume, for now, that the various government officials involved in recent email scandals weren’t sending clear text messages while using the open Wi-Fi at their local coffee shop. That email still has to go to someone else, and you have to trust that the someone else you’re sending email to will never decide to share it.
People ruin everything
As is the case with most security issues, the people involved are the least secure part of the equation. So let’s say you send a deeply personal email message to someone in a situation where that message or the fact that you sent it would be perceived as a Bad Thing. Now suppose that the recipient, being deeply touched by whatever personal feelings you shared, decides to save the message.
How do they save this message? Just leaving it in their inbox is bad enough for your secrets, but maybe they wanted something more permanent. So they saved it as a file on their hard disk, where it’s backed up. Or they printed the email and stuck it to the fridge with a magnet. Or maybe, so overwhelmed by what a sensitive feeling person you are, decided to share it with their best friend. Or maybe they share it with all of their friends. On Facebook.
Or maybe, after the initial ardor has cooled they share it with their lawyer. Or they share it with The Washington Post. Or the FBI. Or maybe you have to take your computer in for service and the guy at the computer repair place wants a few brownie points with the feds. You see where this is going.
The fact is that sharing secrets by email has so many points of failure that it’s easy to lose count. So don’t use it for secrets unless you have a very good means of encryption and actually use it to encrypt your email.
There are a couple of other things you can do to keep the world from finding out how stupid you were. First, if you do something dumb, don’t talk about it and don’t email it. Second, if you must communicate about it, do it in writing on paper where you’ve created the text by hand. If you can’t wait long enough to write a letter, then discuss the situation verbally in person after you’ve confirmed that the other person doesn’t have a listening device (a cell phone for example) in range.
Does this sound really paranoid? It should, but if you persist in doing dumb things then either be prepared for them to become public, or make sure they stay secret by not discussing them. And yes, the CIA can intercept email. Don’t you think the director would know that?
This column first appeared in eWEEK.