It’s become the email equivalent of separating church and state: work email is for official communications while private accounts are for personal — and sometimes inappropriate — messaging.
But as the scandal that has enveloped former CIA director David Petraeus and Gen. John Allen has shown, Gmail and other Web-based email services are not completely safe zones.
The FBI probe into Petraeus — which led to his resignation last Friday — serves as a reminder that even the most private emails sent on commercial online services among people using pseudonyms can be discovered and thrown into the harsh light of scrutiny.
Here are Gmail lessons to be learned from the Petraeus affair:
1. It’s not anonymous.
Petraeus and his biographer Paula Broadwell apparently took steps to protect their communication, such as using pseudonyms to set up an online service account and in communicating with each other. But FBI investigators were able to figure out some information about the account from looking at emails sent from the account to another party. Reportedly this is what led authorities investigating threatening emails to Tampa socialite Jill Kelley from Broadwell.
“Who you are saying it to and where you are saying it from has the least protection under the law,” said Chris Soghoian, principal technologist at the ACLU. “A warrant is needed to find out what you are saying.”
Internet service providers and most websites keep complete records of the Internet Protocol addresses of those who use their services for 18 months, and then slightly blurred records of IP addresses after 18 months. Investigators can obtain that information under the Electronic Communications Privacy Act as long as they have reasonable grounds to believe that it is relevant to an ongoing criminal investigation — less than the probable cause needed to secure a warrant. In the Petraeus case, the FBI reportedly got the necessary court clearances.
The only way that people can use pseudonymous webmail accounts safely is via an anonymizing service like Tor, said Peter Eckersley, technology projects director for the Electronic Frontier Foundation. Tor is installed on a computer and reroutes website visits, instant messages and other communications to other Tor users so it is not possible to identify a single computer, sort of like hiding in a crowd.
2. Government requests for access are increasing and Google and other services play ball.
Google reported Tuesday that law enforcement and courts in the United States made nearly 8,000 requests for user information in the first half of 2012 from all of Google’s products — including Gmail, search, Google Docs, etc. The number of requests from the American law enforcement alone jumped 26 percent from the previous six months, when 6,321 requests were made.
Government officials wanted information on 16,281 accounts, Google said, and Google complied roughly 90 percent of the time.
The report shows governments around the world not only wanted more data for law enforcement purposes but also increased requests to Google to remove content.. “Government surveillance is on the rise,” Dorothy Chou, a senior policy analyst at Google, wrote in a blog post announcing the report.
3. You’re not in cyberspace.
A person’s physical location when sending an email can often be pinpointed from the email they send. Email metadata contains IP addresses of the computers and servers they come in contact with, as well as the unique number associated with the device that sent the emails. Sometimes, the traceable IP of the sender’s device is visible in a sent email — email services such as Yahoo and others reveal information about the sending computer, while messages sent from Gmail’s Web interface do not reveal the information about the sending computer, privacy experts say. Even if it isn’t visible, investigators can obtain it with the use of a subpoena or court order, and determine other accounts accessed from the same location.
In the Petraeus case, authorities reportedly used location data in the headers of emails to trace them to Broadwell. Once they pinpointed her as a suspect, FBI investigators were able to obtain a warrant to look at her other email accounts, including the Gmail account she reportedly shared with Petraeus.
4. A draft email folder does not offer magical protection.
The Associated Press reported Monday that Petraeus and Broadwell sometimes communicated by writing messages and storing them in the draft folder of a jointly accessed email account, rather than sending them. The idea is to avoid creating a digital trail of email transmissions, a technique reprtedly used by Al Qaeda operatives to hide traffic but dismissed by one privacy expert as “security folklore.”
The technique doesn’t work because emails kept in the draft folder are sent to service providers’ servers. In fact, they may be more vulnerable. Government may have easier access to the unsent emails, because draft communications might not meet the technical definition of “electronic storage” in ECPA. That would allow access to the communications without a full-blown warrant.
5. Off-record chats can linger — somewhere.
When using instant messaging in Google Talk or Gmail, many users choose to chat “off record,” meaning that nothing said is saved in either person’s Gmail account. But if using a third-party service to access chat, the history may be saved to the users’ computers, Google says. “We can only guarantee that when you go off the record, the chat history is not being automatically saved or made searchable in either person's Gmail account,” the company reports.
But Soghoian said that “Google's off the record isn't bulletproof.”
“If the government sends Google a preservation order” — a stipulation requiring a company to preserve data, even if it’s not yet signed by a judge — “then Google can be forced to retain future records for that account,” he said.