CIA Director Used Gmail Drafts To Hide Messages


As of the time of this writing, there are a lot of unanswered questions regarding the sudden and unexpected resignation of former CIA Director David Petraeus. But this much is known for sure: he resigned because of an extramarital affair and the canoodlers seem to have been discovered through a shared Gmail account.

Maybe I’m getting old and I’m not hip to all the new tricks these days, but apparently the former director used a method that is popular among teens wanting to keep secrets: rather than sending an email to his mistress, Petraeus would simply write his composition and save it in Gmail’s drafts folder. Later, Paula Broadwell (the apparent mistress) would log in to the same account, read the message and delete it. This was apparently done for two reason. It would keep an encrypted copy on Google’s servers, and it wouldn’t leave an email trail between them.

While this might seem clever–and it probably works well for teens or drug dealers–there is so much about this method that makes me want to facepalm.

Let’s leave out the obvious ethical issues of the affair. We’re talking about the director of the United States Central Intelligence Agency, here. Petraeus was (one of) the most powerful figures in the world when it comes to information security. I am absolutely baffled by the fact that he thought this would be an appropriate way to communicate securely. Sure, there’s no SMTP trail of an email being sent, but surely he knew of the various logs that Google keeps regarding who accesses accounts!

It’s unclear as to whether the FBI (who led the investigation into the matter) was able to access the account or acquire additional information from Google. But when I hear that one of the most powerful men in security and intelligence is using Gmail to protect and/or obfuscate data, it makes me a little nervous about who’s calling the shots.