The funny thing is, Paula Broadwell and David Petraeus thought they knew what they were doing. They were careful, more careful than the average American fooling around outside the bounds of marriage tends to be. When Broadwell wanted to warn off the other woman she suspected of messing with her man, she set up an anonymous email account and only used it away from home, usually on the Wi-Fi networks of hotels she was staying in. Broadwell and Petraeus also thought they could avoid having their emails intercepted in transit by technically avoiding “sending” them at all. Instead, they saved their messages to each other as “drafts” in a Gmail account to which they both enjoyed access.
But if they thought they were being smart, they were wrong. Broadwell and Petraeus were undone, says ACLU privacy and technology expert Christopher Soghoian, by their “lack of knowledge of operational security” and “poor tradecraft.” “Draft” messages are stored in Gmail’s server cloud just like all other sent and received messages. And the FBI turned out to be more than capable of correlating the Internet Protocol addresses that identified the origin of Broadwell’s supposedly “anonymous” emails with hotel records that showed Broadwell as a guest at the same time the messages were sent.
If Broadwell had taken greater precautions, she might never have been caught. She could have covered her tracks with any one of myriad commercially available Virtual Private Network programs or, if she was looking for some heavy-duty protection, she could have downloaded the Tor Project’s anonymizing browser. We should all takes notes from her misfortune. For those of us who have been able to look beyond the shirtless-pic-sending FBI agents and Tampa socialite “honorary consuls” and overly flirtatious four-star generals, the obvious lesson to take away from this mess is that if we’re going to play hanky-panky with the director of the CIA, we’d better make sure we’re using the best privacy protection tools available.
But there’s another, more important lesson to be gleaned from this tale of a biographer run amok. Broadwell’s debacle confirms something that some privacy experts have been warning about for years: Government surveillance of ordinary citizens is now cheaper and easier than ever before. Without needing to go before a judge, the government can gather vast amounts of information about us with minimal expenditure of manpower. We used to be able to count on a certain amount of privacy protection simply because invading our privacy was hard work. That is no longer the case. Our always-on, Internet-connected, cellphone-enabled lives are an open door to Big Brother. Just ask Paula Broadwell.