Wednesday, November 14, 2012

the real lesson boys and girls, is, if you're sketchy, use Tor and PGP

slate | Using the dead-drop tactic can certainly reduce the chances that sweeping surveillance dragnets will gobble up your communications—but it is not exactly secure. The method was used by the planners of the Madrid train bombings in 2004, which killed 191 people, helping them to operate below the radar of Big Brother. However, law enforcement agencies over the years have grown accustomed to terrorists using the dead drop, and technologies have been developed to help counter it.

An interception tool developed by the networking company Zimbra, for instance, was specifically designed to help combat email dead drops. Zimbra’s “legal Intercept” technology allows law enforcement agencies to obtain “copies of email messages that are sent, received, or saved as drafts from targeted accounts.” An account that is under surveillance, with the help of Zimbra’s technology, will secretly forward all of its messages, including drafts, to a “shadow account” used by law enforcement. This may have been how the FBI was able to keep track of all correspondence being exchanged between Petraeus and Broadwell.

(It’s also worth noting that archived draft emails stored alongside sent and received messages on Google’s servers can actually be obtained by law enforcement with very little effort. Due to the outdated Electronic and Communications and Privacy Act, any content stored in the cloud can be obtained by the government without a warrant if it’s older than six months, as Wired reported last year.)

What this means is that if Petraeus and Broadwell had been savvy enough to use encryption and anonymity tools, their affair would probably never have been exposed. If they had taken advantage of PGP encryption, the FBI would have been able to decipher their randy interactions only after deploying Trojan-style spyware onto Broadwell’s computer. Further still, if the lovers had only ever logged into their pseudonymous Gmail accounts using anonymity tools like Tor, their real IP addresses would have been masked and their identities extremely difficult to uncover.

But then it is unlikely that they ever expected to come under FBI surveillance. Their crime was a moral one, not a felony, so there was no real reason to take extra precautions. In any other adulterous relationship a pseudonym and a dead drop would be more than enough to keep it clandestine, as my Slate colleague Farhad Manjoo noted in an email.

Broadwell slipped up when she sent the harassing emails—as that, as far as we know, is what ended up exposing her and Petraeus to surveillance. Whether the harassment was serious enough to merit email monitoring is still to be established, as Emily Bazelon writes on “XX Factor.” It goes without saying, however, that the real error here was ultimately made by Petraeus. If he had stayed faithful to his wife of 38 years in the first place, he’d still be in charge at the CIA—and I wouldn’t be writing about how he could have kept his adultery secret more effectively by using encryption.

Nothing Personal, It's Just Business....,

▶️ Powerful video here: revealing the deep and dark corruption which has been fueling this disastrous proxy war from the first moment of its...