"Total Information Awareness" now "Stellar Wind"

[Darren Dirt]

ACLU blog re. feds snooping on anonymous email ... of now-resigned CIA director David Petraeus!

http://www.aclu.org/blog/technology-and-liberty-national-security/surveillance-and-security-lessons-petraeus-scandal

The resignation of Gen. David Petraeus began, we all now know, with Gmail. Petraeus' biographer and reported mistress Paula Broadwell apparently regarded Tampa socialite and Petraeus friend Jill Kelley as a romantic rival, and she e-mailed Kelley from an anonymous Gmail account, warning her to stay away from the general. Kelley turned those e-mails over to the FBI, which began investigating who was behind the messages and eventually identified Broadwell as the owner of the account.

... The Broadwell saga illustrates just how vulnerable our e-mail is to warrantless government snooping, noted by privacy researcher Chris Soghoian in a post at the ACLU blog. We don't yet know exactly what legal procedures the FBI invoked to get information about Broadwell's online activities. But alarmingly, most of the information the FBI reportedly obtained in the course of its investigation would not have required any judicial oversight.

To conceal her identity, Broadwell avoided accessing the account from her home Internet account. Instead, she accessed it from publicly available WiFi connections.

Yet these steps proved insufficient to hide her identity. A source told NBC that it "took agents a while to figure out the source. They did that by finding out where the messages were sent from?which cities, which Wi-Fi locations in hotels. That gave them names, which they then checked against guest lists from other cities and hotels, looking for common names."

Not only did Broadwell try to hide her identity by creating an anonymous e-mail account, she also reportedly sought to avoid having her e-mails to Petraeus intercepted by not sending them at all. Instead, she and Petraeus shared the password to the e-mail account, and would leave messages for each other in its "drafts" folder.

So it wasn't even email contents that travelled publicly through the internet via SMTP!

Suddenly I'm not so sure how confident/safe I feel about storing pretty much ANYTHING in the so-called "cloud".


Heck, they coulda just used PasteBin or something, with Rot13 maybe, and then at least the whole "stay away from my man" email would never track back to the other stuff.

[Mr. Analog]

I don't get how people don't understand this, if you store information online it has to be transported to and from your local computer, so there are THREE vectors for information leaking: your local computer, the server or the trip between the two.

If it's that important or sensitive DON'T PUT IT ON THE INTERNET

I have this argument with my artist friends who put artwork online and it ends up getting "stolen" (i.e. downloaded and reposted elsewhere). If you post something online the only way for other people to see it is to download it, not to mention you've probably posted it to a host who likely has ownership/redistribution rights of the work while it is hosted there (people NEVER read the ToS).