A key lesson from the Petraeus scandal: There is no such thing as online privacy.

When the CIA director cannot hide his activities online, what hope is there for the rest of us? In the unfolding sex scandal that has led to the resignation of David Petraeus, the FBI's electronic surveillance and tracking of Petraeus and his mistress Paula Broadwell is more than a side show - it's a key component of the story.

METADATA IS KING

Broadwell apparently attempted to shield her identity by using anonymous email accounts. However, it appears that her efforts were thwarted by sloppy operational security and the data retention practices of the companies to whom she entrusted her private data.

The New York Times reported that "[ b]ecause the sender's account had been registered anonymously, investigators had to use forensic techniques - including a check of what other e-mail accounts had been accessed from the same computer address-to identify who was writing the e-mails. "

Webmail providers like Google, Yahoo and Microsoft retain login records (typically for more than a year) that reveal the particular IP addresses a consumer has logged in from. Although these records reveal sensitive information, including geo-location data associated with the target, US law currently permits law enforcement agencies to obtain these records with a mere subpoena - no judge required.

Although Broadwell took steps to disassociate herself from at least one particular email account, by logging into other email accounts from the same computer (and IP address), she created a data trail that agents were able to use to link the accounts.

The Wall Street Journal similarly revealed that "agents spent weeks piecing together who may have sent [the emails]. They used metadata footprints left by the emails to determine what locations they were sent from. They matched the places, including hotels, where Broadwell was during the times the emails were sent". NBC added further details, revealing that "it took agents a while to figure out the source. They did that by finding out where the messages were sent from-which cities, which Wi-Fi locations in hotels. That gave them names, which they then checked against guest lists from other cities and hotels, looking for common names".

Based on these reports, it seems that Broadwell did at least avoid the common mistake of sending sensitive emails from her residential Internet connection. However, she did not, it seems, take affirmative steps to shield her IP address (such as by using Tor or a privacy-preserving VPN service). Instead, she apparently logged in to her email accounts from public Wi-Fi networks, such as those in hotels. Had she sent just one email, she might have been able to at least maintain plausible deniability. However, each new hotel (and associated IP login record) reduced the anonymity set of potential suspects. By the second or third hotel, it is likely that the list of intersecting names from the various guest lists contained just a single name: Broadwell's.

While the details of this investigation that have leaked thus far provide us all a fascinating glimpse into the methods used by FBI agents, this should also serve as a warning, by demonstrating the extent to which the government can pierce the veil of communications anonymity without ever having to obtain a search warrant or other court order from a neutral judge.

The guest lists from hotels, IP login records, as well as the creative request to email providers for "information about other accounts that have logged in from this IP address" are all forms of data that the government can obtain with a subpoena.

DIGITAL "DEAD DROPS" DON'T PROTECT YOU

For more than a decade, a persistent myth has been that it is possible to hide a communications trail by sharing an email inbox, and instead saving emails in a "draft" folder. This technique has been used by Khaled Sheikh Mohammed, Richard Reid (the shoe bomber), the 2004 Madrid train bombers, terrorists in Germany, as well as some domestic "eco-terrorists".

Apparently, this method was also used by General Petraeus. According to the Associated Press, "[ r]ather than transmitting emails to the other's inbox, they composed at least some messages and instead of transmitting them, left them in a draft folder or in an electronic 'dropbox', the official said. Then the other person could log onto the same account and read the draft emails there. This avoids creating an email trail that is easier to trace".

The problem is, like so many other digital security methods employed by terrorists, it doesn't work. Emails saved in a draft folder are stored just like emails in any other folder in a cloud service, and further, the providers can be compelled, prospectively, to save copies of everything (so that deleting the messages after reading them won't actually stop investigators from getting a copy). I hope that this scandal will finally kill off this inaccurate myth.
General Petraeus should have known better - placing documents in an email "drafts" folder is not an effective way to hide things from the government. It wasn't 10 years ago, and it certainly isn't anymore. More broadly, this scandal centers around email, and it's a reminder that the legal protections for email fall far short of what they should be. We need to modernise privacy laws and we need protections that cover metadata of the kind that was apparently so central in this scandal.

The writer is principal technologist and senior policy analyst, ACLU Speech, privacy and technology project. The article first appeared on http:// www. aclu. org