What is metadata? And after the scandal of Gen. Petraeus, are our emails private from government agencies? - Jeremy
E-mail has always been one of the least secure methods of transmitting data electronically and this recent scandal shows that even being tech-savvy isn't much help.
When an e-mail message is created and sent, the message passes through a number of mail servers (think of them as post offices for snail mail) and a record of where the message came from and where it went (via IP addresses) is also created by virtually every device that handles the message.
Since most messages are sent in plain text, it's technically possible for anyone or any system to read your message anywhere along the way (which is why e-mail encryption is important for sensitive messages). The reality is that most companies have very strict systems in place to keep just anyone from accessing those messages, but the opportunity still exists.
The information about the message, a.k.a. the "metadata," is how the scandal was exposed. If we continue the snail mail analogy, the post office stamps mail to help route it and DNA or fingerprints on the outside of an envelope can be used to help track down the sender of the mail without ever opening the mail.
Petraeus, the former director of the CIA, knew that sending and receiving e-mail from an anonymous account wouldn't be safe, so he used a method commonly used by terrorists and teenagers: create draft messages, but never send them.
If two people have the username and password for the same account, they can create messages for each other that don't leave the usual trails described above. They save them as draft copies so the other can log in and read the draft, then respond in kind without ever sending a traceable message.
Had this been the only communication from the involved parties, they would likely never have been discovered but, as usual, human error exposed the affair.
The jealous mistress sent harassing e-mails from an anonymous account to another woman she thought was being flirtatious, which is a criminal violation and began the unravelling of the affair.
The government can't read your private messages without some level of due process, except in rare situations, but the process is what so many privacy advocates are concerned about.
The current laws were created when electronic storage was expensive and we all tended to use one device and delete things to save space. Today, storage is cheap and we use a plethora of devices that, in turn, create more records that we tend to keep for much longer periods.
Under current laws, any e-mail that is six months old or older can be requested if a criminal prosecutor signs the request. If the message is less than six months old, a court order from a judge is required.
In either case, something that the courts recognize as probable cause has to trigger the request when it comes to the averages citizen. If someone suspected that Petraeus was having an affair, that wouldn't have been enough to allow the FBI to start requesting access to his personal e-mail accounts.
His mistress' harassing emails, which violated part of the Electronic Communications Privacy Act, is what opened the door and eventually lead to the exposure of the affair to the world.
The lessons to be learned from this scandal are that e-mail never has been or will never be a secure way to communicate with others. If you want to make it more difficult for the government to access your messages, make sure you delete them before they are six months old and no matter how secure you think you are, all it takes is one simple human error (or jealous mistress) to render your "security system" useless.