The Washington Post

What Petraeus and Broadwell could have used instead of Gmail

If there's a lesson for cheating spouses to be learned from the Broadwell-Petraeus-Allen-Kelley scandal, it's to think twice before you press "send."

The affair between former CIA director David H. Petraeus and his biographer, Paula Broadwell, was uncovered when Petraeus's friend Jill Kelley complained to the FBI that she was receiving harassing e-mails. During the investigation, the FBI began digging through Broadwell's e-mails.

General David Petraeus shakes hands with Paula Broadwell. (ISAF via Reuters)

Now, the FBI has uncovered between 20,000 and 30,000 pages of documents — most of them e-mails — that contain “potentially inappropriate” communication between Gen. John R. Allen, the commander of U.S. and NATO troops in Afghanistan, and Kelley, 39, of Tampa, whom Broadwell reportedly harassed.

Petraeus and Broadwell were apparently communicating by composing messages and then leaving them in a draft folder for the other to find, making the e-mails harder to trace. But the fact that the head of the nation's most secretive agency was using a cloud-based e-mail account that can be accessed with a password raises obvious security questions. 

As my colleague Max Fisher wrote last week, e-mail services like Google’s are still susceptible to hacking, and there are well-documented cases of users having accounts broken into, e-mails deleted and bizarre unauthorized e-mails sent. 

The FBI was able to track down Broadwell through the couple's anonymous Gmail accounts, despite the draft-saving technique the two used. Agents were able to use "digital forensic techniques to determine the person behind the keyboard at the time the emails in question were sent," Mashable reported.

How might Petraeus and Broadwell have communicated to avoid getting caught?

In Foreign Policy, John Reed suggests ultra-secure, encrypted services such as Hushmail and Tigertext. Hushmail, for example, uses encryption keys to ensure that only the sender and receiver can read a message. And Tigertext gives messages a limited lifespan, so they're deleted automatically after a time.

Other services, such as Vaultletmail, encrypt e-mails in transmission, and users of unsecured platforms like Gmail can read the messages by entering a secret phrase. (The example used is "the condor flies at night.")

Then there's "10 minute mail," which provides disposable e-mail addresses that expire after that time frame.

And Homeland Security Secretary Janet Napolitano famously solved the problem by never e-mailing anyone at all.

But according to Reed, even those precautions might not have prevented Petraeus' downfall:

 Even if top U.S. government officials use secure services for their personal emails and texts, is it realistic to assume that their personal information could be kept safe if their acquaintances are using unsecure email and texting services?

How do you think they could have communicated differently? Tell us in the comments. 

Show Comments

Sign up for email updates from the "Confronting the Caliphate" series.

You have signed up for the "Confronting the Caliphate" series.

Thank you for signing up
You'll receive e-mail when new stories are published in this series.
Most Read



Success! Check your inbox for details.

See all newsletters

Close video player
Now Playing

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.