By Zack Whittaker
The U.S. government — and likely your own government, for that matter — is either watching your online activity every minute of the day through automated methods and non-human eavesdropping techniques, or has the ability to dip in as and when it deems necessary — sometimes with a warrant, sometimes without.
That tin-foil hat really isn’t going to help. Take it off, you look silly.
Gen. David Petraeus, the former head of the U.S. Central Intelligence Agency, resigned over the weekend after he was found to have engaged in an extra-marital affair. What caught Petraeus out was, of all things, his usage of Google’s online email service, Gmail.
This has not only landed the former CIA chief in hot water but has ignited the debate over how, when, and why governments and law enforcement agencies are able to access ordinary citizens’ email accounts, even if they are the head of the most powerful intelligence agency in the world.
If it makes you feel any better, the chances are small that your own or a foreign government will snoop on you. The odds are much greater — at least for the ordinary person (terrorists, hijackers et al: take note) — that your email account will be broken into by a stranger exploiting your weak password, or an ex-lover with a grudge (see “Fatal Attraction“).
Forget ECHELON, or signals intelligence, or the interception of communications by black boxes installed covertly in data centers. Intelligence agencies and law enforcement bodies can access — thanks to the shift towards Web-based email services in the cloud — but it’s not as exciting or as Jack Bauer-esque as one may think or hope for.
The easiest way to access almost anybody’s email nowadays is still through the courts. (Sorry to burst your bubble, but it’s true.)
The ‘save as draft’ trick
Petraeus set up a private account under a pseudonym and composed email messages but never sent them. Instead, they were saved in draft. His lover, Paula Broadwell, would log in under the same account, read the email and reply, all without sending anything. The traffic would not be sent across the networks through Google’s data centers, making it nigh on impossible for the National Security Agency or any other electronic signals eavesdropping agency (such as Britain’s elusive GCHQ) to ‘read’ the traffic while it is in transit.
And yes, terrorists and pedophiles have been known to use this ‘trick’, but also sophisticated criminals also use this technique. It eliminates a network trail to a greater or lesser extent, and makes it more difficult to trace.
But surely IP addresses are logged and noted? When emails are sent and received, yes. But the emails were saved in draft and therefore were not sent. However, Google may still have a record of the IP addresses of those who logged into the account.
