How Your Secret E-Mail Can Give You Up
Say, hypothetically speaking, you want to engage in some confidential correspondence with a high-ranking government official. You both know to set up dummy Web-mail accounts that don't link back to your real names, maybe even to confine your chatter to messages saved in a shared account's drafts folder.
What could possibly go wrong?
As recently resigned CIA director David Petraeus and author Paula Broadwell have discovered to their detriment, everything.
I hope none of you are having affairs with people running three-letter agencies, but you'd still rather keep your messages out of the sight of strangers. You may not even want your name attached to your e-mail. Good luck, because any of the following six factors can defeat that attempt.
1. The Internet Protocol address of whatever computer you send an e-mail from will be logged by your e-mail server (without that step, the message can't go anywhere on the Internet) and then recorded in the message's headers. (You can inspect these usually-hidden details with commands like Gmail's "Show Original.") That "IP" will identify your Internet connection and, to varying degrees, your location, as you can see at sites like What Is My IP Address. One of Broadwell's bigger mistakes was apparently connecting from hotels, which allowed investigators to cross-reference guest records.
WATCH DNEWS VIDEO: CHEATERS AMONG US: THE SCIENCE BEHIND ADULTERY
(You can cloak your IP using anonymity services like the Tor Project. Why the head of an intelligence agency didn't think to use one is unclear, not least since the U.S. government has backed the development of online tools to resist the intrusion of totalitarian regimes.)
2. Keylogging software stashed on your computer by a virus could record everything you write, not just in any one e-mail. That's always a game-over scenario.
3. Strange Wi-Fi can rat you out. A maliciously-run network will log all of your Internet traffic; an unencrypted one will make it easy for a snoop on the same signal to listen in.
4. The recipient's computer is subject to every one of the above risks.
5. The recipient could decide on his or her own that your privacy is no longer worth protecting and forward your e-mail to somebody else. (Some encrypted messaging services allow you to send self-destructing messages, but a computer's screen-capture function–or the lower-tech workaround of pointing a camera at its screen–will work around them.)
6. The government could take an interest in your correspondence. That's the biggest risk of all: By the letter of a 1986 law, the Electronic Communications Privacy Act, that has aged poorly, the feds only need a prosecutor's authorization — not a judge's — to obtain messages that your provider has stored for more than 180 days on its servers.
In practice, you may have a little more security, as Electronic Frontier Foundation staffers explained in a post last week. But there sure are a lot of government requests for user data going around; Google keeps count of these, and the U.S. is far ahead of every other country. In the first half of 2012, Google received 7,969 requests targeting 16,281 users, 90 percent of which it complied with at least partially.
All that said, the FBI probably just isn't that into you, and neither is the average online crook. But no matter how clean you keep your computer and your connections, you can't guarantee that a recipient will keep your words private. So choose them with care.
Credit: Rob Pegoraro/Discovery