I'm literally having trouble breathing right now I'm laughing so hard, and in addition I spat my afternoon espresso all over my keyboard, so if there's a letter that is missing in my text, that's the reason (I shorted it out!)
It is being reported by CNBC this afternoon (I just heard it) that Petraeus and his mistress, in an attempt to conceal their email traffic, had a "shared" Gmail account and used the "drafts" folder as a means of communicating; each would sign in, write a "draft", not send it, then the other would sign in and read it, etc.
Of course this leaves the actual text exposed all over the place, and what's worse is that it probably leaves these "drafts" all over backup media in unencrypted form as well.
Now let's recap:
This is the chief of our spookworks and he can't manage to figure out how to send a secure email message to his mistress!
Oh.
My.
Ghod.
THIS is the state of so-called "cyber-security" at the highest levels of our supposedly-secure "government"?
It is utterly trivial to grab a free copy of PGP and Thunderbird (or your other favorite program) along with the Enigmail plug-in and create an extremely strong encrypted email transport system for your own private use. You can do the same thing with AGP and K9Mail on Android for you Android phone users. You can look up my public key on my home page if you'd like (or on any of the many PGP keyservers) and send me an encrypted (or signed and encrypted) email. (By the way, if you do that use the newest key -- I literally forgot the passphrase on the older keys and as such if you use them not only you not decrypt it but neither can I!)
If you do, and the spooks (like, for instance the FBI) intercept your message they're going to have a lot of fun trying to read it no matter where they intercept it -- on your computer, on my computer, on one of the computers between you and I, anywhere.
Their options are to try to compel me to give up the passphrase to unlock the private key necessary to decrypt the message (e.g. by torturing me), hope I saved the message somewhere unencrypted (or that you did) where they can find it in plain form or to try to break the private key's passphrase with brute force, which takes a lot of computer power.
I have no doubt that eventually they can accomplish breaking the lock on the keyfile, but it might require enough time and computational effort that it's not worth it. For example, they might be able to break it in 40 years, but odds are I'll be dead first and thus I don't give a damn if they can break it in that amount of time or not.
I'm only interested in whether they can break the lock before the message's useful life expires.
Now there are those who argue that so-called "public key" cryptography is in fact insecure and that our government has compromised it and has a "back door" into all of it. Maybe they do and maybe they don't but it's utterly certain that it takes a lot more effort on their part to intercept a message encrypted in such a fashion than one that isn't encrypted at all!
The real scandal here isn't, in my view, whether Petraeus was having an affair or even if he disclosed classified secrets to his mistress. Indeed, that's one of the things you have to assume when there's a "honey" involved; "honey pots" are by definition dangerous from a operational security point of view in that in the purely-mundane view with zero intent to disclose you might talk in your sleep and as such anyone you share a bedroom with could plausibly hear something that you know and is classified!
No, the real scandal here is that our so-called "Chief Spy" is too functionally-illiterate in cyber-security to manage to send a message to his mistress that is end-to-end encrypted and thus unreadable by the FBI.
As such we all must assume that similar stupidity permeates official message channels and our enemies can read the messages just as easily as the FBI did.
Our nation has incompetents at its highest levels involved in essential government functions where competence is assumed by everyone.
We're ****ed.
