By now everyone has heard the news about the resignation of former U.S. CIA Director General David Petraeus in light of his extra-marital relationship with biographer Paula Broadwell. More to the point, the FBI’s discovery of personal email exchanges between the two revealed the tryst and set the scandal in motion.

Petraeus and Broadwell made an effort to hide their exchanges -- but obviously not a good enough effort. Whatever your reasons for keeping your private messages private, it is instructive to look at the weaknesses that exposed Petraeus and Broadwell and consider stronger alternative strategies.

Weakness 1: Exposed IP Address

The investigation into Paula Broadwell’s emails came to the attention of the FBI when she was accused of sending harassing messages to another woman. Investigators would have looked for the origin IP address of these emails. There are two possible ways that Broadwell’s IP could be found:


Embedded in the email header. The header is not normally seen by email users but it contains a log of the path an email took, which can include the originating IP address. But this address is usually only useful when the user sent their email from a local client, such as a desktop email application like Outlook or a smartphone email app.

Recorded in server logs. If the user sent their message using webmail, such as with a browser logged into Google Gmail, the header will not contain their originating IP address. But the sender’s true IP address would be recorded in the email provider’s own server logs. Investigators with a warrant (for messages newer than six months old) or subpoena (for older messages) can request server logs from the email provider.

In the Broadwell case, investigators found that the same originating IP address was used to access the account which sent the harassing messages and also accessed a separate account which contained the personal messages with General Petraeus. This IP address was then traced to Broadwell’s physical location.

Defense: Investigators might not have gotten anywhere if Broadwell’s IP address did not leave such a clear trail. What were Broadwell’s alternatives?

Access accounts from anonymous physical locations. Using your email accounts from places like cafes and public libraries will deposit their IP address in your message trail, so that investigators cannot trace it back to your home or office. Using multiple locations will further scatter the trail of information crumbs. Even still, unless you travel significant distances, this strategy may still provide clues as to your general geographic area.

Use Tor with webmail on your personal machines. Tor is a free software suite for all major operating systems. It is designed to anonymize your Web activity by bouncing traffic across a network of global peer-to-peer nodes. The upshot is that using Tor will mean that your originating IP address will be that of a node anywhere in the world even if you are using your broadband connection at home. It is critical to understand the rules to using Tor or else it will be ineffective.

Weakness 2: Unencrypted Email Messages

Petraeus and Broadwell did not actually send email messages to each other, but instead shared one Gmail account and saved their correspondences in the drafts folder. This kind of an attempt to hide email activity is about as effective as hiding one’s naughty magazines under the bed. Once discovered, the content of the messages themselves were fully accessible to investigators.

Defense: Encrypting the content of your messages adds another layer of protection even if they are found. There are a variety of options available for integrating message encryption into your email workflow. Some examples include:

  • Encrypted Communication Firefox Add-On. This easy-to-use add-on installs into Firefox and lets you select the body of an email message and encrypt it using a password of your choosing. The recipient must have the same add-on installed and use the correct password; otherwise all they see is gibberish.
  • Encipher.it Browser Bookmark. This bookmark can be added to any major browser. Click it when composing or reading a Web-based email to encrypt or decrypt the message using your chosen password.
  • Enlocked. This free software provides a suite of software that secures email via desktop Outlook, webmail and smartphones. Behind the scenes, it uses the powerful PGP encryption. Although PGP is free and available to anyone, using it directly can be complicated, whereas Enlocked does the heavy lifting.
  • S/MIME. Most desktop email clients support the built-in S/MIME standard for message and attachment encryption, but it isn’t widely used. You can read our tutorial to set-up S/MIME with your own email client.

Message encryption can be inconvenient, but can go a long way toward protecting the privacy of your communications. That said, encryption isn’t foolproof. The methods that require a password are only as strong as the password you choose, and if you store that password somewhere unsafe, it might be vulnerable.

Further, encryption can arouse suspicion. Had investigators found that Petraeus and Broadwell were sharing an email account that contained only encrypted messages, the red flags this raised would probably have pushed the investigation into other corners of their lives.

Weakness 3: Domestic Hosting

By using Google Gmail for their private exchanges, Petraeus and his paramour left their digital trail on U.S.-based servers, paving the way for the FBI to gain easy legal access to the account.

Defense: If your private communications need to remain private from governing powers, consider using a foreign provider.

For example, consider this list of international email providers. A free webmail account in, say, Lithuania could be a big hurdle for other countries’ law enforcement to subpoena.

Best Email Privacy Approach: Combine Defenses

When protecting your private communications, more defenses are always better. Taken together, the three recommendations in this guide alone would make for very secure communications and potentially save you from making international headlines.

Aaron Weiss is a technology writer and frequent contributor to eSecurity Planet and Wi-Fi Planet.