recommended reading

Petraeus investigation highlights fight over digital surveillance laws

FBI agents carry computers and boxes of printed documents from Paula Broadwell's home Tuesday.

FBI agents carry computers and boxes of printed documents from Paula Broadwell's home Tuesday. // Chuck Burton/AP

The FBI’s digital detective work not only brought down CIA Director David Petraeus, it also provided rare insights into the bureau’s latest methods for tracking people across cyberspace and the fight over government surveillance.

Petraeus resigned suddenly on Friday, citing an affair that was uncovered after FBI agents followed an electronic trail that eventually linked the former Army general to his biographer, Paula Broadwell. The explosive combination of sex and spies was only embellished by the details of how federal officials stumbled across the liaison.

“Anyone more alarmed by FBI snooping through a journalist's emails & investigating the sex life of CIA Dir. than who Petraeus was schtupping?” New Yorker Washington correspondent Ryan Lizza tweeted on Sunday. “FBI SPIED ON CIA DIRECTOR, WOMAN; EMAILS?” blared a headline on theDrudge Report.

The first round of e-mails was provided by a Florida woman who complained to the FBI after receiving anonymous threatening messages. According to The Wall Street Journal, investigators used “metadata footprints left by the e-mails” to determine where the messages were sent from and link the e-mails to Broadwell. Officials also checked what other e-mail accounts had been accessed from the same computer address, according to The New York Times.

It’s not clear how officials obtained that metadata, but if it involved cooperation from one or more e-mail service providers, a warrant may not have been needed under current law. Christopher Soghoian, an analyst with the American Civil Liberties Union, said location and basic identifying information traditionally have had the least protection under privacy laws and can often be gathered with a subpoena. “What this shows is that the government can get pretty far with just a subpoena,” he said. “This is extensive gumshoeing and lots of work for a threatening e-mail or two.”

Once officials had traced the messages to Broadwell, they used that information as probable cause to obtain a warrant to monitor her computer, The Journal reported. That led investigators to Gmail accounts used by Broadwell and Petraeus. Officials initially worried that the CIA director’s account had been compromised, but determined the messages had come from him. Officials told The Journalthat they never monitored Petraeus’ accounts.

Internet companies have reported an increasing tide of government requests. Google, for example, reported that it received more than 12,000 requests for user data from American government agencies last year. If investigators in the Petraeus case needed help from Google, they likely got it: The Internet giant said it complied with 93 percent of requests from U.S. agencies in 2011.

Privacy advocates and many Internet companies say the bar for obtaining private electronic information is far too low. “The government can compel the handover of e-mail stored at a ‘remote computing service’ with a so-called ‘D order’ without showing probable cause,” according to an explanation of digital privacy laws by the Electronic Frontier Foundation. “Nor does the government need a warrant if an e-mail message is older than 180 days. This low threshold to electronic messages is in stark contrast to the Fourth Amendment protections for physical letters.”

Most popular Internet-based e-mail services like Gmail, Hotmail, or Yahoo, as well as social networks like Facebook, could be considered remote computing services.

Senate Judiciary Chairman Patrick Leahy, D-Vt., has said he hopes to work on revisions to the 1986 Electronic Communications Privacy Act, which deals with government access to electronic communications.

“Updating these digital-privacy laws to address the realities of our time should not be a partisan issue,” Leahy said at a hearing in September. “Americans from all across our Nation — regardless of party affiliation or ideology — are impacted by the many new threats to their privacy in cyberspace.”

The proposed changes would include requiring a warrant for e-mail content, but would not apply those standards to records like location or other metadata.

“It’s very interesting that there are no proposals to protect metadata,” said ACLU legislative counsel Chris Calabrese. “The line between content and records has really started to blur. We haven’t really grappled with that, but we’re going to have to.”

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.