If there is any upside to the scandal that brought down the CIA director, it is probably that Americans have an extremely memorable reason to be careful about what they put in an email. The Federal Bureau of Investigation has exposed the techniques its cyber forensics unit uses to track down the sources of emails, and even, indirectly, has given the public a glimpse of the assumptions or thresholds they use to widen the scope of any particular investigation. Some of the details are technical, but everyone should avail themselves of the opportunity to learn about them.
Since this part of the story continues to unspool, there's quite a bit we don't know about when the FBI agents investigating the case executed orders, subpoenas, or warrants on the parties in question. But operating from our semi-veil of ignorance, it does seem clear that the FBI did the following based on the complaints of one person in Tampa who knew a bunch of generals:
1. They devoted significant resources to the case from the start. Probably because the emails referred to American general officers and military events, prosecutors in Tampa readily gave the FBI a subpoena to look at the meta-data headings associated with Jill Kelley's incoming email. From there, though, the FBI also had to collect the collateral information needed to identify Broadwell, which apparently included hotel guest registers, something that a hotel chain just doesn't give up because the FBI asks it to. The standard here is that the "facts" have to be "relevant" and "material" to an ongoing investigation. The issuance of a subpoena (for email content 180 days old or older) or a warrant (for email content that is more recent) would have to be accompanied by some sort of notification to the "subscriber," i.e, the person whose email is being tapped into, unless the FBI can justify to a court that there is a valid and pressing reason not to notify. These so-called "2705" exemptions include a fear that the person in question will hide evidence, flee, or jeopardize the investigation if they're notified.
2. The FBI read Broadwell's email, and perhaps a lot of Kelley's email (with permission). In order to get the content of the email, the stuff you write in the body of an email, the FBI needs a judge to issue a warrant, which requires that old chestnut, probable cause. Weirdly, the FBI needs only a subpoena to read email content that is more than 180 days old. Additionally, if the FBI want to monitor your email in real-time, a warrant-type "order" is required. In this case, the FBI seemed to have obtained a warrant to read Broadwell's email after establishing that the emails sent to Kelley came from email accounts associated with Broadwell. But so what? Wouldn't the obvious next step in an investigation focused solely on threatening emails be to interview Broadwell? Maybe, but maybe the FBI suspected that there was something bigger at stake, something potentially involving national security, once they were able to identify Broadwell by name. That may be why they decided to read her emails before they spoke to her. In the context of their investigation, it might have been a reasonable assumption.
3. The scope of the FBI's investigation is quite large, and that has civil liberties advocates and journalists like myself concerned about how the agency was able to justify such an expansive collection of email based on the fairly trivial accusations and what we know of the investigation. Maybe this means that the FBI always goes full-on, so to speak, or perhaps, once again, the insinuation that generals were involved with questionable activities was enough to devote unusual resources and collect an unusual amount of data. Perhaps they requested an additional warrant once it became clear that Broadwell had access to information about the director's personal schedule, although this is something that they could easily infer had they Googled Broadwell or questioned her, or Petraeus before they dove into her emails.
4. For some reason, the FBI was able to search through years worth of Kelley's email and found a lot of communications to and from Gen. John Allen. Maybe Kelley's consent was obtained to read the content of the email, or maybe the FBI found some reason to be suspicious about her and obtained a warrant to read the contents of her email. Either way, some of it was apparently flirtatious in nature, and for some reason, the FBI found it necessary to inform the Department of Defense about that fact. It is POSSIBLE that the Allen connection resulted from a separate vetting procedure he was going through in order to become the Supreme Commander of Allied Forces in Europe; perhaps Allen gave the FBI permission to read HIS email, which he might well have done if he was getting his security clearance renewed and his background scrubbed, and perhaps Kelley's flirtatious emails were discovered incidentally. This would explain the sequence of events more cleanly and would not suggest anything untoward, as it is within NATO's interest to vet its SHAPE candidates and ongoing extramarital affairs are frowned upon. This would jibe with Reuters' claim that the FBI did not examine Kelley's emails in the aggregate in so far as they related to the Petraeus case.
5. The upside of this: It is easy to discover the identity of anonymous emailers unless you use a program to scramble your unique ISP address (HMA! Pro VPN is one) or you browse the net through a packet-scrambling service like Tor. Even then, you're vulnerable every time you open a document or a program, because it might contain code that alerts a computer somewhere else that you'd performed an action. Obviously, every ISP address associated with a unique computer is easily obtainable through a subpoena, so emailing anything sensitive from your personal computer leaves you vulnerable. If you send the emails from a public computer or through a wi-fi service used by a hotel or business, the government can figure out your identity by cross-referencing other information they can obtain with a warrant or subpoena too.
And what about text messages?
The good news is that most carriers don't keep the content of them for very long, but they keep the transactional records for years. And unless you wipe clean your iPhone or Android about 5 times over, the FBI is probably going to be able to recover your conversations from your own internal storage. If the government gets an order to monitor your phone in real-time, your only recourse is to use a commercially available text encryption program like Wickr or SMSEnrcrypt or TextSecure. It is also difficult to prevent real-time monitoring of your location, even if you turn that feature off.
