Well, Petraeus gets a +1 for not using his official e-mail account, or an old DoD account for this. In fact, it's kind of pleasantly surprising that he used GMail over...say, an aol.com address.
In fact, it seems that for any given government official who wants to conduct risky non-official business, using something like GMail would actually be the more secure route, if you were trying to keep secrets from both your employer (which includes the public and public record requests) AND from the usual enemies of the state.
If both Petraeus and Broadwell had used GMail accounts not associated with their names, such Dave501010@gmail.com and PaulSmith900@gmail.com, how likely is it that anyone would discover their shenanigans? For an enemy of the state to find out, it would have to compromise both GMail and somehow connect Dave501010@gmail.com with David Petraeus. Sure, it's security through obscurity, but we're talking a nearly unsurmountable amount of obscurity.
Of course, once they start forwarding emails from their private account to their publicly known addresses, then the game is riskier. There's also the problem of keeping the ruse without making an AutoComplete mistake, such as sending a message from petraeus@cia.gov to PaulSmith900@gmail.com without realizing he's logged in as petraeus@cia.gov.
IMO, there's nothing wrong with a little security through obscurity if:
1) It's not your main game plan, just an extra obstacle. Anything can be compromised eventually, so you buy extra margin.
2) The obscurity is agile. Similar to benchmarking password complexity vs. projected brute-force capabilities of enemies and rotating passwords accordingly, rotate the obscurity- acknowledge that your enemies will figure it out eventually, and change it up faster than you think they can figure it out.
Right. It's a solid defense-in-depth marker that usually isn't too costly to implement and adds more time/effort to the equation. As long as you recognize it for what it is, it's OK.
> If both Petraeus and Broadwell had used GMail accounts not associated with their names, such Dave501010@gmail.com and PaulSmith900@gmail.com, how likely is it that anyone would discover their shenanigans?
I'd argue that every security agency worth its salt is also keeping a close watch on its bosses (especially on its bosses) so that let's say if Petraeus had logged in with joe.doe@gmail.com his communications being intercepted someone would have noticed. As a non-American, I'm not exactly sure what's for example the relation between the NSA and CIA, but I guess it's somehow telling that the whole thing seems to have been driven by the FBI
According to the NYT, the revelation was due to the emails being forwarded from Broadwell. So as almost always is the case in real life, it seems the security breach was through a social lapse, not through a technical obstacle. And it was not movie-like/CSI-level sleuthing, but just an accident, that the authorities found out
> WASHINGTON — The F.B.I. investigation that led to the resignation of David H. Petraeus as C.I.A. director on Friday began with a complaint several months ago about “harassing” e-mails sent by Paula Broadwell, Mr. Petraeus’s biographer, to an unidentified third person, a government official briefed on the case said Saturday.
It also makes a good april fool joke - if you still have one matching your name, just send a message on Apr 1 to your geek buddies explaining you are moving from gmail.com/outlook.com/whatever to aol, and wait for the "WTF?" replies :-)
Of course for such a high risk relationship it wouldn't have been a big deal to purchase 2 laptops that are only used for this particular communication and nothing else (no web surfing nothing, just to setup an email account to communicate with the other party). That way, no risk of auto complete and can avoid any other traces and be easily destroyed. Doesn't avoid any IP address matching but that can be handled in other ways.
In fact, it seems that for any given government official who wants to conduct risky non-official business, using something like GMail would actually be the more secure route, if you were trying to keep secrets from both your employer (which includes the public and public record requests) AND from the usual enemies of the state.
If both Petraeus and Broadwell had used GMail accounts not associated with their names, such Dave501010@gmail.com and PaulSmith900@gmail.com, how likely is it that anyone would discover their shenanigans? For an enemy of the state to find out, it would have to compromise both GMail and somehow connect Dave501010@gmail.com with David Petraeus. Sure, it's security through obscurity, but we're talking a nearly unsurmountable amount of obscurity.
Of course, once they start forwarding emails from their private account to their publicly known addresses, then the game is riskier. There's also the problem of keeping the ruse without making an AutoComplete mistake, such as sending a message from petraeus@cia.gov to PaulSmith900@gmail.com without realizing he's logged in as petraeus@cia.gov.