The little Gmail trick that David Petraeus and Paula Broadwell used to communicate is actually old spycraft.
- By Jeff Stein<p> Jeff Stein, the Washington Post's former SpyTalk blogger, is a longtime Washington editor and reporter. He wrote about the Abu Omar case for Foreign Policy in November 2009. </p>
As it turns out, the Gmail trick David Petraeus and his paramour used to hide their correspondence is one commonly employed by CIA field operatives when agency bosses turn down their pleas for more sophisticated gear to communicate with their foreign spies.
According to the Associated Press, the erstwhile CIA director and his biographer girlfriend, Paula Broadwell, shared a Gmail account that allowed them to post private notes they could each read, rather than trade emails that could easily fall into the wrong hands.
And it wasn’t just an amateur dodge: the Gmail trick can be safer — and far cheaper — than using sophisticated "spy gear," such as encryption software, that might have drawn more scrutiny, intelligence sources say.
The Gmail sharing gambit, former agency operatives note, became a common fallback option when more sophisticated gear was deemed unnecessary or possibly even incriminating if discovered in the hands of a CIA spy.
It was used mostly to communicate with low-level spies who had access to high-level documents, such as the minutes of cabinet meetings or the blueprints for a new fighter jet.
"There are some clandestine assets who mainly provide documents — they handle memos, plans, reports," and these people don’t require frequent personal meetings, says a former deep-cover CIA officer, since "the asset did not attend the meeting where the document was discussed, approved, or knew of the decisions made."
Planting stolen documents under rocks and bridges — so-called dead drops — was often too risky. The agency needed better places for their spies to squirrel away the materials until they could be retrieved by their CIA handlers.
Microsoft provided the answer.
"When laptops and home computers became commonplace, even overseas, then lots of ops officers wanted [to be able to supply] their assets with ‘secure’ commo — laptops or PCs with special software that could hide a scanned copy of a document inside a normal letter or photograph," said the former deep-cover CIA officer about the sensitive espionage tradecraft.
It’s called steganography, defined as "the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message." Over the past decade or more, it’s been a trick commonly used by terrorists and criminals as well, other CIA veterans say.
But CIA headquarters managers were wary of supplying it to the field. Possession of specialized steganography software would be every bit as incriminating as a radio set during World War Two and the Cold War.
"The agency fought back against the field ops officers on this, because if one asset got compromised, then that particular version of the software would have been assumed to be compromised and have to be removed" from circulation, the former operative continued.
So the field operatives did a work-around, this person said, "by asking their assets to give them their passwords for their work or personal e-mail accounts. Then the asset would write up a phony e-mail and leave it in ‘drafts,’ perhaps with a document attached. The ops officer would log on remotely, collect the document, and then debrief the asset about it when they met in person."
But why not use at least some commonly available commercial encryption software, such as PGP (Pretty Good Privacy) to further obscure the messages and documents?
Because a spy — and above all a spy chief — would have a hard time explaining why he was using encrypted email out of approved channels.
"Using PGP was also an indication that you were using spy gear," the former operative said. Foreign security services constantly scan email traffic looking for encrypted messages, he said. So does the FBI and NSA, who have the tools to break it.
As for Petraeus, his agency-approved and encrypted message channels are monitored — he couldn’t risk tapping mash notes via those. But he would be trusted not to use his personal email to discuss business. And according to news accounts, no one would have paid attention to his personal accounts had his girlfriend not started sending harassing emails to a perceived rival, who then called a male friend in the FBI.
The shared Gmail account Petraeus and Broadwell used on their home and office computers was good enough to hide evidence of their liaison from coworkers and unsuspecting spouses, another operative points out, but not much else.
"Once law enforcement zeroes in on you, if you’re using your home computer, it doesn’t matter what technique you use," he said. The origin of the Gmail is the smoking gun.