TMCnet Feature
November 16, 2012

Petraeus Case Shows Importance of Keeping Private Communications Confidential

By Ed Silverstein, TMCnet Contributor

How important is it to keep private communications confidential? Just ask former CIA director David Petraeus and his biographer-turned-mistress Paula Broadwell.

The two kept a romance going with the use of e-mail technology. They employed a simple method which let the two of them use the same login and password for the e-mail account. Messages were turned into drafts and resided on a server in a drop-box. They were never sent to another account as e-mails.

Convenient, but too basic an approach – especially, with the FBI breathing down your necks.

Even when dealing with typical business uses of confidential communications, there are concerns highlighted by the scandal.

"The Petraeus case serves as a wakeup call for executives at companies and senior officials at government agencies to take control of the data. There is no confidentiality of sensitive information in the cloud," Pravin Kothari, founder and CEO of CipherCloud, said in a statement carried by TMCnet. "It is essential that organizations encrypt their data before it's sent to the cloud. That is the only way to ensure that information is not vulnerable to cloud threats, hackers and accidental leakage."

Businesses and government agencies can’t rely just on cloud application providers, such as, Google (News - Alert) Gmail, or Microsoft Office 365, for data security and confidentiality, CipherCloud added. 

CipherCloud offers a cloud encryption gateway for cloud application providers. CipherCloud Connect AnyApp also provides encryption for public and private cloud applications and databases.

In numerous media reports, other options were identified to help keep e-mail secret. Forbes recommends Tor for IP masking and anonymity, as well as virtual private networks that delete IP log files and accept anonymous payments. Other options are PGP (News - Alert) (Pretty Good Privacy) for point-to-point encrypted e-mail, or, a web-based OpenPGP-compliant service such as Hushmail. A new encrypted service called “Silent Circle” targets government and corporate users.

Image via Shutterstock

Another option from PC Magazine is Send 2.0, which encrypts messages and scrubs them after seven days. VaporStream, on the other hand, “leaves no traces.”

“As soon as the recipient has read your message, it vanishes,” PC Magazine said. “VaporStream sends the message header separately from the encrypted contents, and the header and body are never visible at the same time. The recipient can't copy, forward, or print the message. Messages aren't stored anywhere and thus can't be subpoenaed or leaked.”

But these options have their limits when trying to hide something from government investigators. They have such options available to them as keyloggers. “When law enforcement has the advantage of tracking someone without their knowledge, software and hardware keyloggers can be an effective method to obtain password credentials,” Forbes said. 

“Keyloggers come in many forms but they are typically installed between the keyboard and the computer to capture and record a computer user’s keystrokes, including passwords.”

PC Magazine also noted how a Remote Access Trojan could be used by investigators. Another resource for investigators is Maxmind which helps to estimate the location of the relevant IP address, TMCnet reported.

It’s hard to keep a secret nowadays.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida.  Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.

Edited by Brooke Neuman
» More TMCnet Feature Articles


» More TMCnet Feature Articles