Nevertheless, we now know that our top spy used at least one relatively insecure Gmail account. I recall being surprised whenever one of Petraeus' retired predecessors would reply to my e-mails from an AOL account or something equally pedestrian. It seems odd that people with access to incredible secrets use the same e-mail services the rest of us do.
These accounts could reveal plenty about the lives of their owners - probably not state secrets, but information about travel plans, friends and family, purchases, finances, etc. As Google knows, a look at someone's e-mail can paint a valuable picture of him. Google uses this information to sell ads tailored to your interests. You can imagine what spies would do with it.
Still, there are questions about what type of service officials could use - perhaps Hushmail, TigerText, or a government-furnished e-mail account - and how effective it would be. Would texts and e-mails be monitored by the FBI for intrusions? Even if top officials use secure services for their personal e-mails and texts, could their information be kept safe if their acquaintances are using insecure services?
One expert told me that while it's surprising that a CIA director and other ranking officials would use something like Gmail, it would be challenging to develop a secure means for them to transmit private information. "I don't really think the government has the ability to deploy something like that, and one of the reasons why people use these [private] systems is they don't want that same level of monitoring going on with their private e-mails that they would get under any government-supplied system," the expert said.
He recommended that top officials follow the lead of business executives' and use Gmail's two-step authentication system, which he said is much more secure than its competitors', and hire an outside company to scan their laptops, smartphones, and tablets for intrusions every few days. And, "You tell 'em, 'Don't log into the hotel PC, don't log into the airport kiosk - none of that kind of stuff.' "
Finally, the expert added, officials should just keep sensitive information out of their e-mail. "What could somebody find if they just logged into your e-mail one day?" he asked. "Is your Social Security number in any of the e-mails? Your tax return? I go through periodically and I just purge everything I can find."
One government official who seems to get this is Department of Homeland Security Secretary Janet Napolitano, who, partly out of concerns about its vulnerability to hacking, does not use e-mail.
John Reed is a national security reporter for Foreign Policy.
