Skip to Content

Five Things the Petraeus Affair Teaches Us About Online Surveillance

The FBI methods used to reveal the CIA director’s affair are relevant to all Web users.
November 13, 2012

When the FBI started investigating harassing emails sent to a resident of Tampa Bay that organized parties for a local Air Force base, it soon became a much broader investigation that led to the uncovering of an affair between CIA director David Petraeus and his biographer Paula Broadwell. Now reports of how the FBI uncovered a series of online email accounts and figured out who was using them have revealed things about digital surveillance that will surprise many Web users, and even tidbits that have impressed experts. Here are five things we’ve learned so far:

  • No judge-issued warrant is needed for authorities to ask a company for your emails or other electronic communication records that are six months old or more. That’s thanks to the 1986 Electronic Communications Privacy Act, which says that a federal prosecutor’s subpoena is enough. Privacy activists have long campaigned for this to change. Leading civil liberties lawyer Kevin Bankston today suggested the Petraeus affair could help those efforts by raising awareness of the current law.
  • Communicating by saving draft emails in an online account for someone else to log in and see – as Petraeus and Broadwell did – doesn’t help escape surveillance. This tactic long-used by activists and terrorists, including “shoe bomber” Richard Reid in 2001, prevents emails lodging in personal accounts and other places. But the FBI or law enforcement can easily ask a provider to reveal the IP addresses people used to log into an account. Those IP addresses can be matched to physical locations, and to people’s known addresses and movements.
  • IP addresses can be used to pinpoint people very precisely, providing a crucial match between online and offline life. The WSJ reports that the FBI figured out it was Broadwell operating pseudonymous email accounts by matching IP addresses from emails they sent to particular hotels. Those matched with particular hotels and the dates she stayed in them on a book tour.
  • Yahoo Mail and Microsoft’s Outlook make it extra easy for investigators to find out the IP address an email originated from – and hence where an email was sent from. When emails are sent extra data goes along with them known as “headers” containing technical data. In the case of Yahoo Mail and Outlook that includes the IP address of the connection used to send an email, so investigators don’t need to subpoena a mail provider to trace its origin. It’s not known if Broadwell used Yahoo accounts in the events surrounding the Petraeus affair, but she’s known to have used the service before thanks to leaks by nebulous activist group Anonymous of account information from defense contractor Stratfor.
  • Email and other services hosted online make life relatively easy for investigators. Google and other online providers have legitimate reasons to log which IP addresses log into accounts and when, for example to detect hacking attempts and keep their software running smoothly. But that data hangs around, and investigators aren’t shy about asking for it. Google today published new figures on government requests for its data that show U.S. authorities tapped the company 26 percent more in the first half of 2012 than they did in the second half of 2011, a total of 7969 requests of which 90 percent were complied with.
  • <

Deep Dive


Five poems about the mind

DREAM VENDING MACHINE I feed it coins and watch the spring coil back,the clunk of a vacuum-packed, foil-wrappeddream dropping into the tray. It dispenses all kinds of dreams—bad dreams, good dreams,short nightmares to stave off worse ones, recurring dreams with a teacake marshmallow center.Hardboiled caramel dreams to tuck in your cheek,a bag of orange dreams…

Work reinvented: Tech will drive the office evolution

As organizations navigate a new world of hybrid work, tech innovation will be crucial for employee connection and collaboration.

lucid dreaming concept
lucid dreaming concept

I taught myself to lucid dream. You can too.

We still don’t know much about the experience of being aware that you’re dreaming—but a few researchers think it could help us find out more about how the brain works.

panpsychism concept
panpsychism concept

Is everything in the world a little bit conscious?

The idea that consciousness is widespread is attractive to many for intellectual and, perhaps, also emotional
reasons. But can it be tested? Surprisingly, perhaps it can.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.