My Best Advice After Petraeus Emails

Everyone is talking about the General David Petraeus scandal. But what I find most intriguing are the articles, blogs and opinions analyzing what all of this means for the rest of us who use technology with a special emphasis on redoubling efforts to protect email privacy. So here is my best advice.

by / November 19, 2012 0

Everyone is talking about the General David Petraeus scandal.  No matter where I’ve turned since the day after the election, from CNN to the BBC, from cable TV news to Hollywood gossip or from the office coffeepot chatter to Drudge headlines, inquiring minds want to know more.

The stories are all over the map. The women involved, the Congressional testimony, the General’s distinguished career, warnings telling us “don’t throw stones,” Saturday Night Live (SNL) videos, the lifestyles of four-star generals and even articles proclaiming Petraeus is a scapegoat.

Like a soap opera, most answers just seem to lead to more questions. Did his affair reveal secrets? Who knew what, when? Did his relationship somehow affect military actions in Benghazi? Was information withheld prior to the election?

Personal Technology Advice: What About My Email Privacy?

  But what I find most intriguing are the articles, blogs and opinions analyzing what all of this means for the rest of us who use technology – with a special emphasis on redoubling efforts to protect email privacy. There are lessons about how the General could have used his email more securely to avoid being caught, steps to avoid online detection and much more. 

For example, John  D. Sutter starts off his CNN commentary with this question: "When the CIA director cannot hide his activities online, what hope is there for the rest of us?"

Here are some of the articles I’ve been reading along with my reactions:

PC Week (under practical security advice): Here’s how to secure your email and avoid becoming ‘Petraeus’ – my reaction… really?

ComputerWorld: Email Lessons from the Gen. Petraeus downfall - "The best way to protect yourself is to simply realize that privacy doesn't necessarily exist in the electronic world," said Dan Ring, a spokesman for the security company Sophos. "Simply put, if you don't want it out there in the world, don't put it in the electronic world." – my reaction… I like this advice more.

Today.com: Think before hitting send: Lessons from the Petraeus scandalmy reaction… some good reminders.

Computerworld: US lawmakers ask if federal workers have email privacymy reaction… don’t forget about e-discovery and FOIA requests.

AOL.com: The Petraeus Affair: Email Lessons For The Rest Of Usmy reaction… an interesting list of don’ts, but the real list is much longer.

Time.com: The mind of Petraeus: Why cheaters think they won’t get caughtmy reaction…. I like this ending: “There would, perhaps, be something good in all this if the tragedy of these men served as teachable moments for others — and the fact is they probably do. You can’t prove a negative, and we can never know of the career-wrecking affairs that didn’t take place because successful men looked at the narcissistically fallen and made a sharp turn in the other direction. But there are more than enough — as we repeatedly learn — who who plow straight ahead, and there probably always will be. David Petraeus, the latest in a very long line, is highly unlikely to be the last.”

Vanity Affair: Tricks from Terrorists and Teenagers Alike: How to Keep the Romance of an Extramarital Affair Alivemy reaction... the steps that General Petraeus and Paula Broadwell took to conceal their activities make it very clear this one not a “one night stand,” nor does this easily fit into the category of “we all make minor mistakes sometimes.”

What’s My View?

Back in June, I listed my favorite survival tips for social media, which you may want to review. Earlier, I wrote this rebuttal called Dr. Jekyll and Mr. Hyde: Managing online indulgence for CSO Magazine, in response to a blog in the Harvard Business Review describing how we can safely hide activities online.

Still, I’d like to take this topic a bit further. Why?

Recently I ran into my editor at a state technology conference. He urged me to be more bold on current events. So here’s my view on Petraeus’ now famous emails as well as most of the follow-up articles addressing online etiquette for the rest of us. 

I think all these tricks and tips and online hiding shenanigans listed in hundreds of advice columns are basically fool’s gold. Sure, some email privacy techniques or other ways to hide personal activities online may work for a while and fool most people some of the time. But they won’t fool all of the people all of the time. Sooner or later you will get sloppy or an observant hacker or coworker or friend or spouse will figure out what you’re doing.

I am actually pretty stunned that so much attention after the Petraeus situation is on email privacy at work, when most government and business networks have very clear policies which state that there is no presumption of personal privacy on work email or office networks. Even if you use Gmail or Yahoo.com on work computers, your information can generally be seen, if desired, by good cybersecurity teams.

 I am not saying that reading employee emails is a frequent occurrence on workplace networks, because it isn’t. In fact, most Chief Security Officers (CSO) will tell you that their teams don’t have the time or desire to read employees’ email. Nevertheless, if you are doing something that you shouldn’t, don’t be surprised when you eventually get caught. The reduction of insider threats is part of our security job, and that means uncovering hidden things when asked by human resources to check on certain staff or when inappropriate activities are suspected.

And My Best Advice Is?

But the best personal advice that I can provide you on this topic is not new or original. In fact, it comes from a very old book that still applies just as much to our 21st Century online world as it did thousands of years ago. “Whoever walks in integrity walks securely, but whoever takes crooked paths will be found out.”

Yes, we all make mistakes. Surely, there can be forgiveness, mercy, second chances and the rebuilding of trust. But the main lesson to learn from the Petraeus story is that inappropriate behavior has consequences – and NOT that the Director of the CIA needed better email processes or technology.

Ultimately, honesty, accountability and forgiveness are still the only approaches that work.

Dan Lohrmann Chief Security Officer & Chief Strategist at Security Mentor Inc.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Follow Lohrmann on Twitter at: @govcso