November 19, 2012 By Dan Lohrmann
Everyone is talking about the General David Petraeus scandal. No matter where I’ve turned since the day after the election, from CNN to the BBC, from cable TV news to Hollywood gossip or from the office coffeepot chatter to Drudge headlines, inquiring minds want to know more.
The stories are all over the map. The women involved, the Congressional testimony, the General’s distinguished career, warnings telling us “don’t throw stones,” Saturday Night Live (SNL) videos, the lifestyles of four-star generals and even articles proclaiming Petraeus is a scapegoat.
Like a soap opera, most answers just seem to lead to more questions. Did his affair reveal secrets? Who knew what, when? Did his relationship somehow affect military actions in Benghazi? Was information withheld prior to the election?
Personal Technology Advice: What About My Email Privacy?
But what I find most intriguing are the articles, blogs and opinions analyzing what all of this means for the rest of us who use technology – with a special emphasis on redoubling efforts to protect email privacy. There are lessons about how the General could have used his email more securely to avoid being caught, steps to avoid online detection and much more.
For example, John D. Sutter starts off his CNN commentary with this question: "When the CIA director cannot hide his activities online, what hope is there for the rest of us?"
Here are some of the articles I’ve been reading along with my reactions:
PC Week (under practical security advice): Here’s how to secure your email and avoid becoming ‘Petraeus’ – my reaction… really?
ComputerWorld: Email Lessons from the Gen. Petraeus downfall - "The best way to protect yourself is to simply realize that privacy doesn't necessarily exist in the electronic world," said Dan Ring, a spokesman for the security company Sophos. "Simply put, if you don't want it out there in the world, don't put it in the electronic world." – my reaction… I like this advice more.
Today.com: Think before hitting send: Lessons from the Petraeus scandal – my reaction… some good reminders.
Computerworld: US lawmakers ask if federal workers have email privacy – my reaction… don’t forget about e-discovery and FOIA requests.
AOL.com: The Petraeus Affair: Email Lessons For The Rest Of Us – my reaction… an interesting list of don’ts, but the real list is much longer.
Time.com: The mind of Petraeus: Why cheaters think they won’t get caught – my reaction…. I like this ending: “There would, perhaps, be something good in all this if the tragedy of these men served as teachable moments for others — and the fact is they probably do. You can’t prove a negative, and we can never know of the career-wrecking affairs that didn’t take place because successful men looked at the narcissistically fallen and made a sharp turn in the other direction. But there are more than enough — as we repeatedly learn — who who plow straight ahead, and there probably always will be. David Petraeus, the latest in a very long line, is highly unlikely to be the last.”
Vanity Affair: Tricks from Terrorists and Teenagers Alike: How to Keep the Romance of an Extramarital Affair Alive – my reaction... the steps that General Petraeus and Paula Broadwell took to conceal their activities make it very clear this one not a “one night stand,” nor does this easily fit into the category of “we all make minor mistakes sometimes.”
What’s My View?
Back in June, I listed my favorite survival tips for social media, which you may want to review. Earlier, I wrote this rebuttal called Dr. Jekyll and Mr. Hyde: Managing online indulgence for CSO Magazine, in response to a blog in the Harvard Business Review describing how we can safely hide activities online.
Still, I’d like to take this topic a bit further. Why?
Recently I ran into my editor at a state technology conference. He urged me to be more bold on current events. So here’s my view on Petraeus’ now famous emails as well as most of the follow-up articles addressing online etiquette for the rest of us.
I think all these tricks and tips and online hiding shenanigans listed in hundreds of advice columns are basically fool’s gold. Sure, some email privacy techniques or other ways to hide personal activities online may work for a while and fool most people some of the time. But they won’t fool all of the people all of the time. Sooner or later you will get sloppy or an observant hacker or coworker or friend or spouse will figure out what you’re doing.
I am actually pretty stunned that so much attention after the Petraeus situation is on email privacy at work, when most government and business networks have very clear policies which state that there is no presumption of personal privacy on work email or office networks. Even if you use Gmail or Yahoo.com on work computers, your information can generally be seen, if desired, by good cybersecurity teams.
I am not saying that reading employee emails is a frequent occurrence on workplace networks, because it isn’t. In fact, most Chief Security Officers (CSO) will tell you that their teams don’t have the time or desire to read employees’ email. Nevertheless, if you are doing something that you shouldn’t, don’t be surprised when you eventually get caught. The reduction of insider threats is part of our security job, and that means uncovering hidden things when asked by human resources to check on certain staff or when inappropriate activities are suspected.
And My Best Advice Is?
But the best personal advice that I can provide you on this topic is not new or original. In fact, it comes from a very old book that still applies just as much to our 21st Century online world as it did thousands of years ago. “Whoever walks in integrity walks securely, but whoever takes crooked paths will be found out.”
Yes, we all make mistakes. Surely, there can be forgiveness, mercy, second chances and the rebuilding of trust. But the main lesson to learn from the Petraeus story is that inappropriate behavior has consequences – and NOT that the Director of the CIA needed better email processes or technology.
Ultimately, honesty, accountability and forgiveness are still the only approaches that work.
Building effective virtual government requires new ideas and hard work. Security professionals need to be enablers of innovation. From helpful Internet training to defending cloud computing architectures to securing mobile devices, Dan Lohrmann will cover what's hot and what's not in protecting your corner of cyberspace.