What’s the difference in the email scandal that rocked Trinidad and Tobago and the one that cost General David Petraeus’ his job at the CIA?
That’s the opinion of Umesh Varma, a technology professor at Cambell University in North Carolina.
Varma told the Baltimore Post-Examiner that in Petraeus’s case, a digital footprint was found that investigators used as proof of the General’s inappropriate behavior.
“The two cases are the same. The only difference is that in the General’s case there was a successful link established between client and server computers… some information can be gathered through Google cache (what investigators call “metadata” of email). Hard copy does not normally show metadata. Most of the metadata resides on mail servers.”
In the case of Rowley, hard copies reportedly only exist.
“You can always challenge the hard copy emails. It is unlikely that someone can change server logs to trap another person. Server logs are system generated. Any tempering would be caught easily using anomaly detection,” Varma said.
How Petraeus got caught
Petraeus’s affair with his biographer Paula Broadwell is what landed him on a slippery slope after Broadwell sent emails to another woman’s computer, which included contents of messages that appeared to have come from Petraeus’s email account. Investigators thought there was a cyber breach.
The United States Justice Department and other high-level officials, including Attorney General Eric Holder, were aware of the investigations into General Petraeus.
After months of investigating, certain parts of the investigation were approved, in particular, the metadata information from the servers, the actual center of digital communications where all data, processed through emails, are stored forever, even if one deletes the actual sent and received messages on their personal computers. The messages can still be combed out of the Google server.
“Over the course of the probe, prosecutors realized there wasn’t a cyber-breach. Instead, Mr. Petraeus had shared some access to the account. How was it established? From the evidence from server logs, with Ms. Broadwell, possibly to exchange messages, these people (investigators) said,” noted Professor Varma.
Why Rowley’s emails won’t stand in court
Varma explained that in the case of opposition leader Keith Rowley, he only presented hard copy emails, which are not proof of an authentic exchange between the parties accused.
Another challenge with the hard copy emails is that it can be seen as email spoofing, where hackers gain unauthorized access to someone’s computer and send messages to another’s as if the messages are coming from a trusted host.
Varma said anyone can create hard copies of what looks like an email exchange between persons and present it to the police if the contents are incriminating in nature. But it cannot be used as proof in a court of law in the absence of the electronic exchange between the parties.
Emails could have some truth in them
Varma explored the theory that Rowley’s batch of emails might be true, but said if there was indeed such an exchange, it could have been doctored.
“If the government officials were involved in email exchanges (server has associated metadata), accept the fact that email indeed was generated, but the content of the messages were altered to frame the government. The only way to verify if the content was not altered was to create a hash (MD5) value of the message and compare at both sending and receiving end, which was not done. Why? Once you print a document (printout of e-mails) the hash value of message changes (remember, there are no digital signatures attached). There is no way on earth the accuser can prove that the message was NOT altered. If the sender ‘message’ and the receiver ‘message’ hash do not match the court does not consider the evidence credible.”
“So, the government’s argument: yes, it’s our email (based on server identification) but the message body was altered to frame us,” Varma said.
How General Petraeus could have saved his job
In the case of Petraeus, Varma said he could have saved his job if there was no metadata available on the servers to connect evidence to his computer or tablet.
“He could have argued that he is the victim of e-mail spoofing/network traffic tempering/network packet injection etc. Even a copy of e-mail on his computer does not prove anything because anyone could have hacked into his PC and planted the contents. It is the investigator’s ability to connect and extract the relevant metadata (e-mail headers, URLs, IP addresses, DNS entry, routing information, date, time, any signatures etc.) to the e-mail in question can make or break the case.”
If Petraeus wanted to have an affair without getting caught Varma’s advice is the General should not have used the phone or e-mails as communication methods.
“Just go to your web-based email and write the mail and leave it in “Draft” folder and let the girl friend read from “draft” (assuming he shares his ID/PW with the woman) and never click the “SEND” button (means you are not generating any server traffic, no server logs of e-mails, no metadata to discover, not using any email protocols – SMTP, POP, IMAP etc. – and the “other” person reads the mail from “Draft” and simply delete!),” he said. “You can fool the entire law enforcement and forensics experts and never get caught. And still be able to communicate. It’s a low tech solution but works.”
Varma said “all the connected servers would keep most of the metadata. As long as a person has not e-mailed anything there is no way any/all servers would connect their metadata to the person’s computer.”