Gmail and the CIA ... and China! ... and Fox News!
When I wrote, last week, about the insecurity of Gmail, I was intending to gently mock the idea that the CIA might have such a bad sense of how Gmail works (and the Terms of Service under which it is provided) that it could possibly think Gmail was a secure platform for covert communications. One correspondent did take me slightly to task (suggesting that the CIA might use Gmail under the principle of "security through obscurity") but I was reasonably confident that nobo
Published by The Lawfare Institute
in Cooperation With
When I wrote, last week, about the insecurity of Gmail, I was intending to gently mock the idea that the CIA might have such a bad sense of how Gmail works (and the Terms of Service under which it is provided) that it could possibly think Gmail was a secure platform for covert communications. One correspondent did take me slightly to task (suggesting that the CIA might use Gmail under the principle of "security through obscurity") but I was reasonably confident that nobody could have that sort of misunderstanding of systemic operations. Two recent events, however, point in opposite directions:
First, we learn from today's Washington Post that when Chinese hackers breached Google back in 2010, they may have gained access to files that indicated which Gmail accounts were under surveillance by the FBI -- evidently with the intention of trying to figure out which Chinese agents were known to the FBI and subject to scrutiny. This suggest two things, of course: First, that since the FBI was using Gmail accounts to try and track Chinese agents, the possibility that Gmail was insecure (in this case through appropriate domestic legal process) was well known. And, second, not only was it known to the US government but also apparently to the Chinese who demonstrated Gmail's insecurity to inappropriate non-legal process as well. Given the events of 2010, it strikes me as even =more= unlikely that using Gmail would be part of CIA tradecraft in 2013.
On the other hand, we now also know (again thanks to the Washington Post) that James Rosen, the Fox News reporter almost certainly communicated some of the time with his alleged source Stephen Jin-Woo Kim through a Gmail account. Those communications are at the heart of a leak investigation in which DOJ is, as Jack has noted, pushing very hard. So, apparently what I consider an obvious lapse in tradecraft is, to at least one sophisticated news reporter, .... a surprise. And if Fox News doesn't know that Gmail is insecure, maybe it is too much to expect that the CIA would know.
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.