For more than a decade, a persistent myth in Washington DC, fueled by several counterterrorism experts, has been that it is possible to hide a communications trail by sharing an email inbox, and instead saving emails in a “draft” folder. This technique has been used by Khaled Sheikh Mohammed, Richard Reid (the shoe bomber), the 2004 Madrid train bombers, terrorists in Germany, as well as some domestic “eco-terrorists.” This technique has appeared in federal court documents as early as 2003, and was described in a law journal article written by a DOJ official in 2004. It is hardly a state secret.
Apparently, this method was also used by General Petraeus. According to the Associated Press, “[r]ather than transmitting emails to the other’s inbox, they composed at least some messages and instead of transmitting them, left them in a draft folder or in an electronic ‘dropbox,’ the official said. Then the other person could log onto the same account and read the draft emails there. This avoids creating an email trail that is easier to trace.”
The problem is, like so many other digital security methods employed by terrorists, it doesn’t work.
Interesting read for those concerned with finding some damn privacy. Looks like PGP is still your friend.