Email lessons from Gen. Petraeus' downfall
Simply put, emails generally lay out the tracking information - where they originated and what servers they touched along the way.
However, Jones also said with some work it is possible to hide that trail when sending emails.
"It's very easy to not be traced," said Jones, who noted that he's able to use email in about half the digital investigations they do. "If you take a little bit of effort, you can make it look like it came from someplace else... You can fake the originating address by using an anonymizer."
An anonymizer -- also known as an anonymous proxy -- is a tool specifically designed to make online activity, like emails, untraceable. With email, it hides the sender's identifying information by accessing the Internet on the sender's behalf.
Jones explained that it's akin to someone handing him an envelope to deliver. Jones makes the delivery instead of the other person and he puts his own information in the return address space on the envelope.
The issue is that most people, whether they're sending emails about corporate marketing plans, threats or messages to mistresses, don't bother to use an anonymizer. They simply think that no one, other than the intended recipient, will ever see the messages that they're sending.
"Most individuals and businesses don't think twice about sending private or confidential information over email," said Patrick Moorhead, an analyst with Moor Insights & Strategy. "All it takes is one person knowing your PC, phone, or email password and your email could be read by another person."
And when it comes to company email systems, people should think twice when assuming that no one is paying attention.
"For work email, assume someone is reading your email as someone or something probably is," said Moorhead. "Most companies have filters that read every email, looking for offending words and images that don't comply with corporate standards."
Jones also noted that for most people sending illicit emails, they are going to be fairly easy to trace.
"You know, they could be texting too," he added. "If I were to cheat, I would be texting instead of emailing. Text message retention policies are usually very short -- just a couple of days with the provider.
"If you're cheating or threatening someone, email isn't the smartest tool to use unless you really know what you're doing," said Jones.
Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at @sgaudin, on Google+ or subscribe to Sharon's RSS feed . Her email address is email@example.com.
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
- NSA collects data from millions of cellphones daily
- Perspective: Curbing data use is key to reining in NSA
- Lavabit-DOJ dispute zeroes in on encryption key ownership
Read more about Privacy in Computerworld's Privacy Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts