A personal e-mail account like Petraeus’s almost certainly would not have contained any high-level intelligence; he probably didn’t keep a list of secret drone-base coordinates on his Google docs account. But access to the account could have provided telling information on, for example, Petraeus’s travel schedule, his foreign contacts, even personal information about himself or other senior U.S. officials.
Private e-mail services like Google’s, though considered significantly more secure than most, still have susceptibilities to foreign intrusion. And it happens. Technology writers have sometimes discussed what one writer called the “password fallacy,” the false sense of safety created by access systems such as Google’s that balance security against ease of use. Even with Google’s extra security features, the company must also avoid making security so onerous as to drive away customers, making it an easier target for foreign hackers even before Petraeus possibly started sharing access and thus diluting the account’s integrity. And, as a Wired magazine investigation demonstrated in August, personal e-mail accounts often allow hackers access to other personal accounts, worsening both the infiltration and the damage.