US military will finally start encrypting soldiers’ emails
You’d think the military’s email service mail.mil would be more secure than Gmail and other free alternatives, but that’s apparently not the case. A Motherboard investigation in 2015 revealed that while it does have systems in place to protect classified messages, it doesn’t even use STARTTLS — a 15-year-old encryption technology that prevents emails from being intercepted in transit. That exposes unclassified emails to surveillance and leaves them vulnerable as they make their way to recipients. Now, after getting a lot of flak over the lack of security, Pentagon says it will finally start encrypting soldiers’ emails… but not until July 2018.
See, Gizmodo discovered that the military’s email service doesn’t use STARTTLS, because it would prevent the Defense Information Systems Agency (DISA) from screening each message for malware, phishing attempts and exploits. A letter from DISA, which oversees the military’s emails, says its detection methods developed using national level intelligence “would be rendered ineffective if STARTTLS were enabled.” To be able to implement the technology and make it a default feature, it would have to migrate to a “new email gateway infrastructure,” and migration won’t be done until July next year.
DISA has revealed its plans to migrate the military’s email service in a letter addressed to Senator Ron Wyden, who questioned the agency for not using a “basic, widely used, easily enabled cybersecurity technology.” Wyden said in a statement that the move is definitely a step in the right direction, but he’s also pretty unhappy that it’ll take DISA a year to migrate. “Protecting the communications of American servicemen and women should be a priority,” he said, “so I hope the agency accelerates its timeline.”
Source: Gizmodo, Motherboard