Later On

A blog written for those whose interests more or less match mine.

The Pentagon Still Doesn’t Encrypt Its Emails

leave a comment »

Lorenzo Franceschi-Bicchierai reports at Motherboard:

A year and a half ago, a Motherboard investigation revealed that several US government agencies, weren’t using basic, easy-to-implement, encryption technology, failing to protect their employees emails travelling across the internet. At the time, the Army, the Navy, and even the CIA and FBI didn’t use the widespread email encryption technology known as STARTTLS.

Since then, the FBI, NSA, CIA, the Director of National Intelligence and the Department of Homeland Security have all adopted it. But the Defense Information Systems Agency or DISA, the Pentagon’s branch that oversees email through the mail.mil service, and other technologies, still has not, according to an online testing tool.

And one of the most tech savvy people in Congress is starting to wonder what’s going on. In a letter sent to DISA last week, Sen. Ron Wyden (D-Oregon) slammed the agency for failing to turn STARTTLS on.

“I am concerned that DISA is not taking advantage of a basic, widely used, easily-enabled cybersecurity technology,” Wyden wrote in the letter, which was obtained by Motherboard. “Indeed, until DISA enables STARTTLS, unclassified email messages sent between the military and other organizations will be needlessly exposed so surveillance and potentially compromise by third parties.”

DISA, which is responsible for providing email services to the Army, the Navy, the Marines and the Coast Guard, declined to comment.

“DISA did receive Senator Wyden’s letter and is in the process of providing a formal response back to the senator,” a DISA spokesperson said in an email. “As such, we will not comment further until Senator Wyden is provided that response.”

Historically, emails used to travel across the internet completely completely exposed. That’s why the famed security expert Bruce Schneier once said that email is nothing more than “a postcard that anyone can read along the way.” That has obviously changed in recent years, thanks to the adoption of an old protocol called STARTTLS, which adds an opportunistic layer of web encryption (TLS) over the email protocol SMTP. . .

Continue reading.

Written by LeisureGuy

31 March 2017 at 4:21 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s