Why isn’t US military email protected by standard encryption tech?

One of the United States Senate’s most tech-savvy members is asking why much of the US military’s email still isn’t protected by standard STARTTLS encryption technology.

Last month, Sen. Ron Wyden (D-Oregon) shared his concerns with DISA, the federal organization that runs mail.mil for the US army, navy, marines and the Coast Guard:

The technology industry created STARTTLS fifteen years ago to allow email servers to communicate securely and protect email messages from surveillance as they are transmitted over the internet. STARTTLS is widely supported by email server software but, critically, it is often not enabled by default, meaning email server administrators must turn it on.

Wyden noted that major tech companies including Google, Yahoo, Microsoft, Facebook, Twitter, and Apple use STARTTLS, as do the White House, Congress, NSA, CIA, FBI, Director of National Intelligence, and Department of Homeland Security – but not DISA.

A 2015 Motherboard investigation originally uncovered the limited use of STARTTLS by U.S. government security agencies. Since then, Motherboard reports, many of the aforementioned agencies have started using STARTTLS – but not DISA.

Wyden observed that “until DISA enables STARTTLS, unclassified email messages sent between the military and other organizations will be needlessly exposed to surveillance and potentially compromised by third parties”.

Even if all the military messages sent through DISA’s servers are unclassified, if Wyden is correct, this might conceivably give adversaries additional insights into the US military’s structure, decision-makers, and decision-making processes.

Early reports on Wyden’s letter quoted DISA as saying that it would respond formally to him. DISA told Naked Security:

We are not at liberty to discuss specific tactics, techniques, and procedures by which DISA guards DOD email traffic. Email is one of the largest threat vectors in cyberspace. We can tell you that DISA protects all DOD entities with its Enterprise Email Security Gateway Solution (EEMSG) as a first line of defense for email security.

DISA’s DOD Enterprise Email (DEE) utilizes the EEMSG for internet email traffic and currently rejects more than 85% of daily email traffic due to malicious behavior. DISA inspects the remaining 15% of email traffic to detect advanced, persistent cybersecurity threats. The Agency always makes deliberate risk-based decisions in the tools it uses for cybersecurity, to include email protocols for the DoD.

In the “news you can use” spirit, this might be a good time for a brief primer on STARTTLS. This SMTP extension aims to partially remedy a fundamental shortcoming of the original SMTP email protocol: it didn’t provide a way to signal that email communication should be secured as messages hop across servers towards their destinations.

Using STARTTLS, an SMTP client can connect over a secure TLS-enabled port; the server can then advertise that a secure connection is available, and the client can request to use it.

STARTTLS isn’t perfect. It can be vulnerable to downgrade attacks, where an illicit “man-in-the-middle” deletes a server’s response that STARTTLS is available. Seeing no response, the client sends its message via an insecure connection, just as it would have if STARTTLS never existed. But, as the Internet Engineering Task Force (IETF) puts it, this “opportunistic security” approach offers “some protection most of the time”.

IETF says protocols like STARTTLS are:

…not intended as a substitute for authenticated, encrypted communication when such communication is already mandated by policy (that is, by configuration or direct request of the application) or is otherwise required to access a particular resource. In essence, [they are] employed when one might otherwise settle for cleartext.

For context, Google reports that 88% of the Gmail messages it sends to other providers are now encrypted via TLS (in other words, both Google and the other provider supports TLS/STARTTLS encryption); 85% of messages inbound to Gmail are encrypted.

Would STARTTLS offer value in securing the military communications DISA manages through mail.mil? From the outside, it’s easy to say “Yes”. But it sure would be fascinating to hear the technical conversation between DISA’s security experts and Senator Wyden’s.

Email service providers are caught on the horns of a dilemma, it seems. Naked Security’s Paul Ducklin says:

STARTTLS only deals with server-to-server encryption of the SMTP part, so it isn’t a replacement for end-to-end encrypted email in environments where that’s appropriate. In other words, there are situations in which you may be able to make a strong case for not needing STARTTLS. But my opinion is that it’s easier just to turn on STARTTLS anyway – just think of all the time you’ll save not having to keep explaining that ‘strong case’ of yours.

As for you: if you aren’t using STARTTLS wherever it’s available to you, why not?