The reason the U.S. military didn’t encrypt video streams from drone aircraft flying over war zones is that soldiers without security clearances needed access to the video, and if it were encrypted, anyone using it would require security clearance, a military security expert says.
“Operational information that’s considered perishable has by and large been treated by the military as unclassified,” says David Kahn, CEO of Covia Labs, which sells software for encrypted communications among devices used in military and emergency response missions. Since the video is unclassified, no special clearance is required by personnel who access it to do their jobs, he says.
Drone video traffic was intercepted by insurgents in Iraq and Afghanistan from satellite broadcasts from the unmanned drones to the ground. The insurgents used commercial satellite intercept software sold over the Internet that is advertised to grab movies and other entertainment out of the air without benefit of service-providers’ gear or service contracts.
The military says it has taken care of the drone problem since it was discovered in July, but didn’t specify how.
Kahn says that the video information loses its value so rapidly that the military may have decided it wasn’t worth the effort to encrypt it. “Even if it were a feed off a drone with attack capabilities, and even if the bad guys saw that the drone was flying over where they were at that moment, they wouldn’t have the chance to respond before the missile was fired,” he says.
Classified data would have to be encrypted using hardware encryption, which would require upgrades of a significant amount of equipment, and the military might have determined it just wasn’t worth the effort. The military likes to minimize hardware encryption especially in devices used in the field in case the gear falls into the hands of the enemy, Kahn says. “The answer to the question of why people know about the hole and allowed it to persist is that it was so difficult to plug the hole,” he says. “There was a legitimate need for people without clearance to see the data, so a decision was made to let it continue. Now they know it was exploited, they need to close it.”
Kahn says his company offers a middle ground that supports a software sandbox for secure end-to-end encryption of data and issuance of public and private keys to all the devices that need to communicate with each other during a particular mission. When the mission is over, the keys are revoked and the devices lose the ability to communicate with each other, he says.