Sen. Ron Wyden, D-Ore., wants to know why the Defense Information Systems Agency has failed to implement a basic encryption technology that would otherwise protect employees’ emails from being intercepted by hackers and foreign intelligence agencies, according to a recent letter sent to DISA Director Lt. Gen. Alan Lynn.
Wyden is requesting information concerning why DISA has lagged behind the vast majority of U.S. intelligence agencies, including the CIA and NSA, in adopting a widely used encryption technology known as STARTTLS to protect unclassified email systems. STARTTLS adds a layer of web encryption over the email protocol SMTP.
[documentcloud url=”http://www.documentcloud.org/documents/3533789-Starttls-Letter-Signed-March-22.html” responsive=true sidebar=false text=false pdf=false]
DISA is responsible for providing email services to the Coast Guard, Army, Navy and Marines.
An agency spokesperson confirmed that DISA received Wyden’s letter.
While the technology is far from a cure-all against hackers that seek to spy on a target, the technology can help ensure the confidentiality of emails that are sent between different military branches.
“I am concerned that DISA is not taking advantage of a basic, widely used, easily-enabled cybersecurity technology,” the letter reads.
Vice’s Motherboard was the first to obtain Wyden’s letter.
Wyden’s staff has been following this issue because the Oregon senator has long been an advocate for strong encryption.
“Until DISA enables STARTTLS, unclassified email messages sent between the military and other organizations will be needlessly exposed so surveillance and potentially compromise by third parties,” Wyden wrote.
The focus on DISA’s poor email security practices represents just the latest in a series of recent policy initiatives by Wyden to shine a spotlight on insufficient digital security standards. He also has spoken extensively about insecurities present in SS7, the telephone network that internationally organizes the transfer of smartphone data.