Get Task & Purpose in your inbox
The DoD Will Finally Encrypt Service Member Emails. Here's What That Means For You
In a letter to a watchdog lawmaker last week, the Department of Defense confirmed that it will finally, in 2018, join the 21st century and use a popular basic encryption tool to help make emails to and from .mil addresses more secure. What does that mean for your badass email@example.com account? Let’s break it down.
The Defense Information Systems Agency confirmed to Democratic Sen. Ron Wyden of Oregon, a Senate intelligence committee member, that by next year, the Pentagon’s .mil email will implement STARTTLS for enhanced email encryption — a longstanding application that Wyden has called "a basic, widely used, easily-enabled cybersecurity technology."
The move came after years of poking around by the reporters at Vice and some tough talk from Wyden questioning how the military’s 4.5 million-user cloud-based email service had never implemented STARTTLS before.
"I can't think of a single technical reason why they wouldn't use it," one former U.S. Special Operations Command IT whiz told Vice. A hacker and former Marine similarly told the outlet: "The military should not be sending any email that isn't encrypted, period. Everything should get encrypted, absolutely everything. There's no excuse."
How does STARTTLS work?
Vice’s Motherboard blog has a nice breakdown of STARTTLS, which is what’s called an “opportunistic” encryption app. Basically, when your email server and a recipient’s email server hook up to exchange info, STARTTLS sets up the exchange on the fly as an encrypted transaction. When your emails are sent out into the world without encryption, opportunistic or otherwise, they are as readable as postcards, per Vice:
When your email provider doesn't support STARTTLS, your email might be encrypted going from your computer to your provider, but it will then travel across the internet in the clear (unless you used end-to-end encryption.)... When your email provider, and the email provider of the person you're sending the email to, both support STARTTLS, then the email is protected as it travels across.
Is that a big deal?
Kinda, yeah, but not super-big. STARTTLS has been around since 2002, and Gmail first implemented it in 2004. Vice points out that Google and your other popular private email and social-media sites — including Microsoft, Yahoo, Twitter, and Facebook — have already integrated STARTTLS. In the wake of the NSA surveillance disclosures by contractor Edward Snowden, Facebook led a very public charge to get more sites to use STARTTLS to keep the feds from looking at your emails.
So there’s nothing new here; DoD is simply catching up to a basic encryption technology that’s been around for a decade and a half — long enough now that the vast majority of emails you send and receive communicate with another STARTTLS-equipped server. It has some weaknesses, and it ain’t PGP encryption, but it’s a good start.
What the hell took the military so long?
Well, you probably already know from experience that no Pentagon-level IT policy changes overnight. But more than that, keeping mail.mil STARTTLS-free has also given the military a lot more freedom to snoop through your emails — a freedom DISA was probably reluctant to give up. In a letter to Wyden in April, DISA deputy director Maj. Gen. Sarah Zabel said the agency’s software regularly sweeps incoming soldier email for phishing scams, viruses, and the like.
“DISA currently rejects over 85% of all DoD email traffic coming from the Internet on a daily basis due to malicious behavior,” Zabel wrote. “We also inspect for advanced, persistent threats using detection methods developed using national level intelligence. Many of these detection methods would be rendered ineffective if STARTTLS were enabled.”
In fact, top civil liberties groups like the ACLU have long called for government agencies to use encryption not just to protect their sensitive info, but to help establish a broad pro-encryption consensus in America: If the government gets to encrypt its data, then why shouldn’t free American citizens get the same right? Such a norm might not sit well with government agencies, like the NSA, CIA, and FBI, who rely on signals surveillance to further intelligence and investigative aims.
Beyond that, if the military has to triage its IT systems for info security, it’s probably going to tackle unclassified email servers last, after focusing on secure and closed systems like SIPRNET, the National Military Command Center, and Link 16 tactical data transmission networks.
So now my stuff’s going to be encrypted, but it could be easier to hack?
Well, that was DISA’s initial suggestion: Using STARTTLS could make it harder for the Pentagon to catch and neutralize viruses in your emails. But its decision to migrate everyone’s mail.mil accounts to a new STARTTLS gateway by July 2018 suggests whatever kinks the application threw in DISA’s surveillance have now been worked out.
In the meantime, the service is still adamant that you shouldn’t be passing any sensitive info or clicking any weird links in your nonsecure mail.mil account in the first place, so, you know, keep not doing that.
Any other tips?
Yeah: Download less porn. Seriously. Even if it’s virus-free, that much can’t be healthy, man.
Also, remember the cardinal rule of opsec:
An Austrian soldier was apparently killed by two military working dogs that he was charged with feeding, the Austrian Ministry of Defense announced on Thursday.
She's photographed every major war of the last 20 years. Marine Corps boot camp was something else entirely
Conflict photographer Lynsey Addario has seen a hell of a lot of combat over the past twenty years. She patrolled Afghanistan's Helmand Province with the Marines, accompanied the Army on night raids in Baghdad, took artillery fire with rebel fighters in Libya, and has taken photos in countless other wars and humanitarian disasters around the world.
Along the way, Addario captured images of plenty of women serving with pride in uniform, not only in the U.S. armed forces, but also on the battlefields of Syria, Colombia, South Sudan and Israel. Her photographs are the subject of a new article in the November 2019 special issue of National Geographic, "Women: A Century of Change," the magazine's first-ever edition written and photographed exclusively by women.
The photos showcase the wide range of goals and ideals for which these women took up arms. Addario's work includes captivating vignettes of a seasoned guerrilla fighter in the jungles of Colombia; a team of Israeli military police patrolling the streets of Jerusalem; and a unit of Kurdish women guarding ISIS refugees in Syria. Some fight to prove themselves, others seek to ignite social change in their home country, and others do it to liberate other women from the grip of ISIS.
Addario visited several active war zones for the piece, but she found herself shaken by something much closer to home: the Marine Corps Recruit Depot at Parris Island, South Carolina.
Addario discussed her visit to boot camp and her other travels in an interview with Task & Purpose, which has been lightly edited for length and clarity.
My brother earned the Medal of Honor for saving countless lives — but only after he was left for dead
"As I learned while researching a book about John, the SEAL ground commander, Cmdr. Tim Szymanski, had stupidly and with great hubris insisted on insertion being that night."
Editor's Note: The following is an op-ed. The opinions expressed are those of the author, and do not necessarily reflect the views of Task & Purpose.
Air Force Master Sgt. John "Chappy" Chapman is my brother. As one of an elite group, Air Force Combat Control — the deadliest and most badass band of brothers to walk a battlefield — John gave his life on March 4, 2002 for brothers he never knew.
They were the brave men who comprised a Quick Reaction Force (QRF) that had been called in to rescue the SEAL Team 6 team (Mako-30) with whom he had been embedded, which left him behind on Takur Ghar, a desolate mountain in Afghanistan that topped out at over 10,000 feet.
As I learned while researching a book about John, the SEAL ground commander, Cmdr. Tim Szymanski, had stupidly and with great hubris insisted on insertion being that night. After many delays, the mission should and could have been pushed one day, but Szymanski ordered the team to proceed as planned, and Britt "Slab" Slabinski, John's team leader, fell into step after another SEAL team refused the mission.
But the "plan" went even more south when they made the rookie move to insert directly atop the mountain — right into the hands of the bad guys they knew were there.
Federal court judge Reggie Walton in Washington D.C. has ruled Hoda Muthana, a young woman who left her family in Hoover, Alabama, to join ISIS, is not a U.S. citizen, her attorneys told AL.com Thursday.
The ruling means the government does not recognize her a citizen of the United States, even though she was born in the U.S.
MARINE CORPS BASE QUANTICO, Va. -- The Marine Corps could train as many as eight co-ed companies at boot camp each year, and the general overseeing the effort is hitting back against those complaining that the move is lowering training standards.
"Get over it," Maj. Gen. William Mullen, the head of Training and Education Command told Military.com on Thursday. "We're still making Marines like we used to. That has not changed."
Mullen, a career infantry officer who has led troops in combat — including in Fallujah, Iraq — said Marines have likely been complaining about falling standards since 1775.
"I'm assuming that the second Marine walking into Tun Tavern was like 'You know ... our standards have gone down. They're just not the same as it they used to be,'" Mullen said, referring to the service's famous birthplace. "That has always been going on in the history of the Marine Corps."