Basic decade-old encryption technology is finally coming to Pentagon email servers next year.
Image: Department of Defense
For years, major online email providers such as Google and Microsoft have used encryption to protect your emails as they travel across the internet.
That technology, technically known as STARTTLS, isn't a cutting edge development—it's been around since 2002. But since that time the Pentagon never implemented it. As a Motherboard investigation revealed in 2015, the lack of encryption potentially left some soldiers' emails open to being intercepted by enemies as they travel across the internet. The US military uses its own internal service, mail.mil, which is hosted on the cloud for 4.5 million users.
But now the Defense Information Systems Agency or DISA, the Pentagon's branch that oversees email, says it will finally start using STARTTLS within the year, according to a letter from DISA.
DISA's promise comes months after Senator Ron Wyden (D-Oregon) said he was concerned that the agency wasn't taking advantage of "a basic, widely used, easily-enabled cybersecurity technology."
A letter from vice director of DISA Sarah Zabel to Wyden, which Wyden's office shared with Motherboard, said that "the use of STARTTLS will be implemented as part of the migration to the new email gateway infrastructure." The migration will be done "in July 2018," the letter reads.
Wyden celebrated the announcement, telling Motherboard in a statement that this is the "right thing" to do and that "for far too long, many of the unclassified email messages sent and received by members of the military have been left vulnerable to surveillance by foreign governments and hackers." (There have been no public reports of foreign governments intercepting Pentagon email.)
But the senator also noted that it shouldn't take so long for DISA to implement it.
"Protecting the communications of American servicemen and women should be a priority, so I hope the agency accelerates its timeline," Wyden said in the statement.
A DISA spokesperson did not immediately respond to Motherboard's emailed request for comment.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.