Cold War encryption is unrealistic in today’s trenches

by Bruce Schneier

Sometimes mediocre encryption is better than strong encryption, and sometimes no encryption is better still.

The Wall Street Journal reported last week that Iraqi, and possibly Afghan, militants are using commercial software to eavesdrop on U.S. Predators, other unmanned aerial vehicles (UAVs) and even piloted planes. The systems weren’t “hacked” — the insurgents can’t control them — but because the downlink is unencrypted, they can watch the same video stream as ground coalition troops.

The naive reaction is to ridicule the military. Encryption is so easy that HDTVs do it — just a software routine and you’re done — and the Pentagon has known about this flaw since Bosnia in the 1990s. But encrypting the data is the easiest part; key management is the hard part. Each UAV needs to share a key with the ground station. These keys have to be produced, guarded, transported, used and then destroyed. And the equipment, both the Predators and the ground terminals, needs to be classified and controlled, and all the users need security clearance.

The command and control channel is, and always has been, encrypted — because that’s both more important and easier to manage. UAVs are flown by airmen sitting at desks on U.S. military bases, where key management is simpler. But the video feed is different. It needs to be available to all sorts of people, of varying nationalities and security clearances, on a variety of field terminals, in a variety of geographical areas, in all sorts of conditions — with everything constantly changing. Key management in this environment would be a nightmare.

Further, how valuable is this video downlink to the enemy? The main fear seems to be that the militants watch the video, notice their compound being surveilled and flee before the missiles hit. Or they may notice a bunch of Marines in a recognizable area and attack them. This might make a great movie scene, but it’s unrealistic. Without context, and just by peeking at random video streams, the risk caused by eavesdropping is low.

Contrast this with the additional risks if you encrypt: A soldier in the field doesn’t have access to the real-time video because of a key-management failure; a UAV can’t be quickly deployed to a new area because the keys aren’t in place; we can’t share the video information with our allies because we can’t give them the keys; most soldiers can’t use this technology because they don’t have the right clearances. Given this risk analysis, not encrypting the video is almost certainly the right decision.

There is another option, though. During the Cold War, the National Security Agency’s primary adversary was Soviet intelligence, and it developed its crypto solutions accordingly. Even though that level of security made no sense in Bosnia, and doesn’t in Iraq and Afghanistan, it is what the NSA had to offer. If you encrypt, they said, you must do it “right.”

The problem is, the world has changed. Today’s insurgent adversaries don’t have KGB-level intelligence-gathering or cryptanalytic capabilities. At the same time, computer and network data gathering has become much cheaper and easier, so they have technical capabilities the Soviets could only dream of. Defending against these sorts of adversaries doesn’t require military-grade encryption only where it counts; it requires commercial-grade encryption everywhere possible.

This sort of solution would require the NSA to develop a whole new level of lightweight commercial-grade security systems for military applications — not just office-data “Sensitive but Unclassified” or “For Official Use Only” classifications. It would require the NSA to allow keys to be handed to uncleared UAV operators, and perhaps read over insecure phone lines and stored in people’s back pockets. It would require the sort of ad hoc key-management systems you find in Internet protocols, or in DRM systems. It wouldn’t be anywhere near perfect, but it would be more commensurate with the actual threats.

And it would help defend against a completely different threat facing the Pentagon: The PR threat. Regardless of whether the people responsible made the right security decision when they rushed the Predator into production, or when they convinced themselves that local adversaries wouldn’t know how to exploit it, or when they forgot to update their Bosnia-era threat analysis to account for advances in technology, the story is now being played out in the press. The Pentagon is getting beaten up because it’s not protecting against the threat — because it’s easy to make a sound bite where the threat sounds really dire. And now it has to defend against the perceived threat to the troops, regardless of whether the defense actually protects the troops or not. Reminds me of the TSA, actually.

So the military is now committed to encrypting the video . . . eventually. The next generation Predators, called Reapers (Who names this stuff? Second-grade boys?) will have the same weakness. Maybe we’ll have encrypted video by 2010, or 2014, but I don’t think that’s even remotely possible unless the NSA relaxes its key-management and classification requirements and embraces a lightweight, less secure encryption solution for these sorts of situations. The real failure here is the failure of the Cold War security model to deal with today’s threats.

Bruce Schneier is a security technologist. His latest book is “Schneier on Security.” Read about him at www.schneier.com