Air Force Launches Encrypted IM Service

nomrniceguy writes "U.S. Air Force's Print News Today announces a new instant messaging service for enlisted people stationed abroad to communicate with their families and loved ones. Users cannot send images, audio or other documents through the system. Messages are also encrypted to prevent unauthorized access."

Perhaps...

[neiffer]

They should be more worried about soliders posting their digital camera photos to public sites than what could be hacked through instant messages...

Re:Perhaps...

[Etcetera]

It's the causal daily chatting to a spouse/partner or story-telling to their children that seems confidental that gets them going and can be colourful and can contain lots of details.

Loose lips sink ships. I wish the trolls here would try to understand that very simple concept.

Encryption?

[AtOMiCNebula]

What's wrong with Jabber, AIM, MSN, or any other chat medium? Sure they might not have encryption (unless the Jabber server has SSL enabled), but then again, I'm sure there's some rule that says that the soldiers shouldn't be sharing secrets or mission critical information with anyone but themselves...

...right? So why the need for encryption to keep the "I hope I'll be home soon, how's the family?" messages private? Unless I'm missing something...

Re:Encryption?

Besides the points given by others here -

If you're going to encrypt any traffic, it's a pretty good idea to encrypt all traffic, because then you're not telegraphing which messages are interesting.

Unsurprising

[Sanity]

Users cannot send images

Gee, I wonder why

Re:Unsurprising

Hmmm. Interesting that you chose to post a link to those, but not this one.

Yeah, I know, this probably belongs in the Politics section.

But what powertool modded this "Funny"?!? Maybe I should register after all...

-Dave

Re:Invalid server certificate?

There's no way a .mil is going to trust Verisign and such, so of course they'd sign their own certificates. It absolutely does NOT make it any less encrypted or less secure...

Unofficial Explination

[Jeffery]

I am in the Air Force, a 2E251, job title is "Computer, Network, Cryptographic, and Switching Systems Journyman". here is how i can best explain why it is encrypted and why we cannot use regular IM products (aim, icq, etc etc...) It isn't that classified or top secret messages are being transmitted across this system, it's simply to keep the enemy from deducing simple things and protecting the members families. Think of it this way, if you have 100 people from the same network ID talking about hopping on a plane for a "Big Mission" the enemy might beable to figure out what's going on. another good reason for encryption is so that when members are like, "Boy, i can't wait to go home for christmas and go to grandma's so and so's house this year" what's to keep enemy's/Terrorists from taking from there grandma's name, finding out where she lives, and then kidnaps her to black mail you, or just out right kill her to hurt the morale of all troops in the sand box. also, due to AFI regulations, regular IM programs are not authorized for use on Air Force Systems, plain and simple, for those exact security reasons. i was in Iraq/Oman for a while back in the summer of 03, and i used this program alot. Thank you all, and i hope this was useful.

Re:Do as we say, not as we do

[Dhalka226]

Yeah. I'm sure no other country in the world is trying to listen in on US conversations, nor are there any countries in the world who try to protect themselves from other countries doing the same to them. It's exclusively a USA-only thing.

Fucking morons.

Re:No images?

[Zeinfeld]

Anyone have a copy of uuencode laying around for them?

It probably does not allow messages that are long enough.

Can't think why the Bush administration would not want soldiers sending back more of those happy snaps from Abu Graihb...

More a political than technical accomplishment

[bzipitidoo]

The US Military is tied up by a lot of rigid rules. They could've been using IPSEC, stunnel, email and PGP, Kerberos, or some other security setup long ago except for the rules. For instance, military personnel aren't allowed to encrypt any data without special permission. Sometimes they will actually use ftp with no protection at all, because it's politically easier to work in the clear than get permission to use openssh. Sometimes an available encryption method, such as DES, isn't "good enough", so instead they operate in the clear. (Well, DES isn't good enough, but it's better than no encryption at all!) Usually, part of getting permission is providing some means for authorities to read the data, which of course breaks the very security they're trying to get.

The testing and certification process is so onerous and lengthy (up to 10 years) that a system can be hopelessly obsolete by the time it finally is certified, if it makes it. Then there's the abuse of the labels "classified", "secret", and so forth to cover up problems. Known flaws in security related software are often kept secret from everyone-- enemies, rival companies, critics and auditors and security experts, not to mention the users. Very convenient for the vendors and their sponsors. Diebold security anyone?

There is the paranoid refusal to use something just because it's from outside the US-- it might have malicious code. And there are the export controls that try to keep technology in the US, implicitly assuming the US is the leader in this area. Ironic that the effect is the loss of US leadership as experts set up elsewhere (OpenBSD in Canada, for example).

And if all that isn't bad enough, the military pushes this idea of responsibility, as in "held responsible" and possibly even sent to jail should any breach in security occur. That makes military base system admins very conservative and risk adverse.