
Predator drones use less encryption than your TV, DVDs - kmod
http://arstechnica.com/tech-policy/news/2009/12/predator-drones-use-less-encryption-than-your-tv.ars
======
anigbrowl
Related: [http://www.wired.com/dangerroom/2009/12/not-just-drones-
mili...](http://www.wired.com/dangerroom/2009/12/not-just-drones-militants-
can-snoop-on-most-us-
warplanes/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+WiredDangerRoom+\(Blog+-+Danger+Room\))

While merely embarrassing on the surface, one has to consider the strong
likelihood that the intelligence-gathering operations of other countries have
probably known this for years and could by now have accumulated a vast amount
of data on the disposition and tactics of US forces in multiple theaters. What
an enormous strategic blunder.

~~~
pvg
That sounds somewhat overwrought. You can get much more and higher quality
data on 'the disposition and tactics of US forces' from satellites, traffic
analysis, reading the official sites of US military units and soldier's blogs
than you can from terabytes of narrow-field grainy footage of the Hindu Kush
or Sadr city. It might be of some tactical use to someone engaged in
'asymmetrical warfare' against US forces and is probably even more useful as a
propaganda tool. The intelligence-gathering operations of other countries
probably have more storage space dedicated to episodes of The Simpsons than
intercepted US UAV video.

------
delackner
I would expect more rigorous reporting from ars. The reason that encryption
techniques protecting DVDs and games fail is that the thing doing the
decrypting is the thing that the enemy possesses: the game machine or dvd
player. The machine has to have the decryption key in it somewhere, thus the
whole stack of cards is a sham.

This is totally the opposite. The drones need only have the capacity to
encrypt their video and decrypt command/control information from the host.

Both drone and host are unique devices that could (given their incredible
pricetag) easily have unique public/private key pairs for each drone and each
control station. Before takeoff each could be paired by an exchange of fresh
keys. The only attack is brute-force with an as yet unavailable amount of
computing power.

That they failed to do something like this for so long, well, words fail me.

~~~
cma
>The only attack is brute-force with an as yet unavailable amount of computing
power.

If they were doing it today all they would need is a $30 32 GB flash card full
of random data to use as a one-time pad.

------
defen
_Do they trust their soldiers/Marines with these encryption keys? Don’t know
that._

It's interesting to see how the Army and the MPAA respond differently to the
same problem - it only takes one person to crack the code (or leak the secret
keys) to render the whole scheme useless. The MPAA builds ridiculously complex
encryption schemes in the hopes of slowing people down, and sues the
downloaders it can find. The Army doesn't bother with encryption because it's
too much of a burden, and kills the downloaders it can find.

~~~
likpok
Admittedly, the MPAA doesn't (yet) have the second option. Maybe it's the
better of the two?

------
jordanb
While it's momentarily surprising that the video feeds aren't encrypted,
remember that the lead time on this type of equipment is often measured in
decades. The drones deployed right now were probably designed in the early
90s, using early 90s computers.

No video feed back then was encrypted --- military or otherwise --- because
the computers with the power even to digitize video in real time, let alone
digitize it and then encrypt the digital stream, would have been huge.

It was a common selling point for satellite receivers back then that you could
buy them and use them to watch the raw feed of just about everything being
broadcast, because it was all analog streams being relayed in the clear.
There's actually a pretty good movie floating around the internet called
"Feed," [1] made by a guy recording satellite feeds of the 1992 election
coverage.

[1] <http://www.imdb.com/title/tt0104244/>

~~~
NateLawson
I disagree on the point that digital video is required for scrambling the
feed. Commercial feeds such as HBO have been scrambled since 1986, albeit with
analog schemes. <http://en.wikipedia.org/wiki/Videocipher>

DVB-S came out in 1993 and was one of the first digital standards. It uses
DES-based encryption. <http://www.dvb.org/about_dvb/history/>

While it may have been difficult to fully-encrypt the video with airborne
hardware in the early 1990's, they certainly could have made some effort to
scramble it. And by now, it should have been updated to 2002-era webcam
technology.

Most of the surprise is people confusing the NSA with the military. While the
NSA may have the latest and greatest tech, the military is always much farther
behind.

------
samdk
_"But the Pentagon assumed local adversaries wouldn't know how to exploit it,
the officials said."_

Right. Because people in third-world countries are clearly far too backwards
and ignorant to understand anything involving _computers_ or _technology_.

~~~
notmyname
This is the comment in these stories that has irked me the most.

~~~
aaronblohowiak
It is just political posturing, not an oversight

------
kierank
This isn't really news to the satellite feed community. The military and
private military contractors have been broadcasting unencrypted feeds of
operations for a long time.

~~~
ghshephard
Citation? Any links to a satellite feed community forum in which they've
discussed receiving a predator drone feed?

~~~
kierank
The posts in queston to have been removed (for obvious reasons I presume)

------
wglb
I am wondering if we don't have a bit of an overreaction to this story here.
The presence of the drones is not a secret, nor are their locations.

It wasn't until the recent upgrade of Air Force 1 that the communications
between ground and the president's airplane were encrypted. Anyone with a
short wave radio could listen in.

What exactly is the risk that they are reading this?

------
blhack
Don't mistake what I mean here, General Atomics should be embarassed about
this whole entire ordeal...

But.

Is it really necessary that they encrypt the video streams? The people these
aircraft are surveiling, for the most part, know of the plane's presence. Are
they really gaining THAT much of an advantage of being able to see their _own_
position?

Beyond that--not to go into full tinfoil-hat mode, but maybe this non-
encryption is _intentional_? Letting the surveilled see SOME of the footage,
then playing LOTS AND LOTS more would only serve to confuse/frighten them.

~~~
texel
Usually if you're conducting surveillance, you don't want other people to know
that you know their position. Something tells me that getting access to this
type of information would... lessen.. its strategic use.

But hey, this means I can start sending user logins in cleartext and add in
the product page that we have "military-grade security."

~~~
btilly
But would you be honest and claim military grade unencryption?

------
bcl
I wonder how much the contractor charged us taxpayers for this system?

~~~
ams6110
Not that I really know, but in defense of the contractor I'm guessing that the
Predator-to-satellite uplink and satellite-to-HQ downlink protocols were
dictated by the Pentagon in the RFP and statements of work to use existing
military signal protocols and the contractors really didn't have a lot of
choice in the matter.

------
Estragon
Do the control mechanisms depend on a secure authentication system, at least?
I mean, some of these drones carry weapons...

------
antimora
Someone took too far the "DRM free" slogan.

