Related: http://www.wired.com/dangerroom/2009/12/not-just-drones-mili...

While merely embarrassing on the surface, one has to consider the strong likelihood that the intelligence-gathering operations of other countries have probably known this for years and could by now have accumulated a vast amount of data on the disposition and tactics of US forces in multiple theaters. What an enormous strategic blunder.

I would expect more rigorous reporting from ars. The reason that encryption techniques protecting DVDs and games fail is that the thing doing the decrypting is the thing that the enemy possesses: the game machine or dvd player. The machine has to have the decryption key in it somewhere, thus the whole stack of cards is a sham.

This is totally the opposite. The drones need only have the capacity to encrypt their video and decrypt command/control information from the host.

Both drone and host are unique devices that could (given their incredible pricetag) easily have unique public/private key pairs for each drone and each control station. Before takeoff each could be paired by an exchange of fresh keys. The only attack is brute-force with an as yet unavailable amount of computing power.

That they failed to do something like this for so long, well, words fail me.

Do they trust their soldiers/Marines with these encryption keys? Don’t know that.

It's interesting to see how the Army and the MPAA respond differently to the same problem - it only takes one person to crack the code (or leak the secret keys) to render the whole scheme useless. The MPAA builds ridiculously complex encryption schemes in the hopes of slowing people down, and sues the downloaders it can find. The Army doesn't bother with encryption because it's too much of a burden, and kills the downloaders it can find.

While it's momentarily surprising that the video feeds aren't encrypted, remember that the lead time on this type of equipment is often measured in decades. The drones deployed right now were probably designed in the early 90s, using early 90s computers.

No video feed back then was encrypted --- military or otherwise --- because the computers with the power even to digitize video in real time, let alone digitize it and then encrypt the digital stream, would have been huge.

It was a common selling point for satellite receivers back then that you could buy them and use them to watch the raw feed of just about everything being broadcast, because it was all analog streams being relayed in the clear. There's actually a pretty good movie floating around the internet called "Feed," [1] made by a guy recording satellite feeds of the 1992 election coverage.

[1] http://www.imdb.com/title/tt0104244/

"But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said."

Right. Because people in third-world countries are clearly far too backwards and ignorant to understand anything involving computers or technology.

This isn't really news to the satellite feed community. The military and private military contractors have been broadcasting unencrypted feeds of operations for a long time.

I am wondering if we don't have a bit of an overreaction to this story here. The presence of the drones is not a secret, nor are their locations.

It wasn't until the recent upgrade of Air Force 1 that the communications between ground and the president's airplane were encrypted. Anyone with a short wave radio could listen in.

What exactly is the risk that they are reading this?

Don't mistake what I mean here, General Atomics should be embarassed about this whole entire ordeal...

But.

Is it really necessary that they encrypt the video streams? The people these aircraft are surveiling, for the most part, know of the plane's presence. Are they really gaining THAT much of an advantage of being able to see their own position?

Beyond that--not to go into full tinfoil-hat mode, but maybe this non-encryption is intentional? Letting the surveilled see SOME of the footage, then playing LOTS AND LOTS more would only serve to confuse/frighten them.

I wonder how much the contractor charged us taxpayers for this system?

Do the control mechanisms depend on a secure authentication system, at least? I mean, some of these drones carry weapons...

Someone took too far the "DRM free" slogan.