Friday, December 18, 2009

Pity the poor Predators and their handlers:

Today's scandal concerns the revelation that our terrorist enemies have been intercepting the video that unmanned Predator airplanes transmit to our forces on the ground. It sounds like a terrible black eye for our military that this “hacking” has been going on. (By the way, this is not actually “hacking,” any more than watching TV in your home is “hacking”.) Our enemies need little more than a laptop and a very cheap program to record the video. And many, many hours of Predator surveillance have been discovered on enemy laptops.

I think there's a lot of nonsense in the way the media is reporting this story. I've had a lot of time to think about this encryption issue, because I have been working on another program that transmits video to the ground. (I do not have any government clearance; I have no special knowledge of the Predator program, and I am not about to give away any secrets. Let's just talk sense here.) There are costs to using encryption, even if encryption had been instituted on Predators from Day One. There are costs to having the Predator's video intercepted, and I suspect that these costs are being overhyped. I hope that our military analysts choose a sensible reaction to this monitoring problem, rather than a 'move-plot” reaction (by assuming the fantastically worst possible outcome).

First, let's consider the costs of operating an encrypted system. Today's powerful computers can probably encrypt and decrypt a video stream on the fly, so that there will be no delay in using the video on the ground. That may not have been the case when the current Predator design was approved. It's possible that encryption was not included from day one because adding this feature would have made the program much more difficult, delayed it, and made it less useful.

Today, as the media have discussed, the problem is that adding encryption to all the relevant government computers is a considerable cost, and a likely delay. During such an upgrade, some computers that need to run flawlessly may be temporarily incompatible with the encrypted feed; or they may assume that the feed is encrypted when in fact it is not. Such confusion hurts us, possibly more than the current open feed helps our enemies.

Let's assume that we do upgrade all Predators to use encryption. There will still be an ongoing cost, possibly a painful one. The Predator and its ground crew will have to share the password to be able to view the video. Obviously, all Predators cannot use the same wired-in password all the time, because when that password is leaked or guessed, everything would be in the open again. Sometimes the ground crews and the Predator will fail to share the same password. (This is a corollary of Murphy's law, trust me on this.) So using encryption means that some entire flights will be useless.

Finally, I would like to speculate about what our enemies are getting by viewing our Predator video. I am not impressed by the argument that it tells then where our troops are. There are other ways to know where a Predator is, and one good way would be to intercept its video stream even without being able to read the stream. I am sure that anyone with access to hundreds of hours of Predator video can figure out something useful about our military habits, by analyzing what we choose to make our Predators examine, and by analyzing what we choose to look at most closely. But it's possible that we could post all this Predator video on the web and be no worse off. (We would actually be better off, because hundreds of Americans would spend their own time examining the video, and reporting important phenomena that are hard to see, under stress in the field.)

Now let's remember the bottom line: there are costs to encrypting, and costs to not encrypting. Someone has to balance these costs and decide how to spend our military time and money most wisely. Let's not let embarrassment stampede us into action.


Anonymous said...

Precision channels Schneier!

Ender said...

I agree, and there are even more issues than you mention with a potential switchover to encryption. Receivers aren't just at major Predator operations centers or airbases - these signals are also sent to ROVER units carried by forward air controllers (essentially, the troops who call in airstrikes). They have to carry the equipment (and any passwords) with them, and the resultant logistical and technical headache of including decryption capabilities to hundreds (thousands?) of receivers spread throughout the warzone is a real problem. During a potential switchover, you'd have the added headache of having to keep dual capabilities of encrypted an unencrypted feeds until all receivers and transmitters were shifted.

Nor is the problem limited to Predators. While they started on UAVs, the military started adding them to AC-130s and now pretty much every plane in the combat zone. They'd have to overhaul the system on all of those aircraft (though, to be fair, they're less susceptible to interception since their signals are not omnidirectional and not transmitted continuously as in UAVs).

I think the bigger question is what to do in a more evenly matched fight. What if a technically sophisticated enemy could use some fancy ECW to disrupt (or worse, fake) the signals? UAVs across the theater might crash without instructions (they currently have limited autonomy, but nothing fancy), ongoing operations could be compromised, and our troops would be suddenly blind. Now *that* is a reasonable concern, but one that's not particularly relevant to today's wars.

The military has known about this potential vulnerability for a LONG time (I saw one report arguing they discussed it in 1996!), and it has been frequently brought up as a potential issue. While one can imagine that maybe the military is incompetent, I think that they probably carefully weighed the options and decided that for today's wars, the vulnerability will just have to exist.

No one at the Pentagon imagined that the Predator program (initially a handful of planes built on the cheap with off-the-shelf components) would turn into dozens of continual 'orbits' in the air over two giant countries, a fundamental shift in USAF future procurements planning, or that the transmission system cobbled together in the early 90s would be copied and integrated into a vast network of transmitters on every USAF plane and receivers with hundreds of units in the field.

Kudos for your level-headed approach to the issue. said...

Thanks for a terrific addition to this entry!
- PB