In fact, according to an online testing tool, among the military only the Air Force encrypts emails in transit using a technology called STARTTLS, which has existed since 2002. Other branches of the Pentagon, including the Army, the Navy, the Defense Security Service, and DARPA, don't use it. Even the standard military email provider mail.mil, doesn't support STARTTLS.In 1995, Bruce Schneier described email as nothing more than "a postcard that anyone can read along the way." That's been true for many years, and it is still true depending on your email provider. But that's started to change in the last couple of years, with the rise of STARTTLS.STARTTLS is a protocol that encrypts emails travelling from email server to email server. When your email provider doesn't support STARTTLS, your email might be encrypted going from your computer to your provider, but it will then travel across the internet in the clear (unless you used end-to-end encryption.)
"The military should not be sending any email that isn't encrypted, period."
"The military should not be sending any email that isn't encrypted, period. Everything should get encrypted, absolutely everything," he told me on the phone. "There's no excuse."And it's not just the military.Even the FBI, the Office of the Director of National Intelligence (DNI), and the CIA don't implement STARTTLS on their email server, according to the online testing site. The NSA, on the other hand, does.
"I can't think of a single technical reason why they wouldn't use it. It's absurd."