Sen. Wyden calls out Pentagon for not adopting email encryption technology

The senator from Oregon wants to know why DISA isn't using STARTTLS.
Sen. Ron Wyden, D-Ore., pictured at the Web 2.0 Summit (Flickr / JD Lasica)

Sen. Ron Wyden, D-Ore., wants to know why the Defense Information Systems Agency has failed to implement a basic encryption technology that would otherwise protect employees’ emails from being intercepted by hackers and foreign intelligence agencies, according to a recent letter sent to DISA Director Lt. Gen. Alan Lynn.

Wyden is requesting information concerning why DISA has lagged behind the vast majority of U.S. intelligence agencies, including the CIA and NSA, in adopting a widely used encryption technology known as STARTTLS to protect unclassified email systems. STARTTLS adds a layer of web encryption over the email protocol SMTP.

[documentcloud url=”” responsive=true sidebar=false text=false pdf=false]

DISA is responsible for providing email services to the Coast Guard, Army, Navy and Marines.


An agency spokesperson confirmed that DISA received Wyden’s letter.

While the technology is far from a cure-all against hackers that seek to spy on a target, the technology can help ensure the confidentiality of emails that are sent between different military branches.

“I am concerned that DISA is not taking advantage of a basic, widely used, easily-enabled cybersecurity technology,” the letter reads.

Vice’s Motherboard was the first to obtain Wyden’s letter.

Wyden’s staff has been following this issue because the Oregon senator has long been an advocate for strong encryption.


“Until DISA enables STARTTLS, unclassified email messages sent between the military and other organizations will be needlessly exposed so surveillance and potentially compromise by third parties,” Wyden wrote.

The focus on DISA’s poor email security practices represents just the latest in a series of recent policy initiatives by Wyden to shine a spotlight on insufficient digital security standards. He also has spoken extensively about insecurities present in SS7, the telephone network that internationally organizes the transfer of smartphone data.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts