With the revelation that a senior executive at the Office of the Secretary of Defense surreptitiously promoted a dog fighting venture using an encrypted messaging application, there’s a light on DoD privacy policies.
The Department of Justice announced that Frederick Douglass Moorefield, Deputy Chief Information Officer for Command, Control, and Communications (DCIO C3) for OSD was arrested last week on charges of facilitating a secret dog fighting ring that included the execution of the dogs that didn’t win.
Fox News reported that Moorefield and friend who was also involved used an encrypted messaging application “to communicate about dog fighting, share tips on training and plan how to avoid detection from law enforcement, officials said. They also used code names to represent their respective operations – Moorefield used “Geehad Kennels” and Flythe used “Razor Sharp Kennels.”
Authorities reportedly rescued at least a dozen dogs while serving warrants at these individuals’ residences in September. At the premises, they found veterinary steroids, training equipment and jumper cables that were of the type “used to execute dogs that lose dogfights.”
According to DoD, the DCIO C3 “focuses on empowering data access through mobile devices and networks and leveraging spectrum resources”. Kevin Mulvihill is the Acting DCIO for Command, Control, & Communications, a position he presumably assumed after Mr. Moorefield’s dismissal.
As Acting DCIO, Mulvihill provides “technical expertise and broad guidance on policy, programmatic and technical issues relating to C3 to integrate and synchronize defense-wide communications and infrastructure programs,” the Department’s CIO page explains.
The allegations against Mr. Moorefield are dismaying. However, the fact that a senior executive engaged in this sort of operation is unlikely to actually push OSD and DoD to issue new guidance on employees’ use of private encrypted apps for communication.
I reached out to OSD for comment on the fallout from the charges against Mr. Moorefield and the use of commercial encrypted applications for non-work-related activities by Pentagon senior executives. I specifically asked whether OSD or DoD is undertaking a review of its policy regarding executives’ use of commercially available encrypted messaging apps?
“We are not reviewing the use of messaging apps at this time,” OSD spokesman, Lieutenant Commander (USN) Timothy Gorman said in an emailed response.
I also queried OSD as to whether it is undertaking a review of secondary part time jobs or private ventures its executives/employees may be engaged in. LCDR Gorman offered no further information.
The use of commercial encrypted communications applications by federal government and DoD employees is widespread according to an expert background source I spoke with.
There’s a broad selection of encrypted communications apps which offer mobile device messaging with end-to-end encryption (E2EE). This allows only the sender and the receiver to decipher and read the message.
These apps further claim to ensure privacy by not collecting or storing messages on their servers. A decade ago, Apple’s iMessage made headlines with reports that the government couldn’t crack its encryption without decryption keys which newer information technology companies were not legally required to provide.
In 2021, Apple refused to turn over user encryption keys to federal investigators seeking to thwart drug dealing operations in Washington, D.C. and Virginia. Investigators found a workaround leveraging Apple’s iCloud. But a wide variety of E2EE texting apps in use today don’t present such an opportunity.
Among the most popular are Signal, Telegram, Dust, Wickr and Apple
AAPL
Interestingly at 62 years old, Mr. Moorefield is likely an outlier among government users of E2EE apps. Most tend to be younger according to the source. Those in DoD Senior Executive Service are less aware of such technology simply based on their average age.
But they are also savvy public servants who, like politicians, actively seek to guard their privacy. As OSD’s DCIO, Mr. Moorefield, was certainly attuned to technology. The possibility that other similarly tech savvy executives young or older in sensitive DoD positions could coordinate – not just participate in – activity outside their Department roles using E2EE apps has serious national security implications.
Even so, any change in Department policy regarding use of these apps on non-government issued private phones is unlikely according to my source. OSD’s spokesman did not clarify whether Mr. Moorefield used his personal device(s) to engage in communications regarding dog fighting but any such sophisticated user would be highly unlikely to use a government-issued device.
If new policy guidance from DoD was issued regarding personal device communications using encrypted apps, it would likely run into a wall of resistance and almost certainly make recruiting personnel for DoD or other federal agency positions an order of magnitude more difficult.
So DoD is effectively in a position where it cannot monitor private activity on such apps both from a privacy/legal standpoint and from a technical one. Without access to both the public and private encryption keys between sender and receiver that point-to-point apps like Signal use, there is no possibility for federal officials to intercept or subpoena data.
According to my source, apps like Signal even have what’s called “ephemeral encryption” capability which allows the user to encrypt messages with a key that has an expiration timeline. Within minutes, hours or days, it deletes the key, making forensic message gathering or near real-time message interception impossible.
China, Russia and other U.S. adversaries are acutely aware of these security niches and their work to actively recruit U.S. officials to share sensitive information leverages such technology. While it’s not specifically national security-related in nature, the dog fighting ring case is a reminder to such actors that opportunity exists.
Though OSD declined to comment specifically, the fallout from this case may be more thorough vetting of new DoD civilian hires and possibly periodic vetting reviews as personnel progress through their careers.
The fact that Mr. Moorefield coordinated this criminal activity for two decades undetected has significantly shaken the Office of the Secretary of Defense according to my source. What policy changes can or may be allowed to result from it are up in the air.
Read the full article here