Home » News & Analysis » Navy, Marine Corps Forced to Send Sensitive Info by Mail After Army’s Popular Sharing System Shuttered

Navy, Marine Corps Forced to Send Sensitive Info by Mail After Army’s Popular Sharing System Shuttered

Rui Juan Cai Wu, a medical records technician at Naval Hospital Jacksonville, pulls a patient’s paper record for scanning. US Navy photo

The abrupt shuttering of an Army-run secure document-sharing service is grinding to a snail’s pace work done by the Navy’s lawyers, doctors, personnel administrators, law enforcement and even the U.S. Naval Academy Band.

The Army turned off its Aviation and Missile Research Development and Engineering Center (AMRDEC) Safe Access File Exchange system, called SAFE by users, a month ago because of the potential security risk, Kerensa Crum, an AMRDEC spokesperson, told USNI News. The shutdown was a preventative measure, Crum said, and the Army is not aware of any data breach because of the risk.

However, without the SAFE system, users from all military branches were sent scrambling to figure out ways to securely share large documents containing sensitive but not classified information with colleagues, other government agencies, contractors and retirees, Capt. Vince Augelli, OPNAV N2/N6G Cyber Security Branch Chief, told USNI News last week. Registered mail and courier services have suddenly become in vogue.

“There’s no sugar-coating the fact that this has a huge impact and it’s slow; it’s slower and doesn’t have the capacity of the electronic solution used in that SAFE file exchange,” Augelli said. “I know the users are frustrated with that and I’m extraordinarily frustrated with that because I can’t give them a better answer.”

There was never a requirement created to build a secure means of transferring large amounts of sensitive but unclassified data, Augelli said. Department of Defense use of the SAFE system evolved as word spread of its existence. Now with SAFE shuttered, Augelli said there are no alternatives. Commercial solutions, such as Dropbox or Google Docs, might be part of a future solution, but as of now, Augelli said DoD has not reviewed or certified any commercial secure file transfer system. A DoD cloud computing system could work, but the development of such a system is still far off, and Augelli said the need to share data exists now.

“For the near term, smaller files containing PII, PHI, and FOUO material can be encrypted and sent via email. For larger files, burning the data to disk and using registered mail is the only solution that meets PII/PHI criteria,” Vice Adm. Matthew Kohler, the deputy chief of naval operations for information warfare, said in an administrative message released to the Navy.

A similar message was distributed to the Marines Corps by Brig. Gen. L. M. Mahlock, the chief information officer of the Marine Corps. Mahlock’s statement said her office is developing long-term solutions, suggesting SAFE might not come back online.

“The AMRDEC Public Affairs Office states that it has yet to determine whether the site will be reinstated. This leaves the Marine Corps without a method of securely transferring files (with a file size in excess of the Microsoft Outlook limitations) on the Non-Classified Internet Protocol Router (NIPR) Network,” Mahlock’s statement said.

Encrypted email works for small files, but only if both the sender and receiver have a Common Access Card, Augelli said. For large documents sent to recipients outside the government, such as retirees, contractors and state law enforcement agencies, Augelli said the only solution is to burn data onto a disc and use a courier, registered mail or delivery service to deliver the data to its intended recipient.

“That’s a stop-gap measure. That is not a way to get business done on a daily basis, which is why we really need to have that DoD enterprise solution there, so that everyone is not just relying on a single service’s tool,” Augelli said.

DoD use of SAFE was so widespread because the system worked, Augelli said. SAFE allowed a user with a Command Access Card (CAC) to upload a document, designate a recipient and ensure it got there encrypted regardless of whether the recipient had a CAC or other means to download the information. Plus, SAFE only held data for a finite amount of time. After recipients downloaded documents, Augelli said they disappeared from the system. In theory, if hackers accessed SAFE, there would be no data to steal.

“Almost every shore echelon II command somewhere was using this tool to some degree, and that did take us by surprise in terms of how widespread the use of this was,” Augelli said.

Navy SAFE system users included lawyers sharing large legal documents, physicians sharing medical files, Navy Personnel Command sending documents to retirees, and NCIS agents who had data to share with the FBI, Department of Justice and state law enforcement agencies, Augelli said. Even the U.S. Naval Academy Band used the system to submit their visitor request forms for when they performed at the White House about once a quarter.

However, SAFE was never intended to be used by all military branches as the primary means of transferring large documents, Crum said. Initially, the Army created SAFE to transfer sensitive but unclassified data between ARMDEC staff, commands, and contractors.

Long-term, Augelli said DoD needs to develop a large file transfer system for use by the entire defense enterprise. This would include active duty personnel, civilian employees, retirees, other federal and state agencies.

Until a system exists, Augelli said, “the old-fashioned courier is, unfortunately, part of this workaround, and it’s very laborious and costly.”

  • HMSLion

    Lovely…especially since most new NMCI computers don’t HAVE the ability to burn anything to a disk.

    • NavySubNuke

      It’s even more fun for us reservists….

    • DaSaint

      My thought exactly.

  • Ed L

    I like the old fashioned courier idea for large documents. The T-38’s and the T-45 could be pressed into that role

  • airider

    I like the idea of a single service coming up with a solution. Army did it right up front and all the other services and departments got to benefit. There is nothing wrong with this model of doing business. If Army doesn’t want to continue this, another service should and fix the issue with the current system to keep it running. Putting this in DoD’s hands means it will take a decade to contract for and field and cost way more than it should.

  • Leatherstocking

    Just plain insanity – I worked on development of several tri-service networks back in the 1970s and 1980s so all could share in the benefits and eliminate costly duplication. Now 40 years later, I still have to send unclassified but sensitive documents and drawings on CDs via snailmail because there’s no system. BTW, those CDs have to be scanned by the receiver’s IT department so there’s even a longer delay in getting the data to the end user. For the next insanity, USAF should shut down GPS because others are using it….

    • Secundius

      As I recall, an ~$350-Million USD Diamond was sent by “Snail Mail” in 10 November 1958 (i.e. “Hope Diamond”). Not exactly a “Trinket”, even by 1958 standards…

      • Leatherstocking

        I haven’t figured out how to digitize hardware yet but when I need to send a manual or a drawing to the waterfront or to a ship in Guam, Pearl, San Diego, Japan, etc. because of a problem, snailmail delays the process.

        • Secundius

          Neither have I, but I’ve been told that a downloaded Smartphone Photograph of the Document will work in a pinch…

          • Leatherstocking

            I’m not married to Bill Clinton. Each U-NNPI page I send that way is a felony.

          • Secundius

            A company called “PupScan” produces a Handheld Lidar Scanner for Photo Coping Documents and Photographs. Cost about 399 Euros. Totally Self Contained, Battery Powered and will fit inside your Shirt Pocket…

          • Ed L

            Good spy tool

          • Secundius

            Long wait time in Shipping though. I ordered one almost 2-years ago, and STILL haven’t received it. Slow Boat from China by the Scenic Route of the Oort Cloud…

  • tim

    … naturally- the interesting bit was left out- why they shuttered it. It is reasonable to assume for security, but if there is no info kept, I see as the only problem that someone could -in RT- decrypt messages? If everyone encrypted it with their own encryption before sending and email the encryption code to the receiver the double encryption would solve this – would it not? Not as elegant, but more convenient than snail mail.

  • thebard3

    The picture above shows paper medical records. I’m not sure what that’s about. Electronic files can be shared. Paper files can be mailed. Perhaps they are kept in duplicate?

    • Donald Carey

      Having a physical (in this case paper), backup of medical records is essential. Electronic records can (like Hillary’s e-mails), be erased.

      • thebard3

        I would be very surprised to learn that my doctor has paper copies of my records. Computer backups are as secure as paper files.

        • Donald Carey

          Computer files are not as secure as you think. If a data base can be hacked it can be deleted. I am a recently retired Pharmacist, where I live, everyone keeps paper files as a backup. (My Dentist and the folks where I see a Doctor do (Lee Healthcare), I’ve seen them.

  • George Allen

    I can appreciate the efficiency of ARMDEC to operations and ability to protect sensitive unclassified information. Recognizing the impact of this Army Capability should have been shared prior to its closure. This was an avenue for all Services to share sensitive information and is now known to an “adversary” of its importance and now noted vulnerability to information sharing. Since it was so important, now it might become a “target” of cyber collection of past data and if brought back on line…future sensitive unclassified information….OPSEC!!!

  • Chesapeakeguy

    Well, perhaps pigeons can be utilized?

    • Secundius

      “Cher Ami”…

      • Chesapeakeguy

        LOL. Indeed. Let’s get her un-stuffed, but quick…

  • Poorly researched and factually incorrect. There are actually several alternatives to Army SAFE. Additionally, SAFE was never authorized for the transfer of HIPAA (medical) data to start with, so the whole focus of this article is bogus. By the way, it’s a Common Access Card, not a Command Access Card.