Interesting read by someone that knows a thing or two about security and encryption system on the recent main stream media hysteric reports on the UAV downlink "hack" (LOL):

Insurgents Intercepting Predator Video? No Problem

Sometimes mediocre encryption is better than strong encryption, and sometimes no encryption is better still.

The Wall Street Journal reported this week that Iraqi, and possibly also Afghan, militants are using commercial software to eavesdrop on U.S. Predators, other unmanned aerial vehicles, or UAVs, and even piloted planes. The systems weren't "hacked" -- the insurgents can’t control them -- but because the downlink is unencrypted, they can watch the same video stream as the coalition troops on the ground.

The naive reaction is to ridicule the military. Encryption is so easy that HDTVs do it -- just a software routine and you're done -- and the Pentagon has known about this flaw since Bosnia in the 1990s. But encrypting the data is the easiest part; key management is the hard part. Each UAV needs to share a key with the ground station. These keys have to be produced, guarded, transported, used and then destroyed. And the equipment, both the Predators and the ground terminals, needs to be classified and controlled, and all the users need security clearance.

Oh yeh it's obviously no issue that your enemy know exactly where your "spy" planes are and what they've been monitoring, sounds like some quality spin on what is a problem.

So why don't they encrypt the data? Is it because they dont have the bandwidth to handle the security overhead?

I would think that most of the time it wouldn't matter one iota that they know where they are and what they're looking at. Usually it'd just be up there getting a birdseye view on the situation and I see no difference to way back before UAV's when they'd send up an actual plane for recon which was much easier to spot and the enemy definitely knew it was up there.

If they wanted to spy on them without anyone knowing they'd wait till a satellite was overhead & use that for the really secret targets I'm guessing.

These keys have to be produced, guarded, transported, used and then destroyed. And the equipment, both the Predators and the ground terminals, needs to be classified and controlled, and all the users need security clearance.

Not sure what he means here though and why it couldn't just be like every home router where you can just change the key and why it would have to involve users with security clearance. Just make it so the user gets his terminal from someone who does have clearance and so that key isn't accessible by him/her and when they're done change the key.

My guess to the key problem is this:

The unencrypted stream is absolutely known to be compromised and in no way secret, mission decisions would be made knowing this.

Once you decide that you want the stream encrypted you also start to take on the idea that the stream is not compromised so steps are needed to be taken to ensure that it stays that way. Which would mean regular changes to the encryption key under heavy security.
Most probably more trouble then it is worth.

Besides if the UAV is spotted above, the spotter would assume they are/have been filmed anyway.

I think what it boils down to is that 'real time' information has a pretty limited shelf life.

I would think that the guys downloading the UAV streams would need to a) know who they are looking at and then b) get the information to the people on the ground to say that there is a UAV above them.

By the time that occurs the americans would have already have made their decision. And the information that has been downloaded is well out of date and no longer operationally important.

The issue about securing the data through encryption is that if one part is compromised then the whole thing is compromised. So all the codes would need to be changed and new keys issued etc etc. So all that effort and potential for things to compromised to protect information that is useless almost as soon as it is received is not worth the effort/risk.