Comment by lambdaone

It's not a spacecraft issue. Encryption can be done at the ground stations, and mandated as part of the standards for interfsce equipment, just like with DOCSIS. There's nothing, physically, to stop you passing unencrypted traffic down your DOCSIS cable, if you wanted to make a nonstandard modem and send unencrypted traffic on your local physical segment of the network. But the rest of the network will refuse to talk to it.

The same could have easily been mandated for satellite links - no encryption, your packet won't get forwarded to the internet at the ground station, and any packets sent to you from the internet will be sent to you encrypted. And all this can be implementd without needing to touch the satellite itself, which will continue to forward what it sees as unencrypted traffic without any design changes. It could even have been implemented incrementally on existing running services, with old and new equipment working side-by-side, but all new ground stations required to support encryption, and with a sunset date for old equipment, and a rolling upgrade program.

DOCSIS got this right in 1999; the satellite industry has had 25 yeqrs to catch up.