The AM Forum

Tim over on the SPAR website has pointed this out to the group.
It springs from the reluctance of Non Government Organizations, including the Red Cross, to continue using ham radio for medical status reports because of new US privacy laws. One outcome may be the following, which would allow encrypted (secret) encoding of digital transmissions above 50mHz.

If such hardware is marketed without point-of-sale buyer validation, it would be easy for terrorists and other criminals to set up secret networks on the ham bands to pass traffic and insult the ARRL.


----

Minutes of the 2006 Annual Meeting
ARRL Board of Directors
January 20-21, 2006


29. On motion of Mr. Butler, seconded by Mr. Bodson, it was unanimously VOTED that the ARRL Board of Directors instructs the General Counsel, Chief Technology Officer and Executive Vice President to file a petition with the Federal Communications Commission permitting security of data for computer-to-computer communications on domestic transmissions above 50 MHz at the earliest opportunity.

-------------------------------------------------------------------------------

This is very definately NOT a good idea....What are these people thinking??

Paul,
  Such hardware is marketed now. They call it 802.11, or WiFi.
  Look at some of the stuff on the web about increasing the range of these devices with antennas and such. How hard would it be for some one of unsavory intent to set up a "secret" network in an area right now?

If you want to get up to speed on this technology:
http://www.remote.arrl.org/catalog/?item=9715

It's not the technology, Pete, please don't try to distract from the issue.
One of the insurance policies the Amateur Service has maintained against commerical exploitation is the distinction in what we provide. It has always been intended as a a hobbyist, experimential medium not in competition with revenue-based alternatives. Encryption would immediately open us up to the contrary.

The League's lawyer, Chris Imlay, already knows this.
So does the "Chief Technology Officer," Paul Rinaldo (a rabid anti-AM figure)
The other guy, Dave Sumner.

Bill, it would not be hard to do this now, you are correct, and may even be happening as we speak, especially the part about encrypted slurs on the ARRL conveyed on the ham bands. Why just the other day I uttered something in quasi-SSB that only a few knowledgable folks could decode.

To make this a legal part of our operating policy would expand its use without an accompanying means of ensuring it fits the Service's mandate.

Hundreds of thousands of phone patches were handled by amateur radio operators through the 50's, 60's, and 70's throughout the U. S. and abroad. You want to tell me they were not in competition with revenue-based alternatives.

You keep falling over the word "hobby". The FCC should be viewing us as providing "service" when we are called upon to do so. Hence, the name Amateur Radio Service not amateur hobby radio. Technology and, ultimately our participation in the Service, is evolving. As I said earlier, this isn't just going to be grandpa's radio as we move further into the 21st century.

Pete said:

Hell, there won't even BE grandpa's radio. There won't be Dad's radio if the ARRgghhL has their way!

I've been meaning to make a post on this topic - High Speed Multi-Media - the ARRL's next new submission in the works.  See the following ARRL committee report.  Includes a lengthy dissertation on encryption.  When I read it for the first time, it made me think about possible uses by outside characters on the ham bands also:

http://www.arrl.org/announce/reports-2006/january/23A%20-%20High%20Speed%20Multimedia%20(HSMM)%20Working%20Group.doc

(copy and paste link into browser address line)

Pete, let's see, you've mixed a few unrelated points, but I'll try to help you understand.
First:

These were not encrypted, which is the point of concern.
If you want to start a separate discussion on the legality of phone patches, please do so.

Second:
I'm sorry the word "hobby" upsets you. It bothered Haynie too, yet when there's no emergency status that's exactly what we are and, if I were try to make your point relevant to the encryption issue, it is precisely because we are not a revenue based service that protects us from commercial exploitation.

Third:
I already stated my agreement with you on your point of how technology is evolving and that there's a place in that development for ham radio. Please consider the risk to what we have accumulated so far for the "service," if we throw ourselves at the evolution in the wrong manner. Encryption is such a risk, and I'd like your thoughts as to how such traffic would be policed against inappropriate and possibly illicit content.


 

Tom,
Thanks for the link. VERY interesting reading.
In Appendix A, N5JXS describes part of what's pushing secret ham radio:
(reposted here with attribution to the ARRL web site)

the American Red Cross has decreed that shelter lists of names of evacuees must be sent via secure means.  They'd rather entrust these lists to cell phones than to Amateur communications, knowing the media will almost certainly monitor known Amateur nets for additional information but listening to all the cell channels would be challenging.  I'm told that, in the event of loss of cell communications, they would not allow the lists to be handled by Amateur means because the lack of security is limiting.

And while JXS acknowledges the historic reluctance to support encryption on the ham bands, he also notes the problem with access and authentication. His conclusion supports establishing such a system on a hope the bad guys won't figure it out. Read for yourself.

Paul posted:
Not only that but it is illegal. Monitoring ham bands is not. I thought there was something in Part 97 that referenced encryption and its use is not legal.

That is the "head's up".  This will be the next petition submitted by the ARRL to request changes to Part 97 to make the encrypted HSMM legal.

You're right Paul, this is a policy issue, not a technological one (which is usually the case, but geeks like us tend to focus only on what we like - the technology). The encryption issue can be solved quite easily. The FCC holds the key for all legitimate encryption used on the hams bands. Thus, they could easily monitor to determine legitimacy and content.

If you don't want me to monitor your radio communications, then keep your goddam photons off my property.

If you don't want me to monitor your radio communications, then keep your goddam photons off my property.
[/quote

I agree..and stay outta my airspace as well...

The encryption issue has so many avenues for bad guys that it should never be allowed on the ham bands for any reason.  In Alaska waters, the fishing boats use the ham bands regularly and "scramblers" are commonly in use to prevent the competition  from getting on the fish by monitoring others communications...This example is certainly not one that involves national security but it does illustrate that secret radio technology in the ham bands is easily done... 

Encrypted or not, the precedent with competition with revenue-based services has already been made.


Should be the FCC's job to police against inappropriate and/or illicit content. If the FCC moves positively in this direction, it's their job to figure out how to keep the "bad  stuff" out. What makes you believe that terrorists and other criminals haven't already set up secret networks on the ham bands, or anywhere else for that matter, to pass traffic. The equipment is already available.

So what you're calling for Pete is to take away one of the tools the government today has to pre-emptively enforce against secret stations?

As I understand it, if a transmission is encrypted¹ on the ham bands today, it is actionable regardless of content, so you'd like to make the job tougher to first break the telemetry stream and then figure out if what they decode is illicit, right ?

If so, it would not be a "positive" move at all. It would remove a distinction we today enjoy against commercial services, while opening up a non-corporate, non-channelized, radio service used by individuals who need only to buy the hardware and power it up on whatever point-to-point or uncoordinated frequencies they wish.


¹data with an unknown security protocol, not just a proprietary, non-public data system like WinLink that the Newington group endorses.

Let the FCC define the encryption.
As Steve said:
The encryption issue can be solved quite easily. The FCC holds the key for all legitimate encryption used on the hams bands. Thus, they could easily monitor to determine legitimacy and content.

"1data with an unknown security protocol, not just a proprietary, non-public data system like WinLink that the Newington group endorses."

The above does not preclude RDF. Using an non-approved encryption scheme would be no different than using an non-approved mode, non-approved power or non-approved frequency, and the FCC could take similar action. Your fears are unfounded.

Only if RDF finds them BEFORE the bomb goes off.


Yup! Now they want to give it to Osama bin Rottening's decendants.

Au contraire, Steve, because the enforcement trigger would have to be a content-based issue. This is much harder to draw suspicion than the presence of a signal unusual in its placement or technical parameters. Here, illicit material in a secret form of datastream would seem benign amongst the cacaphony of other hobbyist communications.

And what of ILL-legitimate encryption ????
The time it would take to crack the code and take action may prove detrimental.

This condition pertains now. How would allowing legitimate encryption change anything? There's nothing stopping anyone from using a one-time pad to encrypt the Morse Code while using CW. A properly designed one-time pad is all but unbreakable.


Now you contradict yourself. First, it's encryption that's the problem, now it's the content.

Please read the part where I said "The FCC holds the key for all legitimate encryption used on the hams bands. Thus, they could easily monitor to determine legitimacy and content." Since the FCC would approve the encryption, and hold the keys, it could quickly tell if the encryption was legitimate. If it wasn't, RDF begins. This approach is no different than how any illicit signal is pursued now.

What I'm saying Steve is that an encrypted signal, in and of itself, may not be enough to prompt anyone to see what's in there. With such a signal placed among others, the imbedded content can then pass without a lot of attention. I personally cannot hear the difference between a type of encryption the FCC would have the key to (the legit kind) and the kind they may not be able to decode.  To encourage encrypted signals simply opens up the opportunity to create safety in numbers.

I see your point. But can you tell the difference now between a PSK31 and a PSK63 signal? A SSB using common English or a prearranged word code? ID en claire could still be required.

I agree that in general, encryption on the ham bands doesn't make much sense. But for the case of passing medical info in an emergency, I don't see a problem.

All this brings up a bigger issue. If we are to have relatively unfettered digital experimentation on the ham bands, then we will have virtual encryption. Any sufficiently complex (which for most of us, isn't very complex) digital encoding is not much different than encryption, especially if the encoding specs are unpublished (i.e. no one outside the stations privy to the encoding scheme can copy the message content). Many digital schemes use randomizers as part of the scheme. So, as I see it, the issue is really much bigger than encryption.

While I was in the USN, the datalink that I referenced in a previous thread used permutator cards. The code on these cards was changed every day at 0000 GMT (or Zulu time). This gave everyone the chance to be a PU or participating unit. The cards were designed in such a way that when they were pulled out of the device, the code on the cards was reset to all 0's. Unless you were a PU, there was know way you could know what kind of data was being transferred. We know the Soviets were attempting to do it in the eighty's (thanks to the traitor John Walker).

I don't buy the medical reason for encription. If the Fed regulations in reguard to medical data being transmitted 'in the clear' are the only reason, then the regs can be amended. As far as 'clients', ie Red Cross, they can be in on the lobbying.  The use of Hamatuer freq for emergency comms is just that - for emergency.....Then, anything goes.  Anyway, computer generated Cw at say, 75 wpm is pretty well protected from the general public , PSK31 and its flavors also..... RTTY somewhat less so         <<  CW = ARRL support ---we can build 6502 processors and tuna can transmitters to be state of the art  >>   klc

Steve you're right of course, but this is usually expressed as a conflict between communications copied by ear versus comms that are copied by machine. One side cannot discern the other, encryption notwithstanding.

Didn't the ARRL successfully win a proposal to discontinue IDs that are in the clear for telemetry transmissions? That may have to be brought back.

Look at a football game. How many times do you see the code of the day broken.
Change the key often enough and it will never be cracked. Hams have no need for secure communication unless we become a cover for some crime element.
Digital modes should have fixed codes.  Why should the government want to have to monitor normal ham traffic while they have bigger fish to fry.

The medical reasons for encryption are due to Federal Law, specifically, the Health Insurance Portability and Accountability Act of 1996, HIPAA. From the HIPAA web site.



The law text is huge and I didn't read all of it. Even if I did, I doubt I would understand all of it. Best I can tell, the types of protected medical info is listed below. How each of these related to emergency amateur radio communications is best speculated upon by those who do such.

From 45 CFR Part 162



Read all the gory details at
http://aspe.hhs.gov/admnsimp/bannertx.htm


As far as encryption requirements, none are required on a closed network (say a hospitals LAN, although this seems gray to me, since very few truly stand alone nets exist (those with NO connections directly or indirectly to the internet). If data is sent over an open network (e.g. the Internet, or amateur radio), encryption is required. Looks like FIPS 197 encryption is not specifically required but is a good choice (most recent design, strongest cryptographically). Other include DES, Triple DES, AES (which is FIPS 197 compliant) and RSA.

More info at

http://csrc.nist.gov/CryptoToolkit/tkencryption.html

http://www.cs.virginia.edu/~acw/security/e-Logistics%20of%20Securing%20Medical%20Data.pdf