RE: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[Don Russell]

1st We need to get back on track D-Star

 

I looked into getting a commercial License for a local hospital group
to provide astro digital w/ encryption for inter hospital communications. 

In my research I kept hitting brick walls it seems there is no legal way 

to use encryption on any commercial freq. There is no license for it, 

it is forbidden except for police and military. Or at least that was what 

The Motorola sales person(direct I might add) informed me of. Maybe

they ment DES, DES-XL, DES-OFB, AES...etc but it was not allowed.
 
You sure can't do it legally on any ham freqs. 
 
Using any encryption, whether or not you post the encryption key is still 
obscuring the meaning.
Everyone that picks up the signal is supposed to be able to listen to it. Not 
they can listen to
it if they happen to know the code. 
 
The exception is if your experimenting with a new digital mode. I think that is 
where they are getting you must post the code, referring to the then 
"experimental  digital modes" modes like Spread spectrum or when they were 
developing olivia, psk31...etc
they posted the codes by making beta decode programs, and making the specs 
public. When you are using spread spectrum
your supposed to have posted in a public place the spreading algorithm. Check 
out the rules for spread spectrum

its totally different in several ways from general UHF repeater work. 200W pep 
max. automatic power controlall

kinds of things.
 
There is no way around it. Encryption + Ham Radio = Squeal like a piggy in 
jail. Not my cup of tea.
 
Your lying to your self, if your convinced you can do it. Yeah hams do it all 
the time. 

I hear a huge repeater system in Chicago "trashing securenet" as they say
every once in a while. still doesn't make it legal. Hams get on 80M
and curse, use all kinds of foul obscene language, don't ID or They ID at speeds
so fast no one can copy and understand them. Does that all the sudden make it 
legal?
nope... not in a millions years. I sure as hell would not admit to using 
encryption 
it in a public forum. That just like stating "Hey, I am a criminal come get me 
if you can!" 
I don't think it wise to taunt the authorities. Some of them can read. LOL
 
Now to play advocate.
 
Having the capability:
 
In my opinion, having the capability to do encryption, or transmit out of the 
amateur band is not a bad thing.
During a real declared emergency all the rules (FCC related) are thrown out the 
window (that includes part 97). 
That is the point to keep in mind. We CAN do anything radio wise if there is a 
true emergency. 
That has been done time after time, without any issue, see: Katrina, 9/11, 
local emergencys...etc
If it is life safety involved. do it. You will most likely not get in trouble, 
but it better be really serious. 
Now if it saves a life, and you really get in trouble over it, #1 for me its 
worth it anyway, #2 there will be hell to pay for whoever prosecutes you for 
doing something that saves a life w/ a radio communication.  
Using DES, or WEP, WPA or whatever is not justifiable under normal 
circumstances. 
Same thing applies to MARS/CAP mods. The rules are really clear on that one. 
that tree has been barked up way too many times and I am not even going to 
address that one. 
Some hams have this compulsion to try and get away with as many things as they 
can. Some come up
with these lame justifications because of an urban legend that some friend of a 
friend heard and start doing something
illegal. Others hear it and copy. the FCC is so understaffed they really don't 
do anything about, further making
it seem that it is ok. 
 
Personally my license is more important to me, than to risk it with shenanigans 
like encryption or freebanding. 
There is no traffic hams should ever have to pass, even in the worst case 
scenario that should require encryption. If your city, county, state, country 
infrastructure is so hard up, that they can't tell cop a that cop b has been 
shot and is dying and that his wife needs to come to the hospital, or that 
person d has the black plague and its spreading, then there is something more 
wrong with the world then I can even find words to describe. I don't want to 
hear Katrina, 9/11, or anything like that. In reality that was handled pretty 
well considering the scope of that nature. the true emergency applies there. 
yeah hams passed all kinds of traffic outside the nomal realms of reality. 
 
I think back to what my elmer taught me about ambulance chasers with scanners. 
If you heard on the local uhf ARES
tac, that your wife/brother/significant whatever close relationship "X bad 
thing happens" don't tell me you will
not freak out and drive like a madman on crack over there. Its human nature. 
Unless your in the medical/fire/police fields
you will not understand how hard it is to keep your composure. It can be 
trained out of you. Hams rarely receive
the counseling and training to deal with it. I can testify to dealing

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[Charlie Schlieper]

Thank you Steve, NL7W, for sending that excellent clarification concerning the 
use of encryption in Amateur Radio.  

It amazes me how clever some people can be in trying to justify something that 
isn't legal.  Another example that comes to mind is-- on 60 meters, where one 
guy says, "since my dipole is a lot lower in height than yours, and less 
efficient, I can run 100 watts instead of 50."   Dang... Well, imagine that?  
It's just plum amazing ain't it? 

Thanks again Steve!

73,
Charlie Schlieper, N5TD


  - Original Message - 
  From: Steve Gehring 
  To: dstar_digital@yahoogroups.com 
  Sent: Thursday, February 19, 2009 7:32 PM
  Subject: Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies


  Hello Stephen,

  Despite your your publicized efforts to make known the encryption keys 
  used, DES-XL encryption is just that -- encryption. Using encryption or 
  cyphers is verboten under Part 97.309(4)(c). There's no way to "get 
  around" the encryption issue -- either you're implementing encryption, 
  or you're not. It's that simple...

  I know your radios have the ability to turn off the encryption or cypher 
  feature, for I have worked as a technician, engineer, and a consultant 
  in the public safety communications, commercial wire-line and wireless, 
  and DoD / non-DoD government telecommunications industries for well over 
  twenty years now. Therefore, do not engage the feature, per regulation, 
  on amateur bands. 

  Now, if you wish to operate digitally modulated radios using Project 25 
  C4FM or D-Star's GMSK modulation (or others), with DVSI's various 
  vocoders, or other currently known codecs, that is perfectly fine! 
  Experimentation and technical discovery is highly encouraged and remains 
  the essential essence of amateur radio. Just do not encrypt or cypher 
  said digital streams, for it is verboten, per regulation. There's no 
  "getting around" this until Part 97 regs are changed. ;)

  73 de Steve, NL7W

  Stephen Reynolds wrote:
  >
  > I have 3 D-Star radio's and two P-25 ASIII's with DES-XL Encryption
  > units in them. I also own a Keyloader for the ASIII's. There is one
  > way to get around the Encryption Issue. You come up on the frequency
  > you intend to use it on, in the clear, Announce the Daily Key, and
  > say, "join us if you can". This is done more than you would believe
  > across the country and makes the Key Public, not private. You do have
  > to be on the right frequency at the right time to get the key, but it
  > is Published. I also hold Commercial Licenses that enables me to do
  > the same without the announcement in the ASIII's.
  >
  > Steve W4CNG
  >
  > 



  

[Non-text portions of this message have been removed]

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[Jon M. Hanson]

This discussion is getting way off topic for this list.

Sent from my iPhone

On Feb 19, 2009, at 6:32 PM, Steve Gehring  wrote:

> Hello Stephen,
>
> Despite your your publicized efforts to make known the encryption keys
> used, DES-XL encryption is just that -- encryption. Using encryption  
> or
> cyphers is verboten under Part 97.309(4)(c). There's no way to "get
> around" the encryption issue -- either you're implementing encryption,
> or you're not. It's that simple...
>
> I know your radios have the ability to turn off the encryption or  
> cypher
> feature, for I have worked as a technician, engineer, and a consultant
> in the public safety communications, commercial wire-line and  
> wireless,
> and DoD / non-DoD government telecommunications industries for well  
> over
> twenty years now. Therefore, do not engage the feature, per  
> regulation,
> on amateur bands.
>
> Now, if you wish to operate digitally modulated radios using Project  
> 25
> C4FM or D-Star's GMSK modulation (or others), with DVSI's various
> vocoders, or other currently known codecs, that is perfectly fine!
> Experimentation and technical discovery is highly encouraged and  
> remains
> the essential essence of amateur radio. Just do not encrypt or cypher
> said digital streams, for it is verboten, per regulation. There's no
> "getting around" this until Part 97 regs are changed. ;)
>
> 73 de Steve, NL7W
>
> Stephen Reynolds wrote:
> >
> > I have 3 D-Star radio's and two P-25 ASIII's with DES-XL Encryption
> > units in them. I also own a Keyloader for the ASIII's. There is one
> > way to get around the Encryption Issue. You come up on the frequency
> > you intend to use it on, in the clear, Announce the Daily Key, and
> > say, "join us if you can". This is done more than you would believe
> > across the country and makes the Key Public, not private. You do  
> have
> > to be on the right frequency at the right time to get the key, but  
> it
> > is Published. I also hold Commercial Licenses that enables me to do
> > the same without the announcement in the ASIII's.
> >
> > Steve W4CNG
> >
> >
>
> 


[Non-text portions of this message have been removed]

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[Steve Gehring]

Hello Stephen,

Despite your your publicized efforts to make known the encryption keys 
used, DES-XL encryption is just that -- encryption.  Using encryption or 
cyphers is verboten under Part 97.309(4)(c).  There's no way to "get 
around" the encryption issue -- either you're implementing encryption, 
or you're not.  It's that simple...

I know your radios have the ability to turn off the encryption or cypher 
feature, for I have worked as a technician, engineer, and a consultant 
in the public safety communications, commercial wire-line and wireless, 
and DoD / non-DoD government telecommunications industries for well over 
twenty years now.  Therefore, do not engage the feature, per regulation, 
on amateur bands. 

Now, if you wish to operate digitally modulated radios using Project 25 
C4FM or D-Star's GMSK modulation (or others), with DVSI's various 
vocoders, or other currently known codecs, that is perfectly fine!  
Experimentation and technical discovery is highly encouraged and remains 
the essential essence of amateur radio.  Just do not encrypt or cypher 
said digital streams, for it is verboten, per regulation.  There's no 
"getting around" this until Part 97 regs are changed.  ;)

73 de Steve, NL7W


Stephen Reynolds wrote:
>
> I have 3 D-Star radio's and two P-25 ASIII's with DES-XL Encryption
> units in them. I also own a Keyloader for the ASIII's. There is one
> way to get around the Encryption Issue. You come up on the frequency
> you intend to use it on, in the clear, Announce the Daily Key, and
> say, "join us if you can". This is done more than you would believe
> across the country and makes the Key Public, not private. You do have
> to be on the right frequency at the right time to get the key, but it
> is Published. I also hold Commercial Licenses that enables me to do
> the same without the announcement in the ASIII's.
>
> Steve W4CNG
>
> 

RE: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[Bob McCormick W1QA]

Kip AE5IB wrote:

> We can use any and all of standard encryption (WEP, WPA etc.) 
> on our 2.4 GHz routers that we convert to ham use, because the 
> purpose is not to obscure or hide the meaning of the transmission, 
> but to prevent non-licensed users access to our Amateur networks 
> with part 15 equipment. The requirement is that if you do, 
> you have the key or password written in your log book or published.

Just to clarify since this is an international based email list ...
you are speaking to FCC regulations for US Amateurs.

Can you cite where it says "you have to have the key or password
written in your log book or published"?



> It is similar to encrypting satellite control commands. 

There is a very specific set of rules that govern this 
and space stations in general as set forth in 47 CFR Part 97.
§97.207 is for space station operation:

>> (f) Space telemetry transmissions may consist of
>> specially coded messages intended to facilitate
>> communications or related to the function of the
>> spacecraft.

§97.211 (b) reiterates basically the same thing with
very similar language.


Here is one of many locations where you can find the
Part 97 US Amateur Radio Service rules:
http://www.arrl.org/FandES/field/regulations/news/part97/

Bob McCormick W1QA

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[Steve Gehring]

Wrong...

Encryption, even if prevent access by non-licensed users, is verboten 
under Part 97.309(4)(c).

ILLEGAL are:  WEP, WPA, and WPA2 -- are encryption methods meant to 
obscure the meaning of transmissions.  The descriptive phrase, "WEP uses 
the stream cipher  RC4 
 for confidentiality 
," says it all concerning 
this early security measure(3).  WPA and WPA2 are later and stronger 
methods of 802.11 wireless encryption.
Ref:  
http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy#Encryption_details

Despite the publicizing the method and key in your log or on the Web, 
enabling encryption methods, for whatever so-called reason or reasons 
given, IS ILLEGAL.  The fact that you enabled ENCRYPTION on amateur 
bands, per regulation, IS ILLEGAL. 

...

If, indeed, a WiFi network is set up under Part 97 rules, as Rotolo 
proposed in a previous CQ article, then the encryption he seeks would be 
used to sequester the entire network by the use of a WEP or WPA 
encryption system, thus preventing any and all monitoring of the traffic 
passing over that network. This is the issue that I understood his 
comment about being "already legal" was aimed at. His stated purpose 
was, as I recall (and as I understood it), to obviate any intrusion by 
"non-hams" into the network, and not as a means of obfuscating the 
traffic over it.

This is thin gruel, methinks. What's sauce for the goose is sauce for 
the gander, and the obfuscation occurs regardless of whom it was 
designed to foil.

I think it best to avoid these kinds of issues by avoiding the entire 
concept. "If DHS wants to encrypt stuff, let DHS do it and leave us out 
of it."  We are not other radio services, the military, or other 
government forms. 

Next, please...



Kipton Moravec wrote:
>
> We can use any and all of standard encryption (WEP, WPA etc.) on our 2.4
> GHz routers that we convert to ham use, because the purpose is not to
> obscure or hide the meaning of the transmission, but to prevent
> non-licensed users access to our Amateur networks with part 15
> equipment. The requirement is that if you do, you have the key or
> password written in your log book or published.
>
> It is similar to encrypting satellite control commands. You are not
> encrypting to obscure or hide the meaning of the message but to prevent
> unauthorized users from getting access.
>
> Kip
>
> On Thu, 2009-02-19 at 17:03 -0500, Mathaeus (Matthew Fonner) wrote:
> > Steve and all,
> > Working as a nurse, I understand and follow HIPAA.
> > I agree with Steve, we would need consent from the protected person (
> >
> >
> -- 
> Kipton Moravec AE5IB
> "Always do right; this will gratify some people and astonish the rest."
> --Mark Twain
>
> 

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[Kipton Moravec]

We can use any and all of standard encryption (WEP, WPA etc.) on our 2.4
GHz routers that we convert to ham use, because the purpose is not to
obscure or hide the meaning of the transmission, but to prevent
non-licensed users access to our Amateur networks with part 15
equipment. The requirement is that if you do, you have the key or
password written in your log book or published. 

It is similar to encrypting satellite control commands. You are not
encrypting to obscure or hide the meaning of the message but to prevent
unauthorized users from getting access.

Kip

On Thu, 2009-02-19 at 17:03 -0500, Mathaeus (Matthew Fonner) wrote:
> Steve and all,
> Working as a nurse, I understand and follow HIPAA.
> I agree with Steve, we would need consent from the protected person (
> 
> 
-- 
Kipton Moravec AE5IB
"Always do right; this will gratify some people and astonish the rest."
--Mark Twain

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[Mathaeus (Matthew Fonner)]

Steve and all,
Working as a nurse, I understand and follow HIPAA.
I agree with Steve, we would need consent from the protected person (or 
their POA)
to transmit information.  I also agree that encryption over the ARS is 
illegal. It OBSCURES and HIDES the meaning
of their messages on purpose so that only the intended people can 
understand it.  If it's that important, pick up a cell phone
and give them a call.

I would view the encryption as QRM, as it would be a generation of 
interference, preventing the proper usage of the frequency/band
by the rest of the Amateur Radio community.

Matt / N3WNX

Steve Gehring wrote:


> My take on HIPAA, encryption usage, and Amateur Radio:
>
> *HIPAA regulated information cannot be transfered by Amateur Radio's 
> techniques unless a release to do so is provided by the protected 
> information's owner.  All encryption methods expressly designed to 
> obscure, hide, or ensure that information is accessible only to those 
> authorized to have access, are ILLEGAL via Amateur Radio transmissions.*
>
>   
>

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[Steve Gehring]

All,

I would like to point out the regulation surrounding the obscuration of 
amateur radio transmissions.  Regarding encryption and amateur radio, 
here is the applicable regulation:

97.309 RTTY and data emission codes.

(4) (c) and 97.307(f) of this part, a station may transmit a RTTY or 
data emission using an unspecified digital code, except to a station in 
a country with which the United States does not have an agreement 
permitting the code to be used. RTTY ***and data emissions using 
unspecified digital codes must not be transmitted for the purpose of 
obscuring the meaning of any communication***.


Note the last phrase, "...and data emissions using unspecified digital 
codes must NOT be transmitted for the purpose of OBSCURING the MEANING 
of any communication."  The word obscuring is well understood, but what 
of the word, meaning?  Meaning, as defined in the dictionary is defined 
as, "linguistic content (1)."  So, obscuring the linguistic content of 
any amateur radio transmission is ILLEGAL. 

Some amateurs of digital data groups contend that encryption of amateur 
transmissions, within amateur bands, is LEGAL, as long as it meets their 
flawed criteria and logic.  Nowhere in Part 97 does it say encryption 
usage is legal, despite the facts that the methods and keys used are 
made known or publicized, such as on the Web.  Encryption, which 
includes WEP, WPA/WPA2 and other encryption methods, is expressly 
forbidden in Part 97.  An example of this flawed logic, as taken from 
the HSMM description on Wikipedia:


"Because the meaning of amateur transmissions may not be obscured, 
security measures that are implemented must be published. This does not 
necessarily restrict authentication or login schemes, but it does 
restrict fully encrypted communications. This leaves the communications 
vulnerable to various attacks once the authentication has been 
completed. This makes it very difficult to keep unauthorized users from 
accessing HSMM networks, although casual eavesdroppers can effectively 
be deterred. Current schemes include using MAC address 
 filtering, WEP 
 and WPA 
/WPA2 
. MAC address filtering and WEP are 
all hackable by using freely available software from the Internet, 
making them the less secure options. Per FCC rules the encryption keys 
themselves must be published in a publicly accessible place if using 
WEP, WPA/WPA2 or any other encryption, thereby undermining the security 
of their implementation(2)."


WEP, WPA, and WPA2 are encryption methods meant to obscure the meaning 
of transmissions.  This descriptive phrase, "WEP uses the stream cipher 
 RC4 
 for confidentiality 
," says it all concerning 
this early security measure(3).  WPA and WPA2 are later and stronger 
methods of 802.11 wireless encryption.  



...


As a casual online ham friend, K3UD, says:


"If the US government wants the Amateur Radio Service to be a vital part 
of Homeland security and disaster communications maybe they should put 
out a call for volunteers within the ham community to commit for 
homeland security and other disaster communications training. The hams 
that pass the course and commit to doing this would receive an 
endorsement on their licenses certifying them as trained in the kind of 
communications the FCC would require in the event of a disaster or other 
bonifide emergency.

If encrypted communications were required, it would be these amateurs 
who would have the privileges to use encryption. This seems to satisfy 
what those who favor encryption say they want to do with it. On the 
other hand, if any of them were caught using it for personal encrypted 
communication (IE routine email via W2LK) they would immediately lose 
their certification and perhaps have their license suspended for a time.

On the other hand, do we see anyone at the FCC or Homeland Security 
beating the drum for Amateur Radio operators to be able to use 
encryption? Is there a RM pending before the Commission addressing the 
Subject? Has the ARRL weighed in on it? Is there anyone posting on this 
topic who is constructing an RM filing to the FCC on this subject?

What we have is someone who wrote an article or two expressing the 
opinion that there is some kind of back door way into legal encryption 
for Amateur radio. The FCC apparently has its reasons for the encryption 
ban. Perhaps Homeland security is one of them in that ham radio may 
become a communications conduit for terrorist activity. It can cut both 
ways.

I somehow do not think that any of this has much to do with Homeland 
security and everything to do with, as AG4YO ill

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[John D. Hays]

Here is an interesting read on the topic, for _interested parties_: 
http://www.hdscs.org/hipaa.html

David B. Toth wrote:
>
> At 02:55 PM 12/30/2008, k7ve wrote:
> >--- In dstar_digital@yahoogroups.com 
> , "Frank P."  wrote:
> >
> > >
> > > A group of ARES volunteers at a local shelter are in direct
> > > communication with the Red Cross HQ, or a hospital, or the local
> > > OEM. The shelter has several sick or injured individuals who need
> > > assistance or transportation to a hospital. The shelter emcom hams
> > > prepare a database (Excel spreadsheet, text message, etc.) containing
> > > the names, addresses, SSN's, Health Insurance info, and other data
> > > covered by the federal Privacy Act. How do they send this info
> > > without violating the Privacy Act?
> >
> >I worked for a major healthcare company (Doctors, Hospitals, and
> >Insurance) for 5 years. We dealt with HIPPA (not Federal Privacy Act)
> >every day. Some information is protected, but there are also
> >exceptions and there is certainly needed information verses
> >information that can be collected later.
>
> HIPPA and Privacy are slightly different ...
> HIPPA deals with not sending a person's insurance info to places that
> should not have it.
> There is a cottage industry that has sprung up to screw this around
> to say that it covers all aspects of medical privacy.
> It does not, but that is what Privacy Acts and institutional privacy
> policies are about.
>
> I know this is more than anyone would want or should want to know.
>
> Dr. Dave
>

-- 
John D. Hays
Amateur Radio Station K7VE 
PO Box 1223
Edmonds, WA 98020-1223
VOIP/SIP: j...@hays.org 
Phone: 206-801-0820
801-790-0950
Email: j...@hays.org 


[Non-text portions of this message have been removed]

RE: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[Hugh Mac Donald]

I feel this is much Adieu (sp) about nothing! If your data is converted into
a digital stream the chances of every "Tom Dick and Harry"  being able to
copy the data is slim to none. I don't care how good our crypto system is if
someone wants to get the data all they will have to do is listen to the
public law enforcement channels or the News Media. I am talking from
experience in the real world! If /I really had to hide something I would use
CW J

73

Hugh AC7XF

 

RE: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[Eric M. Gildersleeve ~ KD7CAO]

The way I've been looking at this is on D*STAR or any other digital mode the
information is nothing but ones and zeros. If you encrypt the data for
specific needs then the data itself may not be readable but the ones and
zeros are still available. 

I do believe that the FCC needs to clarify some information to better
reflect information handling for security needs. On the other hand if I use
a device that encrypts and it is available to anyone is that a problem? For
instance password protecting an excel sheet...

Lot's to ponder here. Yes. I believe that there are times where you should
be able to Encrypt the data you are sending. A perfect example is during an
SNS Activation where I need to keep track of turn by turn data for the
supply truck, shelter statuses, etc.. I don't want every Tom, Dick, and
Harry to know this information. 

Also, public safety systems do fail (they are so expensive and complex) that
they have problems. We may be last line infrastructure but, we need the
ability to support everyone.

Eric M. Gildersleeve ~ KD7CAO
-Original Message-
From: dstar_digital@yahoogroups.com [mailto:dstar_digi...@yahoogroups.com]
On Behalf Of Barry A. Wilson
Sent: Friday, January 02, 2009 12:29 AM
To: dstar_digital@yahoogroups.com
Subject: RE: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

I think Chuck has made some rather relevant comments on topic without
getting into all the emotional issues of what one thinks is or isn't in the
Rules. I think he has a firm grip on the topic.

 

I too personally feel that we need to address these issues especially with
the capabilities of our D-STAR Technology.  Having an ID-1 with internet
connectivity could easily compromise an operator if a hyperlink routes to an
HTTPS: site.  Or what if we set up an amateur radio backup link for local
hospitals and an e-mail is sent via OUTLOOK with a .zip attachment or
someone request us to relay a file that is password protected. Does that not
contain encrypted information somewhere in the message even if the general
message content is readable.

 

Yes these are grey areas left to interpretation and I feel much like Chuck
that we need to address these What if's before they are needed during actual
emergencies.  I think the FCC respondent was in his own fantasy world when
he said you simply need to grab a commercial / public safety radio to
complete the communications. I think Chuck is well aware many of these
systems go down during actual emergencies so they aren't available.
Evidently this FCC Representative has never been in a disaster area.  If you
haven't worked emergency communications then you have never really seen the
need Chuck is addressing.

 

The last NDMS Exercise we held here in Colorado had a lot of amateur radio
participation. A local hospital here in Denver suffered an actual loss of
their internet connectivity during the day of the exercise and was unable to
enter patient data from incoming casualty patients because they couldn't
access the States https: database.  If they had had access to an ID-1 and
internet connectivity they still couldn't perform their mission directly
with amateur radio as a back up with the system accessing an https: internet
site since that would be using Encryption on amateur Frequencies. Yes
information was passed after the fact but had this been an actually incident
with mass casualties having the ability to use amateur radio would have
ideally completed the data link during the emergency.  Just as a further
note, there has been difficulties with other exercises because the
participants are not familiar with the operation of the States 800MHz system
so it has never worked as anticipated during the exercises and the always
fall back on the amateurs to relay their information. There are also area
communities which operate on non compatible systems like EDACS and DTRS so
they often have trouble linking the systems to communicate between the two.
This is the real world!

 

Barry

KA0BBQ

 

From: dstar_digital@yahoogroups.com [mailto:dstar_digi...@yahoogroups.com]
On Behalf Of Charles Scott
Sent: Thursday, January 01, 2009 1:43 PM
To: dstar_digital@yahoogroups.com
Subject: Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

 


Chuck - N8DNX





[Non-text portions of this message have been removed]




Please TRIM your replies or set your email program not to include the
original  message in reply unless needed for clarity.  ThanksYahoo! Groups
Links





__ Information from ESET Smart Security, version of virus signature
database 3731 (20090101) __

The message was checked by ESET Smart Security.

http://www.eset.com


 

__ Information from ESET Smart Security, version of virus signature
database 3733 (20090102) __

The message was checked by ESET Smart Security.

http://www.eset.com
 

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[Charles Scott]

Joel:

In an odd way I think we pretty much agree. What I was trying to achieve 
was an accepted means to test and practice what we might be called upon 
to do in a real emergency. You're idea of going ahead with using PGP or 
some such encryption and transmitting the decryption keys in the clear 
along with it is interesting. I guess that's close to what I asked the 
FCC District Director to permit but didn't take the final step of saying 
that we'd also transmit the decryption keys during exercises, just that 
we'd make them available. I'll have to think about that.

I do have to differ with you a bit on the point of helping to shore up 
the professional services infrastructure and funding. Most of our served 
agencies are pretty particular about their systems and I'm not at all 
comfortable putting myself into that mix, even though I'm comfortable 
technically. We do, however, have Hams in our group who are commercial 
communications people who serve those agencies, so in a way I guess 
we're partly there.

As for funding, we're not finding that so difficult. We took the time to 
become a 501(c)(3) non-profit corporation. Our success with the 
professional services and the support we get from them has helped us 
secure some good donations. We're also working on some grant 
opportunities that look promising. In addition, we've had good equipment 
donations, and some of those have come from the emergency managers 
themselves. None of that happens without work and certainly none of that 
happens without having a successful organization, but it can happen.

Yes, we've tried very hard not to be just "... a bunch of older guys who 
have all the best intentions." You're correct that intentions are only 
that, intentions, and there's considerable effort from there to 
performance. I guess I have more confidence than you that Hams, with 
even somewhat marginal resources, can provide very useful services in 
disasters. It's not easy, and it's not obvious, but if you consider what 
can be done, what should be done, and that nobody else is going to do 
it, disaster communications seems right for us Hams.

Chuck - N8DNX


Joel Koltner wrote:
> Hi Charlie,
>
> "We also see this time and time again even 
> in simulations where the professional emergency services have trouble 
> with their communications, their systems become overloaded, and there's 
> things that need to be communicated that aren't central to their 
> important tasks."
>
> 

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[MCH]

One thing is for certain...

With all the proprietary technologies coming about (Open Sky, MotoTrbo, 
iDen, ProVoice, Etc.), it's only a matter of time until the FCC will 
have to deal with them on the ham bands.

But, to have some sort of interface between the WWW and the radios? That 
will require an absolute permission of any type of content on the air 
since there is any type of content on the net.

Joe M.

Barry A. Wilson wrote:

RE: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[Barry A. Wilson]

I think Chuck has made some rather relevant comments on topic without
getting into all the emotional issues of what one thinks is or isn't in the
Rules. I think he has a firm grip on the topic.

 

I too personally feel that we need to address these issues especially with
the capabilities of our D-STAR Technology.  Having an ID-1 with internet
connectivity could easily compromise an operator if a hyperlink routes to an
HTTPS: site.  Or what if we set up an amateur radio backup link for local
hospitals and an e-mail is sent via OUTLOOK with a .zip attachment or
someone request us to relay a file that is password protected. Does that not
contain encrypted information somewhere in the message even if the general
message content is readable.

 

Yes these are grey areas left to interpretation and I feel much like Chuck
that we need to address these What if's before they are needed during actual
emergencies.  I think the FCC respondent was in his own fantasy world when
he said you simply need to grab a commercial / public safety radio to
complete the communications. I think Chuck is well aware many of these
systems go down during actual emergencies so they aren't available.
Evidently this FCC Representative has never been in a disaster area.  If you
haven't worked emergency communications then you have never really seen the
need Chuck is addressing.

 

The last NDMS Exercise we held here in Colorado had a lot of amateur radio
participation. A local hospital here in Denver suffered an actual loss of
their internet connectivity during the day of the exercise and was unable to
enter patient data from incoming casualty patients because they couldn't
access the States https: database.  If they had had access to an ID-1 and
internet connectivity they still couldn't perform their mission directly
with amateur radio as a back up with the system accessing an https: internet
site since that would be using Encryption on amateur Frequencies. Yes
information was passed after the fact but had this been an actually incident
with mass casualties having the ability to use amateur radio would have
ideally completed the data link during the emergency.  Just as a further
note, there has been difficulties with other exercises because the
participants are not familiar with the operation of the States 800MHz system
so it has never worked as anticipated during the exercises and the always
fall back on the amateurs to relay their information. There are also area
communities which operate on non compatible systems like EDACS and DTRS so
they often have trouble linking the systems to communicate between the two.
This is the real world!

 

Barry

KA0BBQ

 

From: dstar_digital@yahoogroups.com [mailto:dstar_digi...@yahoogroups.com]
On Behalf Of Charles Scott
Sent: Thursday, January 01, 2009 1:43 PM
To: dstar_digital@yahoogroups.com
Subject: Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

 


Chuck - N8DNX





[Non-text portions of this message have been removed]

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[David B. Toth]

At 02:55 PM 12/30/2008, k7ve wrote:
>--- In dstar_digital@yahoogroups.com, "Frank P."  wrote:
>
> >
> > A group of ARES volunteers at a local shelter are in direct
> > communication with the Red Cross HQ, or a hospital, or the local
> > OEM.  The shelter has several sick or injured individuals who need
> > assistance or transportation to a hospital.  The shelter emcom hams
> > prepare a database (Excel spreadsheet, text message, etc.) containing
> > the names, addresses, SSN's, Health Insurance info, and other data
> > covered by the federal Privacy Act.  How do they send this info
> > without violating the Privacy Act?
>
>I worked for a major healthcare company (Doctors, Hospitals, and
>Insurance) for 5 years.  We dealt with HIPPA (not Federal Privacy Act)
>every day.  Some information is protected, but there are also
>exceptions and there is certainly needed information verses
>information that can be collected later.

HIPPA and Privacy are slightly different ...
HIPPA deals with not sending a person's insurance info to places that 
should not have it.
There is a cottage industry that has sprung up to screw this around 
to say that it covers all aspects of medical privacy.
It does not, but that is what Privacy Acts and institutional privacy 
policies are about.

I know this is more than anyone would want or should want to know.

Dr. Dave 

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[jack]

I chouse to not continue this on here.

Chuck good luck if you do use encrypted radios on the ham bands.
I have been a ham for 24 years and have seen people like you come and go and
lose there ticket because they thought they were smarter then the government
 This is not a new game you are trying to play it has been going on since
the 70's and it has not changed a thing yet.

Jack  N6UYB

---Original Message---
 
From: Charles Scott
Date: 1/1/2009 4:27:01 PM
To: dstar_digital@yahoogroups.com
Subject: Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies
 
All:
 

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[Charles Scott]

All:

I'll start with Jack's response. Since there are already exceptions in 
Part 97 that do permit "obscuring the meaning" of a transmission, it's 
not quite accurate that Hams may not use any form of encryption. I've 
admittedly stretched the definition of "obscuring the meaning" in my 
request since I believe it's arguable that there is a difference between 
meaning and content. If the meaning of the transmission is known but the 
particulars contained in the transmission are not sent in an easily 
decoded form, does this fit the spirit of Part 97? That's clearly what 
is going on for satellite control and it's because there is good reason 
for doing so.

Also note that Part 97 permits the use of "unspecified digital codes" as 
long as they are not intended to obscure the "meaning" of the 
transmission (there's that word again). It also establishes the District 
Director as the person responsible for assuring compliance and provides 
options for such compliance, including maintaining a record convertible 
to the original information. Again, I perhaps pushed the letter of that 
part of the rules, but believe my request was within the spirit of those 
rules.

As you can see, Part 97 does permit encryption in limited cases and does 
permit transmissions that may not be decipherable by other hams or the 
public. It should not be much of a stretch to apply these concepts to 
public service when it makes sense to do so. Unfortunately, nobody who 
read my request saw it that way or they simply made the (rather rash) 
assumption that existing professional communications would be available 
to provide that capability.

In response to Joel's comments, I think it's clear that you need to take 
disaster communications very seriously. There's several reasons for 
this. One is that there is a clear need and that has been proven again 
and again in real disasters. We also see this time and time again even 
in simulations where the professional emergency services have trouble 
with their communications, their systems become overloaded, and there's 
things that need to be communicated that aren't central to their 
important tasks. Another is that unless you take disaster communications 
seriously you can't possibly be prepared to perform in that capacity, 
won't know how to interact with the professional emergency services, and 
certainly won't know what you're going to need or have it ready when the 
need arises. Yet another reason is that the professional services need 
to understand what Ham Radio can do for them, have some level of 
confidence that their local Ham organizations can perform. None of this 
happens without taking disaster communications very seriously.

To function during a disaster, you must have some prior concept of what 
communications will be required. While Hams are particularly adept at 
making things work in a pinch, and we've had to do that numerous times 
in exercises, it's best not to be fudging things together if you can 
avoid it in the heat of a disaster. Since we had identified a clear need 
to provide confidential communications (other than the typical patient 
info stuff you hear people reference), we felt it was important to 
explore how we might be able to do this. We know we can apply public-key 
cryptography in a disaster and won't hesitate to do so if it's a matter 
of life or property, but it would be best to practice exactly that and 
to formalize the procedures to be better prepared and avoid squabbles 
after the fact. We can probably still do that without sending actual 
encrypted transmissions, but that leaves open the possibility that we're 
practicing a flawed procedure.

Note also that I was not proposing routine use of encryption, but rather 
it's use in exercises and with specific limitations. I don't think the 
parameter of my proposal risked crossing a barrier to routine use any 
more than encryption for satellite control does.

As for overlap with the public safety services communications 
capabilities, I think that's exactly what we're working to achieve--and 
then some. Those communications assets and capabilities are vulnerable 
to overload, failure, and unavailability in a disaster. Also, public 
safety personnel are not focused on communications as a primary task. 
It's a struggle simply to keep them trained and familiar with common 
communications tasks. A disaster is certainly not a time to ask them to 
adapt to unfamiliar procedures, assuming that they even have the ability 
to do so. It's also a given that there just isn't enough money to build 
a fully fault-tolerant communications system that has adequate overflow 
capability to cope with any disaster anywhere it might occur. They may 
think so, but we know better and exercises and real disasters show this 
time and time again.

I really don't think I'm trying to solve problems that don't exist (as 
Joe M. suggested). I'm trying to be realistic. My overriding 
consideration for preparation is that I never 

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[MCH]

I've been using FCC TA'ed radios on both for years - usually made by 
Motorola. Unfortunately, none are D-STAR units.

Joe M.

Joel Koltner wrote:
> 2) It would be
> nice if the FCC authorized the type acceptance of radios that worked
> both on amateur frequencies and public service agency frequencies. 

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[jack]

OK
Lets look at this from the legal stand point.  You MAY NOT use ANY form of
ENCRYPTION on ham radio! The short is do it and you risk your license as
well as a fine and or jail time.

PLEASE read part 97.113 sub 04.

I quote "No amateur station shall transmit messages encoded for the purpose
of obscuring their meaning, except as otherwise provided herein.

§97.113 Prohibited transmissions. 
(a) No amateur station shall transmit: 


(1) Communications specifically prohibited elsewhere in this Part; 
(2) Communications for hire or for material compensation, direct or indirect
 paid or promised, except as otherwise provided in these rules; 

(3) Communications in which the station licensee or control operator has a
pecuniary interest, including communications on behalf of an employer.
Amateur operators may, however, notify other amateur operators of the
availability for sale or trade of apparatus normally used in an amateur
station, provided that such activity is not conducted on a regular basis; 

(4) Music using a phone emission except as specifically provided elsewhere
in this section; communications intended to facilitate a criminal act;
messages encoded for the purpose of obscuring their meaning, except as
otherwise provided herein; obscene or indecent words or language; or false
or deceptive messages, signals or identification; 

(5) Communications, on a regular basis, which could reasonably be furnished
alternatively through other radio services. 



---Original Message---
 
From: Joel Koltner
Date: 1/1/2009 12:42:05 PM
To: dstar_digital@yahoogroups.com
Subject: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies
 
Hi Charles,
 
I suspect you're correct that your request was
probably kicked around a fair deal with no one really taking that much
time to read and understand it, but in the end I agree with the
response your were given.  I think you're suffering from the problem
that many hams who are particularly interested in EMCOMM tend to face
-- while ham radio holds itself out and very much does provide many
emergency services in times of disaster, it's only one part of why the
amateur radio service was created, and when you start getting "really
serious" about EMCOMM you find that what you're trying to do is
overlapping with what the various public service agency
frequencies/services were intended to do... and on those frequenciese
people can and do use encryption routinely.  Of course, I realize the
frustration here is that in some areas hams have considerably better
infrastructure set up for emergencies than public service agencies do,
so just being told, "if you need to
transmit some sensitive
personal information, go grab an agency radio" can be a step down in
the level of service you can provide.
 
Some random thoughts:
 
1)
I suspect that in a true emergency, if there's some "life or death"
reason that you need to transmit a bunch of (what's generally
considered to be) confidential information about, say, a patient
enroute to a hospital, you would find plenty of legal protection if
someone later tried to sue you for violating HIPAA or some other rules
(similar to "good samaritan" laws provide protection if you attempt to
provide medical service to someone).  Then again, you probably don't
want to personally be the test case for this... :-)
2) It would be
nice if the FCC authorized the type acceptance of radios that worked
both on amateur frequencies and public service agency frequencies.
(While many amateur radios can be readily modified to do this, the FCC
authorizing it would definitely help out ARES and similar groups.)
3)
Since there are already those narrowly defined allowances for the use
encryption on the books, coming up with some software to perform it on
D*Star radios and popularizing it as a standard might put you in a
better position with the FCC in the future, if you can point to some
software used for, e.g., repeater control and demonstrate that the use
of encryption hasn't been abused and you've received no complaints
about its usage.  That might open the door to the FCC allowing the use
of encryption during, e.g., an agency-declared emergency, although I
still don't think the FCC is going to allow routine, daily use of
encryption as it would be going against the charter of the amateur
radio service.
 
---Joel
 
 
 

 
Please TRIM your replies or set your email program not to include the
original  message in reply unless needed for clarity.  ThanksYahoo! Groups
Links
 
 
 

[Non-text portions of this message have been removed]

Re: [DSTAR_DIGITAL] Re: Encryption on Amateur Frequencies

[Tony Langdon]

At 06:55 AM 12/31/2008, you wrote:

>I see the need for some encryption, but this scenario is not one that
>needs it.

Agree John.  In this scenario, simply not transmitting the 
information is the best answer, as it is not needed during the 
initial emergency.  The confidential information can be gathered by 
other means as alternate communications channels become available.

The ACMA here did extend permission to encrypt communications for 
command and control purposes of an amateur station (i.e. not only a 
satellite, but terrestrial stations are covered here), and emergency 
communications.

There was a time I was considering a SSH link over packet, to 
remotely control and debug my IRLP node when the Internet went down, 
or to disable the repeater.  In the end, it became a moot point, as I 
no longer need that remote control capability (I not have physical 
access most of the time).

73 de VK3JED / VK3IRL
http://vkradio.com