its possible to decrypted frequency in 2023?

[RayAir]

Digital does not equal encryption. It's just a different form of modulation/waveform.
Consumer level scanners, et al, don't have the necessary hardware to decode encrypted signals.

Hypothetically, it is possible to decrypt AES 256 encryption because all of the possible keys are known and can be generated. BUT the number of keys is astronomically large. There are other protocols besides AES 256, but decrypting any of them by brute force is well beyond the capabilities of a hobbyist. Here's an explanation from stack overflow:

"If you were simply brute forcing every possible key, there would be 2^256 keys you need to try. You'd expect to find it after going through (on average) half of the keys, so average expected number of attempts would be 2^255. This is a Really Big Number. If every atom on earth (about 1.3 * 10^50 atoms) was a computer that could try ten billion keys a second, it would still take about 2.84 billion years. Brute-forcing is simply not possible - you'd need to find a weakness in the algorithm that lets you take a short-cut

Digital does not equal encryption. It's just a different form of modulation/waveform.
Consumer level scanners, et al, don't have the necessary hardware to decode encrypted signals.

Hypothetically, it is possible to decrypt AES 256 encryption because all of the possible keys are known and can be generated. BUT the number of keys is astronomically large. There are other protocols besides AES 256, but decrypting any of them by brute force is well beyond the capabilities of a hobbyist. Here's an explanation from stack overflow:

"If you were simply brute forcing every possible key, there would be 2^256 keys you need to try. You'd expect to find it after going through (on average) half of the keys, so average expected number of attempts would be 2^255. This is a Really Big Number. If every atom on earth (about 1.3 * 10^50 atoms) was a computer that could try ten billion keys a second, it would still take about 2.84 billion years. Brute-forcing is simply not possible - you'd need to find a weakness in the algorithm that lets you take a short-cut here."

unfortunately many radio systems use far, far weaker encryption.

 

[mmckenna]

Not wanting to point fingers (and I often point at myself with a slap to the forehead) I think many of us ask questions which on later reflection should have been obvious.

In the OP's original post/question they may have been thinking that going digital means encryption. Well this have already been discussed and answered above.

The "slap the forehead moment" is do we ever step back for a moment ask ourselves do we want our supposedly HTPPS/encrypted transactions to readily decrypted so people can see our financials etc."

One often needs to turn the compass needle at yourself and ask the question. If you do that then you have answered your own question.

A few years ago I posted on a very heated thread regarding encryption. There were very passionate people that didn't see the need for encryption on public safety radio systems, and were willing to fight to the death over it.

I asked a very simple set of questions:
Please share the following info:
Full legal name.
Full address
drivers license number
Physical description, including height, weight, color of eyes and hair, gender.
make, model, color and VIN number for your vehicle
License plate number from your vehicle
All wants/warrants/convictions/criminal history
Gun ownership


As you can expect, none of the people that were so adamant that encryption should be outlawed were willing to share any of that information.
Yet, they expected to be allowed to hear it over the radio any time they felt like it, all in the name of entertainment.

That said asking is decryption of anything is possible then "nothing is impossible" but the earth may freeze over before that happens.

Also I'm reading / hearing that there are growing concerns about Quantum and Neural computers being able to radically reduce the time to crack any given encryption. This could be a concern for "static" data.

When Amazon sells quantum computers, I'll worry. Until then, the people that can afford those sorts of toys are going to be doing better stuff with them, like curing diseases and modeling the entire known universe.

However for encrypted data/transmissions then unless they are recorded they are just disturbances in the ether and useful real time decryption is never going to happen unless you can find the encryption/decryption key.

If a simple car remote can/do use hopping codes to counter interception than I strongly suspect that radios that use encryption do even more anti attack methods of not using the same key all the time.

Any agency that isn't frequently changing keys will hopefully be addressing that by then. Daily key refresh will help reduce risk. The technology exists to do that, but agencies get lazy.




As for the rest of it, scanner listeners often don't realize that there are existing requirements on the books to keep criminal justice information and personal identifying information secure at all times and in all methods of transport. Doesn't matter what it is. Encryption of radio traffic where this sort of information is shared is required by the FBI and many states, and has been for a very long time.

Suggestions that officers should constantly be switching channels between encrypted and clear solely for the benefit of a scanner listeners entertainment are not realistic.

As for overseeing the law enforcement agencies, it's pure naivety to think that the only sneaky stuff that happens in public safety happens over the radio. Anything like that happening is much wider spread and will require much more than a few scanner hobbyists to catch it.

 

[ladn]

unfortunately many radio systems use far, far weaker encryption.

True.
But look at many of the posts here on RR. Many users can't even program their radios for simple analog, let alone a trunked system. Scanners don't have crypto hardware. Some CCRs, like Anytone, include a crypto function in their CPS (rather than require a KVL tool), but these don't scan or generate keys. I wonder how many end users would even be capable of properly entering a key and making it work, even if they knew the key.

High level users or users with access to powerful computers most likely aren't going to be interested in cracking Mayberry PD's analog speech inverters. They'll be after the major metro and three letter government agencies' systems. The weak spot in these may not be the codes as much as incompetence and complacency on the part of the system gatekeepers.

Agencies that use a code generating service traceable to NSA, use multiple codes, keep them secure and flip them often are still pretty safe

 

[12dbsinad]

A few years ago I posted on a very heated thread regarding encryption. There were very passionate people that didn't see the need for encryption on public safety radio systems, and were willing to fight to the death over it.

I asked a very simple set of questions:
Please share the following info:
Full legal name.
Full address
drivers license number
Physical description, including height, weight, color of eyes and hair, gender.
make, model, color and VIN number for your vehicle
License plate number from your vehicle
All wants/warrants/convictions/criminal history
Gun ownership


As you can expect, none of the people that were so adamant that encryption should be outlawed were willing to share any of that information.
Yet, they expected to be allowed to hear it over the radio any time they felt like it, all in the name of entertainment.



nnn

While this is true, you can also go online to do a full background on anybody and find out whatever you want. Typically, all you need is a name, cell phone number, any small piece of info. Heck, all I need is your Ham callsign and I can find your address very easily just by typing it into Google.

I've never heard of anyone involved with identity theft from someones name or DOB being given over the radio. I also don't think NYC is encrypting because they are worried about saying personal info over the radio, it's all the other reasons.

I've you don't break the law, then you have nothing to worry about anyway, and most States cops can not stop and ID without a crime being committed or about to be committed. They can ask, but you can also refuse. Driving is also a privilege and not a right. That is why your license plate number is public and in view, you have no expectation of privacy while in public. You know all the YouTube auditors with cameras that video license plates/people and everyone gets all bent out of shape? Well, even though not very tactful it isn't illegal.

Like I said before, if someone is out to track me either purposely or by random, it's going to be through this great invention called the internet. Not PS radio.

 

[GlobalNorth]

As for the rest of it, scanner listeners often don't realize that there are existing requirements on the books to keep criminal justice information and personal identifying information secure at all times and in all methods of transport. Doesn't matter what it is. Encryption of radio traffic where this sort of information is shared is required by the FBI and many states, and has been for a very long time.

I had to laugh at this one.

Years ago, every command level manager and executive in my former agency was issued a 'confidential' [to all line level employees] binder with the names, ID numbers, assignments, DOBs, SSNs, all known telephone numbers, all known e-mail addresses, residences, mailing addresses, NOK info, and other personal identifying information.

When the Ford CVPI was still in production, a number of enterprising auto burglars made a habit of burglarizing them in an effort to steal firearms, PS radios, etc. A Lieutenant with my agency had his issued 'street appearance' CVPI burglarized in his driveway. They cleaned it out of everything.

He got a day off without pay for having his sidearm stolen from inside of the vehicle [a big no-no in our agency] and the department said nothing until a confidential quasi-governmental intelligence organization noticed information about our LE employees suddenly popping up on Tor browsers. They dug into it and when the agency didn't seem to care, the affected employees started getting contacted 'unofficially'. The labor groups got hold of it and then went after the city with lawyers.

Needless to say, everyone of us got listed as victims in a huge ID Theft case and thereafter, everyone of those binders was rescinded and there was one binder placed into a vault in communications, with a dual electronic key control system, to prevent loss of data and prevent people from being busybodies.

I never told the agency my current address, my PO Box, my actual phone [they got a burner number], etc. after that. I did get into official trouble for failing to notify my agency of my current address and in the interview, I brought up the above incident and told the Chief through the interview: 'I don't give a _____ about it. Write me up!".

Never trust the gatekeepers or the keymasters - look at Ghostbusters for proof.

 

[KevinC]

Never trust the gatekeepers or the keymasters - look at Ghostbusters for proof.

So I shouldn't have trusted Gozer?

 

[ctiller]

I just wish the people pushing encryption would just admit that it's because they want control of the message getting out and stop all these other excuses. The public has been listening to public safety since the 1930's or so and now suddenly it's an issue?

 

[AB5ID]

I just wish the people pushing encryption would just admit that it's because they want control of the message getting out and stop all these other excuses. The public has been listening to public safety since the 1930's or so and now suddenly it's an issue?

Nobody's telling them they can't encrypt so of course they're doing it with alot of new systems and upgrades.

 

[GlobalNorth]

So I shouldn't have trusted Gozer?

Higher ranking, so take your choice. Just stay far away from the re-make! El Stinko!

 

[12dbsinad]

I just wish the people pushing encryption would just admit that it's because they want control of the message getting out and stop all these other excuses. The public has been listening to public safety since the 1930's or so and now suddenly it's an issue?

Not only radio, but when newspapers were a thing it was VERY common to see a "Police log" section that listed incidents with names, addresses, etc. This was never a problem for years and years.

Today it's done on social media by private individuals and it's a problem because it's done in real time thanks to technology. And EVERY incident big or small gets posted. Every Tom, Dick and Harry can easily listen and post info to include twisted info, half truths, etc, etc. Also what's the first thing everyone does when they see somethings going down? Stream Broadcastify!

Then you have the whackers which is a real problem, but I'll digress.

 

[radiopro52]

Heck, all I need is your Ham callsign and I can find your address very easily just by typing it into Google.

I'll never understand why this is a thing. It's the one thing that's keeping me from becoming a Ham. While I'm certain most Ham operators are good and honest people, it only takes one crazy person to jeopardize your safety.

Everyone should also pay more attention to "that thread" in the off-topic wireless forum. I'll always believe that's it's a big contributing factor as to why encryption is spreading and is often overlooked, and frankly ignored.

 

[GlobalNorth]

I'll never understand why this is a thing. It's the one thing that's keeping me from becoming a Ham.

P.O. Box, a UPS store, or a mail drop in a nearby town.

Being a property owner recorded in your County reveals far more about you than being an Amateur does.

 

[ctiller]

Not only radio, but when newspapers were a thing it was VERY common to see a "Police log" section that listed incidents with names, addresses, etc. This was never a problem for years and years.

Today it's done on social media by private individuals and it's a problem because it's done in real time thanks to technology. And EVERY incident big or small gets posted. Every Tom, Dick and Harry can easily listen and post info to include twisted info, half truths, etc, etc. Also what's the first thing everyone does when they see somethings going down? Stream Broadcastify!

Then you have the whackers which is a real problem, but I'll digress.

yeah I loved reading the police log back in the day...my county was kind of rural and the newspaper always had great writeups about the crazy stuff that went down.

 

[12dbsinad]

So I have to ask, if personal information is the main reason for encryption, if I do a FOIA request for the radio traffic for a specific event or call are they going to (or is it required) to blank out any names or identifying information of said person(s)?

 

[mmckenna]

While this is true, you can also go online to do a full background on anybody and find out whatever you want. Typically, all you need is a name, cell phone number, any small piece of info. Heck, all I need is your Ham callsign and I can find your address very easily just by typing it into Google.

True, and why I don't use my FCC call signs as my ID on this page, or put them on my vehicle, or anywhere else. I don't like to make it easy for people.

I've never heard of anyone involved with identity theft from someones name or DOB being given over the radio. I also don't think NYC is encrypting because they are worried about saying personal info over the radio, it's all the other reasons.

Maybe, but not sure how we'd prove that. I prefer to not find out. None the less, the FBI has that on the books, as do many states. Not sure about New York.

And encryption, we can likely all agree, is useful for a lot of things.

I've you don't break the law, then you have nothing to worry about anyway, and most States cops can not stop and ID without a crime being committed or about to be committed. They can ask, but you can also refuse.

Locally, they'll run ID's if there is a traffic accident.
Due to police getting in trouble for "they talked to a wanted guy but didn't realize it was him", they'll often run everyone and anyone.

Breaking the law doesn't mean you give up your privacy.

 

[mmckenna]

I just wish the people pushing encryption would just admit that it's because they want control of the message getting out and stop all these other excuses. The public has been listening to public safety since the 1930's or so and now suddenly it's an issue?

Well, mainly because it's not true.

There's a number of reasons for encryption/controlling access.

- The FBI and many states have had requirements for a long time that CJI/PII cannot be shared in the clear. That's nothing new, it's been there for a long time. It's just getting enforced now.

- Locally, we had big issues a year or two ago when there was a big wildland fire that did a lot of damage. Fire was busy doing their job. Meantime a few people with Baofengs/CCR's and access to websites that share repeater input/output frequencies and tones decided that they were going to use their CCR's to talk directly to fire. Some of it was people thinking they were helping (they were not), some were people that wanted information directly from the fire fighters. It was bad enough that the fire agencies decided that they needed a way to keep the CCR's and unauthorized users off the system.

The truth is, no one has any right to access someones personal information. Just because you had access at one time doesn't mean that it should continue.

Entertainment isn't a good reason to have access to this data.

 

[ctiller]

There are encrypted ways already to run people. It does take another 5 seconds or so to accomplish though. It doesn’t take millions of dollars of taxpayer equipment upgrades either. Also entertainment isn’t the reason we want access. I like to know what’s going on in my community for safety reasons. Accountability is another reason though I’m not one of those types.

 

[ctiller]

Here’s an idea aggressively enforce the importation of these radios if they are illegal and charge the operators doing that

 

[mmckenna]

There are encrypted ways already to run people. It does take another 5 seconds or so to accomplish though. It doesn’t take millions of dollars of taxpayer equipment upgrades either. Also entertainment isn’t the reason we want access. I like to know what’s going on in my community for safety reasons. Accountability is another reason though I’m not one of those types.

LTE isn't always an option. And an officer taking their eyes off the situation to type on a slippery screen isn't a good idea. There's a reason why voice is king.

The truth is encryption works fine. And it doesn't cost a lot of money. Most of these agencies are refreshing equipment periodically, so they are getting new P25 radios every 5-7 years in most public safety applications. I just bought Harris radios for work and single key encryption was a zero cost line item. P25 repeaters will pass encrypted 1's and 0's just as easily as unencrypted 1's and 0's. The only decryption on the system happens at the radio or the console. And that equipment gets upgraded periodically. The claims that encryption is expensive isn't based in reality. Equipment is getting upgraded all the time, and modern gear will support encryption. It's hard to find any digital commercial radio that doesn't include some form of scrambling or encryption. I'm sitting here at work right now programming a bunch of $250 UHF commercial DMR radios for a user, and those all come out of the box with basic scrambling included in the cost.

It's good to be aware of what is going on in your community, we should all be doing that. But a scanner isn't the solution.

Accountability? You'll not get that on a scanner. The stuff that people claim to be worried about doesn't happen over the radio. It happens in the locker room, in dark alleys, over the cell phone, all places scanner won't hear it. In most jurisdictions, the radio traffic is all recorded and saved as evidence. Our PSAP records all radio traffic 100% of the time.

 

[12dbsinad]

The truth is, no one has any right to access someones personal information. Just because you had access at one time doesn't mean that it should continue.

But they do technically have a right as it stands. All of this info can be available via FOIA. Including body cam footage with audio. It's just not something widely done by the public so it's not really a big deal.

My heartburn with this is you can't have it both ways. If you're going to make regulation to protect PI, then you need to do it from all avenues, not just some.

All encryption announcements that I've ever read sight "officer safety". It's probably very very rare is ever to find a dept that list the reasons as the citizens own benefit, PI.

As always, appreciate the healthy back and fourth. While I work in radio I have a tendency to look into things from multiple angles.