Encryption Implementation on MARCS-IP?

[AE8I]

Various Miami County agencies are sporadically using encryption on MARCS-IP, and recently it seems to be increasing. Some talkgroups that were previously in the clear now appear to be encrypted full-time.

Can individual users (deputy, police officer, paramedic, etc.) unilaterally decide to use encryption on any talkgroup at any time, or can users only choose to encrypt on some talkgroups? Alternatively, if individual users have no control over encryption itself on any talkgroup, is it correct to presume that the choice by a user to encrypt communications dictates that they use one or more talkgroups previously established as encrypted only?

Are there agency penalties for using encryption? In other words, encryption must certainly create additional burdens for the MARCS-IP system. Are agencies using encryption assessed a cost or penalty of some type for this additional drain on system resources, or are agencies free to use encryption as much as they’d like, with no penalty or restrictions?

 

[radioman2001]

Depends on how the radio was programmed as to using it or not, and encryption doesn't cause any additional drain on any system that's already P-25. Same data just encrypted.

 

[mule1075]

Penalties and Restrictions you are joking right? Also encryption should not drain any resources so I ask again you are joking correct?

 

[AE8I]

Penalties and Restrictions you are joking right? Also encryption should not drain any resources so I ask again you are joking correct?

No, I was not joking, but penalty was probably a poor choice of words. I did not mean penalty in the sense that use of encryption was being discouraged, only that if it did indeed put additional significant stress on system resources, that those imposing that additional burden were accounted for in some fashion.

Apparently my assumption that encryption imposes any additional burden was incorrect, hence it becomes a moot point.

 

[northernsummit]

Apparently my assumption that encryption imposes any additional burden was incorrect, hence it becomes a moot point.

The only time encryption causes "problems" for the users is when a radio without the capability needs to talk to one that has it enabled. So if agency A's radio goes to a shared interop talkgroup with their encryption enabled, the Agency B user may be completely incapable of decrypting it. It's not common to pay for encryption hardware/licenses on non-PD radios unless a county or agency is flush with cash.

You can enable encryption on a per-radio basis, or on a per-talkgroup basis. If a given talkgroup is configured to be encrypted then it doesn't matter what the radio user has selected. (But that radio can't participate without having the right hardware, the right license, and the encryption key on the radio itself). When the radio is setup for "selective" encryption the user can move a button (like on an XTS) and choose to be encrypted or not. From what I can surmise (pure speculation on my part) if radio A is encrypted but Radio B is NOT, but the non-encrypted radio is capable and has the right key, it can decode the encrypted traffic. When this happens I can hear 1/2 of the discussion, and the other half is garbled mush, and the person who is transmitting "in the clear" is not complaining, they hear everything. It's comical and frustrating

Sometimes, on a very rare occasion, you'll hear a dispatcher tell someone "you're encrypted" and they'll go back to clear. I suspect this isn't because of any burden on the system, but because there are some radios on that talk group that can't support it. (Because the hardware in the radio needs to support decryption, and there is a separate license fee per radio).

Once a given agency decides to invest the $$ into buying the hardware and licensing the "burden" is over with and you should just move on. You're never going to be able to do anything about it unless you're the decision maker in a given agency.

 

[GTR8000]

Apparently my assumption that encryption imposes any additional burden was incorrect, hence it becomes a moot point.

P25 encryption is "End-to-End", meaning that the encrypting/decrypting is done within the subscriber radios, not by the system itself. The system merely allows the 0's and 1's to pass through unmolested, regardless of whether those bits are "clear" or "secure". Secure transmissions require no additional processing power or system resources, and thus there is no "additional burden" on the system.

 

[KevinC]

P25 encryption is "End-to-End", meaning that the encrypting/decrypting is done within the subscriber radios, not by the system itself. The system merely allows the 0's and 1's to pass through unmolested, regardless of whether those bits are "clear" or "secure". Secure transmissions require no additional processing power or system resources, and thus there is no "additional burden" on the system.

Except for the poor guy in charge of key management.

 

[AE8I]

P25 encryption is "End-to-End", meaning that the encrypting/decrypting is done within the subscriber radios, not by the system itself. The system merely allows the 0's and 1's to pass through unmolested, regardless of whether those bits are "clear" or "secure". Secure transmissions require no additional processing power or system resources, and thus there is no "additional burden" on the system.

A "bit" of critical information about encryption decentralization that I was obviously unaware of. Thank you!

 

[fyrfyter33]

Which “various” agencies are doing it?

Locally, the encrypted talk groups are limited to special ops for PD.

We have to explain to them that we cannot patch those TGs, because the first thing the system does in cross-patching is strips the encryption off.

 

[phask]

Which “various” agencies are doing it?

Locally, the encrypted talk groups are limited to special ops for PD.

We have to explain to them that we cannot patch those TGs, because the first thing the system does in cross-patching is strips the encryption off.

Gurnsey SO and Cambridge PD
Knox Co SO
Ohio Dept of taxation
Ohio Liquor Control
Washington CO SO
Hocking SO

Just from memory - there are a heck of a lot more.

 

[AE8I]

Which “various” agencies are doing it?

Locally, the encrypted talk groups are limited to special ops for PD.

We have to explain to them that we cannot patch those TGs, because the first thing the system does in cross-patching is strips the encryption off.

In Miami County, it appears that the sheriff, as well as all municipalities (Piqua, Troy, Tipp City, West Milton, etc.), have encryption capability on at least one previously Alpha Tagged talk group. Their use may be broader than for only tactical/special ops situations. I've only noted encryption on Alpha Tagged LE talkgroups associated with these agencies, not on EMS/fire, but I can't definitively say that it's not occurring.

 

[Nasby]

Gurnsey SO and Cambridge PD
Knox Co SO
Ohio Dept of taxation
Ohio Liquor Control
Washington CO SO
Hocking SO

Just from memory - there are a heck of a lot more.

As you mentioned, that's just the tip of the iceberg....Unfortunately.

 

[W8RMH]

Fayette County Law Enforcement
Ohio Department of Natural Resources

 

[jrl44430]

My county is switching to MARCS this summer and will be totally encrypted.

 

[mtindor]

My county is switching to MARCS this summer and will be totally encrypted.

And, what is your county?

 

[mszabo2000]

"The only time encryption causes "problems" for the users is when a radio without the capability needs to talk to one that has it enabled. So if agency A's radio goes to a shared interop talkgroup with their encryption enabled, the Agency B user may be completely incapable of decrypting it."

Encryption should never be used on interop talkgroups, not all users have encryption or use the same type of encryption. You can strap talkgroups clear, encrypted, or selective and interop should be strapped clear.

"When the radio is setup for "selective" encryption the user can move a button (like on an XTS) and choose to be encrypted or not. From what I can surmise (pure speculation on my part) if radio A is encrypted but Radio B is NOT, but the non-encrypted radio is capable and has the right key, it can decode the encrypted traffic."

If a radio can receive encrypted it can transmit encrypted. The encryption switch only selects if the radio transmits clear or encrypted, the radio will decode clear or encrypted transmissions automatically. What you describe indicates one radio has their encryption turned on, the other turned off. Best to encrypt specific talkgroups and strap the radios encrypted to there's no accidental transmissions in the clear.

 

[Jphila20]

Each radio has it's own switch. The radio user can turn encryption on and off at will. When running a person for warrants they may switch to encrypted to give dispatch the persons SSN. Sometimes when doing follow ups or surveillance they will encrypt their location for Officer safety. Probably the most common is someone flips the switch and forgets to switch it back, The one on the receiving side would not hear anything different.

 

[jrl44430]

And, what is your county?

Trumbull

 

[fyrfyter33]

Each radio has it's own switch. The radio user can turn encryption on and off at will. When running a person for warrants they may switch to encrypted to give dispatch the persons SSN. Sometimes when doing follow ups or surveillance they will encrypt their location for Officer safety. Probably the most common is someone flips the switch and forgets to switch it back, The one on the receiving side would not hear anything different.

That’s not true for all encrypted talkgroups. Some are full time encryption and the radio cannot turn it off.

 

[Jphila20]

That’s not true for all encrypted talkgroups. Some are full time encryption and the radio cannot turn it off.

That's true. I was addressing when an individual or group seem to disappear. Most specialty group are encrypted.