FHP Encryption and the future?

[dgoodson]

Follow on to the post titled FHP which I was in the process of hijacking, so I have started this one as a follow on.

Thanks for the link with the USC for telecommunications---

Its an interesting topic, perhaps adequately beaten to death previously, but here's my two cents worth.

The thread more-or-less started with the question "Can you buy a scanner to receive FHP etc?" which in my opinion generally receives the answers: A) No scanner will receive it, or B) No scanner will receive it nor will there ever be a scanner that will, or C) No scanner will receive it, nor will there ever be a scanner that will, and if there were, it would be illegal. I agree there is no scanner today, I disagree there will never be one, and I have my doubts that when the day comes, it would be illegal.

I guess my bottomline premise is this: if it were (or in the future becomes) possible to decypher encrypted comms, through techniques that are developed and marketed without having violated technology laws (i.e. no patent infringement etc) then it would not be illegal to develop, sell, buy or possess such capability. And at that point, though it is arguably illegal to LISTEN to the comms using the legal capability, it is certainly unenforceable...

Its just a matter of time. My reasoning is as follows:

You need two things- the algorithm and the key. As for the algorithm, I believe there are enough people out there with knowledge of and access to the techniques and codes that algorithm design or theory is going to naturally leak into public domain. Even if they are proprietary and covered by NDAs, for example, there will be enough personnel turnover that clever folks can eventually probably re-engineer them legitimately. You know- if the secret recipe slips out of the kitchen one ingredient at the time, then no one person is responsible for violating the law, and the hackers just slowly put the recipe/puzzle back to gether. Its inevitable.

As for the keys, the odds are far too long to think you could randomly find the key, or write an algorithm to decypher the key itself, but if someone gave you the key, then the overall challenge is really just reversing the algorithm. It doesn't take too many disgruntled radio techs, or just corporate ignorance or carelessness to let those keys slip out. How many folks have access to the FHP key, I wonder? Not hundreds, but probably dozens (whether they realize it or not). Those leaks might violate employers NDAs, but with the proliferation of anonymously posted "stuff" on the internet, might not eventually be too hard to find. I realize all I say is VERY difficult (but not implausible), but I don't think to this point in my post it represents anything that is clearly illegal.

And remember, and this is important.... there is nothing analogous here to DoD/military encryption technologies or laws/policies. In the DoD scheme, encryption of classified info, where both the "thing" being encrypted AND the key and algorithms (and hardware) are themselves classified. Major espionage laws come into play for tinkering or revealing such things. The underlying "data" in play here, the local PD comms, for example, are NOT classified; the algorithm is at best a patented trade secret, and the key is probably just some local departments sensitive info.

So if a hobbiest could obtain "algorithm" softare that is legitimate, that doesn't break the law (that I can find). And if the hobbiest had access to keys... those two things are not illegal. Combining them together to sit in the privacy of his home, and listen to encrypted comms is arguably not illegal.

I say NOT illegal because I claim under my scenario, that the algorithm and key that I have obtained are "readily available to the general public". No laws were broken to independently develop/produce or sell them (or by me to buy/obtain them), so they are legitimately readily available to anyone. (They may be complicated, they may be expensive, they may be awkward to install and use, but they ARE readily available to anyone who wants them, and is willing to go through the trouble to use them, and that is the legal test). So provided I can prevail in my arguement that the comms meet paragraph 2 (g) (ii) (II) of the code, they are exempt from the statue and not illegal.

So like the AK-47 used to rob a bank, the gun manufacturer is not at fault; and like software used to download copyrighted music, the shareware developer is not at fault; and like Florida mobile scanner laws (which are in practice unenforceable), or blocking cell phone coverage from scanners (which can be circumvented by buying a European model on Ebay), the law will not stop it.

An interesting analogy is to "Google" satellite TV descramblers.... take a look. That's someone - actually LOTS of "someones" - who have figured out and overcome encryption. Perhaps not nearly as robust, and perhaps much more free-market demand (incentive), but the point is... tell a hacker he can't do something, and watch him do it!. Here a are products that are clearly illegal (I guess- you are circumventing legitimate commerce to avoid monthly fees) yet is readily available. Decoding comms is much less of a legal slippery slope. The underlying comms are not classified or proprietary (in fact, I think by most reasonable standards they are public record), and you would not be "stealing" service from anyone (like the satellite TV hackers).

I guess I don't envision a large company like Uniden selling a decryption capable radio soon, but I still think its just a matter of time before some hacker will be on the internet selling aftermarket software that will decode the stream. Then get the key for your department from your buddy on PD whose brother in law is the radio tech etc etc etc and you're set.

Its a cat and mouse game, and the mice are currently playing "catch up". Its just a matter of time!


Happy scanning

 

[n4voxgill]

russia and many other foreign countries have spent millions of dollars trying to break the encryption as cia and the defense department also use the encrytion. The drug cartel would put up millions if not billions to break the encryption so they could keep track of DEA and the Coast Guard.

 

[dgoodson]

I appreciate that, but contend that is a horse of a different color. Commercial standards, trade secrets versus more stringent military standards. The Espionage laws would not even allow, for example, the DoD encryption technologies to be used in the commercial arena. I suspect the encryption used for comms is more analogous to what financial institutions use... robust yes, but not overwhelming for a clever hacker who has inside info, and free from prosecution under espionage laws (which is a deterrent for civilians to tinker around wth Government classified CIA/ DOE/ USCG comms.).

My whole premise is that it assumes there is inside info, and the clever hacker does it in such a way to not violate trades secrets, so he violates no law. I still think its inevitable with time...

 

[mp3punk4christ]

...A Matter Of Time

It may or may not be 'inevitable', but what you don't know is that cable/satelite tv descramblers are not useful for very long. DirecTV is notoriousl for sending out viruses in it's satelite downlinks randomly that destroy these devices. They identify aprox. location of who's using them, and if they are a subscriber who's 'upgraded' his package, they shut down the account and prossecute.

This would be easy to do given the digital nature of the encryption in these radio systems. I assure you that these 'commercial' encryption schemes are yesterdays DoD schemes. When the DoD gets a better encryption scheme or a higher range of radio communication, they hand the old ones back to the contractors who sell them to the commercial market. It's been like that with all sorts of technology. So, the field is ever-changing. The hope is that anyone smart enough to crack it will not have enough time to do so before they've moved on.

And the legality of listening in, reguardless of how you may have cracked it, is the same. It's not legal. It's the same as evesdropping on Cellular or Cordless phone transmissions. The difference is, if you get caught listening to an encrypted law enforcement channel, the price will be steep to pay because they will assume you're up to no good. Yeah, it sucks that the state of florida encrypts alot of it's state's comms, but it's neccisary for a place frequented by international criminals who would love to listen in.

Also, recent laws make the mere 'circumvention' or going around protections schemes illagal. That pertains to just getting around anti-copy tech, or even deciphering an encrypted transimission you were not meant to hear.

So you're right, it is 'A Matter of Time', but the matter of time is that there won't be enough time to crack it before it's changed again.

 

[dgoodson]

Fair enough, but I'm still not convinced. I think the mice will someday catch up, and yes the cats will unveil something better, then the mice have a toe-hold and the iteration cycle shortens in favor of the mice. Someday...

Also, its still not clear to me why it would be illegal IF (big if) I somehow, through a series of miracles were able to decode the stream and listen. The underlying conversations are not restricted any more than the comms we hear in the clear today. So IF I could overcome the technology legally (with smoke, mirror, miracles, flux capacitors) what law am I breaking just to digitally maniputate a data stream that I intercept through the air to listen to comms that are not othewise illegal?

 

[dgoodson]

I also wonder about this-

In the case of FHP for example- does every radio in the state use the same key? I would think "yes" or at least a finite number of keys. I would guess that any FHP in the state could travel to any location in the state and communicate, so I conclude they must all be compatible etc.

And also, do the keys change often? My guess would be no- cause that seems like a huge job if they must be manually changed in firmware, for example. If they are dynamic and change, so that the system in some way transmits an updated key to all field units, then again I figure my hacker could appear to the transmitter as just another receiving field unit.
If a trooper goes on leave, and while his radio is turned off the key changes, how does his radio resynch?

 

[N4DES]

OTAR allows for them to change the key at a moments notice, which they have those capabilities. Now I'm not totally familiar with the EDAC's ESK protocol but it would be safe to assume that the re-key would occur on an affiliation of a valid user on the network and transparent to the end user.

As these systems are getting smarter and smarter, like CDMA and GSM protocols, not only is the ID sent as a affiliation request, so is an ESN.

Does the State use a different key for each toalk goup? No one on this board can answer that question
as the system is totally managed by M/A Comm and not the SOF or FHP. All we know is that the control channel is encrypted and there is no scanner available that can listen to the digital modulation scheme.

 

[dgoodson]

OK, I'm almost there! As long as my hypothetical hacker is a brilliant but disgruntled former M/A Comm employee, there is still hope! And as long as he/she can do the hacking without violating patents or his personal NDAs with M/A Comm, and make the tool accessible to the public, I still don't see any reason to think its illegal. If you can meet Paragraph 2 section (g) (ii) (II) of the code, then (for public safety comms) it trumps EVERYTHING else in the code, including the restrictions for encryption etc. The legal test of the exemption in Para 2 has nothing to do with encryption; you only have to make the transmission "readily accessible to the general public".

 

[N4DES]

First off an encrypted tramission is not "readily accessible to the general public".

Second, even if it was you then have to deal with the intellectual property laws that all of the manufacturers have, as long as it's not P25, if your caught. If you do gain the capabilities you best not advertise it in a public forum.

If he was a prior employee then he would have "insider knowledge" of the technology and a reverse engineering claim would not come into play in this situation. Whether there was an NDA or not is immaterial as the techology is "owned" by the company and the x-employee does not have the right to manufacture or use the technology for his own gain or for distribution.

 

[dgoodson]

Absolutely- that is what I meant by NDA (Non-Disclosure Agreements) that all these companies/employees have.

But- A digitally encrypted signal is ABSOLUTELY legal to listen to if it is accessible to the general public. That really is the law. A plain old digital trunking system signal (unencrypted) is very complicated, and most laymen would say there is no way that such a complex signal could be considered rea=adily accessible by the general public. But since anyone can buy a radio to decode it, it is! An old fashion television signal is extremely complex, using AM, FM and PM modulation in one signal, but even that complex signal is certainly available to the public. The fact something is complex, doesn't make it unavailable (let along illegal); once someone can legally "break it", and make the break available (again, without violating other trade laws, which are of no relevance to the FCC) then it suddenly becomes OK - its readily available. I don't think the FCC gives a hoot as to whether a local PD signal is encrypted or not, any more than they care or regulate what PL tone or 10-codes are used. Their focus is spectrum management. I just don't see any intent in the US Code where the FCC is trying to "regulate" encryption of public safety comms.

The issue of "Encryption" is a product feature exploited by the marketing department. There are a lot of things done to plain digital signals that radios routinely "undo" so we can hear them, and encryption is just the boogey man's term for one we haven't figured out yet. I don't see anything in the FCC rules that regulates encryption of signals for public safety use, if I can make that signal readily available. The manufacture might sue over trademark infringement and IT rights, and perhaps the owning agency gets mad (and frustrated with the vulnerable system he has purchased from the manufacturer) but I really don't see where the FCC cares. If your local PD comes up with a really intricate set of "ten codes" using pen and paper, and uses them in plain text on a good ole boys VHF frequency, that's a form of encryption... and that's a local issue; again, the FCC could care less. And if my hacker is really, really clever, and can break the system even though he never worked for M/A Comm (so he doesn't have an NDA with them), and he independently figures out the algorithm, then I don't think he is legally vulnerable for prosecution at all. Granted it all does still assume inside knowledge of the key in almost all my scenarios.

So I think its likely that the technology will slip out, one little bit at a time and perhaps from different sources, so no one individual is at fault. I think its a natural thing that occurs over time with most "proprietary" technologies.

So sooner or later the mice get a chunk of cheese, and the cat and mouse game goes on. I just don't arbitrarily accept the idea that there will never be an FHP-capable scanner and/or software package.

 

[N4DES]

Your forgetting a major point on encryption is that once an agency encrypts it becomes "private communications" and not public. At that point it would not be accessible by the general public and once it's private it is deemed unlawful to attempt to decipher it.

It is correct that the FCC does not manage encryption, like they don't manage PL or DPL. Actually the frequency coordinators are the first contacts in non-abusive interference complaints. The FCC is only the final decision maker if the coordinator can't fix the issue.

As to your comparison with TV, that in itself is a totally different topic as yes the over the air TV signal may be a complex one and there are only 1 analog and 1 digital standard for general broadcast TV. But once it hits a cable system it can be protected by whatever means the cable TV operator deems necessary to protect their network from non-paying individuals whether it's an over the air station, a non-local satellite station, or an exclusive movie style station.

I really think your mouse will starve before any EDACS/ESK scanner is available or the cheese will turn a really bad green color because it sat out too long.

 

[grem467]

keep in mind that just because someone keyloads radios, they probably do not know the key, nor is there any way for them to get the key out of the loader. Probably the number of people that actually know or have access to the keys is less than 10 and would typically be pretty high up, not your run of the mill tech.

 

[red8]

It seems that someone forgot about the thread about what happened in Michigan about the person(s) being convicted for
hacking into their digital system and it wasn't encrypted.
I tell you what, I ' ll bring you some cigarettes on visiting day
at Leavenworth.LOL

 

[dgoodson]

I appreciate everyone's civility in this discussion.

Seems like the overwhelmiing concensus is that it would take a significant breech of security (of protecting the algorithms and key) to ever allow a system to be monitored... I guess only time will tell. But as time goes on, it is inevitable that more and more folks have access to that info. I'll keep throwing the mice a fresh piece of cheese, from time to time.

I would like to beat the dead horse of legality one more time, please indulge me.

Those who wrote the US Code, aka the law, went to the effort to include a very simple and specific exemption for public safety radio monitoring. It says, and I paraphrase "If a public safety comm can be readily monitored by the general public, that is legal and none of the other stuff in this law applies."

That's what it says, more or less, in plain english. It doesn't say "unless its encrypted" or "unless its private" or anything like that It says, if the general public can monitor the comms of their local public officials, that's ok. It almost seems to have its roots in the Freedom of Information Act, but thats another debate. And this exemption is specific to local government comms, it does not apply to commercial users, like satellite downlinks, engaged in commerce, for example. So someone went to the trouble to add this language for a reason so you had the freedom to listen to (at least most of) your government's comms.

Consider this, just a "regular" (unencrypted) signal from a digital trunking system leaving the antenna, is very complex. Is such a thing accessible by the general public? It is accessible, but only by virtue of the fact that anyone can buy a radio that does some incredible signal manipulation, and reconstructs the original "voice". Aside from the fact that such radios are very complex, and relatively pricey (and that is completel irrelevant from the legal perspective), anyone can buy and use them, so the comms are in fact accessible to the general public.

By the law, an encrypted digital trunking system (on a public safety system) going through the air is no different in the eyes of the FCC. The FCC doesn't license, regulate, keep track of, or authorize encription by local governments... they simply don't have a dog in that hunt - it is beyond their scope. If a system has encryption, it is because of a local decision or choice to pay the radio manufacturer for that particular product feature, which provides them some additional level of privacy. It is a commercial feature, whose effectiviness is due to the technology, not because of any legal standing granted by the government. The encryption has simply digitally manipulated an already complex digital signal one more very complicated step. We can't listen because of a technology barrier, added because of that added layer of digital manipulation - it has nothing to do with legality. Years ago, "encryption" to some extent could take the form of "10 codes" to help protect communications - the FCC could care less if your department uses 10-codes or or sophisticated code words in general for increased security. I don't see anything in the law that says even if you consider "encrypted" public safety signals private, they have any higher legal standing. Are I-calls "private"? The using agency probably thinks so, but the FCC apparently doesn't care, and since we can buy radios to decode them, we are free to listen.

I think it is perfectly plausible to think that the legal language I cite could have in fact been included as a way for the FCC to put local government radio users "on notice" that no matter what techniques they might use now or in the future, if and when the day comes that the public can successfully monitor such comms, that will be legal, and therefore the FCC is providing them no protection under the law in these matters.

So again my original premise was that IF (ok - a very big IF*) some one could legally develop and market a technique, which anyone could buy, that could decypher encrypted comms, then under this language such monitoring would be perfectly legal. (* and yes, my big IF includes the caveat that the technology can be derived without breaking patent laws etc- stranger things have happened)

With all due respect, I think the Boogey Man has spooked the subject. So please consider my point open-mindedly. If you can concisely point out why I am wrong, with facts and not urban legend (no offense intended), please do so. But understand you must do it in the context that my premise is wrong; you can not just cite another part of the law to make your point; you must show why my citation does NOT apply. That is because my part of the law says that if my part IS true, then no other parts of this law apply. So your first step must be to show why IF a commercial product were available to anyone who wanted it (without regard to how likely that might be) listening to comms would be illegal.

As for the Michigan case reported by red8 - I am not familiar with that, but would be interested to know the facts.

Thanks for the civility. I am really not trying to be thick headed, just trying to challenge the conventional thinking, which I think may be promulgated through urban legend by the Boogey Man.

 

[grem467]

Keep in mind that parts of the DMCA apply here as well, as well as the ECPA.

http://en.wikipedia.org/wiki/DMCA

and from the ECPA (1986):

"(16) 'readily accessible to the
general public' means, with respect
to a radio communication, that such
communication is not---

"(A)scrambled or encrypted;
"(B)transmitted using modulation
techniques whose essential parameters
have been withheld from the public
with the intention of preserving the
privacy of such communication;

 

[dgoodson]

grem467:

I am not sure how applicable DMCA is to radio comms versus internet, but I think you have clearly established from EPCA that the definition of readily accessible pops my entire balloon. Thanks for the clarification!

I set out to learn the legacy of this discussion, and I have succeded.

 

[OpSec]

Glad to see you've gained some knowledge, but why are you so concerned? It seems like you really feel a need to listen to state's radio system. What is so important on that system?

It's threads like this that make the State glad they encypted the system, because I'll bet that someone from the State reads this forum and is already questioning your motives.

I don't think a lot of people realize how many system managers read RR.com. Case in point, look for the threads that Lindsay made regarding the Fed's and Military requests for removal of frequency information. You can bet there is more going on behind the scenes that we never see.

 

[kikito]

I really think your mouse will starve before any EDACS/ESK scanner is available or the cheese will turn a really bad green color because it sat out too long.

As far as I know and from a scanning standpoint, ESK (EDACS System Key) is not even encryption.

Is a simple 'scrambling' technique of the EDACS control channel which uses an X-OR calculation and one of the reasons it was developed was to avoid radios affilitiating to the wrong nearby EDACS system with the added 'by-product' that scanners can't track the system even though you can listen conventionally.

There's even a version of Trunker out there that deals with ESK easily and transparently. Combine that with a second scanner for the voice and we already have a scanner so to speak.

Here's some more info from the wiki:

http://wiki.radioreference.com/index.php/ESK

 

[kikito]

It seems like you really feel a need to listen to state's radio system. What is so important on that system?

Being mainly a scanner forum, it seems like a contradictory question to ask about our monitoring hobby......

The same case can be made about any and all other communications. What's so important about scanning or monitoring anything else? Why or why not people should monitor certain things and not others?

It's threads like this that make the State glad they encypted the system, because I'll bet that someone from the State reads this forum and is already questioning your motives.

You're just feeding the 9/11 and Homeland Security paranoia. Before all the terrorism happened, people were enjoying the hobbies of monitoring and photographing airplanes and trains for example. I guess now their "motives" will be questioned and ridiculed as to why would anybody would want to do that unless they were terrorists planning something....

You see where this is going and how far it could be taken about everything we do on a daily basis?

 

[dgoodson]

kikito- you DO bring up a messy point. What constitues "encryption". As I made a point earlier, in "olden days", and perhaps to some extent today, agencies commonly use "code words" etc to help protect their conversations... and at some level, that is a form of "encryption".

Just one of life's little cans of worms!