Media story on encryption

[ctiller]

I wouldn't have as big a problem with encryption if the agencies had a public feed delayed by 5 or 10 minutes. I still feel like it's overkill, though and a waste of taxpayer money. It seems like the radio company lobbyists won the battle for sure, though (for now). I don't feel as if it's too late. With the mistrust in the public now-misplaced or not-the environment is right to set limits to encryption now.

 

[mmckenna]

I wouldn't have as big a problem with encryption if the agencies had a public feed delayed by 5 or 10 minutes. I still feel like it's overkill, though and a waste of taxpayer money. It seems like the radio company lobbyists won the battle for sure, though (for now). I don't feel as if it's too late. With the mistrust in the public now-misplaced or not-the environment is right to set limits to encryption now.

It's not radio industry lobbyists.

It's standard IT security. Protecting personal identifying information as well as criminal justice information is good practice. It's also mandated by the agencies that provide access to the databases.

Simply delaying the feed doesn't protect the PII/CJI in any way.

There's other ways for public safety agencies to build trust besides radio feeds.

 

[ctiller]

It's not radio industry lobbyists.

It's standard IT security. Protecting personal identifying information as well as criminal justice information is good practice. It's also mandated by the agencies that provide access to the databases.

Simply delaying the feed doesn't protect the PII/CJI in any way.

There's other ways for public safety agencies to build trust besides radio feeds.

so why is this just now an issue? scanners have been around since the 60's or maybe even before? There's secure and already encrypted communications methods to do this or dedicate one channel to running people's info rather than just encrypting the entire system.

 

[belvdr]

so why is this just now an issue? scanners have been around since the 60's or maybe even before?

Namely, ease of data access and storage. The ability to extract information from various sources, including audio, and the ability to warehouse that information is both cheap and easily done these days. Also, it is easily sold.

 

[ctiller]

Namely, ease of data access and storage. The ability to extract information from various sources, including audio, and the ability to warehouse that information is both cheap and easily done these days. Also, it is easily sold.

I think the bigger threat of this comes from other means. I don't think these criminals are sitting around listening to a scanner in Indiana to commit identity fraud, but even if it is the case why not just have a dedicated encrypted channel where this info is run. Millions of people's data has been leaked already anyway by yahoo, equifax, etc etc..I bet all of our info is out there floating around right now

 

[mmckenna]

so why is this just now an issue? scanners have been around since the 60's or maybe even before? There's secure and already encrypted communications methods to do this or dedicate one channel to running people's info rather than just encrypting the entire system.

It has always been an issue.
As agencies have switched to digital radio systems, the ability to encrypt has become easier and less expensive. Budgets are a real thing, so affordability matters.

As @belvdr said, the access to information is easier than before. Identity theft is way up. Streaming to the internet makes it far too easy for anyone/anything to gather information.

Personal info is personal info, and it doesn't need to be put out there for anyone with a scanner or an internet connection to listen to.

 

[belvdr]

It has always been an issue.
As agencies have switched to digital radio systems, the ability to encrypt has become easier and less expensive. Budgets are a real thing, so affordability matters.

As @belvdr said, the access to information is easier than before. Identity theft is way up. Streaming to the internet makes it far too easy for anyone/anything to gather information.

Personal info is personal info, and it doesn't need to be put out there for anyone with a scanner or an internet connection to listen to.

@ctiller As stated above, it's not just someone with a scanner. It's someone with an app. Yes, it could technically be solved if everyone had an encrypted channel to use. However, that takes time, money, and training.

In someone's view, it's easier to encrypt the entire thing and be done with it. Frankly, I think it's a direct approach and a simple solution. No training involved, and guaranteed no leakage of data from the radio system.

 

[mmckenna]

I think the bigger threat of this comes from other means. I don't think these criminals are sitting around listening to a scanner in Indiana to commit identity fraud, but even if it is the case why not just have a dedicated encrypted channel where this info is run.

Depends on the agency. Not all agencies are on trunked radio systems. Some smaller agencies only have one channel.
Some agencies do have more than one channel or talkgroup, so having an encrypted records channel is an option. However, with that, you need to consider how secure information is if it requires someone remembering to change channels on their radio each time. It's not a good option from a training/reality standpoint.

Millions of people's data has been leaked already anyway by yahoo, equifax, etc etc..I bet all of our info is out there floating around right now

True, however that doesn't make it OK. Protect the information, and if it gets leaked, punish those that leaked it. No public safety agency wants to get sued by someone getting their identity stolen.

But, it doesn't matter. These agencies all agreed to encrypt the data when they signed up for access to the databases. In reality, they should have been doing it all along.

 

[INDY72]

Depends on the agency. Not all agencies are on trunked radio systems. Some smaller agencies only have one channel.
Some agencies do have more than one channel or talkgroup, so having an encrypted records channel is an option. However, with that, you need to consider how secure information is if it requires someone remembering to change channels on their radio each time. It's not a good option from a training/reality standpoint.
.

Indiana EVERYONE can use the STATEWIDE TRS, the SAFE-T. Almost everyone does at some level. The few that do not has their own TRS, or digital conventional systems with multiple channels the LEA's use. Its actually all about not being heard period. This is evident by the scanner laws= here. They just did not make a scanner in NON MOBILE use illegal. (You MUST have an HAM ticket, or official LEA letter allowing MOBILE use.) Not just this NEW law here in IN. MOST agencies simply take the data that is being specifically mentioned in this law, and use MDT/Laptop/Cellular Phones for communicating it, or do NOT EVEN USE IT as the LEA databases setups do NOT use it for identification anyway! Or they take it off main dispatch, and over to Information/HQ or an Tactical TG/CH, which many have begun to encrypt already. Not to mention that they can't be streamed on BCFY main feeds. (Not going to mention BCFY's newest baby the Calls Platform though as literally ANYTHING GOES with them, cause you make any waves about this you get punished.) Here in IN the encryption started 100 % dues to live streams way before the new law was thought about. Not my words folks, you can literally ask any of the folks that actually are in charge here in IN over these radio systems, this is an fact. But those that are NOT going to blanket encrypt on knee jerk political BS acts, do have secondary protected means to get/send info/data because they ACTUALLY do use more than a single brain cell.

 

[ctiller]

Definitely easier to strap the entire system encrypted but you could equate that to using a nuke option rather than a single precision bomb strike to take out a target

 

[cameron101]

I live in Hendricks Co. and have been monitoring county LE and Fire for years. In the last couple of months I've noticed a lot of audio problems and digital errors on my SDS scanners. I've also heard a lot of radio checks (Motorola techs, I presume). I had a sneaking suspicion something was going on. County LE has had their OPS and Headquarters traffic encrypted for many months, so this really isn't a surprise. Just hoping Fire doesn't go silent as I'll have a couple of SDS 200's for sale.

Sorry for the late reply on this... Those radio tests / audio checks are because all the firehouses in the county have been upgrading their Locution boxes in the stations. Additionally, radio updates / reprogramming. All the volunteer departments received new APX handhelds and mobiles on a grant.

 

[AK9R]

Yes, it could technically be solved if everyone had an encrypted channel to use.

In the case of Hendricks County, which is primarily what the article was about, law enforcement already had an encrypted talkgroup for records checks. There was also another encrypted law enforcement talkgroup for special operations that required communications security. What trigged the article was the county's decision to encrypt all law enforcement talkgroups.

 

[belvdr]

In the case of Hendricks County, which is primarily what the article was about, law enforcement already had an encrypted talkgroup for records checks. There was also another encrypted law enforcement talkgroup for special operations that required communications security. What trigged the article was the county's decision to encrypt all law enforcement talkgroups.

My statement was regarding public safety radio, in general, not one system. Like I said, sometimes it's just easier for the system owner to encrypt everything to ensure no possible leakage.

 

[wa8pyr]

I have been scanning off and on for 25+ years. Drivers' Licenses used to use SSN for the license number (long time ago), and they used to read SSN over the air all the time. Since they changed licenses to a unique OLN (Operator License Number), I can't tell you the last time I heard an SSN read over the air. MAYBE if the person has no ID, but they usually start with Name & DOB and can do a lot of the lookup over the MDT.

Ditto, been years since I heard SSNs being routinely given over the air; happens occasionally but rarely these days.

When I was still dispatching, many states started moving to a permanently-assigned OLN to replace the SSN, in response to privacy concerns; on top of that use of the SSN for any purpose other than Social Security is technically not permitted under Federal law.

In theory at least, SSN was supposed to be removed from drivers licenses and other forms of ID.

 

[belvdr]

Ditto, been years since I heard SSNs being routinely given over the air; happens occasionally but rarely these days.

When I was still dispatching, many states started moving to a permanently-assigned OLN to replace the SSN, in response to privacy concerns; on top of that use of the SSN for any purpose other than Social Security is technically not permitted under Federal law.

In theory at least, SSN was supposed to be removed from drivers licenses and other forms of ID.

I still hear SSNs transmitted in the clear a few times a week here, generally when an OLN is unavailable.

Are you sure about the federal law on SSN? So many places require it (credit check is one example) that's not related to SocSec. I have no idea, hence the question.

 

[wa8pyr]

Are you sure about the federal law on SSN? So many places require it (credit check is one example) that's not related to SocSec. I have no idea, hence the question.

The Federal law angle is what we were told by the legal people when the State of Ohio started moving away from use of SSN on the OL and over to the permanently assigned OLN. We brought up the same concern, about everybody and their uncle using SSN for purposes not allowed, but basically we were told "that's something the Feds will have to deal with." Naturally, it's never been dealt with; of course, if it were dealt with the Feds would probably have to implement a national ID number for every person in the US to replace it (except for Social Security), which of course would lead to the inevitable complaints about Big Brother and all that stuff.

As if we're not already being tracked by Big Brother and all his family members....

 

[INDY72]

I still hear SSNs transmitted in the clear a few times a week here, generally when an OLN is unavailable.

Are you sure about the federal law on SSN? So many places require it (credit check is one example) that's not related to SocSec. I have no idea, hence the question.

Just take a look at your Social Security Card. Read it carefully. It plainly states: "NOT FOR USE AS AN FORM OF IDENTIFICATION". It was NEVER to be used as such, but the powers that be could never find a smart enough guy to take it to court against the banks, and they can argue that its ONLY used to trace your financial status, same for any employer. But, the use of it as verification on all other NON financial forms is a violation of Federal Law. Yet, its used 24/7 as an form of identification by the VA-Medical, and other parts of the VA, as well as so many other things, including any background checks for firearms, DL/ID's, etc. But, its ONLY in very recent times that NON Federal LEA's have been getting spankings for use of it. For example, my first DL in MS was my SSN. When I went to get it renewed, the folks at the desk were astounded that it was the way it was. Add in that in most State's now, the LEA databases can no longer accept the SSN as part of any verification of any information. (There are still a few databases involving Warrants, and DOC status that still have it as part of the process, but this is rapidly being changed. ) Hell the whole Social Security program was originally never to be around very long. But like ALL entitlement programs that Congress puts into action, it got blown out of its original intended use and now is a huge monster that you can't touch. (And you hear the lies of "its not an entitlement".. All the time. Yes it was, is, and forever will be. Its history makes interesting reading, and makes you see just how corrupt the government can be.

 

[belvdr]

Just take a look at your Social Security Card. Read it carefully. It plainly states: "NOT FOR USE AS AN FORM OF IDENTIFICATION".

It doesn't say that on any of the 4 in my household.

 

[usswood]

It doesn't say that on any of the 4 in my household.

mine either...must be post 1980 issues...mine is a pre 1980 issued and it doesnt have it either on their

 

[Mattnik]

Just take a look at your Social Security Card. Read it carefully. It plainly states: "NOT FOR USE AS AN FORM OF IDENTIFICATION". It was NEVER to be used as such, but the powers that be could never find a smart enough guy to take it to court against the banks, and they can argue that its ONLY used to trace your financial status, same for any employer. But, the use of it as verification on all other NON financial forms is a violation of Federal Law. Yet, its used 24/7 as an form of identification by the VA-Medical, and other parts of the VA, as well as so many other things, including any background checks for firearms, DL/ID's, etc. But, its ONLY in very recent times that NON Federal LEA's have been getting spankings for use of it. For example, my first DL in MS was my SSN. When I went to get it renewed, the folks at the desk were astounded that it was the way it was. Add in that in most State's now, the LEA databases can no longer accept the SSN as part of any verification of any information. (There are still a few databases involving Warrants, and DOC status that still have it as part of the process, but this is rapidly being changed. ) Hell the whole Social Security program was originally never to be around very long. But like ALL entitlement programs that Congress puts into action, it got blown out of its original intended use and now is a huge monster that you can't touch. (And you hear the lies of "its not an entitlement".. All the time. Yes it was, is, and forever will be. Its history makes interesting reading, and makes you see just how corrupt the government can be.

What @milf said is true, for older cards.




For newer ones, that text has been omitted, for reasons....




Back when I started in dispatching they had migrated away from SSN as OLN numbers in Indiana, but you could still run a driver's license query with S and the SSN (S123456789) (no dashes). License plate returns also had SSN on them. Around about 2009 or so the plate returns started putting the OLN on them instead of the SSN, which was nice because with a check of the box I could force a DL return when I ran a plate. I routinely do that now, so as to save time. Of course, I can pull a picture as well, and usually do. Our CAD makes the queries easy.