More Twin Cities Law Enforcement Locking Down Police Radio Traffic, Stirring Debate

[MTS2000des]

Harris single key AES-256 on the XL-200's is $0.01 per radio. Part number XS-PL9E if you want to look it up.
Motorola AES-256 + ADP is about $381 on the APX-Next. Part number Q629BD, if you want to look that up, also. With better contract pricing, it can probably be had cheaper.

We got ADP for free on our N70s and NEXTs, it was AES-256 and multi-key that added around $388 to each sub. But well worth it.

 

[mmckenna]

We got ADP for free on our N70s and NEXTs, it was AES-256 and multi-key that added around $388 to each sub. But well worth it.

Right. The arguments against encryption that use price as the reason don't work when reality is applied.

 

[MTS2000des]

That was valid in 1998 before P25 was widely adopted, encryption required hardware modules with DES/DES-XL/OFB, and expensive keyfill devices. In 2025, encryption can be as simple as a click of a mouse/check box and as cheap as .1c (L3H charges for ARC-4).

 

[DeoVindice]

They finally have the excuse and the ability to do what they've wanted to do for years. If this were really about data privacy fire and EMS channels would have been encrypted a long time ago. I wouldn't be able to listen to MRCC while sitting in the regions ER to know what the trama team activation is about with details of the persons injuries.

Radio communications are not covered by HIPAA, and fire/EMS radio traffic essentially never includes PII. Location/age/complaint is not PII.

LE traffic commonly includes names in conjunction with addresses, phone numbers, driver's license numbers, and more. Especially where domestic violence may be concerned, none of that should go out over clear air. There are ways it can be handled without encrypting all traffic, but generally at the cost of increased workload.

 

[wogggieee]

Radio communications are not covered by HIPAA, and fire/EMS radio traffic essentially never includes PII. Location/age/complaint is not PII.

Never said they were, but at this point you're arguing a technicality. With just a slight bit of work its not hard to figure out what is happening to whom. If I know Anytown FD is dispatched to 123 Main street for a 50 year old male fell from a ladder and is unconscious it's not hard to figure out who that is. Then when they tell them they're transporting him to Anytown hospital and I switch over the MRCC and hear them give a full rundown of the patient's condition. Now you know the details of their injury, BP, heart rate, SPo2, where their IVs are, what meds they've given, etc. It may not be a HIPPA violation and it may not technically PII but its enough to easily figure it out.

 

[bearcatrp]

i think your wrong on HIPPA. pretty sure that covers everything.

 

[mmckenna]

i think your wrong on HIPPA. pretty sure that covers everything.

I think you guys mean HIPAA.

There are a lot of things covered by HIPAA, but it makes a very clear exception that essentially says that HIPAA should not stand in the way of emergency care.

In other words, caring for the patient comes first and foremost. In a medical emergency, patient information can be shared over the radio.

And that made sense in the days of analog radio. But now that many are migrating to digital and digital trunked systems, encryption is easy and cheap. The people that run these systems can protect patient information easily now, even over the radio during an emergency, so they do.

 

[knockoffham]

Tell me you are not a cop, with out telling me you are not a cop.

Back in the day, the local police, when when major incident, or high speed chase kicked off(or entered their jurisdiction) would direct UNINVOLED officers to switch from an analogue dispatch channel to a digital provoice Tac Channel for the duration of the event. The INVOLVED units would remain on the dispatch channel.

LMFAO. Nothing stinks, except the tears of the scanner whackers that now can't listen in.

"Just before Minneapolis police began encryption, MPD spokesman Sgt. Garrett Parten pointed to a case in July 2023 when a listener following the manhunt for a murder suspect beat officers to the suspect’s location and began livestreaming before officers could get there, tipping off the suspect."

Yeah, THIS is why agencies are encrypting. Stupid ****s that can't help themselves, that show up to scenes and knowingly, or even unknowingly, interfere with police doing their jobs.

Or the media decides to sensationalize a dying officers final words, as in the case of Cst Styles in Ontario a number of years ago.

Maybe if people were not stupid ****tards, getting in the way, and didn't blab about it, or tweet police actions second by second, and kept it to a hobby in their homes, they wouldn't feel the need to encrypt their comms.

Where you worked it was that way, but around here (and most places) it’s more logical. In my county, for complicated incidents, involved officers go to ops channels (encrypted) and this is also true for information that’s “not for air” AKA NCIC stuff, other private info, or dispatch info involving unruly subjects that are known scanner listeners. We also have an encrypted channel for LEIN when an officer doesn’t have a mobile LEIN terminal and has to rely on dispatch.
So, to reiterate, for complicated events that would likely be best kept secure from the public, we go to encrypted channels and everyone who is not involved stays in the clear on main dispatch channels. That is the way most places do it. Yours sounds more like the exception than the rule.

However, one weird thing over here is that car-to-car is encrypted for some agencies while remaining in the clear for others. I can’t quite figure out why that is. Same with detective channels. I think they should encrypt all the DB and leave all the car to car in the clear but that’s just me.

 

[knockoffham]

Radio communications are not covered by HIPAA, and fire/EMS radio traffic essentially never includes PII. Location/age/complaint is not PII.

LE traffic commonly includes names in conjunction with addresses, phone numbers, driver's license numbers, and more. Especially where domestic violence may be concerned, none of that should go out over clear air. There are ways it can be handled without encrypting all traffic, but generally at the cost of increased workload.

Really the workload isn’t that much. It’s done very effectively around here. Any time you’re giving a phone number, sharing any sensitive CJIS stuff, describing anything personal in serious detail, you switch to your channel 3 (ops) which is encrypted. Same for complicated events best kept secret-ish. Normal dispatch stuff stays in the clear except for that. I believe that’s the best way for it to be done. Better interoperability with clear dispatch channels when agencies don’t have the same encryption keys, without having to tie up statewide talkgroups. Keeps the public informed enough to be happy and public safety accountable. Keeps information secure when needed. All that’s needed is a slight amount of training. It’s very rare for users here to put sensitive CJIS stuff out in the clear by accident. You just need to remember under what circumstances to switch to ops, and dispatch will always be monitoring it, and sometimes they’ll ask you to go to ops to get you sensitive information. And nowadays almost every cop has CAD access in the car and a few even with smartphones or touchscreen radios, such info doesn’t need to go out in the form of audio at all and general dispatch can still be clear.

 

[mmckenna]

Really the workload isn’t that much. It’s done very effectively around here.

There's a difference between 'that's the way it's always been done' and how things will get done in the future. The requirements have changed and it's taking some time for agencies to catch up.

Here's the issue:

It’s very rare for users here to put sensitive CJIS stuff out in the clear by accident.

There is no waiver in the FBI/DOJ requirements for "whoops, it was an accident".
The requirements are that CJI/PII is protected at ALL TIMES and in all forms. Not 'most of the time'. Not 'usually'. It's "at all times".

Law enforcement agencies are accredited, and they get audited frequently. They are required to abide by the rules, and there's no room for accidents. Loosing their accreditation is a bad thing, so they work hard to make sure they are meeting all the requirements. Since there is no grace given for accidents, some agencies are choosing to err on the side of caution and encrypting everything. That removes the risks of accidents.

Yes, there will always be those that will keep a dispatch channel in the clear. Nothing wrong with that, but there is a lot of pressure on agencies to not screw it up. Some are willing to accept the risk, some are not. Risking it to provide a service to scanner listeners isn't a good enough reason for most agencies.

You just need to remember under what circumstances to switch to ops, and dispatch will always be monitoring it, and sometimes they’ll ask you to go to ops to get you sensitive information.

We're not fully encrypted yet, and often they'll phone the officer to pass info. That's a solution, but it's not a perfect solution.

And nowadays almost every cop has CAD access in the car and a few even with smartphones or touchscreen radios, such info doesn’t need to go out in the form of audio at all and general dispatch can still be clear.

CAD is great and meets the CJI/PII requirements, but no officer wants to be trying to type stuff on a slipper screen with their thumbs when they should be paying attention elsewhere. In some instances, it's a suitable solution, but not in all situations.

 

[wogggieee]

And that made sense in the days of analog radio. But now that many are migrating to digital and digital trunked systems, encryption is easy and cheap. The people that run these systems can protect patient information easily now, even over the radio during an emergency, so they do.

But they're not. EMS is pretty much all in the clear.

 

[mmckenna]

But they're not. EMS is pretty much all in the clear.

Locally, where you are, I'm sure they are.

Other places where they are going to digital trunked systems, you'll probably see more and more start using encryption.
Like I said, while not required by HIPAA, the logic behind encryption in these applications makes sense to the decision makers.

 

[n0esc]

Locally, where you are, I'm sure they are.

Other places where they are going to digital trunked systems, you'll probably see more and more start using encryption.
Like I said, while not required by HIPAA, the logic behind encryption in these applications makes sense to the decision makers.

In fairness, based on his location, "locally" would be part of the MN ARMER system, that is a 20 year old statewide digital trunked system of which I think every single EMS entity from the large multi city regional services, down to the smallest volunteer rag tag cities are using ARMER. And out of the 266 licensed ambulance services operating 804 ground and 34 air ambulances across the state, I'm reasonably certain that only North Memorial Air Care is encrypted operationally for their ship dispatch. Everything else in the state from field to hospital patient reporting to dispatch is all in the clear throughout the state. Even North Memorial ground services are in the clear for every service area beyond their community paramedic program.

 

[stmills]

In some early Fleetmap HCMC EMS had an encrypted channel listed for command staff - I don’t think it ever came into use. I have heard that West Metro MRCC is looking to add an encrypted MRCC channel later this year with plans to move all West MRCC to encrypted next year. No mention of plans for Statewide MRCC which is also monitored at West Metro MRCC. Along with the North Memorial channels the only other I am aware of would be the Edina Fire and EMS has added an encrypted fire events channel but not a main or Patient report channel.

 

[wogggieee]

Locally, where you are, I'm sure they are.

Other places where they are going to digital trunked systems, you'll probably see more and more start using encryption.
Like I said, while not required by HIPAA, the logic behind encryption in these applications makes sense to the decision makers.

Locally where I am is the topic of this discussion. It's funny there's more people from elsewhere with no idea about what we have here involved with this discussion than locals.

 

[PurityControl2]

Tell me you are not a cop, with out telling me you are not a cop.

Back in the day, the local police, when when major incident, or high speed chase kicked off(or entered their jurisdiction) would direct UNINVOLED officers to switch from an analogue dispatch channel to a digital provoice Tac Channel for the duration of the event. The INVOLVED units would remain on the dispatch channel.

LMFAO. Nothing stinks, except the tears of the scanner whackers that now can't listen in.

"Just before Minneapolis police began encryption, MPD spokesman Sgt. Garrett Parten pointed to a case in July 2023 when a listener following the manhunt for a murder suspect beat officers to the suspect’s location and began livestreaming before officers could get there, tipping off the suspect."

Yeah, THIS is why agencies are encrypting. Stupid ****s that can't help themselves, that show up to scenes and knowingly, or even unknowingly, interfere with police doing their jobs.

Or the media decides to sensationalize a dying officers final words, as in the case of Cst Styles in Ontario a number of years ago.

Maybe if people were not stupid ****tards, getting in the way, and didn't blab about it, or tweet police actions second by second, and kept it to a hobby in their homes, they wouldn't feel the need to encrypt their comms.

Another day another ragebaiting troll feeding off of misery.

 

[mmckenna]

Locally where I am is the topic of this discussion. It's funny there's more people from elsewhere with no idea about what we have here involved with this discussion than locals.

One of the many benefits of an open discussion board.

 

[DeoVindice]

Locally where I am is the topic of this discussion. It's funny there's more people from elsewhere with no idea about what we have here involved with this discussion than locals.

I've found that standards-based systems, hardware, and policies tend to work much the same regardless of physical location.

 

[wogggieee]

I've found that standards-based systems, hardware, and policies tend to work much the same regardless of physical location.

When you start getting into specifics of the systems it really doesn't.

 

[wogggieee]

One of the many benefits of an open discussion board.

Meh, people from elsewhere who don't really know what they're talking about pulling the conversation in directions not relevant to something withing the coverage area and often causing conflict is not something I'd really consider a benefit.