Senator Becker re-introduces law enforcement radio encryption bill (SB 719)

GROL

Member
Joined
Aug 29, 2017
Messages
573
Senator Becker's SB 719 requires law enforcement agencies to provide real time non-tactical radio communications access to authorized media representatives or organizations.

It would be helpful if it could be required that dispatch remain in the clear. Anything dealing with records checks, surveillance or other sensitive information be encrypted. But, who is going to police public safety to insure that is not abused by some agencies. HIPAA has been with us a long time now and still you hear obvious infractions of HIPAA in public safety radio. Not their fault, they have to use what is provided.
 

scannerboy02

Member
Premium Subscriber
Joined
Nov 16, 2004
Messages
2,087
So the gist of this is if you're a law enforcement agency and you're thinking about encrypting your primary radio traffic just stop now and save yourself a lot of unnecessary work, because eventually this will become law in some fashion. If you're a law enforcement agency that already encrypts primary radio traffic, we'll see how things go.

I'd also like to see this law include all public safety agencies not just law enforcement agencies. Some fire departments are also starting to encrypt radio traffic.

Edit: I would also support having the media agency foot the bill for the cost of equipment/programming. If you want to listen you should have to pay the cost and not have that cost passed on to the taxpayers, not unlike having to pay for a scanner currently.
 
Last edited:

PrivatelyJeff

Has more money than sense
Premium Subscriber
Joined
Jun 5, 2016
Messages
1,067
Location
Kings County, CA
It would be helpful if it could be required that dispatch remain in the clear. Anything dealing with records checks, surveillance or other sensitive information be encrypted. But, who is going to police public safety to insure that is not abused by some agencies. HIPAA has been with us a long time now and still you hear obvious infractions of HIPAA in public safety radio. Not their fault, they have to use what is provided.

What obvious infractions are you talking about? Any infractions would be felt with much more harshly than PII leaks.
 

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
25,370
Location
United States
Yeah, another poorly written bill.
The definition of "Duly Authorized" is big enough to drive a bus through. The fact that tax payers would be required to foot the bill for any "organization that provides public safety information" should scare any taxpayer. With a definition like that, any yahoo with a facebook following of more than zero would qualify. Any individual that streamed via Broadcastify would get free access.
"(C) The law enforcement agency shall not charge the duly authorized media representative or organization for the cost of providing access."

While I can appreciate what he's trying to do, it's just another bill written by someone that doesn't understand anything about what it means.

Well intentioned, but I'm willing to bet anyone a doughnut and coffee that this one will die on the floor like the last one.
 

medic9351301

Member
Banned
Joined
Aug 16, 2002
Messages
1,669
So the gist of this is if you're a law enforcement agency and you're thinking about encrypting your primary radio traffic just stop now and save yourself a lot of unnecessary work, because eventually this will become law in some fashion. If you're a law enforcement agency that already encrypts primary radio traffic, we'll see how things go.

I'd also like to see this law include all public safety agencies not just law enforcement agencies. Some fire departments are also starting to encrypt radio traffic.

Edit: I would also support having the media agency foot the bill for the cost of equipment/programming. If you want to listen you should have to pay the cost and not have that cost passed on to the taxpayers, not unlike having to pay for a scanner currently.
Can you explain this its not very clear on what you mean . a law that bans encyrption ? and what makes you think that a media agency would pay to have a departments radios unencrypted. if there strapped its going to cost per radio to unenc them . when they are give the ablity to monitor them .I know for a fact my local media has in the past brought radios and now are using a app to hear them . If you look back the new orange county fire chief promised to unenc them. But since they have to pay for each radio to be unencp that fell by the way side. The problem I think is these shady radio sales people telling them a buch of lies to sell radios . There are no laws that mandate a department enc radios .
 
Last edited:

scannerboy02

Member
Premium Subscriber
Joined
Nov 16, 2004
Messages
2,087
Can you explain this its not very clear on what you mean . a law that bans encyrption ? and what makes you think that a media agency would pay to have a departments radios unencrypted. if there strapped its going to cost per radio to unenc them . when they are give the ablity to monitor them .I know for a fact my local media has in the past brought radios and now are using a app to hear them . If you look back the new orange county fire chief promised to unenc them. But since they have to pay for each radio to be unencp that fell by the way side. The problem I think is these shady radio sales people telling them a buch of lies to sell radios . There are no laws that mandate a department enc radios .
The law doesn't ban encryption, what I suspect they are trying to do, is give cause for agencies to find alternative ways to transfer sensitive information. Under this law, if an agency wants to encrypt it's radio traffic they must pay for a way to allow the media to monitor in real time. My point was for most agencies it would be cheaper and easier for them to just not encrypt to begin with.

I worked at all but one TV station in Sacramento over the course of a decade and every station purchased Motorola radios programmed on the Sacramento Regional Radio Communications System so yes this is absolutely done so providing radios programmed with encryption keys is doable.

As was mentioned above, I also do not feel like the public should have to pay for these radios, or whenever solution they come up with. I know the radios we had in Sacramento were purchased by the stations and programmed by the county radio shop. This is exactly how it should be under this new law, if passed. It's also important to remember that the bill can be amended as it goes through the process so what you read today may not be the final law. Personally, I do think this bill has a better chance of passing (with a few amendments) than last sessions bill.

As for the definition of "duly authorized" media, this is the same wording used in other sections of state law so I'm sure that was the source for the wording in this law. Yes it's broad but it's important to remember that the government doesn't get to decide who is and who is not the media. If any yahoo with a Facebook page wants to go through the application process (and hopefully have to pay the cost) then they meet the requirements under not only this proposed law but other laws already on the books. And let's be honest, how many people are actually going to do this? I'm sure some will but the numbers will likely be minimal, relatively speaking. I'm also sure the use policy set by each department will include some prohibition on publishing PII and if a media agency violates that policy I'm sure the courts will side with approving the removal of their access.
 

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
25,370
Location
United States
The law doesn't ban encryption, what I suspect they are trying to do, is give cause for agencies to find alternative ways to transfer sensitive information. Under this law, if an agency wants to encrypt it's radio traffic they must pay for a way to allow the media to monitor in real time. My point was for most agencies it would be cheaper and easier for them to just not encrypt to begin with.

I think that's a good way to look at it.
Some agencies have already gone to encryption and won't want to remove it. Finding alternative methods is a likely path, if this law passes. Even if it does not pass, some agencies may choose to go this route.

For agencies that have not gone to encryption, but are planning on it, this bill may cause them to pause and consider options.
It's important to remember that the law requires the protection of PII/CJI. Encryption is an easy way to handle this. Finding alternatives isn't as easy. It's not just the technology, it's also the user. Requiring protection of PII/CJI should not rely on someone remembering to twist a knob each time. That wouldn't pass any test of security, just too many opportunities for it to fail.
Smart Phones/tablets/laptops have been an option for a long time, but officers don't want to have to take their eyes off the road/off the chase to type something in on a slipper screen.
For ease of use, radio is simple and easy for the end user.
Remembering to switch channels/talk groups is an option, but not a good one. Not all agencies have multiple channels. Not all agencies are on trunked systems. There are plenty of very rural agencies that have one channel and poor LTE connectivity.

So, that leaves a couple of options under this proposed law:
-Remove encryption from all radio systems. - That's not going to happen.

-Keep dispatch in the clear. - I'm good with that, as long as agencies have other channels/talk groups, and they can find a way to ensure the officers will choose the correct channel/talk group, every. single. time.

- Give radios to the news media at taxpayers expense (Per this bill). - This is certainly an option, but it's costly. No agency is going to want to pay for this, and there will be push back. Taxpayers should not be paying for tools for private companies, there are purchasing laws against this.

- Give radios to the news media, and the user has to pay for it. - This is certainly a better option, at least from this taxpayers point of view. But, there's some challenges. The modern radios law enforcement agencies are buying are not cheap. I just spend almost $7K each on new Harris portables. That would keep out most that are not serious about getting one. Some may wonder if a 'cheaper' radio would be an option. Just remember that building the codeplugs and maintaining them is not cheap, and the agency radio shops won't want to build custom files for a few users. In other words, news media may be forced to buy $7K radios if they want to play.

- Streaming - A less expensive solution is streaming. But keeping that under control may be difficult. Ensuring that only the duly authorized users have access to it would need to be ensured.

- Streaming with delay - I know, the law says it has to be real time, but there may be some pushback on that. Many modern logging recorders can stream to IP easily. They can be programmed for a set delay, which is beneficial in some instances. They can also be programmed to have a button a dispatcher can hit to cut the feed when necessary.

A lot of options. A state senate member is not going to have the technical knowledge to decide this stuff, and they should not be allowed to dictate something they don't understand (not that it usually stops them). I think if this bill passes, there will be a lot of changes to it.

Based on push back on the last bill, and the lobbying power that law enforcement has, I think this is not going to be a slam dunk. There's issues with it as it stands. Obviously he learned something from the failure of the last bill, so maybe there's hope….

As for the definition of "duly authorized" media, this is the same wording used in other sections of state law so I'm sure that was the source for the wording in this law. Yes it's broad but it's important to remember that the government doesn't get to decide who is and who is not the media.

Good point, and the government shouldn't be deciding that.
But there should be a limit, especially if handing out radios isn't the solution, and streaming is the choice.

If any yahoo with a Facebook page wants to go through the application process (and hopefully have to pay the cost) then they meet the requirements under not only this proposed law but other laws already on the books. And let's be honest, how many people are actually going to do this? I'm sure some will but the numbers will likely be minimal, relatively speaking. I'm also sure the use policy set by each department will include some prohibition on publishing PII and if a media agency violates that policy I'm sure the courts will side with approving the removal of their access.

So, here's a challenge that this law doesn't address:
Access to CLETS data is very, very restricted. This bill can't just wipe that away like it doesn't exist. While the law may pass and force agencies to give access to certain groups, the CLETS rules will remain in place. The agency will still be required to follow those rules, even if this bill gets passed and forces them to feed to news media.

The rules are very clear. No one has access to CLETS data unless they have a legit need for it. CaDOJ isn't just going to wave a magic wand and grant access to that data for anyone who can pass the "are they news media?" test.
Requiring a news agency to "Pretty please, I promise with sugar on top" isn't going to waive the CLETS access rules.
For me to even be around CLETS terminals at work has required background checks and periodic training. Even then, I don't get to take a CLETS terminal home with me, or take printouts. I still am bound by the rules that say that I can be in the same room, but if I hear/see anything, I'm not allowed to talk about it, share it, print it, think about it, etc.

The problem with CaDOJ/law enforcement agency/etc giving access to news media, is that they still have to ensure that no one has access to the radio/internet feed with CJI/PII/CLETS data.
So, you give/sell a radio to an agency. How do you keep someone from taking it home? Losing it? Giving it to their brother-in-law that just got out of the slammer? What about random people walking through the news room?






I get it. I can see some value in the news media having access to real time information.
My issue is that this bill completely ignores a lot of issues that are standing in place of this. To negate the CaDOJ/CLETS rules isn't easy. Plus, there's others above CaDOJ that have to be appeased. CLETS data can include data from other states, the feds, other countries. Getting the rules waived won't be something that just happens within the state, it has farther reaching implications that this bill does not take into account.
 

jland138

Member
Joined
Oct 12, 2009
Messages
201
Location
San Francisco Bay Area
A story in a local paper says Senator Becker plans to build a larger coalition with groups such as the ACLU now that public safety radio encryption has become a national issue for the media. The story starts out describing that Monterey Park residents had no idea Huu Can Tan was on the loose for five hours after killing 11 and wounding 9 because of police radio encryption. (I have no idea if that's accurate or not.)

The argument about protecting CLETS data sets a difficult roadblock with media access for many smaller agencies. But given some media organizations already have private access to public safety radio traffic in Santa Clara County, that may not be a deal breaker for this year's version of Senator Becker's bill.
 

GROL

Member
Joined
Aug 29, 2017
Messages
573
What obvious infractions are you talking about? Any infractions would be felt with much more harshly than PII leaks.
Information related to a person's medical history, condition and identity. Law enforcement on the scene runs a records check. They provide the person's name and DOB to dispatch. Information returns about that person's identity possibly confirming their address. The person needed medical care, EMS is on the scene. They exchange information OTA regarding the patients medical condition and possibly medical history. Which is why in some areas EMS is encrypted as well. Maybe not dispatch, but channels to hospitals, etc. All of which is supposed to be guarded according to HIPAA. I hear such scenarios frequently.
 

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
25,370
Location
United States
There is (or at least -was- last time I looked) wording in HIPAA that permits sharing of appropriate health care information over the radio unencrypted in emergencies. This was specifically put in so ambulance/fire/PD could use their non-encrypted radios to get patients to the hospital without risk of violating the law.
 

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
25,370
Location
United States
A story in a local paper says Senator Becker plans to build a larger coalition with groups such as the ACLU now that public safety radio encryption has become a national issue for the media. The story starts out describing that Monterey Park residents had no idea Huu Can Tan was on the loose for five hours after killing 11 and wounding 9 because of police radio encryption. (I have no idea if that's accurate or not.)

It would be interesting to know what the ACLU would do. Encryption does not infringe on anyones legal rights.
As for Monterey Park, the issue wasn't encryption. The issue was the law enforcement agency didn't use the tools it had to alert the public.

The idea that scanners are the only way to get information out to the general public is very flawed.

The argument about protecting CLETS data sets a difficult roadblock with media access for many smaller agencies. But given some media organizations already have private access to public safety radio traffic in Santa Clara County, that may not be a deal breaker for this year's version of Senator Becker's bill.

I'm sure someone has found a way to do it legally. Would be interesting to know what it is.
 

GROL

Member
Joined
Aug 29, 2017
Messages
573
There is (or at least -was- last time I looked) wording in HIPAA that permits sharing of appropriate health care information over the radio unencrypted in emergencies. This was specifically put in so ambulance/fire/PD could use their non-encrypted radios to get patients to the hospital without risk of violating the law.
Maybe so, but proponents of encryption are using HIPAA as a reason.
 

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
25,370
Location
United States
Maybe so, but proponents of encryption are using HIPAA as a reason.

It's a good reason.
The wording in HIPAA regarding this was intended to make sure that patient care came first, and protection of information was a close second. They didn't want a patient to not get care because someone was afraid of passing info over the radio.

That made sense when everyone was running analog.

Now that many agencies are running digital and encryption is much easier to do, erring on the side of caution and encrypting EMS to Hospital communications is just good planning.
I think you'd find in many areas, EMS is using cellular to communicate with hospitals, they are already using LTE for patient telemetry.
 

ecps92

Member
Joined
Jul 8, 2002
Messages
14,925
Location
Taxachusetts
There is (or at least -was- last time I looked) wording in HIPAA that permits sharing of appropriate health care information over the radio unencrypted in emergencies. This was specifically put in so ambulance/fire/PD could use their non-encrypted radios to get patients to the hospital without risk of violating the law.
Spot on MMCKENNA

HIPAA applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically (e.g., billing a health plan). -

Think of it this way:
does the DPW bill for medical services ? Nope they don't fall under HIPAA
does the Fire Dept bill for medcial services ? If they don't Bill, they don't fall under HIPAA

Who is not required to comply with the HIPAA Privacy Rule?
Many entities that may have health information are not subject to the HIPAA Privacy Rule, including: • employers, • most state and local police or other law enforcement agencies, • many state agencies like child protective services, and • most schools and school districts

Now for the Holiday Inn express lawyers to jump up and down
 

GlobalNorth

Active Member
Premium Subscriber
Joined
May 2, 2020
Messages
2,309
Location
Fort Misery
ecps92 is spot on!

HIPAA was designed for hospitals, clinical settings, insurers, and traditional healthcare providers [nurses, physicians, etc.].
However, like every other piece of legislation that becomes law, it underwent 'mission creep' and has spread to first responders.

As far as encryption free channels being provided to the news media, I am absolutely against it. The media has repeatedly shown over the decades that they cannot be trusted to truthfully and accurately provide facts to the American public. See FDR's handicap, JFK's dalliances, Gannett's near monopoly of newspapers, CNN's failure to report certain facts, etc. The local newspaper and radio station have become corporate mouthpieces across the land and report only what they want you to believe.

There is no reason why a house fire should not be broadcast in the clear. A traffic stop by a motor officer is no different.
 

GROL

Member
Joined
Aug 29, 2017
Messages
573
Information related to a person's medical history, condition and identity. Law enforcement on the scene runs a records check. They provide the person's name and DOB to dispatch. Information returns about that person's identity possibly confirming their address. The person needed medical care, EMS is on the scene. They exchange information OTA regarding the patients medical condition and possibly medical history. Which is why in some areas EMS is encrypted as well. Maybe not dispatch, but channels to hospitals, etc. All of which is supposed to be guarded according to HIPAA. I hear such scenarios frequently.

ecps92 is spot on!

HIPAA was designed for hospitals, clinical settings, insurers, and traditional healthcare providers [nurses, physicians, etc.].
However, like every other piece of legislation that becomes law, it underwent 'mission creep' and has spread to first responders.

As far as encryption free channels being provided to the news media, I am absolutely against it. The media has repeatedly shown over the decades that they cannot be trusted to truthfully and accurately provide facts to the American public. See FDR's handicap, JFK's dalliances, Gannett's near monopoly of newspapers, CNN's failure to report certain facts, etc. The local newspaper and radio station have become corporate mouthpieces across the land and report only what they want you to believe.

There is no reason why a house fire should not be broadcast in the clear. A traffic stop by a motor officer is no different.
HIPAA isn't just for medical providers. I have worked IT for marketing, logistics and pharmaceutical study companies. All these in which they handled data relating to patient information required HIPAA compliance. We had to ensure that all received data was secured and any final report products did not contain data that could identify any particular patient. At my last company before retiring which is logistics, sales wanted to bid on business involving HIPAA compliance. After we worked up the cost involved with meeting HIPAA compliance, Senior Management scrapped the idea.



Public Safety agencies that desire encryption often refer to HIPAA compliance. I do not know whether that is legally valid or not, but it is certainly probable that patient data will be revealed without communications security. Legal or not, it defeats protecting patient medical information. If it has been decided that public safety is exempt, there is no question it is a hole in patient information security. This has nothing to do with any opinion about encryption, it's just the reality of protecting or not protecting information.
 
Last edited:

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
25,370
Location
United States
Public Safety agencies that desire encryption often refer to HIPAA compliance. I do not know whether that is legally valid or not, but it is certainly probable that patient data will be revealed without communications security. Legal or not, it defeats protecting patient medical information. If it has been decided that public safety is exempt, there is no question it is a hole in patient information security. This has nothing to do with any opinion about encryption, it's just the reality of protecting or not protecting information.

True. It's a hole in the system.
The hole was specifically placed there so first responders could do their job without worrying about violating any rules. After all, in an emergency, patient care should come first.

But like I said, that goes back to a time when nearly everything was analog and encryption wasn't as easy to do.
As more and more agencies migrate to digital and encryption is easy to do, I suspect we'll see the rules change. Technology usually outpaces the laws, and it takes a while to catch up. Eventually it'll likely happen that encryption will be required if handling any sort of personal information, as it should be. No scanner listener or news agency has any need what so ever to have access to anyones private information in any way, shape or form.
 

scannerboy02

Member
Premium Subscriber
Joined
Nov 16, 2004
Messages
2,087
How do they deal with ride-alongs, sit-alongs, police car with the window down? It's impossible to prevent every instance of PII release. As long as a department is taking due care to prevent it they will be okay at the end of the day. You can nitpick the letter of the law for ever but when it comes down to it it's always about reasonableness.

Next point, this forum is a form of media so unless you don't like this forum you can't say you don't like "the media". Without "the media" you would likely not even know about this bill right now. Media plays an important role in our society, just because some of them do a not so good job at it doesn't mean all media is bad. You could say this same thing for just about everything in life.

Edit; There are always people who will think different than you, that's what makes this world great. For me I will be doing everything I can to get this law amended to make better sense and then passed, including putting my money where it's needed.
 
Last edited:
Top