Police Encrypt Radios To Tune Out Public 242
Hugh Pickens writes writes "Police departments around the country are moving to shield their radio communications from the public as cheap, user-friendly technology has made it easy for anyone to use handheld devices to keep tabs on officers responding to crimes and although law enforcement officials say they want to keep criminals from using officers' internal chatter to evade them, journalists and neighborhood watchdogs say open communications ensures that the public receives information as quickly as possible that can be vital to their safety. 'Whereas listeners used to be tied to stationary scanners, new technology has allowed people — and especially criminals — to listen to police communications on a smartphone from anywhere,' says DC Police Chief Cathy Lanier who says that a group of burglars who police believe were following radio communications on their smartphones pulled off more than a dozen crimes before ultimately being arrested. But encryption also makes it harder for neighboring jurisdictions to communicate in times of emergency. 'The 9/11 commission concluded America's number one vulnerability during the attacks was the lack of interoperability communications,' writes Vernon Herron, 'I spoke to several first responders who were concerned that their efforts to respond and assist at the Pentagon after the attacks were hampered by the lack of interoperability with neighboring jurisdictions.'"
Took long enough (Score:5, Interesting)
I get that there are probably huge cost and scale issues, but it has always baffled me that police communications are still mostly unencrypted as complex encryption technology has gotten cheaper and cheaper.
Publish Them (Score:5, Interesting)
There is a real argument that realtime police communications requires secrecy to protect police and their operations while they do the majority of their work that is indeed properly protecting the public.
But there is also a real argument that hiding those communications also hides lots of the minority of their work that at best doesn't protect the public, some of which severely harms the public.
These arguments don't conflict when the realtime parameter is removed. Both legitimate cop business and legitimate public protection are served if all these comms are published after some short delay. Like the following day, or perhaps even just a few hours later.
Publishing them also removes the advantage that some people have who can spend on equipment to monitor the comms. Instead any interested member of the public can check them. All of them, compared to audited logs of the activity on the cops comms equipment. The publication order has to have teeth, prosecuting people for obstructing justice when they're hiding cop comms they find inconvenient to reveal.
Stopping the bad press. (Score:5, Interesting)
This has nothing to do with safety, this is to mute the press. The press follows the scanner conversations to report on all accidents and incidents. With police hiding records and conversations due to lawsuits, we dont need more "hidden" police communications, we them open to keep them honest.
Its bad enough the PR for police is on TV, almost 1/2 of the line up are some cop based shows, perfect cops fighting evil criminals.
In reality, we have a growing movement in the US to keep police honest due to the mega lawsuits in almost every major city. I'm in Seattle, and the police abuse is way out of hand here. The internal coverups, the blue code of silence, the getting ride of whistle blowers, the incompetent police are costing this state with awards and settlements in the millions. Its also sad that the state budget hides these lawsuits. The most open lawsuit loses, department of transportation, they list every payout in our budget. We need that detail for police.
9/11 Monies screwed it up (Score:4, Interesting)
Right after 9/11, all sorts of grants and public monies came out so that police and other first responsers could upgrade their aging systems -- also with the stipulation that the communities work together to be able to allow intercommunications.
Everybody wrote a grant and everybody got a brand new radio system.
Very few people worked together to make sure they were compatible with eachother. In fact, since most departments moved to digital systems on dedicated frequencies, they lopped off a whole integration system between different radios that allowed officers to talk from one municipality to another.
In our case, our State Police post can only communicate to the 5 surrounding municipalities via cell phone (or land-line, I guess). We have a central dispatch that does our 911 center, and they have to have 3 different radio systems in order to communicate with the three areas they dispatch for. It is a complete mess, and it call came from each silo wanting to do their own thing and not talking to anybody else.
And I know we are not the only ones...
Re:Stopping the bad press. (Score:5, Interesting)
This has nothing to do with safety, this is to mute the press. The press follows the scanner conversations to report on all accidents and incidents. With police hiding records and conversations due to lawsuits, we dont need more "hidden" police communications, we them open to keep them honest.
As someone who works in SAR, I can tell you that muting the press is a valuable and useful goal, for two reasons. First, if we find something or someone, it would be very nice if eighty reporters and cameramen didn't descend upon the scene and get in the way of trying to save a life or even just preserve evidence at a crime scene. And second, family members of the person we are looking for are better served learning about the results of a search from an in-person discussion with a trained professional than a news flash on the radio.
HIPPA (Score:5, Interesting)
I enjoy listening to the local police/fire but have always wondered whether HIPPA does/should cover fire-department dispatches.
Given the encryption and privacy requirements for your doctor/hospital/pharmacist, it's a bit odd to hear the constant stream of "Engine 71 respond to a medical. 1233 Main apartment 12. Attempted suicide. 23 year old female took a bottle of pills. Stage for PD.", "Engine 65, respond to 4321 Center. 34 year-old female having a miscarriage.", "Engine 72 respond for a 76 year old male non-breather. 8765 Harbor Place.", etc.
No name, but age, sex and address which pretty much uniquely identifies the person and which is combined with potentially embarrassing information (drug overdose, drunk, family disturbances, sexual assualts, and the like).
Other info that I'd prefer stay off the air: "Use gate-code 5564 to get in.", "Person is disabled, key is in the fake rock by the chimney"...
Comment removed (Score:5, Interesting)
Re:something to think about.. (Score:5, Interesting)
Sort of. I know the NSA used to deliver to the Secret Service tapes of the 10,000 "best" keys in the DES space. The facility that sends keys out to radios picks 16 of those 10,000 strongest keys, so ridiculously obvious ones like "1234" and "0000" are eliminated (I know they're not proper length keys but they're just for example). I suppose there is always the rare possibility of the 1st one you try just happening to be the right one but statistically that situation would happen once in every x years of billions of tries, based on key length and algorithm strength. I don't know if there are any "weak" keys for AES-256 because that is what all the serious players with three-letter names are using these days.
As for secure "enough"... it's all a game of money. I'll bet your Beowulf won't crack my AES-256 in the 24 hours between me re-keying. But again the other side of the phrase applies too - if the message is not time-sensitive, you can replay and retry the brute-force till you're blue in the GPU or you get it. Just don't rely on that key still being actively used by the time you figure it out...
Re:something to think about.. (Score:4, Interesting)
As far as I know, some RSA systems take this in to account.
In AES, there's no known reason for one AES key to be weaker or stronger than another, as far as I know. The keys also have no restrictions -- every one of the possible 2^256 AES-256 keys are valid. So cryptosystems generate them using secure random number generators. As far as I know, nobody protects against the incredibly remote possibility that a key with a "pattern" is selected, but with a 256-bit key, really the likelihood of that is very, very, very small. So as a result, key brute-forcing has no reason to try one key before another.
But then, there's no reason to attempt AES key brute-forcing, 128 or 256. It's impossible with any current technology.