FCC Considers Encryption on Amateur Bands
Just when things were terminally boring on the amateur radio regulatory front, the ARRL reports that “The FCC is inviting public comments on a proposal from a Massachusetts ham to amend the Part 97 Amateur Service rules to permit the encryption of certain amateur communications during emergency operations or related training exercises.” The FCC is seeking comments on the Petition for Rulemaking RM-11699, submitted by Don Rolph (AB1PH). My email and twitter feed started filling up with passionate pleas to either support this petition or to kill it.
This idea has been around for a while but I don’t recall the FCC considering action on it. The issue is that “messages encoded for the purpose of obscuring their meaning” are prohibited by Part 97 rules for the Amateur Radio Service. (Actually, that is not completely true since an exception exists for control of stations in space and radio-controlled models.) This rule has a very important role in enabling the “self policing nature” of the amateur radio service. That is, everyone can listen to the content of all radio communications, allowing improper use of the spectrum to be exposed. (Note to self: file a petition to require encryption when using 14.313 MHz.)
This rule can be a barrier when ham radio Emcomm organizations are providing communications for served agencies (e.g., the Red Cross, fire departments, medical response, law enforcement, etc.) These served agencies do not want sensitive information passed over the radio “in the clear.” Sensitive information includes items such as medical/patient information, location of emergency responders and supplies, damage assessments, door or gate access codes, etc.
A few weeks ago, I volunteered my time to help with communications for the Black Forest wildfire here in Colorado. So count me as someone that sees emergency communications as a key part of amateur radio. (Gosh, I think Part 97 even mentions this. See Part 97.1a) I also see that the prohibition against encryption is a does get in the way during some incidents.
But I am also worried about opening the door to significant use of encryption on the ham bands. The problem with encrypted messages is that…wait for it…you can’t decode the messages. So how do we maintain that self-policing thing? The fear seems to be that if we open the door at all to encryption, it will enable virtually anyone (amateur license or not) to transmit encrypted messages for unknown and inappropriate purposes.
The challenge is to figure out what limits could be put on encrypted operation to retain the self-policing nature of ham radio while enabling more effective emergency communications. Here are some ideas:
- Limit the use of encryption to actual emergencies and training exercises. (This is already in RM-11699.)
- Require that radio transmissions are properly identified “in the clear”, with no encryption. That way if encryption is used on a regular basis, steps can be taken to investigate further. (This may already be assumed by RM-11699 but I did not see an explicit statement.)
- Require additional information to be sent in the clear with the station ID when sending encrypted messages. For example, the name of the served agency, the nature of the emergency or drill, or anything else that would help a random listener to judge whether it is an appropriate use of encryption.
- Require archiving of encrypted messages (in unencrypted form) for some period time, available for FCC inspection.
- [Added 28 June]: Avoid international regulation issues by limiting encrypted messages to US stations only.
- <insert your idea here>
Still pondering this issue…what do you think?
73, Bob K0NR
Update 1 July 2013: See the article by Bruce Perens K6BP
Update 8 July 2013: See comments by N5FDL
The ARRL says “no”.
So perhaps I will be strung up, ripped to shreds and left for dead for these comments, but I have to be honest!
I LIKE THIS IDEA!
I think, when it comes to EmComm [Emergency Communications] this could be very beneficial. Think of a few things here
1. During an emergency, we DO pass sensitive material at times [say we are aiding in communications after an attack, do we really want more attackers to have the info of where is the most vulnerably point at such and such time?]
2. HIPPA, medical privacy rules. My county’s AREA/Races REQUIRES HIPPA “training” to participate in certain activities [including health & welfare traffic in an emergency or communications assistance in a Hospital/Medical center]
That info for SURE should be encrypted. In fact, I will go so far as to question if sending certain Health & Welfare info unencrypted is possibly [inadvertently] breaking HIPPA Laws
I’ve spoken with the Ham who submitted the idea to the FCC, we both agree a good starting point would be to figure out an easy way to “encrypt” data communications [say RTTY, PSK-xx, Packet, Pactor etc] Then consider the possibility of voice encryption [AFTER the first means is figured out]
In reality, encrypting Data wouldn’t be difficult, it wouldn’t be secretive [err I mean the methods, say PGP encryption, that wouldn’t be a “secret” it’s an OPEN protocol, just the Encryption Key would be “secrect” but then again, some Repeaters, are “closed” and use “unpublished” PL or CTSS Tones … not much different]
That’s my two bits …
73 all
~Rev J.
While there may be some situations where encryption may be desirable, especially to protect someone’s privacy when communicating health information, I don’t believe they justify changing the rules.
Ambulances routinely relay sensitive medical information including vital signs, medical history, and more over the radio unencrypted when communicating with hospitals. This type of unsecure communications is specifically allowed by HIPAA.
Great post. I can see both sides of the issue and and somewhat torn. I guess if you really backed me into a corner I would say I would prefer no encryption.
Though you could argue that the digital modes are de facto encryption even today? An interesting discussion.
First let me preface my comments with the fact that I am not currently involved with emcomm in its present form. I have no spare time to devote to the classes and drills at this time. I have made some observations from the sidelines so to speak and have a few thoughts. First, in an emergency, not a drill, chaos is the enemy. The more complex the equipment the harder it is to set up and adjust. Adding encryption to the mix can/ will add to the difficulty in deployment. Complexity and lack of flexibility is what makes police and fire communications vulnerable and prone to failure in large disasters. As Hams we have a flexibility that gives us an immunity to failure and an ability to adapt to conditions. For sensitive information I would think that cross band comm would be effective. Or do all the sensitive stuff on 1.25m . I just have a fear of over complicating things in adverse conditions .
Clarification on the post about ambulances giving patient report over public safety bands. We give report and vital signs, but do not identify the pt any more than saying 40 year old male, and the address where we pick them up at. We might give initials by radio. But this is discouraged. With proliferation of cell phones, if you need to give initals it is encouraged that you call on cell phone.
unless you listen closely, and take notes, you would not get all 4 pieces of information.
as far as encryption for public safety agencies during disasters, I support the idea. packet communications would already do this.
Hi Morgan,
You make good points. It’s important to determine first, however, if hams helping in a disaster passing health and welfare traffic are even covered entities under HIPAA to start with.
Luckily, even if you are a “covered entity” and HIPAA applies to you, the Department of Health & Human Services issues this guidance which seems to answer the encryption concern:
“Covered entities must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information. This standard requires that covered entities make reasonable efforts to prevent uses and disclosures not permitted by the Rule. The Department does not consider facility restructuring to be a requirement under this standard. For example, the Privacy Rule does not require the following types of structural or systems changes:
– Private rooms
– Soundproofing of rooms
– Encryption of wireless or other emergency medical radio communications which can be intercepted by scanners.
– Encryption of telephone systems.”
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/incidentalu&d.pdf
Lots of good points my friends, THANK YOU ALL for not ripping me to shreds for my input 🙂 Always nice to be able to debate pros/cons from all sides in a mature manner [as we are here :P]
73
~J
I can see that encryption is tempting, but it may prevent a listening station from relaying/repeating a message if the intended recipient doesn’t catch it.
I can see more value in message signing, whereby a recipient:
1) can tell that the message really came from (say) AB1PH, and not someone passing themselves off as Don Rolph.
2) can verify that the message is complete and correct.
A signed message could be relayed to its intended recipient without problems. The only issue I see is that a signature adds a fair chunk of binary payload to a message, which would be tiresome with slow modes.
Message signing is how the ARRL’s LoTW can tell that your logbook entries really came from you. LoTW uses the industry-standard X.509 public key infrastructure, and ARRL already administers the security system to maintain signatures and encryption (even although it may not know that it does). So there will be a good number of operators who already have keys and verified identities held by a “trusted”⁺ third party.
—
⁺: you may or may not like the ARRL, but the term “trusted” means something slightly in cryptography. It’s more ‘known and verified’ than ‘would buy a used car from’.
I don’t think this is necessary at all. Open communications and experimentation is fundamental to amateur radio. The Winlink folks seem to be behind this and it all just smells fishy to me.
I was starting to be just a tiny bit open to the idea till I read Jeff’s wordy but thought provoking post on this. Seems the HIPAA argument is moot for the most part and as he says there is always MARS or Part 90 for this stuff.
http://kypn.wordpress.com/2013/06/20/winlink-is-after-encryption-again/
Encryption of (non-command-and-control) traffic would represent a seismic shift in Amateur Radio, even if it were “for emergency use only.” Amateur Radio is predicated on openness. K6BP (http://hams.com/encryption) makes the argument that it removes some elements of “harmlessness” from amateur radio that promotes international goodwill.
It’s one of those things that is (at least partially) good-intentioned but could have far-reaching and undesirable consequences for the rest of the hobby.
Stewart, VA3PID, says something incisive that I think could be a permissible use of encryption on the ham bands. It’s possible to digitally sign a transmission without encrypting the whole thing. That, in my mind, is far more useful in an emergency than encrypting the actual traffic. But, I’m not an EMCOMM fanatic, either.