Viewpoint: The Case for Encryption

The Case for Encryption

Monday, August 01, 2016 | Comments

Encryption has always been a hotly debated topic in the public-safety communications realm. Because of threats to public safety, we need to take encryption seriously and start securing our radio systems — not just for “special” communications channels, but also for day-to-day operations. Communications and network security is a recognized best practice in all other forms of communications, and radio systems are woefully behind the times in this regard.

Everyone, including public safety, is highly dependent on authentic, accurate and reliable information. As a result, information security — also known as cybersecurity —is an important topic. We’ve all seen what happens when networks and information systems are breached. Confidential information can be used for criminal purposes. Cybersecurity relies heavily on encryption to keep sensitive data secured, and we see this in all types of networks, including email, data networks, telephone systems and cellular voice networks, to name a few.

The Uncertain Outlook for ProSe

DHS Looks to Expand, Update COMU Program

Because of the sensitivity of the information used by public safety on a day-to-day basis, most agencies have done a good job of securing their systems. 9-1-1 and other telephone systems, CAD and other IT systems are all secured and use encryption to protect sensitive information. Most managers user various security measures from strong passwords to personal identification numbers (PINs) to firewalls to other security methods.

However, even our most advanced LMR systems are by and large unencrypted and unsecured. LMR is our most critical, real-time communications system and the single largest component in the safety of first responders and the citizens we serve. It is mind boggling to consider that information — voice calls on our most critical communications medium — is not protected. With few exceptions, U.S. public-safety radio systems are mostly in the clear and unprotected. This exposes a host of information that can and will be used to endanger responders and the public. Sensitive information, such as police officer locations, complainant names and addresses, patient medical information and more, creates hazards if the data goes out over the air in the clear.

Public-safety users have found some workaround to the unsecured radios communications problem that help satisfy their need for secure, encrypted communications. For example, mobile data systems are encrypted. Additionally, cellphones and texting can be used for secure communications, as cellular systems have some form of over-the-air (OTA) encryption.

These workarounds provide needed security to responder communications, but with drawbacks: They are simply not as quick or efficient as the use of LMR in emergency response. Cellular voice cannot provide one-to-many voice communications as quickly as a simple radio call. Also, while mobile data terminals and texting provide one-to-many communications, they require users to look down at their devices, often requiring both hands and not allowing the ease of using a microphone to make a push-to-talk (PTT) voice call over the radio.

The First Responder Network Authority (FirstNet), a federal initiative to implement a nationwide, interoperable network dedicated to public safety is primed to go into operation in the next several years. FirstNet is based on Long Term Evolution (LTE) technology that is encrypted OTA. Initially, FirstNet will provide data, video and cellular voice. However, LTE standards are being upgraded to support mission-critical PTT (MCPTT), as it’s called in the LTE world. Technical issues need to be ironed out before MCPTT is considered ready for prime time. Although FirstNet probably won’t be ready to provide MCPTT services for years, at some point MCPTT over FirstNet could become a viable option for first responders. If and when these issues are solved, the biggest selling point of FirstNet could well be the interoperable, secure, encrypted voice communications it could provide through MCPTT.

Interoperability Channels
Speaking of interoperability, the fact that multiple agencies are working together on an incident doesn’t mean their need for secure communications is lessened. Depending on the situation, there may be a greater need for encrypted, secure communications.

There has been discussion of whether encryption should be allowed on the national interoperability channels, with most opposition to encryption being based on the fact that mixing clear and encrypted traffic on the same channel is not a good practice. Most discussions take an all-or-nothing approach, where it’s all encrypted or all in the clear.

The answer is for the FCC to set aside some interoperability channels that use encryption by rule. That way, everyone knows what’s what and can plan accordingly. This will stop confusion and interference arising from mixing secure and clear traffic on the same frequencies.

Nearly 40 700 MHz interoperability channel pairs are available to public safety. Setting aside five of those channel pairs for encrypted interoperability isn’t going to hurt anyone and will allow for encryption in those situations where it’s required.

As the FCC and National Telecommunications and Information Administration (NTIA) release more interoperability channels in VHF and UHF, we will see a similar situation where a few channels could be set aside for encrypted interoperability. Again, taking a few channels from each band and designating them for encrypted use will not hurt anything but will allow for secure, encrypted communications when required.

Secure LMR communications are something that we simply can’t ignore. We have to find a way to do this, even in the interoperability world. We are living in a world with severe threats, and unsecure radio communications hampers the ability to deal with those threats.

Objections to Encryption
There are always objections to encrypting public-safety radios systems for various issues, but usually those issues are easily overcome. For example, the idea that the public has a right to know what public safety is doing in real time is valid. This can easily be solved by providing a time delayed 15- to 30-minute audio feed from an encrypted system to the internet. This removes the time value from tactical communications and reduces risk to the safety of responders.

Another objection is that encryption will hide corrupt activities carried out over radio systems. In reality, I think illegal activities generally incorporate cellphones, not agencies’ radio channels. Finally, there is a serious issue with coordinating encryption keys with adjoining agencies. There is too much human intervention required and too many chances for error with current methods. We need the manufacturer community to step up with a way to set up incident encryption and key radios quickly and easily in real time, similar to how it’s done with email, cellphones and e-commerce websites.

We can’t just say that encryption is too hard and walk away from it. After all, encryption is common in the IT and internet world; almost all IT systems, networks, e-commerce websites and cellular networks are encrypted, and it’s invisible to their users. LTE is also encrypted OTA, and the encryption is invisible to users.

More importantly, as technical experts for our agencies, we need to realize that our customer base — public-safety users — consider encryption important. In many ways, their ability to do their jobs serving the public and their safety hinge on the ability to communicate securely over whatever network they use. We need to provide them with the best tools we can so they can carry out their mission as efficiently and safely as possible.

Would you like to comment on this story? Find our comments system below.

Bill Springer has 35 years of experience in public-safety communications, including radio, telephone and data networks. He may be reached at encryptedradio@outlook.com.

Comments

On 9/19/17, william Warren said:

Long Term Evolution (LTE) is NOT encrypted like IT systems. There are several highly insecure protocols that make up all cellular communications that allow tower roaming — Google SS7 vulnerabilities. Unless the devices are running advanced encryption standard (AES) end to end, they are not secure. This is why P25 is a PITA because transmission over narrowband radios results in quite a few lost packets. When you lose a packet, you break the encrypted stream and the entire process TCP then AES must be re-established. This can take a full second or more. This results in many of the times where you press the PTT button once and you only get the tones but not open channel. Encryption over the air is not as simple as the OP thinks it is. Communications folks are often not familiar with the OSI model, which is what encryption depends on. Non-encrypted voice radios often do not use TCP or other networking protocols to work. Many times for P25 and other data-driven networks you have to pay attention to the OSI model for the network to be stable. Motorola took nearly a decade to learn this. Their radio buys tried to ignore the OSi model, which makes up the backbone of any data-driven network.

On 10/20/16, John Johnson said:

Thanks Bill. This is a very controversial topic to say the least on the FCC-designated mutual-aid and interop channels. Thanks for the article.

On 8/28/16, Al MATASY said:

Dear Sir, I am glad that the people have scanners. They should know what is going on with some police channels. Encryption should be for undercover channels only or if it is a call that they don't want the news media to know. As taxpayers the public should know some things. They don't need police calls to be heard on a cell phone or a computer. I do like the delayed internet feed they do when you hear a radio program on your radio that is delayed going out over the internet.

On 8/10/16, Jim Millsap said:

Having worked with Bill, his communications expertise is right on target. As a fellow public-safety communications employee for many years, the bottom line with many agencies is lack of funding, not just to maintain their current systems but even down to battery replacement. Because we all know all options for our radios come with a large price tag per unit, this alone drives the economic price out the door. The same lack of funding has driven multiple agencies toward non-Project 25 (P25) radios and even less interoperability because of the different digital formats that the vendors have sold and implemented to many public-safety agencies. I applaud Bill's enthusiasm to secure public-safety communications, but there would be a cost. Maybe FirstNet will have the answer.

On 8/4/16, Radio Randy said:

Because any encryption hardware will be paid for with taxpayer dollars, I believe the decision should be up to taxpayers as to whether or not to allow wholesale implementation of it.

For a very few special channels, okay, but the public has every right to insist on transparency when their money is funding something.

On 8/3/16, Bill Collinson said:

Bill, as someone on the other side of the fence, i.e. an informed member of the public and a long-time radio hobbyist, I agree with most of what you re saying. As an IT professional I can also say that you provide a valid argument that public-safety LMR is one of the few unsecured communications channels in widespread use today.

You address head-on an important aspect, which is that there is a reasonable expectation that the public should have some sort of monitoring capability. And for monitoring day-to-day public-safety activity, some version of your delayed Internet feed is a valid concept.

In the area of interoperability I think we're a long way off from effective manageable interoperable encryption. Consider too that during large-scale emergencies, such as a weather event or similar, the ability of the public to monitor emergency communications can be very important. For example when the tornado risk is high, I very often will monitor fire dispatch and Skywarn frequencies to be more effectively weather aware.

In an increasingly sophisticated threat environment there is a valid argument for expanded use of encryption, even so much as it impacts our traditional expectations of public oversight and inter-agency operations. I appreciate your well-written call to action and your broad consideration of all aspects of the technical institutional and social challenges.