innismir.net

It has finally happened. I can finally write a blog post about my two favorite subjects: Information Security and Ham Radio.

Chris Paget made some news this weekend at yearly DEFCON hacker conference in Las Vegas. Paget demonstrated the flaws of the GSM cell phone protocol by creating a simple device to intercept every GSM call in a small area. Chris did a lot of work making sure that he wasn’t violating anyone’s privacy by intercepting these phone calls, up to enlisting the help of the Electronic Frontier Foundation. When reading some of Chris’ preparations, I was impressed, but the first thing that popped into my head was “Wait, that’s nice and all, but what about FCC regulations?”

To take a quick detour into FCC regulations, most unlicensed devices fall under Part 15 of the FCC rules. They have to be tested and certified by the FCC before they are marketed and sold in the United States. Whenever you see your favorite technology blog talking about how some new device is being tested by the FCC, they’re talking about this testing.

So, when Chris was explaining his presentation I figured he was going to go one of two ways: Either he was going to unveil some kind of new FCC certified cell phone interceptor (unlikely), or he was going to put on an eye patch, raise the Jolly Roger and go full pirate. However, after the presentation was done, I was reading the coverage of the presentation and saw that he did it a way that I hadn’t considered: Chris, unbeknownst to me, had an amateur radio license, so he tried to classify his transmissions under Part 97.

Part 97 is the Amateur Radio section of the FCC rules. Amateur radio is classified as an “experimental” service. As I’ve stated in my “Why you should be an Amateur” presentation, amateur radio is “radio hacking.” Chris saw that part of the European GSM band overlaps with the 33cm amateur radio band, so he (and I!) have rights to transmit there. Seems like a perfect fit, right?

Unfortunately, no. While Chris did seem to catch the “no encryption” part of the rules, he didn’t realize that his transmissions were not legal under Part 97 either for other reasons. Part 97.111 and Part 97.113 establish but “authorized” and “unauthorized” transmissions of amateur radio stations, of which Chris, by my count, violated the rules 2 or 3 different ways:

1. Chris was using his Part 97 transmitter to communicate with Part 15 devices, not other Part 97 devices. (Violates Part 97.111(a))
2. Chris’ GSM cell site was beaconing to cell phones to let them know it’s there. That counts as a way transmission. (Violates Part 97.113(b))
3. Chris was impersonating a AT&T cell phone site. You can’t impersonate people on amateur radio. (Might Violate 97.113(a)(4))

Chris does get props for establishing a Morse Code beacon to ID himself every 10 minutes as defined by the rules, however, that is like a restaurant owner trying to convince the health inspector that his restaurant is OK despite the rats and roaches because his employees wash their hands after they go to the bathroom. Too little, too late.

I’m not trying to string up Chris here, I’m honestly worried for him. He’s admitted that he’s had conversations with the FCC regarding this presentation which he classified as “unproductive”. This, combined with the fact that the FCC enforcement bureau loves to hand out documents with “Notice of Apparent Liability” at the top and five figure fines on the bottom leads me to wonder if Chris isn’t headed toward a protracted legal battle with the Feds. Chris’ presentation shows a major shortcoming with the current FCC rules dealing with research. Chris should not have tried to find a loophole within the FCC regulations to do his research, it should have been legal for him to establish a low powered signal to do and demonstrate his research. We, as researchers, are running into another version of the same ostrich syndrome that prohibited users from listening to cell phone and pager traffic that were transmitted in-the-clear back in the early 1990s, and to a lesser extent, still are. With the expansion of data networks to mobile devices, it’s become even worse, as Chris’ presentation demonstrated. By not allowing research into these fields the FCC is keeping the sunlight out of the dark corners of our mobile networks and allowing the mobile phone companies to convince us that everything is OK when in reality someone with $1500 worth of equipment can intercept local mobile phone traffic is negligent at best, and criminal at worst.

While I disagree with Chris’ characterization of his transmissions being “cool” because he’s licensed as an amateur radio operator, I fully support his research and his efforts to do this research in a controlled environment. I also hope that the FCC will realize that this type of research only helps people and all the laws in the world won’t help bad people from doing this same type of activity in a malicious manner, as they already are.

The FCC has submitted a notice of proposed rule making (NPRM) to attempt to create an exception in the Part 97 rules to allow hams to participate in disaster drills on behalf of their employer. Currently, for amateurs to participate in drills on behalf of a government agency, the agency must submit a waiver to the FCC for permission. Now, I have said before that I’m a fan of the waiver process and I think that it has its place. However, I feel that giving blanket immunity to such things is not a good idea. I think I’m very much in the minority in this opinion, but after reading the comments submitted by Mark, K6HX, I felt my Quixote-esque ability to tilt at windmills stir, so I went ahead and submitted my own.

My comments on FCC Docket 10-72

Let us see what happens…

So, a quick post about two things:

1st, I did a presentation to the Boston Chapter of the Association of Government Accountants for their monthly meeting as part of my day job. I’d like to think I did fairly well and there certainly was a fair amount of discussion afterward. In case any of them find their way here in an attempt to find my slide decks, I am happy to oblige:

• Information Security and You PPT (1.4MB)
• Information Security and You PDF (1.8MB)

2nd, I have been selected to speak at QuaghogCon in Providence, RI the weekend of April 24th and 25th. I’ll be departing from my usual “Information Security” speaking groove and instead will be evangelizing Amateur Radio. Sadly, this means I’ll be missing out on B-Sides Boston, but that’s the way the cookie crumbles. Registration is open now and I’ve heard rumors that attendance will be capped at 150, so even if you don’t want to hear me speak, buy a ticket; there are going to be some awesome presentations.

Mark, K6HX recently asked what people are thinking regarding the “looming spectrum crisis” and the various “spectrum inventory” acts that are currently winding their way through Congress. Mark and I seem to be more or less in agreement regarding what may be around the corner:

When we say that our “ham radio political leaders” should remain vigilant against possible spectrum reallocation, I think that we are shifting the responsibility (and in the future, likely the blame) to them, when the responsibility really lies with us. We as radio amateurs are simply not doing enough to justify our use of UHF+ spectrum. When we rely on political action committees to justify our use of this valuable public resource, we should be working hard to provide them with every possible justification that they can use. It isn’t Congress who is placing these frequencies in peril: it is our own inactivity which does so. If we lose 1.2GHz, or 220Mhz, or any of our other allocations, it will be because we frankly aren’t using them enough. If I thought that these frequencies could be effectively used to give Internet broadband to millions of underserved Americans, I’d have to say “take those frequencies, we will miss them, but we had our chance with them”.

Mark hits the nail right on the head with this statement. If we lose any bands it’s our own fault for lack of activity on them. While I don’t think 70cm (think PAVE PAWS) and below are in danger, everything else is fair game, and this includes my beloved 33cm. I am very much a “life begins at 50MHz” kind of amateur and I wish we would see more use of the GHz bands, especially 12cm (2.4GHz) but I realize that most Hams hardly venture above 148MHz, and 95% of the experimentation in the community is below 30MHz. What does this mean when the Feds come knocking on the ARRL’s door asking for spectrum?

Game Over Man! Game Over!

Amateur Radio, in its current state, cannot justify the spectrum it’s given. Period. Full Stop. No amount of wharrgarbling about public service or what kind of value we provide is going to change that. Go ahead and read the ARRL’s Frequency Allocation page and ask yourself how many bands you’ve used in the past week, month, or year. Heck, even go back five years. I bet that most of you have never gone above 2M. Anthony, K3NG, takes an even more dower view in the comments section which I have a hard time disagreeing with:

Even if we would start using these bands more, I’m not sure that would be enough to keep them from being reallocated, even if we could get 50% of our active amateurs on them. If we calculate how many bits/hertz are currently being used in our spectrum versus what would be used if reallocated, and perhaps even take it a step further to model the geographical aspects and frequency reuse, it’s hard to objectively argue against mobile wireless use of these bands. Unfortunately we’re not going to be able to depend on the classic defense based on emcomm use or experimentation; the potential public benefit is just too great…

So, the question is, what can we do? I think we have two options, both of which, if they happen, will cause lamentations the like we have never seen across QRZ and eHam.

#1 Roll over – This is obvious. We lose, they win their spectrum, and we’re further sidelined into obscurity. While I don’t think this will happen and I’m sure that many of you agree, there is a distinct chance that the FCC will make a power grab for the “greater good” and legislate some of our bands out of existence without giving us a second look. Why? Because the amount of people served by expanded wireless service is pretty much a “no brainer” kind of decision. Since everyone on the federal level is hopping on the “broadband for everyone” bandwagon, passing off this kind of action will easily pass the “public approval” sniff test.

#2 Play lets make a deal – We play the cards we’ve been given and we proactively start making plans to give up bands and if we see the writing on the wall, we proactively approach the FCC with options. While, yes, you are correct, this approach did not work out well for Neville Chamberlain (Please note, I am *not* comparing the FCC to Hitler) we might be able to salvage concessions that guarantee the future of the hobby and bands. Give up 1.25M, 23cm, and 3300-3500 MHz for a law or something to guarantee the rest of our spectrum? I’d be OK with that.

These are not going to be easy decisions that are forthcoming if the Feds start scrounging for spectrum. I am pretty sure we’re going to lose any battle that comes to it. I think we as a hobby need to start figuring out what we are going to do now rather then run around like chickens with our heads cut off when the tax man cometh.

The other obvious part to this is that we should also start pushing the use of more of our spectrum. Why am I not seeing the ARRL start pushing for simple 2.4GHz data projects? With the demise of packet radio beyond APRS and the HUGE FREAKING SWATH OF IPv4 ADDRESS SPACE we have why don’t we see a organized effort for creating low cost homebrew builds? Instead, the ARRL is focusing on 40M while the HSMM page is so old it has dust on it. Way to go ARRL.

Santa was very nice and I got a nice Arduino for Christmas. I’ve been meaning to snag one of these for a while but I kept putting it off. After reading the great documentation they have, I quickly started making LEDs blink and such.

After messing about with the examples for a while, I decided to see if I could whip something up from scratch. I had bookmarked Mark, K6HX’s entry about an Arduino based Morse Code Beacon and decided to take a crack at it. My code is a bit of a kludge, but it does work:

Now, to get this hooked up into a radio to make sure it can do more then blink an LED…

UPDATE: Uhhh… Yeah, so I guess Mark updated his beacon and did some pretty impressive stuff, making my implementation look like a Pinto while his is a Corvette. Oh well. It was a learning experience.

The episode of PaulDotCom I made an appearance on has been posted:

• Part 1
• Part 2

Hear me discuss cigars, G. Schneider & Sohn beer, and decoding digital signals.

I’ll be appearing tonight on PaulDotCom Security Weekly on Episode 179 tonight around 8:30PM helping Larry discuss the legal ramifications and technical aspects of decoding pager traffic and plugging amateur radio.

When the stream goes live you can check out

• PaulDotCom Live Video Stream
• PaulDotCom Live Radio Stream

If you’re interested in making fun of me while I am live on the air feel free to join the PaulDotCom IRC channel during the stream. Point your client to irc.freenode.net #pauldotcom.

…and not in a good way unfortunately.

Rick, K6VVA, posted this on the CQ-Contest listserv last week that he was filing a petition to the FCC because someone (or someones) are forging callsigns on the DX Cluster network, including several prominent contesters, and are engaging in trollish behavior. While I frown on this behavior, as someone who deals with this kind of behavior on an almost daily basis the PFRM that Rick submitted to the FCC is a goldmine of unintentional comedy and another waste of the FCC’s time. Rick’s comparison to someone bootlegging a callsign to identity theft and his filing this with the FBI makes me cringe and laugh at the same time.

Rick, let me tell you: As someone who deals with all the crap that goes on the Internet, someone impersonating people on a DX cluster will rate on the FBI “to do list” right above “Find a way to arrest people on the Internet who are mean.” The FCC has no jurisdiction in this case as they can’t control what goes on networks like the Internet. Finally, there is the 1st amendment in play here as anyone should have the ability to spoof a callsign in a legal and non malicious manner. Also, I’m glad to see that Rick is trying to maximize the wasting of my Federal tax dollars by engaging not one, but two agencies on his private crusade.

Rick, and everyone else, this Internet is a scary new place, but let me teach you on how to deal with the person/persons behind this: Ignore them. By filing this PFRM, you may have thought that you might scare them, but you’ve only cause them to step up their efforts as they now they know they’re getting under your skin. Great job. Speaking of skin, you also need to toughen yours up. If cataloged all the insults hurledmy way in my 14 some-odd years on the Internet, I’m sure I could fill out an exhibit twice as long and twice as off-color.

While Rick is completely overreacting to this problem, this is a symptom of a broken system for DX Spots. DX Clusters are inherently anonymous. I can easily log into one randomly, pick a random call sign and start giving out spots to the global network. By not including any kind of authentication nor the ability to track who sent what, it allows this kind of nonsense to go on. Steps need to be taken to track down troublemakers and to include the ability to trace back spots to the originators. Sadly, such a system would require a massive push for everyone on the system to upgrade and some kind of central governance that could disconnect people who choose not to. Since the DX Cluster network is so organic, such a thing is not going to happen any time soon, and we are just going to learn how to deal with trolls on the system.

I’m sure some of my readers are familiar with the recent FCC statement regarding Part 97.113(a)(3) but for those of who are not: Recently, the FCC stated that an employee of an agency cannot do communications on behalf of that agency via amateur radio. As always, this caused much wharrgarbling thorough the Amateur Radio community on both sides of the issue. The rule makes sense while, unfortunately, stepping on a lot of toes. By prohibiting such communications, the FCC limits the possible abuse of amateur radio frequencies for business-related traffic. However, in that process, they also make it quite difficult for licensed employees that work in the public sector (like yours truly) or for private relief agencies to assist in communications.

A few days ago, K0NR wrote a post regarding possible rule changes that might allow Hams to participate in drills on behalf of their employer, as long as the traffic is limited to disaster communications. Included in it is an interesting blurb on the olive branch the FCC made toward amateurs regarding getting a waiver for such drills:

The FCC also described a process for requesting a waiver of this rule for a specific emergency preparedness drill. A governmental entity, not the amateur radio operators involved, must apply to the FCC for a waiver in advance of the drill. According to N5FDL, the FCC intends these waivers to be for very specific events and not a regularly scheduled activity such as a weekly net. This can help facilitate a major event but is still fairly limited. I wonder how many waiver requests the FCC be receiving? I suspect there will be many.

Now, some are saying that this just isn’t good enough and are submitting a petition regarding changing the rules to provide blanket immunity to such exercises. However, I think the waiver process is a great way to finally provide a good metric on how valuable amateur radio operators are to the emergency communications landscape. All too often on NewsLine or TWIAR we hear stories about hams that were activated during a disaster. However, almost every story includes the phrase “stood by to assist” which, if you read between the lines, they did a hell of a lot of nothing. This always leads me to question how much we ar utilized or even wanted by agencies that we as a community purport to serve.

The waiver process provides a way to measure that. If hams are really important to an organization’s communications strategy, I don’t forsee a problem in getting a waiver written by an employer to participate in drills. However, if the employer really can’t be bothered to file a waiver in order for radio amateurs to participate, we have to wonder how valuable of a service that we really provide.

Jeff, KE9V, suggested taking this to it’s possible conclusion and suggested we should be getting out of the emergency communications business with the exception of when the fecal matter hits the air circulation device. Once that happens, the FCC rules are pretty open at that point. However, I don’t think public safety agencies want a bunch of folks with orange ARES/RACES vests showing up during a disaster who are not familiar with the way things work.

Of course, all of this is passing over the fact that this only affects people who are employed by the agency they want to do communications for. I’m A-OK if I want to volunteer for the New Bedford EMA. But, I guess some people want to have their cake and eat it too.

I’m surprised this completely missed my radar. While reading the Commonwealth’s Statewide Communications Interoperability Plan the other day, I noticed that they made a reference to a broadband initiative on Cape Cod and the islands called OpenCape. This idea is for pushing a fiber solution out across the Cape and islands along with a Microwave backbone for backup. This peaked my interest for two reasons:

1. I love me some speedy Internet
2. It shows how far Amateur Radio is behind the times

OpenCape states on their “About us” page that:

The Cape, Islands and South Coast are the most vulnerable region in Massachusetts to natural disaster, such as a hurricane. Additionally, the region’s proximity to the Plymouth nuclear power plant adds to the region’s overall disaster risk. One of the lessons from Katrina and other major disasters is that communication infrastructure is key to both response and recovery.

Cape Cod lacks the robust and redundant system of communications it will need to respond to and recover from a natural or man-made disaster. Not only will the OpenCape network perform a daily economic role, but it will also serve as the redundant communications backbone in times of emergency.

This is eerily familiar to me as a south coastal Massachusetts amateur radio operator, as I’ve heard this same exact statement time and time again from people involved in Emergency Communications out on the Cape. There is no real link back to the rest of the state from the Cape and Islands. However, lets compare and contrast:

Faced with the same problem two groups came up with different solutions:

1. Establish a “robust, high capacity communications infrastructure” both wired and wireless across the Cape
2. Establish a 1200 baud VHF connection with WinLink.

I seem to be busting this out a lot lately:

OK, this isn’t a strict apples-to-apples comparison. I understand that the projects here are slightly different. OpenCape’s projected cost it $40 million while I’m sure the WinLink connection cost probably well under 0.1% of that. However, it demonstrates a disconnect between Amateur Radio and what the current environment is like for data connections. Today, everything short of my toaster is IP based. Existing infrastructure using IP is everywhere. What is Amateur radio still continuing to focus on? Kludges that keep bolting things on top of an outdated protocol that isn’t suited for today’s networks and then additional kludges to connect it back to the rest of the world.

OpenCape says that “Letters of support have been received from every town… Cape Cod and the Islands, police and fire chiefs associations…” which makes me wonder what exactly is going on out there. Are we squandering a valuable opportunity for deploying HSMM links on an intra and inter-town basis? While I’m not a fan of the “EmComm for the sake of EmComm” that a lot of ARES and RACES folks fall into, this would be a great way to “sell” amateur radio. If someone said to a Cape Cod based fire/police/EMA “Hey, I think I can give you an IP link off cape for short money that would continue to work during a disaster” I’d be shocked if there were no interest. If that goes well, what about then start setting up a mesh network between towns? Part 97 gives us tremendous leeway on 2.4GHz and there is ways to upgrade consumer equipment for cheap money. For the love of pete, how can we not do this?

Instead of keeping up with the times we are focusing on our 1200 baud links and getting left in the dust while people are beating us with better designed data networks. Data networks that are designed to work during disasters. Then, we wonder why the hobby is suffering.