504
submitted 11 months ago by fne8w2ah@lemmy.world to c/technology@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] pan0wski@infosec.pub 76 points 11 months ago

I find it fascinating how in the United States police radio communications aren't encrypted and therefore anyone can listen to them. In my European country all emergency service communications are TETRA encrypted.

[-] Dalraz@lemmy.ca 24 points 11 months ago
[-] barsoap@lemm.ee 6 points 11 months ago* (last edited 11 months ago)

EU security forces didn't really care as TEA2 wasn't backdoored. It's a mid-90s standard with different encryption levels for different actors, it should be blindingly obvious that whatever is publicly available is backdoored. You may not like it, I do not like it, but it should've been obvious.

The actual own goal was that while all EU security forces always had access to the secure stuff plenty of operators of critical infrastructure (think energy suppliers etc) used TEA1 as that's what they were given. Also some EU forces bought TEA1 equipment presumably because they didn't know what they were doing, with or without help from manufactures with an overstock of TEA1 radios.

Here's a 37c3 talk about the whole thing, from the people actually breaching the protocol.

Aside from those encryption issues (which are finally getting addressed btw) TETRA is a great protocol, though. By now a bit dated so bandwidth isn't exactly stellar (forget video streaming or such) but devices can talk directly to another just as in olden times, setting up a base station simply increases range, radio channels are now virtual, it's all very sweet. Basically TETRA is to radio what GSM is to rotary phones. Which, as GSM phones don't tend to be wired, makes a hell a lot more sense.

[-] cashews_best_nut@lemmy.world 1 points 11 months ago

Wait the CCC speaks English? I thought they were German!

[-] barsoap@lemm.ee 1 points 11 months ago

Projecting a wee bit, aren't we?

Also the presenters are Dutch. The congress is bilingual though IIRC simultaneous translation is only in place for German->English.

[-] cashews_best_nut@lemmy.world 1 points 11 months ago

CCC was founded in Germany. It's not strange to assume they'd publish in German.

[-] barsoap@lemm.ee 1 points 11 months ago

Oh they do. And if it was a rabbit breeder association it would stand to reason that they'd only publish in German, but they aren't, and they don't.

[-] cashews_best_nut@lemmy.world 1 points 11 months ago

Du hast mich gefragt!

[-] harry_balzac@lemmy.world 21 points 11 months ago* (last edited 11 months ago)

Well, for starters, European police are actually trained professionals (in general, much more so than American police) and have different oversight. American police also handle a wider variety of things that really aren't law enforcement - things that should be handled by other kinds of professionals.

EDIT: American law enforcement agencies are also home to some of the highest rates of domestic violence perpetrators and right-wing extremism.

American police shoot and kill 3-4 people each day. That doesn't take into account deaths that occur in jails and prisons due to negligence.

[-] phillaholic@lemm.ee 4 points 11 months ago

What do American police handle that European police do not?

[-] kurcatovium@lemm.ee 8 points 11 months ago

He already stated that. They shoot and kill 3-4 people a day!

/s

[-] cybersandwich@lemmy.world 21 points 11 months ago* (last edited 11 months ago)

Not all llaw enforcement or emergency services are in the clear. The Feds are all encrypted (except for some intentional in-the-clear channels for open comms).

One of the biggest criticisms after 9/11 was the lack of easy comms across agencies because of radio set ups, different 10-codes, etc.

Hopefully this is something they are accounting for with this change.

Also $400m doesn't seem that crazy for an endeavor like this given the size of NYPD.

40k officers and staff + backhaul + tower upgrades + vehicle radio upgrades and installation /$400m

And is that $400m entire lifecycle cost? Over 5-10 years or whatever that's really not insane.

[-] Kusimulkku@lemm.ee 7 points 11 months ago

It seems insane that they were communicating out in the open.

On the one hand, you probably hear all kinds of cool shit. On the other hand, how in the fuck are they just discussing all their sensitive shit out in the open??

[-] themeatbridge@lemmy.world 6 points 11 months ago

They don't? I mean, you can listen to them, they are not discussing sensitive shit because it's public.

[-] Kusimulkku@lemm.ee 3 points 11 months ago

So what do they use to do that? Or is it that they can't because they don't have a secure channel?

[-] YerbaYerba@lemm.ee 3 points 11 months ago

Cell phones are a common option.

[-] Kusimulkku@lemm.ee 2 points 11 months ago

Jesus. I can't believe they haven't encrypted sooner. "We have a situation here, wait let me call you."

[-] KairuByte@lemmy.dbzer0.com 2 points 11 months ago

Why would the situation need to be kept private? “We have a jumper at this and this street”, “shots fired on scene”, “I ate a burrito.”

I’m honestly curious, what vitally secret info do you think needs to be communicated over radio? They aren’t for conversations.

[-] Kusimulkku@lemm.ee 4 points 11 months ago* (last edited 11 months ago)

To keep the private info of the people involved actually private. License plates, descriptions, home addresses, personally identifiable info. It seems mad that all of that is just broadcasted out to everyone. Probably wouldn't even be legal where I live because of privacy concerns.

[-] KairuByte@lemmy.dbzer0.com 2 points 11 months ago

License plates are not private, they literally sit out in public all day. Descriptions are, again, not private. Even your license info is public.

Not to mention, police reports are info that can be requested with a FOIA request. So all that info is public anyway, even if it was originally private.

[-] Kusimulkku@lemm.ee 2 points 11 months ago

Would you be willing to share your license plate number here?

License plate, connected to description and description of the situation, medical stuff etc. would obviously be something I wouldn't want broadcasted to just anyone. I don't know how Americans are comfortable with that.

Or well, probably aren't since they're finally getting around to encrypting that stuff. It's wild that it wasn't done before.

[-] KairuByte@lemmy.dbzer0.com 0 points 11 months ago

Here? No. I keep my online and personal lives separate. That would be directly tying what are essentially two different people together.

Are you willing to put your license plate on a piece of paper and display it on your house? What about your address on your car? Your name on your car, house, phone number?

All this info is already there. You can find it all yourself, or pay like $15 to have a company do it for you, and you’ll get a boatload more. Employer history, address history, vehicle history, current phone number, current address, and more.

I guarantee this info is all readily available in other countries as well, though I admit the legality of general public getting their hands on it may be in question.

[-] Kusimulkku@lemm.ee 2 points 11 months ago

I wouldn't want any of my info being broadcasted to public without my specific approval. Especially connected to other info like a specific situations with police, medical info, whatever might come up. Imagine being a victim and on top of the shittyness of that having all your info just broadcasted out like that.

You said license plates were public info you were fine with being broadcasted in public. Not sure why you're hesitating now.

I'm being facetious. Of course I know. Nobody wants that shit being broadcasted out without their approval. Imagine if I just shared your address or license plate. The audience here is undoubtedly smaller than what you'd get with NYC police radio, but still.

[-] KairuByte@lemmy.dbzer0.com 2 points 11 months ago* (last edited 11 months ago)

Why would a victims information be broadcast over the radio? And why would it matter? “Omg someone on the other side of town is going to know I got stabbed I’m so embarrassed!”

It’s not like they are sitting there over the radio giving a deep dive on the person.

You said license plates were public info you were fine with being broadcasted in public. Not sure why you're hesitating now.

That’s like saying “if we were talking face to face you’d be comfortable introducing yourself by name, why are you hesitating now?”

The audience here is gigantic. This is a public website, accessible without credentials, stored in perpetuity on any number of websites. And this is a username which has received death threats, among other threats.

On the other hand, anyone who knows my real name can just look up my address, assuming they know any number of secondary pieces of info. Literally saying “Hi I’m Kairu Byte from Beverly Hills” would likely be enough info to get my exact address. Or, just punch my license plate into a website.

I get that you feel like that info is private in the real world, but it really isn’t. Not in the slightest.

[-] Kusimulkku@lemm.ee 1 points 11 months ago

It can cause further harm to the victim for their information to be broadcasted out. A lot of victims wouldn't want their information and that of the situation to be shared, obviously. And it would be broadcasted because police report what they're doing over the radio, ask for confirmation or checkups and all that. Here it wouldn't matter so much because of encryption, with unecrypted traffic that sort of normal radio traffic would be obviously problematic.

That’s like saying “if we were talking face to face you’d be comfortable introducing yourself by name, why are you hesitating now?”

No, the radio traffic is unencrypted and broadcasted out to everyone who wants to listen. That's the whole problem.

The radio traffic is broadcasted unencrypted to everyone willing to listen, indiscriminately. It's not one to one. And people share that online too. I know I've listened to a few streams. It's very much like writing shit online. Someone just needs to pick the right website and you're set.

It's not like talking face to face, it's yelling across a busy market place, with some people recording and broadcasting everything people are yelling.

[-] KairuByte@lemmy.dbzer0.com 1 points 11 months ago

Listen to a large cities broadcast for a while, there’s no crazy info being shared. There’s no reason for a cop to be talking about a victim beyond general terms where PII is concerned for the most part. They take that info down, but that’s about it. They aren’t saying “Mary sue at 411 Texas Roadhouse Drive, the 41 year old woman who drives a red sedan, was stabbed by her dog.” They’re going to say “requesting ems for a stab wound near Texas Roadhouse drive and Kentucky fried chicken way.”

And again, all of that info is available to the public regardless. Unless the cops are doing their job wrong and/or doing shady shit at least. You can even FOIA body cam footage, which is going to contain all that radio chatter anyway.

[-] Kusimulkku@lemm.ee 1 points 11 months ago

They probably have to be (or try to be) vague about it, sending info through other means because it's unencrypted and broadcasted to everyone. But when I listened to, there were addresses, license plates, what was happening and so on. You need to exchange some level of info, would be pointless to have the radios otherwise. And when exchanging such info, better to have it be encrypted.

And again, all of that info is available to the public regardless

And yet you're unwilling to indiscriminately broadcast the info here. Even if you don't seem to knowingly recognize the difference between the info being public in some form and broadcasting it indiscriminately to anyone wanting to listen, you don't want to share it here because you know it's different.

[-] KairuByte@lemmy.dbzer0.com 1 points 11 months ago

And yet you're unwilling to indiscriminately broadcast the info here

I’ve had my license plate run before, it’s been broadcast over the county radio system, and I couldn’t care less.

I’ve also had my name in the newspaper, again I don’t really care.

I’d be more than happy telling random people offline my license plate number, because I don’t care.

In fact, I myself have said my license plate number over an open radio frequency.

But you’re essentially asking me to dox myself and remove my online anonymity, which is a major difference. It’s not comparable to having the info randomly said over an open radio, it just isn’t.

You know what else I would do over a radio, but not here? Announce my name. Mention the city I live in. Say my address. All specifically because I’m using this username.

Now, if this was legitimately anonymous, impossible to trace, a username not connected to me? Fuck yeah, I’d say my license plate. Because it would be meaningless. A drop in the bucket of millions of license plates. But you’re asking me to connect my identities.

Even if you don't seem to knowingly recognize the difference between the info being public in some form and broadcasting it indiscriminately to anyone wanting to listen, you don't want to share it here because you know it's different.

The difference you’re talking about is all down to level of effort. On one hand I can listen to a radio, on the other I submit a form online (and get a hell of a lot more detail.)

[-] Kusimulkku@lemm.ee 1 points 11 months ago

I'm asking you to broadcast your license plate on open internet with enough info to connect it to a certain situation, as might happen when stuff is said on radio for anyone to hear. Sucky situation, especially if you're a victim of a crime.

They should've encrypted it a long ago.

[-] KairuByte@lemmy.dbzer0.com 1 points 11 months ago

I think you’re well aware that a username with death threats, linking with a real identity, is much different than broadcasting “run this license plate is it clean?”

And why exactly are we broadcasting the license plate of a victim?…

[-] A_dude@lemmy.world 1 points 11 months ago

I mean... Let's just take your example of "we have a jumper at x and y street". Is it really a good idea to have everyone know that? Do we want "journalists" to drive over their and take pictures of people in crisis (possibly worsening it).

Or let's imagine a car chase, do we really want criminals to know that a spikestrip is set up 2 streets ahead?

Do we want information like warrant and licence checks to be held over unencrypted radio transmitions. Allowing everyone who wants to to listen in and learn about people's criminal histories?

Just to add, I am aware that the whole idea of privacy isn't really a thing in the US, the names and mugshots of arrested people are literally made public in some (all?) states, so you probably don't care about the last point, but the rest still stand, and in lots of countries everyone's privacy is considered a right, including that of (suspected) criminals.

[-] KairuByte@lemmy.dbzer0.com 2 points 11 months ago* (last edited 11 months ago)

Is it really a good idea to have everyone know that?

It really doesn’t hurt.

Do we want "journalists" to drive over their and take pictures of people in crisis (possibly worsening it).

How is a journalist any different than a dozen randos posting it to TikTok? At least the journalist would be more likely to report facts instead of “#justdoit”.

Or let's imagine a car chase, do we really want criminals to know that a spikestrip is set up 2 streets ahead?

his isn’t usually a concern. Spike strips are set up pretty much only when the criminal has no other option. They aren’t done in a residential area where there are many side streets and turns, because it’s like trying to herd cats.

Most of the time in a chase, it’s info the criminal is already going to know. Where they are, what they are doing, etc. the cops don’t normally detail their plans on the radio, just communicate info.

Do we want information like warrant and licence checks to be held over unencrypted radio transmitions. Allowing everyone who wants to to listen in and learn about people's criminal histories?

This info is already public. You can literally just look it up on government sites. You can do that in many different countries, in fact. And I’d say that’s a good thing, actually. Why should we keep criminal activity private? How do we keep both citizens and government accountable if we aren’t open about what was done and the punishment received. Otherwise you can have people just disappear from the street into a jail cell, and the public have no way of ever knowing.

[-] themeatbridge@lemmy.world 1 points 11 months ago

Communicate private health information? A lot of times they still use fax machines. Information can also be stored in a secured database where access is recorded and monitored. If needed, they can always pick up the phone and talk directly with a person if you need something. HIPAA is fairly specific about this.

An encrypted two-way radio, where only the two parties requiring the information would be on the call, that might be fine as long as you're careful to make sure someone standing nearby can't overhear. But that's not what NYC is building.

[-] Cryan24@lemmy.world 2 points 11 months ago

I think most eu countries use tetra for emergency services. it's great for cross service group/task communications also.

this post was submitted on 04 Jan 2024
504 points (97.7% liked)

Technology

60090 readers
2694 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS