504
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 04 Jan 2024
504 points (97.7% liked)
Technology
60090 readers
2694 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
I find it fascinating how in the United States police radio communications aren't encrypted and therefore anyone can listen to them. In my European country all emergency service communications are TETRA encrypted.
Which had/has a built-in backdoor for years.
https://www.wired.com/story/tetra-radio-encryption-backdoor/
EU security forces didn't really care as TEA2 wasn't backdoored. It's a mid-90s standard with different encryption levels for different actors, it should be blindingly obvious that whatever is publicly available is backdoored. You may not like it, I do not like it, but it should've been obvious.
The actual own goal was that while all EU security forces always had access to the secure stuff plenty of operators of critical infrastructure (think energy suppliers etc) used TEA1 as that's what they were given. Also some EU forces bought TEA1 equipment presumably because they didn't know what they were doing, with or without help from manufactures with an overstock of TEA1 radios.
Here's a 37c3 talk about the whole thing, from the people actually breaching the protocol.
Aside from those encryption issues (which are finally getting addressed btw) TETRA is a great protocol, though. By now a bit dated so bandwidth isn't exactly stellar (forget video streaming or such) but devices can talk directly to another just as in olden times, setting up a base station simply increases range, radio channels are now virtual, it's all very sweet. Basically TETRA is to radio what GSM is to rotary phones. Which, as GSM phones don't tend to be wired, makes a hell a lot more sense.
Wait the CCC speaks English? I thought they were German!
Projecting a wee bit, aren't we?
Also the presenters are Dutch. The congress is bilingual though IIRC simultaneous translation is only in place for German->English.
CCC was founded in Germany. It's not strange to assume they'd publish in German.
Oh they do. And if it was a rabbit breeder association it would stand to reason that they'd only publish in German, but they aren't, and they don't.
Du hast mich gefragt!
Well, for starters, European police are actually trained professionals (in general, much more so than American police) and have different oversight. American police also handle a wider variety of things that really aren't law enforcement - things that should be handled by other kinds of professionals.
EDIT: American law enforcement agencies are also home to some of the highest rates of domestic violence perpetrators and right-wing extremism.
American police shoot and kill 3-4 people each day. That doesn't take into account deaths that occur in jails and prisons due to negligence.
What do American police handle that European police do not?
He already stated that. They shoot and kill 3-4 people a day!
/s
Not all llaw enforcement or emergency services are in the clear. The Feds are all encrypted (except for some intentional in-the-clear channels for open comms).
One of the biggest criticisms after 9/11 was the lack of easy comms across agencies because of radio set ups, different 10-codes, etc.
Hopefully this is something they are accounting for with this change.
Also $400m doesn't seem that crazy for an endeavor like this given the size of NYPD.
40k officers and staff + backhaul + tower upgrades + vehicle radio upgrades and installation /$400m
And is that $400m entire lifecycle cost? Over 5-10 years or whatever that's really not insane.
It seems insane that they were communicating out in the open.
On the one hand, you probably hear all kinds of cool shit. On the other hand, how in the fuck are they just discussing all their sensitive shit out in the open??
They don't? I mean, you can listen to them, they are not discussing sensitive shit because it's public.
So what do they use to do that? Or is it that they can't because they don't have a secure channel?
Cell phones are a common option.
Jesus. I can't believe they haven't encrypted sooner. "We have a situation here, wait let me call you."
Why would the situation need to be kept private? “We have a jumper at this and this street”, “shots fired on scene”, “I ate a burrito.”
I’m honestly curious, what vitally secret info do you think needs to be communicated over radio? They aren’t for conversations.
To keep the private info of the people involved actually private. License plates, descriptions, home addresses, personally identifiable info. It seems mad that all of that is just broadcasted out to everyone. Probably wouldn't even be legal where I live because of privacy concerns.
License plates are not private, they literally sit out in public all day. Descriptions are, again, not private. Even your license info is public.
Not to mention, police reports are info that can be requested with a FOIA request. So all that info is public anyway, even if it was originally private.
Would you be willing to share your license plate number here?
License plate, connected to description and description of the situation, medical stuff etc. would obviously be something I wouldn't want broadcasted to just anyone. I don't know how Americans are comfortable with that.
Or well, probably aren't since they're finally getting around to encrypting that stuff. It's wild that it wasn't done before.
Here? No. I keep my online and personal lives separate. That would be directly tying what are essentially two different people together.
Are you willing to put your license plate on a piece of paper and display it on your house? What about your address on your car? Your name on your car, house, phone number?
All this info is already there. You can find it all yourself, or pay like $15 to have a company do it for you, and you’ll get a boatload more. Employer history, address history, vehicle history, current phone number, current address, and more.
I guarantee this info is all readily available in other countries as well, though I admit the legality of general public getting their hands on it may be in question.
I wouldn't want any of my info being broadcasted to public without my specific approval. Especially connected to other info like a specific situations with police, medical info, whatever might come up. Imagine being a victim and on top of the shittyness of that having all your info just broadcasted out like that.
You said license plates were public info you were fine with being broadcasted in public. Not sure why you're hesitating now.
I'm being facetious. Of course I know. Nobody wants that shit being broadcasted out without their approval. Imagine if I just shared your address or license plate. The audience here is undoubtedly smaller than what you'd get with NYC police radio, but still.
Why would a victims information be broadcast over the radio? And why would it matter? “Omg someone on the other side of town is going to know I got stabbed I’m so embarrassed!”
It’s not like they are sitting there over the radio giving a deep dive on the person.
That’s like saying “if we were talking face to face you’d be comfortable introducing yourself by name, why are you hesitating now?”
The audience here is gigantic. This is a public website, accessible without credentials, stored in perpetuity on any number of websites. And this is a username which has received death threats, among other threats.
On the other hand, anyone who knows my real name can just look up my address, assuming they know any number of secondary pieces of info. Literally saying “Hi I’m Kairu Byte from Beverly Hills” would likely be enough info to get my exact address. Or, just punch my license plate into a website.
I get that you feel like that info is private in the real world, but it really isn’t. Not in the slightest.
It can cause further harm to the victim for their information to be broadcasted out. A lot of victims wouldn't want their information and that of the situation to be shared, obviously. And it would be broadcasted because police report what they're doing over the radio, ask for confirmation or checkups and all that. Here it wouldn't matter so much because of encryption, with unecrypted traffic that sort of normal radio traffic would be obviously problematic.
No, the radio traffic is unencrypted and broadcasted out to everyone who wants to listen. That's the whole problem.
The radio traffic is broadcasted unencrypted to everyone willing to listen, indiscriminately. It's not one to one. And people share that online too. I know I've listened to a few streams. It's very much like writing shit online. Someone just needs to pick the right website and you're set.
It's not like talking face to face, it's yelling across a busy market place, with some people recording and broadcasting everything people are yelling.
Listen to a large cities broadcast for a while, there’s no crazy info being shared. There’s no reason for a cop to be talking about a victim beyond general terms where PII is concerned for the most part. They take that info down, but that’s about it. They aren’t saying “Mary sue at 411 Texas Roadhouse Drive, the 41 year old woman who drives a red sedan, was stabbed by her dog.” They’re going to say “requesting ems for a stab wound near Texas Roadhouse drive and Kentucky fried chicken way.”
And again, all of that info is available to the public regardless. Unless the cops are doing their job wrong and/or doing shady shit at least. You can even FOIA body cam footage, which is going to contain all that radio chatter anyway.
They probably have to be (or try to be) vague about it, sending info through other means because it's unencrypted and broadcasted to everyone. But when I listened to, there were addresses, license plates, what was happening and so on. You need to exchange some level of info, would be pointless to have the radios otherwise. And when exchanging such info, better to have it be encrypted.
And yet you're unwilling to indiscriminately broadcast the info here. Even if you don't seem to knowingly recognize the difference between the info being public in some form and broadcasting it indiscriminately to anyone wanting to listen, you don't want to share it here because you know it's different.
I’ve had my license plate run before, it’s been broadcast over the county radio system, and I couldn’t care less.
I’ve also had my name in the newspaper, again I don’t really care.
I’d be more than happy telling random people offline my license plate number, because I don’t care.
In fact, I myself have said my license plate number over an open radio frequency.
But you’re essentially asking me to dox myself and remove my online anonymity, which is a major difference. It’s not comparable to having the info randomly said over an open radio, it just isn’t.
You know what else I would do over a radio, but not here? Announce my name. Mention the city I live in. Say my address. All specifically because I’m using this username.
Now, if this was legitimately anonymous, impossible to trace, a username not connected to me? Fuck yeah, I’d say my license plate. Because it would be meaningless. A drop in the bucket of millions of license plates. But you’re asking me to connect my identities.
The difference you’re talking about is all down to level of effort. On one hand I can listen to a radio, on the other I submit a form online (and get a hell of a lot more detail.)
I'm asking you to broadcast your license plate on open internet with enough info to connect it to a certain situation, as might happen when stuff is said on radio for anyone to hear. Sucky situation, especially if you're a victim of a crime.
They should've encrypted it a long ago.
I think you’re well aware that a username with death threats, linking with a real identity, is much different than broadcasting “run this license plate is it clean?”
And why exactly are we broadcasting the license plate of a victim?…
I mean... Let's just take your example of "we have a jumper at x and y street". Is it really a good idea to have everyone know that? Do we want "journalists" to drive over their and take pictures of people in crisis (possibly worsening it).
Or let's imagine a car chase, do we really want criminals to know that a spikestrip is set up 2 streets ahead?
Do we want information like warrant and licence checks to be held over unencrypted radio transmitions. Allowing everyone who wants to to listen in and learn about people's criminal histories?
Just to add, I am aware that the whole idea of privacy isn't really a thing in the US, the names and mugshots of arrested people are literally made public in some (all?) states, so you probably don't care about the last point, but the rest still stand, and in lots of countries everyone's privacy is considered a right, including that of (suspected) criminals.
It really doesn’t hurt.
How is a journalist any different than a dozen randos posting it to TikTok? At least the journalist would be more likely to report facts instead of “#justdoit”.
his isn’t usually a concern. Spike strips are set up pretty much only when the criminal has no other option. They aren’t done in a residential area where there are many side streets and turns, because it’s like trying to herd cats.
Most of the time in a chase, it’s info the criminal is already going to know. Where they are, what they are doing, etc. the cops don’t normally detail their plans on the radio, just communicate info.
This info is already public. You can literally just look it up on government sites. You can do that in many different countries, in fact. And I’d say that’s a good thing, actually. Why should we keep criminal activity private? How do we keep both citizens and government accountable if we aren’t open about what was done and the punishment received. Otherwise you can have people just disappear from the street into a jail cell, and the public have no way of ever knowing.
Communicate private health information? A lot of times they still use fax machines. Information can also be stored in a secured database where access is recorded and monitored. If needed, they can always pick up the phone and talk directly with a person if you need something. HIPAA is fairly specific about this.
An encrypted two-way radio, where only the two parties requiring the information would be on the call, that might be fine as long as you're careful to make sure someone standing nearby can't overhear. But that's not what NYC is building.
I think most eu countries use tetra for emergency services. it's great for cross service group/task communications also.
Tetra?
https://duckduckgo.com/?q=TETRA+encryption