
Encryption efforts in Colorado challenge crime reporters, transparency - mhb
https://www.cjr.org/united_states_project/police-scanner-encryption.php
======
kodablah
This is a simple case of the negatives of transparency in government. You
gotta take the bad with the good when the good outweighs the bad. A public's
right to hear police chatter outweighs their potential to misuse it. It's
always sad to see misuse as an excuse for government opacity as if that's the
only concern to be taken into account.

And you can't really have it both ways with loosely defined terms, because
given the ability to hide only sensitive items, more items will become
"sensitive". In the absence of a reasonably defined line of transparency, you
have to just deal with the costs of total transparency. Then you may go to the
legislature and attempt to define extreme opt outs, but when you heavy-
handedly dismiss all concerns by outright hiding everything, you've basically
given the middle finger to discussions.

~~~
beojan
Perhaps it could be released after an embargo period then. There's no need for
the public to listen in on real time.

------
snarf21
I think the more interesting discussion here is the same cops want no
encryption on user's phones or at least the ability to bypass it. The same
reasons they cite are the same reasons users want encryption. While not
surprising that they want it both ways, just frustrating.

I also wonder about FOI act consequences. They are using public spectrum and
public dollars. It seems like the scanner should be unencrypted and if they
need secret messaging use another channel and do it over the internet.

~~~
glenneroo
Is it really the same cops though? I saw no mention of Colorado police being
against users encrypting their phones. The FBI were the ones who were
particularly upset that they couldn't decrypt Apple traffic[0].

[0]:
[https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_d...](https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute)

~~~
dsl
The FBI, or sometimes the county Sheriffs office, are the ones who handle
decryption of phones for local police departments.

There are over 17,000 police departments in the United States, it's not
reasonable for them to all have these capabilities on site.

Edit: The FBI actually has walk up kiosks (in a secure area) with Cellebrite
for do-it-yourself forensics.

------
imroot
I have two solutions for this:

The first one is easy: The Police agencies encrypt their Tactical channels and
leave their dispatch and car-to-car stuff unencrypted. Police still have the
ability to mask sensitive operations, the public keeps their "Open" access.

The second answer is a bit more complex -- give the media outlets a radio that
is transmit inhibited that has the dispatch channel only on it. I believe that
one city (Cincinnati) did that when they moved to P25 a few years ago.

With that said, There's only a trivial space that most radio systems use for
encryption these days. In Kenwood radios, it's only 4 numerical digits. While
I haven't tried decrypting someone else's NexEdge stuff, a motivated person
who wants to hear what's going on, will hear what's going on.

~~~
jstanley
> give the media outlets a radio

What's the difference between a media outlet and a blogger?

How do you ever start a media outlet if you don't have access to the
information required to operate a media outlet?

------
josefresco
Story time: I was outside this past weekend and heard lots of sirens.
Wondering what was going on, I downloaded one of those "police scanner" apps
and listened in to my local fire/police force.

Curiously, they had two channels - one that I could listen to, and one for
"onsite" that I could not. I know this because they talked about this other
"channel" on the one I could listen to. They did this for organizational
purposes as there were quite a few units from multiple towns responding and
needed to "clear" the main line for big announcements.

I have no idea if this is relevant, but I found it interesting, and IMHO
appropriate given the sensitive nature of the event (house fire).

------
kawfey
I believe encryption is a good thing so long as FOIA is followed. Big time
news agencies usually have a desk somewhere that's covered in radios from the
city's police, fire, ems, etc. that were bought from the agencies respective
vendor with proper permission from the city. Small time street journalists
don't have this capability since the radios are extremely costly and police
agencies have a general disdain for people showing up with smartphones
critiquing their work, as well as circumventing encryption by streaming it to
the web.

Numerous agencies are getting away from standard radio systems to networked
LTE-based radios...aka cell phones. It's increasingly common that even on
encrypted radios, dispatch will ask the attending party to move the
conversation to cell phone. Some agencies are jumping on networked VOIP PTT
radios and apps similar to Zello to save costs, which theoretically would
still allow a path for media agencies to listen in appropriately, only making
smaller journalists more angry at the inequity when they're denied a feed.

~~~
reaperducer
_Big time news agencies usually have a desk somewhere that 's covered in
radios from the city's police, fire, ems, etc._

This is true.

 _that were bought from the agencies respective vendor with proper permission
from the city._

This is false.

There are _rare_ occasions when a government agency will _lend_ a radio to a
news agency as a courtesy, but this is exceedingly rare and IME only happens
in small places.

Source: I spent too many years listening to scanners for big time news
agencies, and the grumbling of police agencies that knew we were listening in
on them.

------
dotCOMmie
It wouldn't be hard to use short term keys which could be broadcast out one
hour after use. Public would be able to watch the watchers and criminals would
not be able to track police response real time.

~~~
dsl
This would be a technical nightmare given how police radios work. However, you
can submit a FOIA request for radio recordings, which basically does what you
suggest but with a longer delay.

The radios do support over-the-air keying, but it is rarely used. Having
physical radios come back to the shop for key refreshes provides positive
control over radios, and prevents a stolen radio (which happens more often
than you'd think) from listening in on a SWAT or drug operation.

~~~
woodrowbarlow
> basically does what you suggest

ehhh, there's a bit of a difference. if i record encrypted traffic then i am
granted a decryption key later, i can be certain that nothing was edited out.

------
adrianhel
This protects the privacy of victims, offenders and innocent suspects. All of
them should have a right to privacy, except convicted offenders in matters
affecting the public.

~~~
wool_gather
> except _convicted_ offenders _[emph. mine]_

No. Accusations (and court proceedings) need to default to being public. This
is an important check on the power of prosecutors and judges.

~~~
yorwba
Presumably that check is intended to protect the accused from secret
prosecution. But I think in many cases, the potential reputation damage of a
false accusation is so bad that the accused would prefer to make the decision
about whether it should be published or not.

~~~
dragonwriter
> Presumably that check is intended to protect the accused from secret
> prosecution

It's as much intended to protect the public from the government pretending to
do things about problems that it is not doing; if prosecution is secret,
government can more easily claim it is making good faith efforts when it is
not then when the public can see what they are presenting at trial.

------
mschuster91
I do not understand why the US (and Germany, which switched only a couple
years ago to TETRA, as one of the last countries in Europe) took/take so long
to encrypt EMS communication.

I get the argument that people have a right to information - but at what cost?
The data that is spoken on open frequencies is _incredibly_ private: names,
addresses or what a person is suspected of having done, or which car belongs
to which person (=transmission of license plate, followed by the name on the
driver license). All out in the open, ripe for all kinds of abusers to be
harvested just like arrest data. Not to mention that criminals can also take
advantage, e.g. by having one or more dudes off-site who simply listen to the
police comm to inform if and how much police will be responding to a bank
robbery or a theft.

And if you want to see examples of how this fucks up peoples' lives, just read
this article or dozens more about such schemes:
[https://www.washingtonpost.com/news/morning-
mix/wp/2018/05/1...](https://www.washingtonpost.com/news/morning-
mix/wp/2018/05/18/this-site-will-remove-your-mug-shot-for-a-price-now-its-
owners-are-charged-with-extortion/)

Fun fact: a friend and I used to listen to German police years ago. You didn't
even need a scanner, just an iPod with the FM radio receiver and the region
set to Japan so that the lower FM radio ranges could be listened to (which
happened to match with part of the EMS channel range). We picked up all kinds
of shit ranging from addresses, names and plates to tactical information (e.g.
during a knife stabbing). Now we just laughed our butts off when they
announced to dispatch they're logging off for grabbing a burger, but if we
were evil we could have done a _lot_ of damage to innocent people.

~~~
detaro
At least in Germany, it wasn't a transparency thing (even if easy, listening
to responders comms is illegal), but a tech/admin thing.

The switch to digital and adding encryption both add complexity that you need
to be sure your people understand and can handle, even in crisis situations:
analogue gear has it's own failure modes, but is more forgiving in other
aspects. Add the general organizational issues of introducing large tech
projects, coordination across many different organizations that all need to
switch and be able work together at all times, and it's not too surprising it
took long...

~~~
mschuster91
> even if easy, listening to responders comms is illegal

Yeah but it was difficult to prosecute - the only way to get into trouble was
if police directly caught you in the act of listening in. Possession of
scanners and frequency tables itself was made basically legal in 1998 by a
court in Wuppertal, so unless you turned up to a crime scene with a scanner in
your hand or got caught streaming the feed into the Internet, you couldn't get
prosecuted (even if you admitted doing so on the Internet).

> coordination across many different organizations that all need to switch and
> be able work together at all times

Indeed, but now there are a _number_ of success stories worldwide from which
the US could learn on how to implement a switch to digital encrypted EMS
communication. In the US however people still _want_ to have the ability to
snoop, or to distribute arrest records to the permanent Internet record, and I
just ask myself _why_.

------
bluejekyll
I’m surprised this hasn’t happened already, or isn’t more widely being done.

One thing that I didn’t see in the article is a discussion around
authentication of the radio broadcast. I don’t know anything about radio
encryption, but I assume that like other forms of encryption, the receiver is
able to authenticate the source. This seems like something anyone would want,
like TLS for radio.

I get the desire for transparency, but that should that trump the need for
trusted radio transmissions?

Also, it’s interesting to see discussion of the opposite issue around
encryption. Where in this case it’s the gov’t being asked to be open, as
opposed to law enforcement’s desire to have backdoors in our devices.

~~~
potta_coffee
There's a module that is used to syncronize the transmitter with the receiver.
The source isn't authenticated but the radios are able to decrypt because of
the programming they receive from that module.

------
tantalor
There seem to be a valid arguments for obscuring communications in special
cases (tactical, investigative) and in general (privacy, safety) but the
latter should be accessible to transparency advocates (reporters). You solve
this with 2 encrypted channels, one for general use which has broader access,
and the other more confidential.

It sounds like law enforcement is already using a tiered system (unencrypted
and encrypted) so this is not an undue burden for them.

Then the issue is who is granted access? Anybody with a "press pass"?

~~~
whatshisface
> _You solve this with 2 encrypted channels, one for general use which has
> broader access, and the other more confidential._

Anyone who is trying to do something illicit (i.e. anyone who is involved in
creating a newsworthy situation) is just going to use the encrypted channel.
The basic problem with "tactical secrets" is that they make you more effective
against your adversaries whoever they are. Sure, when the communicators are
good then they only have evil adversaries, but if a user of the tactical
system ever does something wrong then their adversaries become _you and me_.

------
Joe8Bit
This is a _really_ interesting to read as someone not from the US.

In the UK (and all the other countries I've lived) emergency service radio
traffic has been encrypted for a _very_ long time. I was always surprised
(even shocked!) when I visited the US and could hear everything the Police
were doing.

~~~
coolspot
LEOs usually use two channels - public unencrypted and tactical encrypted.

For example police patrol would request ambulance for a car accident over
unencrypted channel, while SWAT team storming house of another streamer would
communicate over encrypted channel.

~~~
nqr
Why wouldn't they all use encrypted channels?

~~~
coolspot
In some jurisdictions they do.

Reasoning to use open channels I read about is transparency to the public and
potential benefit of having non-official first responders.

[https://www.zipscanners.com/resources/police-scanner-
encrypt...](https://www.zipscanners.com/resources/police-scanner-encryption-
explained/)

------
tyfon
The Norwegian police solved the transparency problem by tweeting the
newsworthy stuff they do.

Before they encrypted things even the SSNs of people not convicted of anything
was transmitted for all to hear and the emergency radio channels were streamed
online.

It might suck for the curious but I think privacy of the population should
trump government transparency in this case.

~~~
jstanley
> The Norwegian police solved the transparency problem by tweeting the
> newsworthy stuff they do.

How does that solve the transparency problem? They're only telling you what
they want you to hear. That's not transparency.

~~~
tyfon
Well, the stuff going over the radio doesn't really help transparency either
it just outs individuals.

There is an independent "police force" outside of the police here that handles
all "police crime". The regular police hates them and have pushed for their
disbandment from time to time.

It works pretty well, the biggest story in the news right now is an under
cover cop that got too under cover and he was caught. Open radio would neither
help nor hurt.

------
opwieurposiu
Colorado police are known for altering video evidence, and for outright
framing people for murder. Encrypting their comms will simply make it easier
to continue this behavior in the future.

[https://www.coloradoan.com/story/news/2018/12/22/mother-
man-...](https://www.coloradoan.com/story/news/2018/12/22/mother-man-fatally-
shot-fort-collins-csu-police-files-complaint-complete-body-cam-
footage/2391338002/)
[https://en.wikipedia.org/wiki/Peggy_Hettrick_murder_case](https://en.wikipedia.org/wiki/Peggy_Hettrick_murder_case)

~~~
CLETMP
You posted two stories there.

In the first one, the police department simply blurred out the face (and maybe
some gore) in the video that they released? While I disagree with this, I
don't think it's some nefarious plot lot you're suggesting. They seemed
surprisingly patient with the armed party (by US standards) and only shot him
when he charged them with a knife...

As for the second link, that's definitely a travesty of justice. That said,
the case unfolded over literally decades. I don't see how encrypting comms
would change that sad situation.

