Secure Messaging The Importance of Privacy Presented by Maine ARES Prepared By Bryce Rumery, K1GAX Maine ARES Section Emergency Coordinator

Secure MessagingSecure Messaging

The Importance of PrivacyThe Importance of Privacy

Presented by Maine ARES

Prepared By Bryce Rumery, K1GAX

Maine ARES Section Emergency Coordinator


First and foremost;First and foremost;– There is There is nono mode of amateur radio that is mode of amateur radio that is

securesecure Per Part 97 (97.113 Prohibited Transmissions (a,4))Per Part 97 (97.113 Prohibited Transmissions (a,4))

– Music using a phone emission except as specifically Music using a phone emission except as specifically provided elsewhere in this Section; communications provided elsewhere in this Section; communications intended to facilitate a criminal act; intended to facilitate a criminal act; messages in codes messages in codes or ciphers intended to obscure the meaning thereof, or ciphers intended to obscure the meaning thereof, except as otherwise provided hereinexcept as otherwise provided herein;; obscene or obscene or indecent words or language; or false or deceptive indecent words or language; or false or deceptive messages, signals or identification messages, signals or identification

– Amateur radio should Amateur radio should nevernever be used to be used to transmit messages that contain sensitive transmit messages that contain sensitive informationinformation

Some amateurs believe that some Some amateurs believe that some modes of amateur radio are quasi-modes of amateur radio are quasi-securesecure– Such asSuch as

Digital ModesDigital Modes CWCW

– These modes can be easily intercepted These modes can be easily intercepted with a moderate expensewith a moderate expense



What is sensitive information?What is sensitive information?– Information that if improperly released Information that if improperly released

could be reasonably expected to have a could be reasonably expected to have a negative impact on a person or negative impact on a person or institutioninstitution

Some examples of sensitive informationSome examples of sensitive information– Social Security NumbersSocial Security Numbers– Credit Card Numbers/Bank Account Credit Card Numbers/Bank Account

NumbersNumbers– Medical InformationMedical Information– Casualty InformationCasualty Information– Prescription InformationPrescription Information– A Person’s Name and AddressA Person’s Name and Address– Family InformationFamily Information– Financial InformationFinancial Information– User Names/PasswordsUser Names/Passwords


What is the impact of improper What is the impact of improper release of sensitive informationrelease of sensitive information– Persons or institutions may be Persons or institutions may be

embarrassedembarrassed– Persons or institutions may be negatively Persons or institutions may be negatively

impacted for a substantial period of timeimpacted for a substantial period of time– The costs of correcting the improper The costs of correcting the improper

release of the information may be release of the information may be staggering staggering


Consequences of transmitting Consequences of transmitting sensitive information over non-sensitive information over non-secure meanssecure means– Sender can be heldSender can be held

Criminally responsibleCriminally responsible– Under State and Federal StatutesUnder State and Federal Statutes

Civilly responsibleCivilly responsible– Can face civil lawsuits and liable to civil Can face civil lawsuits and liable to civil

judgments judgments


Who can be held responsibleWho can be held responsible– The originator of the messageThe originator of the message

The organizationThe organization The actual message originatorThe actual message originator

– The transmitter of the informationThe transmitter of the information


What are insecure transmission What are insecure transmission meansmeans– Any communications method that may Any communications method that may

be easily intercepted by the general be easily intercepted by the general publicpublic Such asSuch as

– Amateur radioAmateur radio– Non-secure radioNon-secure radio– Analog cell phoneAnalog cell phone


What are secure means of What are secure means of transmissiontransmission– TelephoneTelephone– FaxFax– Digital Cell PhoneDigital Cell Phone– Encrypted E-MailEncrypted E-Mail– Encrypted RadioEncrypted Radio– CourierCourier


Understand thatUnderstand that– During a disaster, many disaster relief During a disaster, many disaster relief

volunteers often do not understandvolunteers often do not understand What sensitive information entailsWhat sensitive information entails That amateur radio is not a secure means of That amateur radio is not a secure means of

communicationcommunication– They probably know nothing about amateur radioThey probably know nothing about amateur radio


Understand thatUnderstand that– The general public usually knows little or The general public usually knows little or

nothing about amateur radionothing about amateur radio They may ask you to transmit sensitive They may ask you to transmit sensitive

information on their behalfinformation on their behalf


Mechanisms must be in place to avoid Mechanisms must be in place to avoid the release of sensitive information the release of sensitive information over non-secure communications over non-secure communications means at all levelsmeans at all levels– Organizations must be aware and watchfulOrganizations must be aware and watchful– Message originators must be aware and Message originators must be aware and

avoid the releaseavoid the release– Message senders must be mindful of Message senders must be mindful of

sensitive informationsensitive information


If possible, find out what policies and If possible, find out what policies and procedures a served agency has in procedures a served agency has in place regarding the protection of place regarding the protection of sensitive information before actually sensitive information before actually responding to a disaster.responding to a disaster.– For exampleFor example

The American Red Cross prohibits the The American Red Cross prohibits the transmission of shelter resident lists over transmission of shelter resident lists over non-secure communications meansnon-secure communications means


Ask during a pre-deployment briefing Ask during a pre-deployment briefing what the policies are. Insist on what the policies are. Insist on getting them before you deploy.getting them before you deploy.


It is wise for us to practice the It is wise for us to practice the concept of COMSEC.concept of COMSEC.– COMSEC is a military termCOMSEC is a military term– COMSEC stands for Communications COMSEC stands for Communications

SecuritySecurity– COMSEC is the avoidance of the release COMSEC is the avoidance of the release

of potentially damaging information via of potentially damaging information via non-secure communications meansnon-secure communications means

– COMSEC can be easily applied to the COMSEC can be easily applied to the release of sensitive information over non-release of sensitive information over non-secure means in the civilian worldsecure means in the civilian world


– Be sure to think COMSEC in all of your Be sure to think COMSEC in all of your communicationscommunications

– Practice COMSEC no matter what your Practice COMSEC no matter what your message might bemessage might be


How can the amateur radio operator How can the amateur radio operator protect him or herself from the protect him or herself from the improper release of sensitive improper release of sensitive informationinformation– Read each message before transmitting itRead each message before transmitting it– Identify sensitive information that may be Identify sensitive information that may be

contained in the messagecontained in the message When in doubt, consider something sensitive When in doubt, consider something sensitive

informationinformation

– Bring it to the attention of the message Bring it to the attention of the message originatororiginator


When returning a message to the When returning a message to the message originatormessage originator– Be diplomaticBe diplomatic– Identify the sensitive informationIdentify the sensitive information– Remind the originator that amateur Remind the originator that amateur

radio is never secureradio is never secure– Ask the message originator to use a Ask the message originator to use a

secure means of communicationssecure means of communications Help them identify a secure means of Help them identify a secure means of

communications, if necessarycommunications, if necessary


If the message originator insists you If the message originator insists you transmit the sensitive information via a transmit the sensitive information via a non-secure meansnon-secure means– Protect yourselfProtect yourself

Have the message originator sign a release formHave the message originator sign a release form– Releasing you from responsibility and liabilityReleasing you from responsibility and liability– The message originator acknowledges they are aware The message originator acknowledges they are aware

that the message contains sensitive informationthat the message contains sensitive information– The message originator understands that amateur The message originator understands that amateur

radio is a non-secure means of communicationsradio is a non-secure means of communications– The message originator takes full responsibility for the The message originator takes full responsibility for the

message contentmessage content– The message originator directs you to send the The message originator directs you to send the

messagemessage


If the message originator insists you If the message originator insists you transmit the sensitive information via transmit the sensitive information via a non-secure meansa non-secure means– Always have release forms with youAlways have release forms with you– Be sure to get everything in writingBe sure to get everything in writing

Do not expect the message originator to Do not expect the message originator to back you up if they could be expected to get back you up if they could be expected to get in troublein trouble

– Most of the time they will protect themselves Most of the time they will protect themselves before protecting youbefore protecting you


If the message originator insists you If the message originator insists you transmit the sensitive information via transmit the sensitive information via a non-secure meansa non-secure means– If the message originator refuses to sign If the message originator refuses to sign

the release form, simply refuse to send the release form, simply refuse to send the messagethe message

– Document your actionDocument your action


In summaryIn summary– Be aware of sensitive informationBe aware of sensitive information– When in doubt, air on the side of cautionWhen in doubt, air on the side of caution– Practice COMSECPractice COMSEC– Never transmit sensitive information Never transmit sensitive information

over non-secure communications over non-secure communications channelschannels

– Always get everything in writingAlways get everything in writing


When in doubt, always protect When in doubt, always protect yourselfyourself

Presented byPresented by

Maine ARESMaine ARES


Documents

Secure Messaging The Importance of Privacy Presented by Maine ARES Prepared By Bryce Rumery, K1GAX Maine ARES Section Emergency Coordinator