Last month we discussed operational security (OPSEC) and why it’s important to off grid hams. As a follow up to that, it’s worthwhile to talk about how to keep your communications private. After all, operational security is very difficult without also having some form of communications security. The two concepts are components of each other.
It doesn’t really exist.
True communications security is legally impossible on amateur radio, or at least nearly so. By law, all traffic must conform to accepted standards or language. Encrypted transmissions, ciphers, or “secret codes” are not permitted. In broad terms, it means you cannot obscure or encode your transmission such that only you and specific designated individuals can understand it.
There is a fairly popular attitude in the survivalist/prepper community that when SHTF no one will bother enforcing telecommunications laws. Why not devise your own fully encrypted communications security system and go for it anyway? There is a great deal of truth to this belief. I mean, let’s be real…the FCC barely cares what happens on the ham bands right now when times are normal. Does anyone really think when the world implodes the Feds are going to run around busting operators for using illegal secret codes?
I will not endorse or encourage illegal operations but I do understand why some radio amateurs are willing to break the rules for communications security. Very few of them have malicious intent. It is a victimless “crime” as long as it does not interfere with other communications and is not used to hide other unlawful activity.
The confines of the possible.
If true communications security is off the table for legal reasons, then what can an amateur do and stay within the rules? There is good news and bad news. The good news is there are legal techniques and tactics that can greatly reduce the likelihood of your comms being heard by the wrong people. The bad news is that these methods are not truly “secure”. They merely make it difficult to find and copy your transmissions. The very dedicated and well-equipped can still figure you out.
The effectiveness of these methods rely largely on common traits of human behavior. First, that people are generally lazy and even weak precautions will dissuade most from attempting to decipher your traffic. As an offshoot of this, very few operators will make any effort to employ communications security. They will transmit in the open for all to hear. This is a manifestation of normalcy bias as we discussed in a recent OGH article. You can use other people’s normalcy bias to your advantage. Eavesdroppers will be less inclined to intercept your comms because with so much low hanging fruit, why bother? Hiding in the crowd is its own form of “security”.
Communications security: Working with what you have.
None of these methods are 100%, but they will go a long way in keeping potential OPSEC vulnerabilities to a minimum:
One time use code pads: This idea exists in many forms, but the basic principle is the same for all. Create a table of codes. The code substitutes numbers for letters, or letters or groups of letters as an alternative “alphabet”. Distribute the tables to everyone in the group. Use them in a predetermined order only one time or for a defined period of time. Doesn’t this count as an illegal code/cipher? Probably; let the lawyers figure it out. I do know there are groups out there using this method on amateur radio without trouble (so far). Survival Monkey has a very detailed white paper on how to make your own pads. Of all the methods I’m suggesting, this is the only one that is legally questionable.
Seldom used bands: Probably 95% of amateur radio traffic is on HF or 2 meters. So why not plop down on a spot where few hams ever go? In my area, 6 meters, 220 MHz, and 70 cm are ghost towns outside of the repeaters. 1.2 GHz is no man’s land almost anywhere you go.
Use a simplex frequency on one of these bands and the odds of being heard by anyone who doesn’t already know you’re there are quite slim. 220 MHz or 1.2 GHz are attractive because very few amateurs even have equipment capable of operating there. Unless you live in a major city you’ll probably have the band all to yourself and no one will have the forethought or means to listen. You can even go with a cross-band format to further evade any busybodies. Obscurity is communications security!
Uncommon/obsolete digital modes. Digital modes are like computers: There’s always something better coming along. PSK31 was The Big Deal just a few years ago. Today, it seems quaint. FT8 is the latest shiny object. Will amateurs someday add FT8 to the large collection of radio’s dead languages? Probably!
Old school protocols can provide a level of communications security simply because hardly anyone uses them. PACTOR, RTTY, AMTOR (a cousin of RTTY) and even slow-scan TV have fallen into disuse. Some software suites will not even support these protocols. They are all still legal to use. Perhaps the most obscure digital mode of all is Hellschreiber. Its origins go back to the 1920’s and it’s so offbeat that few hams have even heard of it. Hellschreiber is somewhat difficult to set up and learn, but once you’re over that curve, you’ll have a completely legal mode that almost no one else will be able to copy.
CB radio: Don’t laugh! Stay with me for a moment! CB was the 1970’s version of the cellphone and social media all rolled into one. Today, it’s an unlicensed junk band where nothing meaningful happens. It does have limited usefulness for the off grid amateur looking for communications security.
The communications security aspect is that no one takes what they hear on CB seriously. If you make your comms sound like trash talk you’ll be written off as just another whack job. CB is also useful as a “decoy band”. Fill CB with irrelevant chatter or deliberate misinformation while you conduct your legitimate business elsewhere. Be sure to mix in lots of colorful CB lingo! It’s hardly a perfect option, but with a little acting flair you can pull it off.
Zello: Zello is a free app that turns your smartphone into a walkie talkie. You can set up “groups” and only those in the group will copy the fully encrypted transmission. It requires a cellular or Wifi connection. So, although Zello does provide a very high level of communications security, it is by default not “off grid”.
GoTenna: This device is encrypted with excellent communications security. You tether your group’s cellphones to the GoTenna module via an app. From there, you can send text messages to each other. It does not require an internet or cell connection so it is off grid. On the down side, it’s expensive ($170.00-$200.00) and you can send only text messages and chat. It does not accommodate voice calls, photos, video, or email. GoTenna works on 151-154 MHz MURS frequencies. The range you get will be limited to what is possible with the MURS service.
Beartooth: The Beartooth is similar to GoTenna but also supports voice transmissions. It’s also considerably more expensive ($249.00). Beartooth does not specifically say if the transmissions are encrypted but my guess is that they are. There is also no information on the range of the device. It operates in the 900 MHz band so make of that what you want. Beartooth is off grid and does not require an internet connection.
Vaporware: Sonnet Labs is supposedly coming out with a device that is basically a much lower cost knockoff version of Beartooth. Internet connectivity is not required, but Sonnet will interface with a connection if you have one. I’m classifying it as “vaporware” because it has been offered only on preorder since 2017. A post on indiegogo dated August 16, 2019 claims the first production run of 1000 units will ship “soon”. If any OGH reader manages to get their hands on a Sonnet, please drop me an email with your real-world thoughts. On paper it’s an excellent product.
Foreign languages: You don’t necessarily have to be fully fluent in a foreign language, but if you could learn a few relevant words and phrases you can use it as a de facto “code”. During WWII, American Indian “code talkers” became heroes by passing messages in their native language. Code Talkers did not encrypt their transmissions; there was no need for it. The United States bet –correctly– that the Japanese would never figure out how to translate arcane languages that were virtually unknown outside of their respective tribes. I’m not suggesting anyone go learn Choctaw, but if you can pick up a little, say, German, I guarantee that at least in North America 99% of anyone listening will have no idea what you’re talking about.
The bottom line: You can’t always get what you want, unless you “go rogue”.
It’s important to stress that most of the methods we’ve discussed do not offer true communications security. The strategy is to make your transmissions as obscure and hard to copy as possible. Using a mode that hardly anyone else uses, or operating on bands that few people have equipment for greatly reduces the potential listening audience. That will go a good part of the way to keeping your transmissions private.
You will never really know if anyone is listening. With that in mind, be cognizant of the limits of your precautions and don’t slip into normalcy bias. Amateur radio is a public medium open to all. That makes it a very difficult environment in which to have communications security. It’s more about managing risk than having real security. Unless you’re willing to break the rules or move off amateur radio entirely, that’s the best you can do.