Communications Security (as good as it gets).

Beyond OPSEC.

Last month we discussed operational security (OPSEC) and why it’s important to off grid hams. As a follow up to that, it’s worthwhile to talk about how to keep your communications private. After all, operational security is very difficult without also having some form of communications security. The two concepts are components of each other.

It doesn’t really exist.

True communications security is legally impossible on amateur radio, or at least nearly so. By law, all traffic must conform to accepted standards or language. Encrypted transmissions, ciphers, or “secret codes” are not permitted. In broad terms, it means you cannot obscure or encode your transmission such that only you and specific designated individuals can understand it.

There is a fairly popular attitude in the survivalist/prepper community that when SHTF no one will bother enforcing telecommunications laws. Why not devise your own fully encrypted communications security system and go for it anyway? There is a great deal of truth to this belief. I mean, let’s be real…the FCC barely cares what happens on the ham bands right now when times are normal. Does anyone really think when the world implodes the Feds are going to run around busting operators for using illegal secret codes?

I will not endorse or encourage illegal operations but I do understand why some radio amateurs are willing to break the rules for communications security. Very few of them have malicious intent. It is a victimless “crime” as long as it does not interfere with other communications and is not used to hide other unlawful activity.

The confines of the possible.

If true communications security is off the table for legal reasons, then what can an amateur do and stay within the rules? There is good news and bad news. The good news is there are legal techniques and tactics that can greatly reduce the likelihood of your comms being heard by the wrong people. The bad news is that these methods are not truly “secure”. They merely make it difficult to find and copy your transmissions. The very dedicated and well-equipped can still figure you out.

The effectiveness of these methods rely largely on common traits of human behavior. First, that people are generally lazy and even weak precautions will dissuade most from attempting to decipher your traffic. As an offshoot of this, very few operators will make any effort to employ communications security. They will transmit in the open for all to hear. This is a manifestation of normalcy bias as we discussed in a recent OGH article. You can use other people’s normalcy bias to your advantage. Eavesdroppers will be less inclined to intercept your comms because with so much low hanging fruit, why bother? Hiding in the crowd is its own form of “security”.

Communications security: Working with what you have.

None of these methods are 100%, but they will go a long way in keeping potential OPSEC vulnerabilities to a minimum:

One time use code pads: This idea exists in many forms, but the basic principle is the same for all. Create a table of codes. The code substitutes numbers for letters, or letters or groups of letters as an alternative “alphabet”. Distribute the tables to everyone in the group. Use them in a predetermined order only one time or for a defined period of time. Doesn’t this count as an illegal code/cipher? Probably; let the lawyers figure it out. I do know there are groups out there using this method on amateur radio without trouble (so far). Survival Monkey has a very detailed white paper on how to make your own pads. Of all the methods I’m suggesting, this is the only one that is legally questionable.

Seldom used bands: Probably 95% of amateur radio traffic is on HF or 2 meters. So why not plop down on a spot where few hams ever go? In my area, 6 meters, 220 MHz, and 70 cm are ghost towns outside of the repeaters. 1.2 GHz is no man’s land almost anywhere you go.

Use a simplex frequency on one of these bands and the odds of being heard by anyone who doesn’t already know you’re there are quite slim. 220 MHz or 1.2 GHz are attractive because very few amateurs even have equipment capable of operating there. Unless you live in a major city you’ll probably have the band all to yourself and no one will have the forethought or means to listen. You can even go with a cross-band format to further evade any busybodies. Obscurity is communications security!

Uncommon/obsolete digital modes. Digital modes are like computers: There’s always something better coming along. PSK31 was The Big Deal just a few years ago. Today, it seems quaint. FT8 is the latest shiny object. Will amateurs someday add FT8 to the large collection of radio’s dead languages? Probably!

Old school protocols can provide a level of communications security simply because hardly anyone uses them. PACTOR, RTTY, AMTOR (a cousin of RTTY) and even slow-scan TV have fallen into disuse. Some software suites will not even support these protocols. They are all still legal to use. Perhaps the most obscure digital mode of all is Hellschreiber. Its origins go back to the 1920’s and it’s so offbeat that few hams have even heard of it. Hellschreiber is somewhat difficult to set up and learn, but once you’re over that curve, you’ll have a completely legal mode that almost no one else will be able to copy.

CB radio: Don’t laugh! Stay with me for a moment! CB was the 1970’s version of the cellphone and social media all rolled into one. Today, it’s an unlicensed junk band where nothing meaningful happens. It does have limited usefulness for the off grid amateur looking for communications security.

The communications security aspect is that no one takes what they hear on CB seriously. If you make your comms sound like trash talk you’ll be written off as just another whack job. CB is also useful as a “decoy band”. Fill CB with irrelevant chatter or deliberate misinformation while you conduct your legitimate business elsewhere. Be sure to mix in lots of colorful CB lingo! It’s hardly a perfect option, but with a little acting flair you can pull it off.

Zello: Zello is a free app that turns your smartphone into a walkie talkie. You can set up “groups” and only those in the group will copy the fully encrypted transmission. It requires a cellular or Wifi connection. So, although Zello does provide a very high level of communications security, it is by default not “off grid”.

GoTenna: This device is encrypted with excellent communications security. You tether your group’s cellphones to the GoTenna module via an app. From there, you can send text messages to each other. It does not require an internet or cell connection so it is off grid. On the down side, it’s expensive ($170.00-$200.00) and you can send only text messages and chat. It does not accommodate voice calls, photos, video, or email. GoTenna works on 151-154 MHz MURS frequencies. The range you get will be limited to what is possible with the MURS service.

Beartooth: The Beartooth is similar to GoTenna but also supports voice transmissions. It’s also considerably more expensive ($249.00). Beartooth does not specifically say if the transmissions are encrypted but my guess is that they are. There is also no information on the range of the device. It operates in the 900 MHz band so make of that what you want. Beartooth is off grid and does not require an internet connection.

Vaporware: Sonnet Labs is supposedly coming out with a device that is basically a much lower cost knockoff version of Beartooth. Internet connectivity is not required, but Sonnet will interface with a connection if you have one. I’m classifying it as “vaporware” because it has been offered only on preorder since 2017. A post on indiegogo dated August 16, 2019 claims the first production run of 1000 units will ship “soon”. If any OGH reader manages to get their hands on a Sonnet, please drop me an email with your real-world thoughts. On paper it’s an excellent product.

Foreign languages: You don’t necessarily have to be fully fluent in a foreign language, but if you could learn a few relevant words and phrases you can use it as a de facto “code”. During WWII, American Indian “code talkers” became heroes by passing messages in their native language. Code Talkers did not encrypt their transmissions; there was no need for it. The United States bet –correctly– that the Japanese would never figure out how to translate arcane languages that were virtually unknown outside of their respective tribes. I’m not suggesting anyone go learn Choctaw, but if you can pick up a little, say, German, I guarantee that at least in North America 99% of anyone listening will have no idea what you’re talking about.

The bottom line: You can’t always get what you want, unless you “go rogue”.

It’s important to stress that most of the methods we’ve discussed do not offer true communications security. The strategy is to make your transmissions as obscure and hard to copy as possible. Using a mode that hardly anyone else uses, or operating on bands that few people have equipment for greatly reduces the potential listening audience. That will go a good part of the way to keeping your transmissions private.

You will never really know if anyone is listening. With that in mind, be cognizant of the limits of your precautions and don’t slip into normalcy bias. Amateur radio is a public medium open to all. That makes it a very difficult environment in which to have communications security. It’s more about managing risk than having real security. Unless you’re willing to break the rules or move off amateur radio entirely, that’s the best you can do.

7 thoughts on “Communications Security (as good as it gets).

  1. randall krippner

    Thanks for the informative article, Chris. A couple of comments –

    First, your comments about the underused frequencies is very true. If you want to have a semi-private conversation, first pick frequencies that are rarely used or monitored. Around here at least 6 meters is a great wasteland except during contests or when propagation is open on the band, and even then that’s restricted to a tiny part of the band. The problem is, though, that a lot of people monitor it (with SDRs, etc.) just in case the band opens up, so activity on it will be noticed. But almost all modern HF transceivers include the 6 meter band, and it’s a great band for local communications.

    I’d think 1.25 meters (220 mHz) would be an interesting one to look at. It’s very rarely used. I can’t think of anyone locally that even has a transceiver that handles 1.25. Not many of the brand name manufacturers even make equipment for it, but the ultra-cheap Chinese disposable transceivers can (or claim they can). A quick search on Amazon turns up a half dozen or so that claim they’re 1.25 capable, some of the handhelds going for less than $75. Of course whether those ultra cheap transceivers actually work is anyone’s guess.

    The second comment is that after some of the discussions over on the Google group and my experiences with ARES, I’ve come to the conclusion that anything that adds additional layers of complexity and technology is probably not a good idea, at least not in a SHTF situation. Either they’re dependent on external systems like cellular systems that can’t be depended on, or they’re expensive, or they’re difficult to set up and operate, etc. Any time more technology is added to a problem, it seems to also add still more problems – more equipment that can break, additional expense for people who are already on a tight budget, more complex systems that have to be learned, etc. Modern transceivers have a host of wonderful features, but they all add increased complexity to the system, making them harder for the average person to use. When I was (briefly) chief radio officer for an ARES group I quickly found out that an embarrassingly large number of people had problems working with their own equipment. And that wasn’t entirely their fault, either. The radios had so many features, so many menus to work through, etc. that doing something as simple as adding a repeater was an exercise in frustration.

    Anyway, again, thanks for the article, Chris. Very informative, as usual 🙂

    Reply
    1. Chris Warren Post author

      Hi Randall, digital voice modes like DSTAR and Fusion depend largely on the internet, which means they are really not “off grid”. I’m not convinced it’s even real radio. Why not just use Skype? What’s the difference? These modes can be used without the internet, but in that case much of the functionality is lost and it becomes just a glorified simplex radio.

      Data modes are also useful, but as you correctly point out it adds layers of complexity. For off grid hams, it also means coming up with a way to power everything, and portable operators must lug the extra gear along. I enjoy data modes under the right conditions but technology just for the sake of technology is a dead end. At some point there are diminishing returns.

      This illustrates the difference between off grid hams and everyone else. Off grid hams have no tolerance for vanity projects. If it’s not practical and comes with a clear cost vs. benefit advantage, then the idea gets dumped. I try a lot of projects that are fun and interesting but do not apply well to off grid radio. Those ideas do not make it onto my blog.

      Thanks for your comment; I hope to hear from you again soon!

      Reply
      1. Bob

        I beg to differ but D-Star and Fusion do NOT have to rely on the internet. They are full digital modes that we use here on simplex 90% of the time. Very few of us use the internet for most communications with D-Star and Fusion. We can use D-Star on 220 simplex, on any obscure HF frequency, on 1.2 Gig…..very private!

        Reply
        1. Chris Warren Post author

          Hi Bob, thanks for your comment. I’m not sure we really “differ” because I did not say DSTAR and Fusion have to rely on the internet. All I said was that the internet is needed to use the full capabilities of the mode. Of course, you can always use them for simplex. The transmissions are not encrypted and will not truly be “private”. Anyone with the appropriate equipment can listen in. There is an element of privacy in that not a lot of people have DSTAR or Fusion-capable equipment. This places digital voice modes in the same bucket with the other methods I describe in my article: Not truly secure, but just enough hassle to copy that most other stations won’t bother. If you can run digital voice on 220 or 1.2, you’ll be in very good shape. Thanks again for your insight; I hope you’ll stop by again soon.

          Reply
          1. randall krippner

            The biggest problem with things like D-Star and Fusion and similar systems is that they require special equipment that a lot of people aren’t going to have access to. I was with ARES when Yaesu was really pushing its Fusion system. I had one of the first 400DR transceivers (several of ’em, in fact) in the county and was impressed with it, as were several people in ARES, including the county’s director of emergency management who was also a ham. We considered adopting Fusion for the county ARES group because it had a lot of features that would have been extremely useful for us and the EM’s office. It was finally decided to stick with good old analog equipment for a lot of reasons, mostly because of interoperability problems between different brands of equipment. All those fancy digital features that Fusion offered weren’t worth a tinker’s damn because we couldn’t use ’em because we had to maintain communications with volunteers in the field who wouldn’t have the equipment, with other agencies who wouldn’t have the equipment, etc.

            Anyway, this week I hope I’ll have the time to finally get the Yaesu 818 working with the laptop so I can get it running FT8 and JS8Call! HRD tells me my license lets me run the software on up to 5 computers so I’ll probably install that on there as well. Now I’m going through the archives here looking at solar power and battery options to keep the whole thing running when I go out in the field with it 🙂

  2. Bob

    Randy,

    Thanks for the clarification.
    I agree with you on the ARES situation. You have to stick with what ever the majority of the users are using….makes sense.

    I was at one of the meetings with W9PCI during the time you mention.
    I was there at Arlen’s request as an experienced digital user and noticed all of the Fusion picks (no D*) of the group but also observed that there was not much acceptance of the digital modes for their overall usage..

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *