Secure Messaging The Importance of Privacy Presented by Maine ARES Prepared By Bryce Rumery, K1GAX Maine ARES Section Emergency Coordinator
Secure Messaging First and foremost; First and foremost; –There is no mode of amateur radio that is secure Per Part 97 ( Prohibited Transmissions (a,4)) –Music using a phone emission except as specifically provided elsewhere in this Section; communications intended to facilitate a criminal act; messages in codes or ciphers intended to obscure the meaning thereof, except as otherwise provided herein; obscene or indecent words or language; or false or deceptive messages, signals or identification –Amateur radio should never be used to transmit messages that contain sensitive information
Some amateurs believe that some modes of amateur radio are quasi-secure Some amateurs believe that some modes of amateur radio are quasi-secure –Such as Digital Modes CW –These modes can be easily intercepted with a moderate expense Secure Messaging
What is sensitive information? What is sensitive information? –Information that if improperly released could be reasonably expected to have a negative impact on a person or institution
Some examples of sensitive information Some examples of sensitive information –Social Security Numbers –Credit Card Numbers/Bank Account Numbers –Medical Information –Casualty Information –Prescription Information –A Person’s Name and Address –Family Information –Financial Information –User Names/Passwords Secure Messaging
What is the impact of improper release of sensitive information What is the impact of improper release of sensitive information –Persons or institutions may be embarrassed –Persons or institutions may be negatively impacted for a substantial period of time –The costs of correcting the improper release of the information may be staggering Secure Messaging
Consequences of transmitting sensitive information over non-secure means Consequences of transmitting sensitive information over non-secure means –Sender can be held Criminally responsible –Under State and Federal Statutes Civilly responsible –Can face civil lawsuits and liable to civil judgments Secure Messaging
Who can be held responsible Who can be held responsible –The originator of the message The organization The actual message originator –The transmitter of the information Secure Messaging
What are insecure transmission means What are insecure transmission means –Any communications method that may be easily intercepted by the general public Such as –Amateur radio –Non-secure radio –Analog cell phone Secure Messaging
What are secure means of transmission What are secure means of transmission –Telephone –Fax –Digital Cell Phone –Encrypted –Encrypted Radio –Courier Secure Messaging
Understand that Understand that –During a disaster, many disaster relief volunteers often do not understand What sensitive information entails That amateur radio is not a secure means of communication –They probably know nothing about amateur radio Secure Messaging
Understand that Understand that –The general public usually knows little or nothing about amateur radio They may ask you to transmit sensitive information on their behalf Secure Messaging
Mechanisms must be in place to avoid the release of sensitive information over non- secure communications means at all levels Mechanisms must be in place to avoid the release of sensitive information over non- secure communications means at all levels –Organizations must be aware and watchful –Message originators must be aware and avoid the release –Message senders must be mindful of sensitive information Secure Messaging
If possible, find out what policies and procedures a served agency has in place regarding the protection of sensitive information before actually responding to a disaster. If possible, find out what policies and procedures a served agency has in place regarding the protection of sensitive information before actually responding to a disaster. –For example The American Red Cross prohibits the transmission of shelter resident lists over non-secure communications means Secure Messaging
Ask during a pre-deployment briefing what the policies are. Insist on getting them before you deploy. Ask during a pre-deployment briefing what the policies are. Insist on getting them before you deploy. Secure Messaging
It is wise for us to practice the concept of COMSEC. It is wise for us to practice the concept of COMSEC. –COMSEC is a military term –COMSEC stands for Communications Security –COMSEC is the avoidance of the release of potentially damaging information via non- secure communications means –COMSEC can be easily applied to the release of sensitive information over non-secure means in the civilian world Secure Messaging
–Be sure to think COMSEC in all of your communications –Practice COMSEC no matter what your message might be Secure Messaging
How can the amateur radio operator protect him or herself from the improper release of sensitive information How can the amateur radio operator protect him or herself from the improper release of sensitive information –Read each message before transmitting it –Identify sensitive information that may be contained in the message When in doubt, consider something sensitive information –Bring it to the attention of the message originator Secure Messaging
When returning a message to the message originator When returning a message to the message originator –Be diplomatic –Identify the sensitive information –Remind the originator that amateur radio is never secure –Ask the message originator to use a secure means of communications Help them identify a secure means of communications, if necessary Secure Messaging
If the message originator insists you transmit the sensitive information via a non-secure means If the message originator insists you transmit the sensitive information via a non-secure means –Protect yourself Have the message originator sign a release form –Releasing you from responsibility and liability –The message originator acknowledges they are aware that the message contains sensitive information –The message originator understands that amateur radio is a non-secure means of communications –The message originator takes full responsibility for the message content –The message originator directs you to send the message Secure Messaging
If the message originator insists you transmit the sensitive information via a non-secure means If the message originator insists you transmit the sensitive information via a non-secure means –Always have release forms with you –Be sure to get everything in writing Do not expect the message originator to back you up if they could be expected to get in trouble –Most of the time they will protect themselves before protecting you Secure Messaging
If the message originator insists you transmit the sensitive information via a non-secure means If the message originator insists you transmit the sensitive information via a non-secure means –If the message originator refuses to sign the release form, simply refuse to send the message –Document your action Secure Messaging
In summary In summary –Be aware of sensitive information –When in doubt, air on the side of caution –Practice COMSEC –Never transmit sensitive information over non-secure communications channels –Always get everything in writing Secure Messaging
When in doubt, always protect yourself Presented by Maine ARES Secure Messaging