Police Radio Encryption: Not Secure, A Transparency Failure, A Public Safety Nightmare

... #ad▼

Ask any security expert, and they’ll mention PRINCIPLE ONE: A security system is only as strong as it’s weakest link. Some police departments around the world are choosing to encrypt their radio communications. Some police departments deliberately keep their channels open, and some even provide a feed on the Internet and/or make the communications available on Apple iPhone apps or Android operating system apps. However, some departments are concerned about cell phone apps threatening the security of their police officers or allowing criminals to get a leg up on police to avoid capture. Enter police radio encryption, which prevents citizens and the news media from listening to police communications on scanners. Some police departments are securing all channels, and some are securing only tactical channels, such as communication channels that involve drug enforcement operations, gang enforcement operations, stakeout operations and SWAT operations.

Encrypted channels are a good tool for small groups with temporary operations, but encrypted channels are not safe for everyday wide area use.

Most police officers in an open radio system understand that interested citizens and criminals listen to their communications. When there is need for sensitive information to be communicated, they switch to limited one-to-one communications methods, such as a phone call or a text message with an onboard computer or mobile data terminal in the police car. The only secure way to transmit sensitive information by voice is to communicate to a phone speaker held to the ear; not a speakerphone or radio speaker. Any criminal in the backseat of a police car or in close proximity to a police officer can hear radio communications on the police officers personal radio or squad car radio. Even bystanders at the scene of an accident scene or at an arrest can hear the communications broadcast on radio speakers, whether they are encrypted or not. Any sensitive information transmitted on a radio system, whether it is encrypted or not, can be exposed to all sorts of opportunities for breached security when it is broadcast simultaneously to multiple police officers — sometimes in multiple departments. Security is only as strong as its weakest link.

In fact, the APX 7000 offers the loudest, clearest audio of any portable radio on the market -— 50% louder than comparable radios in its class.

— Motorola brochure “Meet the APX™ 7000 Multiband Portable: The Radio Created to Keep You Safer

It is far more dangerous for a police officer to believe his or her radio transmission is secure, when that secure transmission can be overheard by a bystander on another police officer’s radio speaker or when some form of security breach is implemented. Faith in the “safety” of encryption is likely to result in more police officers speaking freely about sensitive topics that they still shouldn’t be discussing on a radio with multi-point listeners. It would be safer for police to communicate sensitive operations one-to-one or on temporary small group channels that aren’t broadcast on main common channels.

Another possibility for security breach is the chance that the sophisticated encryption can be decoded. Motorola, the main supplier of encrypted radios, reports that it is impossible to break their AES 256 feature, as their encryption keys are very complex and can change daily. Claims are made that even if the encryption were defeated, a new code generated would require the decryption hackers to start all over again. However, there are already reports of hackers that have purchased Motorola radios, who are attempting to crack the encryption with multiple computers and specialized software. Hacking encrypted radio signals is illegal, so it is unlikely that any criminals will be bragging about listening to the local police dispatches.

Another scenario is dirty cops that belong to a tactical team that keep their radios with them at all times. How about a cop going through a divorce, behind on a mortgage, or a cop who needs cash? The encrypted radio communications with the inclination toward voice communications of a more sensitive nature would be a hot commodity for criminals. In exchange for cash, the dirty cop could provide just what organized crime needs: non-technical or technical solutions to circumventing the encrypted radios. There are ways to relay the radio communications by telephone to criminals — just leave a cell phone communication open and place the cell phone in front of the radio while the criminals go to work, listening on the other end. A more technical solution would be to provide a private stream over the Internet or via specialized webcam apps with audio.

How about stolen police radios? Or fire radios? Occasionally the $5,000 radios are lost in grocery carts, misplaced and fallen off the bumpers of fire engines, and other places. Sometimes firefighters even leave their garage bay doors open about one foot to keep the bay ventilated in the summer while they sleep overnight. It would be easy for a crook to roll their body under the door and steal a radio from a fire vehicle. The radios have GPS devices that can locate the latitude and longitude of the radio. Therefore administrators would not be in a hurry to “brick” or disable the expensive radio. They would use the GPS to attempt to locate the radio — leaving more time for the crook to listen in. A “smart” and determined crook would keep moving or head for a high-rise building where GPS can’t pinpoint vertical space.

Bottom line? With an open radio system, police are usually smart enough to be discrete with their voice communications. They should always be on guard. If they’re not on guard, and sensitive information gets out, they’re in greater danger.

Another problem with encrypted radio is a technical issue that can cause radio failure. The current state of the art radios use digital technology — most commonly Project 25 (P25 or APCO-25), which is a Homeland Security standard for federal, state/province and local public safety agencies in North America. The digital transmission needs to be decoded by the receiving radio. Current expensive police scanners — legally available to the public in Illinois — can decode those digital transmissions, just like the actual police radios. Some people mistakenly believe this digital technology is encryption, but it is not. Encryption is another layer of decoding that is added as a security measure. When an unencrypted digital signal is weak it becomes distorted. It is often very difficult to understand the distorted communication, and is sometimes impossible. Police and firefighters know where these weak areas or dead spots are in their communities. With encryption, it is possible that the complex encryption key code will not come across the airwaves completely with the voice transmission, and then the voice will not be accepted by the receiving radio. Instead of digital distortion being heard by the receiving parties, nothing will be heard at all. At least with unencrypted digital distortion, the receiving party can tell something is being communicated, and might even be able to detect urgency in the tone of the distorted voice or a few important words from the distorted voice. But with encryption, the communication may be completely silenced.

A Security Analysis of the APCO Project 25 Two-Way Radio System.

There are security problems involving temporary lapse of encryption, and jamming of the P25 radios. There is a technical paper by a university security technology expert that describes using a toy communications device to jam P25 radios. According to University of Pennsylvania researchers, a modified GirlTech IMME, Mattel’s pink instant-messaging device with a miniature keyboard that’s marketed to pre-teen girls, was shown to disrupt sensitive radio communications used by every major federal law enforcement agency, and many police agencies. The modified toy was also able to take advantage of a vulnerability in the P25 system radios that provides a convenient means for a hacker or an attacker to continuously track the location of a radio’s user — namely a police officer. The researchers also reported that jamming the P25 system could be done at relatively low power, and that a determined attacker could focus on encrypted transmissions to force users to transmit in the clear — unencrypted.

The traffic we monitored routinely disclosed some of the most sensitive law enforcement information that the government holds, including: Names and locations of criminal investigative targets, including those involved in organized crime … Information relayed by Title III wiretap plants … Plans for forthcoming arrests, raids and other confidential operations … On some days, particularly weekends and holidays, we would capture less than one minute, while on others, we captured several hours. We monitored sensitive transmissions about operations by agents in every Federal law enforcement agency in the Department of Justice and the Department of Homeland Security. Most traffic was apparently related to criminal law enforcement, but some of the traffic was clearly related to other sensitive operations, including counter-terrorism investigations and executive protection of high ranking officials.

— Matt Blaze, Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, and Kevin Xu; authors of “A Security Analysis of the APCO Project 25 Two-Way Radio System”

The encryption in government radio was observed to be temporarily disabled somehow and allowed outsiders to listen to sensitive information. The researchers reported the problems to the appropriate government agencies.

A P25 system that is encrypted could attract the attention of hackers and anarchists who would want to use jamming devices just to protest the lack of transparency of the government — specifically encrypted police radios.

Naperville’s official city website was hacked and brought down in October 2012, which resulted in a cost of $670,000 to restore the website. The police and fire departments use the website to publish media releases, which were delayed for a period of weeks while the website was down. Earlier in 2012, Naperville’s public safety radios became silent to the public when they switched over to a proprietary system “OpenSky” by Harris Corporation. Problems in Naperville public safety communications have occurred, but have not been as serious as in other cities. The Harris Corporation’s radios failed during a visit by President Barack Obama in Oakland, they have received much criticism in Milwaukee’s police department, and were dumped after a waste of a $42 million in a failed attempt to install the radios in Las Vegas. Too many dead spots.

Interesting note: Nokia Siemens Networks is working on mobile broadband technology and testing it in downtown Arlington Heights. Their vans — packed with electronic testing equipment — are frequently reported as suspicious vehicles around town. The technology or a similar technology could make P25 obsolete.

In New Orleans; Jefferson, St. Bernard and Plaquemines parishes are preparing to encrypt all emergency radios this month or in January 2013. Ironically, a New Orleans police officer and union president is concerned by the lack of transparency with encryption, noting the difference between allowing the media and citizens to observe what is happening and to being told what is happening.

“If you don’t get it in real time, then you’re relying on what you’re told happened instead of being there to see what’s happening … At a time when the NOPD is preparing to implement an unprecedented consent decree governing reforms at an agency that has been plagued by complaints of misconduct and excessive use of force”

— NOPD Commander Mike Glasser (Police Association of New Orleans)

Encrypting the radios is likely to increase mistrust of police officers by average citizens and troublemakers. Citizens have a very strong interest in how police operations work, what is legal, what kind of crime is occurring in neighborhoods, etc. Crime maps and sanitized reports that are three days old do not have the truth value of real-time communications involving operations of police and fire departments.

“It is, in fact, the manner in which police operate that has come under so much scrutiny and been the subject of so much criticism. I think it’s important the media — and the public, through the media — can view how police address the problems they’re faced with in real time so they have an accurate appreciation of what is working and what isn’t.”

— NOPD Commander Mike Glasser (Police Association of New Orleans)

One of the biggest dangers of encrypted radios and the lack of real-time awareness of police operations is the introduction of corruption into the police department. Lack of public oversight by citizens and media reporters listening to scanners can create opportunities for corrupt police officers — especially administrators. There is greater opportunity for cover-ups, framing, bribes, or police brutality. It is the honest cop that would suffer the most, as power-hungry administrators could develop their power centers by keeping subordinate officers and the public in the dark. It is not unheard of for a rich and powerful lawyer or other influential people in a communitiy to exert their influence over police departments and have police officers re-write the case with small details omitted, or to have the police report written to protect their children’s offenses or their own offenses, or their clients’ offenses (e.g., omitting evidence, disregarding testimonies, omitting observations at the scene, omitting vehicle license plates that were at the scene and so much more). It’s a little harder to re-write the case when police and the lawyer know that 100 witnesses may have heard the case on a police scanner or may have been at the scene of the crime.

It is also easier for police departments and fire departments to hide errors in procedures or operational deficiencies when public safety radio communications can not be monitored by the public. If there is a problem, such as a delayed response of ambulances because of 9-1-1 center software glitches as happened last July 2012 at Northwest Central Dispatch System in Arlington Heights, these problems can be hidden from the public when public safety radios are encrypted.

Photo taken Friday, December 14, 2012 at 9:59 a.m. by Shannon Hicks, associate editor and photographer for the Newtown Bee, Newtown, Connecticut’s local paper. Parents and relatives of at least about 10 children — maybe more — were relieved after seeing this photograph.

In times of disasters, storms, or high profile crimes, such as mass shootings, real time information is crucial, and may even save lives. There is no way that reverse 9-1-1 can notify a large number of citizens of a disaster with instructions when the scope of citizens affected is beyond the size of a small city block. Chlorine gas escaping from a ruptured railroad tanker car, for example, can cause fatal lung damage or permanently scarring lung damage in seconds. Police and fire scanners are very important for obtaining real time information in situations when hostile threats, hazardous materials, flooding, power outages and storm damage needs to be known.

Terrorists could even learn to take advantage of vulnerabilities created by encrypted public safety radio systems with their lack of realtime awareness of media and the public.

Citizens want safety and support of normal activities of daily living from their government — not over-reactions and false alarms and unnecessary fear. In a recent homicide case in Arlington Heights involving a pursuit of the murder suspect, local schools relied on scanner reports from Arlingtoncardinal.com while they were in lockdown. At first some schools thought the suspect was in the immediate area, but they learned from The Cardinal that the suspect was nowhere near the Arlington Heights schools. The schools remained in lockdown until released by an appropriate Arlington Heights Police Department order, but there was some relief and an improved ability to plan how the day’s activities would proceed by knowing the suspect was not near the school, and by knowing the situation in real time.

Simply put: Police and firefighter priorities are catching the criminal and putting out the fire — but in both cases public safety or protecting the lives of the public take ultimate priority. For the police, protecting peoples’ lives is preferred to take priority over apprehending the criminal or carrying out the investigation. For firefighters, rescuing people from burning buildings is preferred to take priority over extinguishing the fire. A respectable news outlet’s priority is to break public safety news as quickly and as accurately as possible. Sometimes the news media might provide information that prevents further damage and fatalities. Sometimes the news media communicates information that offers relief from worry.

Shannon Hicks, associate editor and photographer for Newtown, Connecticut’s local paper, The Newtown Bee, stopped her 2006 Jeep Wrangler off the road just outside Sandy Hook Elementary school to start reporting on the Sandy Hook Elementary School mass shooting. She responded to a radio dispatch heard over a local police scanner.

Hicks later said the picture of students exiting the scene captured a feeling of relative safety for the subjects and their families.

“I’ve heard from a few adults who anonymously called us [at The Newton Bee], and said it was very, very wrong to publish that one photograph [above]. But I’ve also had people come up to me — mothers in particular — who’ve said that the photograph was important because it showed that those children were safe.”

— Shannon Hicks, Associate Editor and Photographer for The Newton Bee

Encrypted radios also cutoff assistance from citizens and off-duty public safety personnel. The routine police officer, firefighter and private citizen that is dedicated enough to listen to a scanner to be aware or contribute to public safety information is cutoff from public safety communications in an encrypted system. General awareness by off duty personnel and neighboring police departments that are not part of the encrypted system is eliminated. Off duty police or private citizens who might be aware of armed suspects at large in an unencrypted system can no longer report sightings of these suspects because of lack of awareness in an encrypted system.

When the Tylenol murders occurred in 1982 in Chicagoland, it was the “luck” of two off duty firefighters listening to police/fire scanners that hastened the discovery of cyanide as the culprit in the sudden deaths that started occurring on September 29, 1982. They recognized similarity in deaths in Arlington Heights and a death in Elk Grove Village. Off-duty Arlington Heights Fire Department lieutenant Philip Cappittelli and Elk Grove Village firefighter Richard Keyworth (during a discussion as friends about fire and police radio communications they heard on their personally-owned public safety scanners) recognized that the mysterious deaths in Arlington Heights and Elk Grove Village all involved Tylenol and reported their discovery to people at the center of the investigation. Tylenol from the scene was tested and cyanide was detected after Arlington Heights fire officer Chuck Kramer and Village of Arlington Heights nurse Helen Jensen rushed to the Janus victims’ home in Arlington Heights to recover the suspected bottle of Tylenol. The contents tested positive for cyanide. Tylenol was immediately taken off store shelves, which may have saved hundreds more lives.

Police officers working in several communities with unincorporated areas that are served by the Cook County Sheriff’s police department can not listen in on the Cook County Sheriff’s deputies because Cook County Sheriff police radios are encrypted on all channels. Off the record, local village or city police officers have complained that they respond to calls for backup without realtime awareness of what is happening. The Cook County Sheriff’s police dispatch gets the realtime 9-1-1 information. The backup police officers from communities get delayed information relayed from their community’s dispatch center– sometimes with inaccuracies during the third party communications. Even without the request for backup, local police officers prefer to be able to monitor the county frequency to gauge the criminal activity that the Cook County Sheriff’s deputies are responding to in unincorporated areas, especially to be prepared if the criminal activity or a pursuit is about to spill over into the incorporated areas.

Breaking news stories bring a striking number of readers to view a news publication. Today, people share their own reports and the reports they read from news media via Facebook and Twitter. More than ever, it is important that news media doesn’t feed on inaccuracies and exaggerations. Police and fire scanner communications provide the most accurate possible information during a developing public safety incident. Facebook and Twitter have the potential to compound inaccurate public safety incident information as incorrect messages spread like wildfire. Keeping people in the dark by restricting real time emergency communications while an event such as a mass shooting, a major fire, a major accident, major storm event or other event is happening is not an option. Many people believe that leaders that do not understand the importance of public awareness in an emergency should be removed from their positions. The public is not likely to accept any lack of information that they may need for their own safety, for their understanding of how well a disaster was managed, and for their future involvement in community decisions regarding government policies in public safety, such as allocation of resources, response times, response effectiveness, gun laws, security measures, and safety policies in their communities.

In the successful democracy of the American political system, the fourth branch of government refers to a group that influences the three branches of government defined in the American Constitution (legislative, judicial, and executive). Fourth branch groups can include the press (also known the Fourth Estate), the people, and interest groups.

The Fourth Estate is historically a societal or political force or institution whose influence is not consistently or officially recognized. “Fourth Estate” most commonly refers to the news media. The concept of the media or press as a fourth branch of government stems from a belief that the news media’s importance in informing the populace is essential to the healthy functioning of the democracy.

Official Chicago Fire Department Media Relations
Tweet announcing fire communications will be in “Clear”
(unencrypted) after a switch to digital radio.

Police and firefighters can even use the their public safety radios as a tool as part of their community relations and public education. As mentioned earlier, some police departments have their own apps for listening to their emergency communications. The app also features real-time crime maps, police department news, instant alerts, and the ability to submit crime tips (See Santa Cruz Police app)

Regarding police officials that are afraid of criminals that use apps to evade police, law enforcement agencies can temporarily use alternative methods of dispatch to catch criminals. It is lazy for police not to have their cell phones organized with direct dial by police beat so they can be rapidly used as an alternative method of dispatch by phone call or mass text messages.

With cell phone forensics, police can use the suspect’s cell phone information as evidence. If a car burglar or residential burglar is using a police scanner app while committing burglaries, the cell phone forensic data could pinpoint their location within a couple of meters of the crime scene.

Using encryption on public safety radio is another example of government wasting taxpayers’ money– just throwing money at the problem. Each public safety radio costs an additional $400 for encryption capability. A little ingenuity and hard work and organization with cell phones and mobile data terminals is safer and more effective than throwing on the encryption switch after mistakenly believing the radio vendor’s panacea.

See also …
nola.com New Orleans-area emergency response radio encryption plans will keep public from listening

Search Amazon …

Search for products sold on Amazon:

Arlingtoncardinal.com is an Amazon Associate website, which means that a small percentage of your purchases gets paid to Arlingtoncardinal.com at no extra cost to you. When you use the search boxes above, any Amazon banner ad, or any product associated with an Amazon banner on this website, you help pay expenses related to maintaining Arlingtoncardinal.com and creating new services and ideas for a resourceful website. See more info at Arlingtoncardinal.com/AdDisclosure


  1. Bottom line is to have open radio communications bc police can b more discrete and crooks will always get their way to listen up to police radio ( as mentioned in the above article).Same with the gun control. U take away guns, criminals will have them, and citizens won’t b able to defend themselves. It’s as simple as that!

  2. need more illeagel’s to get IL. drivers licences Then put this Govoner in jail with the rest. Deport all illeagel’s they broke the law, dont rewrd them.*******

  3. A couple of quick notes: First of all the white paper citing potential vulnerabilities of the encryption implementation of P25 radios with encryption turned on is a practically unusable tactic. Even a cursory examination of that paper will show you that the “vulnerabilities” are not really actual vulnerabilities.

    As for the “transparency” aspect, the fact that news organizations could ever listen to police transmissions at all was an incidental occurrence that was based on the architecture of the radio system and the inherent nature of radio waves, not some God given right to reporters. Encryption was not used in the radio systems because it simply wasn’t available in a widely deployable, reliable format. The notion that some sinister cabal of cops is using the radio waves monitored by their supervisors, the dispatchers and other cops, not to mention which is being recorded for future use, to commit heinous atrocities, is absurd. I can’t point to a single case where some intrepid reporter unraveled a major scandal in a police department from monitoring routine radio traffic. I CAN, however, point to very specific instances of first responders being placed in grave danger due to the use of scanners or scanner apps on smart phones.

    The notion addressed at the beginning of the article, that encryption is not secure, therefore it should be not used, is asinine. All police transmissions should be encrypted to prevent eavesdropping for the simple fact that just about any police call for service has the potential for violence to toward the officer. What may be dispatched as a “routine” disturbance reported by a passerby could be a violent armed robbery or burglary in progress. Many, many, many calls are reported as one type of incident, only to be discovered as something completely different once officers arrive. Police personnel don’t have the luxury of knowing what’s happening beforehand, there’s no reason that criminals should be forewarned that A) Officers are en route and B) How the officers are treating the call (i.e. a loud noise call instead of the robbery it actually is). Because there is no such thing as a “routine” car stop or call in law enforcement (and any cop who’s worked even a day on the beat can tell you that), likewise there is no such thing as a routine radio transmission.

1 Trackback / Pingback

  1. OP-ED: Crypto Cop vs. The Cardinal on Police Radio Encryption | The Cardinal

Comments are closed.