504
NYPD faces backlash as it prepares to encrypt radio communications | New York | The Guardian
(www.theguardian.com)
This is a most excellent place for technology news and articles.
I suspect it would be helpful for protecting sensitive situations. Currently (at least with EMS) they call each other's cellphones for that, not ideal.
What kind of situations?
EMS communication over unencrypted channels is limited by HIPAA, patient information must be kept vague to protect patient privacy. In the event that, say, an individuals name needs to be given to the receiving facility to facilitate review of records prior to arrival by the ER physician, some other method of communication has to be used.
It's not a HIPAA violation for a report like this to go over unsecured radio waves:
I know, which is why my example was about providing the patient's name over the radio.
Does EMS typically provide patient names over the radio? That honestly seems like information that would normally not be needed, or potentially even known.
They have to keep it vague like that because the channel is open to all. It's a limitation of the system.
Encryption on radio communications would not help that at all. It would still be a HIPAA violation to share sensitive information on a broadcast, even if it is encrypted.
Edit: I hope y'all downvoters aren't actually responsible for patient information.
That's very incorrect. End to End encryption is legal under HIPPA. All the receiving parties have likely filled out the HIPPA yearly thing, so they'd be covered.
That's absurd. There are very specific guidelines for sharing protected health information with and among law enforcement. There is no paperwork that "all receiving parties" can fill out to cover a blanket broadcast of protected information to anyone with an encrypted police radio. You would still need to have a specific purpose for disclosure, and disclose only the required information to only the necessary parties. An encrypted channel would still be available to dispatchers, administrators, and a bunch of random people that don't need to receive that information.
https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
Source? If you broadcast encrypted data you're not sharing it with anyone who doesn't have the right key to decrypt it. Someone could theoretically crack the encryption, but literally every method of transmitting information is vulnerable to being intercepted by a sufficiently motivated attacker.
I'll copy my reply to the above, but add that someone who has the key to encrypt a broadcast doesn't necessarily have a need to receive private health information. Law enforcement officials may receive protected information if they need it in the course of their duties. Private health information should only be shared in a secure communication, but encrypting the broadcast doesn't change the fact that
This is like HIPAA training 101 stuff. If you're a doctor at a hospital, you might be able to access any patient's records. But if you peek at a celebrity's serologies, you've violated HIPAA. Broadcasting on an encrypted channel would be like posting test results in a locker room and arguing that it's OK because only doctors have a key to the room. Having access to information is not the same as needing access to information, regardless of whether everyone has their paperwork in order.
https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
Ok, I think I see where our disagreement is. Would you agree that an encrypted broadcast is ok if you encrypt the sensitive information with a key that is only accessible to the specific individuals who need it? Not that I see any advantage to doing so—it's just a hypothetical scenario.
Off of the top of my head, I can see how an announcement of an open shooter at a location might attract some Meal Team 6 Rambo wanna-be to try and bust in and save the day and making it significantly worse.
I've never heard of this happening. It's probably more for people avoiding police and maybe ambulance chasers.
We had a kid cross state lines to show up to a riot with a gun to defend property and shoot people. Just because you haven’t heard about it doesn’t mean it’s not plausible as a valid reason.
And? Do you think he heard about it from a police radio, and not literally every news outlet that was covering it at the time?
You must know that unencrypted police radios have been a upstream source for local media for a long time, right?
And I’m not arguing that encryption is a good idea, in fact I think a blanket encryption of emergency radio is a bad idea (but nuance on social media is invisible).
This thread is simply in answer to an earlier poster who asked for a situation where it could be helpful to protect a sensitive situation and I provided one that we have seen analogs of in real life.
Sure, they get some information from radios. They also usually have at least one person at the headquarters at all times. They will know about big events regardless.
I forgot that police have no filters or power in person to be more private in discussions about sensitive topics just because there’s a person at their precinct. All conversations happen wide open just like you get with a police-band scanner. 🤦🏻♂️
Plausible, but is it likely? Enough to be even remotely worth it...?
OK, so something thats never happened before needs to be curtailed?
And even if so, active shooters are rare, do we need to encrypt ALL chatter for something that happens maybe every few years for a given precinct/jurisdiction?
Nope, even never had any sort of analogous situation where armed civilians show up to insert themselves and potentially complicate matters: https://www.washingtonpost.com/news/national/wp/2018/07/13/feature/in-all-reality-there-were-three-shooters-oklahomans-kill-an-active-shooter-and-its-not-as-simple-as-it-sounds/
I never suggested we did. The original poster referenced a specific context of a “sensitive situation” and you asked for an example, so I provided one that could qualify.
Newsflash: Cellphone calls are not encrypted either, believe it or not.
That may be the case with older technologies but VoLTE very much is.
Sure, but how many phones/carriers actually use this by default in the US?
I would expect it to be nearly all devices. America was in the process of shutting down the old technologies and I believe has in most cases.
https://www.fcc.gov/consumers/guides/plan-ahead-phase-out-3g-cellular-networks-and-service
Or fucking use telegram or Whatsapp. Anything except the official equipment.
Those are both terrible examples of messaging apps, because they are not properly secured (end-to-end encrypted). Signal would be a much better option.
WhatsApp is, Telegram isn't.
Nah, Telegram really isn't good https://www.youtube.com/watch?v=rtRQKQkvUfE
That's why I said Telegram isn't :D
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=rtRQKQkvUfE
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
That's awesome