Post on 30-Dec-2015
transcript
Secure MessagingSecure Messaging
The Importance of PrivacyThe Importance of Privacy
Presented by Maine ARES
Prepared By Bryce Rumery, K1GAX
Maine ARES Section Emergency Coordinator
Secure MessagingSecure Messaging
First and foremost;First and foremost;– There is There is nono mode of amateur radio that is mode of amateur radio that is
securesecure Per Part 97 (97.113 Prohibited Transmissions (a,4))Per Part 97 (97.113 Prohibited Transmissions (a,4))
– Music using a phone emission except as specifically Music using a phone emission except as specifically provided elsewhere in this Section; communications provided elsewhere in this Section; communications intended to facilitate a criminal act; intended to facilitate a criminal act; messages in codes messages in codes or ciphers intended to obscure the meaning thereof, or ciphers intended to obscure the meaning thereof, except as otherwise provided hereinexcept as otherwise provided herein;; obscene or obscene or indecent words or language; or false or deceptive indecent words or language; or false or deceptive messages, signals or identification messages, signals or identification
– Amateur radio should Amateur radio should nevernever be used to be used to transmit messages that contain sensitive transmit messages that contain sensitive informationinformation
Some amateurs believe that some Some amateurs believe that some modes of amateur radio are quasi-modes of amateur radio are quasi-securesecure– Such asSuch as
Digital ModesDigital Modes CWCW
– These modes can be easily intercepted These modes can be easily intercepted with a moderate expensewith a moderate expense
Secure MessagingSecure Messaging
Secure MessagingSecure Messaging
What is sensitive information?What is sensitive information?– Information that if improperly released Information that if improperly released
could be reasonably expected to have a could be reasonably expected to have a negative impact on a person or negative impact on a person or institutioninstitution
Some examples of sensitive informationSome examples of sensitive information– Social Security NumbersSocial Security Numbers– Credit Card Numbers/Bank Account Credit Card Numbers/Bank Account
NumbersNumbers– Medical InformationMedical Information– Casualty InformationCasualty Information– Prescription InformationPrescription Information– A Person’s Name and AddressA Person’s Name and Address– Family InformationFamily Information– Financial InformationFinancial Information– User Names/PasswordsUser Names/Passwords
Secure MessagingSecure Messaging
What is the impact of improper What is the impact of improper release of sensitive informationrelease of sensitive information– Persons or institutions may be Persons or institutions may be
embarrassedembarrassed– Persons or institutions may be negatively Persons or institutions may be negatively
impacted for a substantial period of timeimpacted for a substantial period of time– The costs of correcting the improper The costs of correcting the improper
release of the information may be release of the information may be staggering staggering
Secure MessagingSecure Messaging
Consequences of transmitting Consequences of transmitting sensitive information over non-sensitive information over non-secure meanssecure means– Sender can be heldSender can be held
Criminally responsibleCriminally responsible– Under State and Federal StatutesUnder State and Federal Statutes
Civilly responsibleCivilly responsible– Can face civil lawsuits and liable to civil Can face civil lawsuits and liable to civil
judgments judgments
Secure MessagingSecure Messaging
Who can be held responsibleWho can be held responsible– The originator of the messageThe originator of the message
The organizationThe organization The actual message originatorThe actual message originator
– The transmitter of the informationThe transmitter of the information
Secure MessagingSecure Messaging
What are insecure transmission What are insecure transmission meansmeans– Any communications method that may Any communications method that may
be easily intercepted by the general be easily intercepted by the general publicpublic Such asSuch as
– Amateur radioAmateur radio– Non-secure radioNon-secure radio– Analog cell phoneAnalog cell phone
Secure MessagingSecure Messaging
What are secure means of What are secure means of transmissiontransmission– TelephoneTelephone– FaxFax– Digital Cell PhoneDigital Cell Phone– Encrypted E-MailEncrypted E-Mail– Encrypted RadioEncrypted Radio– CourierCourier
Secure MessagingSecure Messaging
Understand thatUnderstand that– During a disaster, many disaster relief During a disaster, many disaster relief
volunteers often do not understandvolunteers often do not understand What sensitive information entailsWhat sensitive information entails That amateur radio is not a secure means of That amateur radio is not a secure means of
communicationcommunication– They probably know nothing about amateur radioThey probably know nothing about amateur radio
Secure MessagingSecure Messaging
Understand thatUnderstand that– The general public usually knows little or The general public usually knows little or
nothing about amateur radionothing about amateur radio They may ask you to transmit sensitive They may ask you to transmit sensitive
information on their behalfinformation on their behalf
Secure MessagingSecure Messaging
Mechanisms must be in place to avoid Mechanisms must be in place to avoid the release of sensitive information the release of sensitive information over non-secure communications over non-secure communications means at all levelsmeans at all levels– Organizations must be aware and watchfulOrganizations must be aware and watchful– Message originators must be aware and Message originators must be aware and
avoid the releaseavoid the release– Message senders must be mindful of Message senders must be mindful of
sensitive informationsensitive information
Secure MessagingSecure Messaging
If possible, find out what policies and If possible, find out what policies and procedures a served agency has in procedures a served agency has in place regarding the protection of place regarding the protection of sensitive information before actually sensitive information before actually responding to a disaster.responding to a disaster.– For exampleFor example
The American Red Cross prohibits the The American Red Cross prohibits the transmission of shelter resident lists over transmission of shelter resident lists over non-secure communications meansnon-secure communications means
Secure MessagingSecure Messaging
Ask during a pre-deployment briefing Ask during a pre-deployment briefing what the policies are. Insist on what the policies are. Insist on getting them before you deploy.getting them before you deploy.
Secure MessagingSecure Messaging
It is wise for us to practice the It is wise for us to practice the concept of COMSEC.concept of COMSEC.– COMSEC is a military termCOMSEC is a military term– COMSEC stands for Communications COMSEC stands for Communications
SecuritySecurity– COMSEC is the avoidance of the release COMSEC is the avoidance of the release
of potentially damaging information via of potentially damaging information via non-secure communications meansnon-secure communications means
– COMSEC can be easily applied to the COMSEC can be easily applied to the release of sensitive information over non-release of sensitive information over non-secure means in the civilian worldsecure means in the civilian world
Secure MessagingSecure Messaging
– Be sure to think COMSEC in all of your Be sure to think COMSEC in all of your communicationscommunications
– Practice COMSEC no matter what your Practice COMSEC no matter what your message might bemessage might be
Secure MessagingSecure Messaging
How can the amateur radio operator How can the amateur radio operator protect him or herself from the protect him or herself from the improper release of sensitive improper release of sensitive informationinformation– Read each message before transmitting itRead each message before transmitting it– Identify sensitive information that may be Identify sensitive information that may be
contained in the messagecontained in the message When in doubt, consider something sensitive When in doubt, consider something sensitive
informationinformation
– Bring it to the attention of the message Bring it to the attention of the message originatororiginator
Secure MessagingSecure Messaging
When returning a message to the When returning a message to the message originatormessage originator– Be diplomaticBe diplomatic– Identify the sensitive informationIdentify the sensitive information– Remind the originator that amateur Remind the originator that amateur
radio is never secureradio is never secure– Ask the message originator to use a Ask the message originator to use a
secure means of communicationssecure means of communications Help them identify a secure means of Help them identify a secure means of
communications, if necessarycommunications, if necessary
Secure MessagingSecure Messaging
If the message originator insists you If the message originator insists you transmit the sensitive information via a transmit the sensitive information via a non-secure meansnon-secure means– Protect yourselfProtect yourself
Have the message originator sign a release formHave the message originator sign a release form– Releasing you from responsibility and liabilityReleasing you from responsibility and liability– The message originator acknowledges they are aware The message originator acknowledges they are aware
that the message contains sensitive informationthat the message contains sensitive information– The message originator understands that amateur The message originator understands that amateur
radio is a non-secure means of communicationsradio is a non-secure means of communications– The message originator takes full responsibility for the The message originator takes full responsibility for the
message contentmessage content– The message originator directs you to send the The message originator directs you to send the
messagemessage
Secure MessagingSecure Messaging
If the message originator insists you If the message originator insists you transmit the sensitive information via transmit the sensitive information via a non-secure meansa non-secure means– Always have release forms with youAlways have release forms with you– Be sure to get everything in writingBe sure to get everything in writing
Do not expect the message originator to Do not expect the message originator to back you up if they could be expected to get back you up if they could be expected to get in troublein trouble
– Most of the time they will protect themselves Most of the time they will protect themselves before protecting youbefore protecting you
Secure MessagingSecure Messaging
If the message originator insists you If the message originator insists you transmit the sensitive information via transmit the sensitive information via a non-secure meansa non-secure means– If the message originator refuses to sign If the message originator refuses to sign
the release form, simply refuse to send the release form, simply refuse to send the messagethe message
– Document your actionDocument your action
Secure MessagingSecure Messaging
In summaryIn summary– Be aware of sensitive informationBe aware of sensitive information– When in doubt, air on the side of cautionWhen in doubt, air on the side of caution– Practice COMSECPractice COMSEC– Never transmit sensitive information Never transmit sensitive information
over non-secure communications over non-secure communications channelschannels
– Always get everything in writingAlways get everything in writing
Secure MessagingSecure Messaging