P25 Security

[centralcoastscanman]

Hmm Im not so sure about that.. There's a very big case in court at the moment. Relating to computer networks. Im sure this would apply to accessing encrypted radio networks.

The AFP has charged the man with the following offences:

one count of unauthorised modification of data to cause impairment, contrary to Section 477.2 of the Criminal Code Act 1995 (Cth). This offence carries a maximum penalty of 10 years in jail.
48 counts of unauthorised access to, or modification of restricted data, contrary to Section 478.1 of the Criminal Code Act 1995 (Cth). This offence carries a maximum penalty of two years in jail.

So if you had a radio and the appropriate keys to monitor an encrypted network it wouldn't be illegal, So in the case above you had the passwords for a particular network and either just sat and monitored or caused havoc on it that would be ok? The above charges prove that wrong.

I think you would be right, there is very little in the way of state laws governing this type of thing as the enforcement of radio legislation and breaches is done by acma and afp(in liason with local police if required)

[Scotty]

Yeah I understand that, but wouldn't the charges be the same? weather using a computer to decrypt/decode/crack a password to gain access to data, or decrypting using the same methods, a transmission using your own equipment. My question is, would it come under the same laws? (More pointing to the 48 charges in the quote above, the accessing of unauthorised data) I'm trying not to get this off topic, if you get what I mean.

There is no 'authorisation' required to decode data over a radio frequency. Once it is broadcast it is out in the open it is able to be received by anybody, regardless of whether it is voice or data. This is why scanners are legal is Australia.

You can decode any data (1's and 0's) received over a frequency if you have the ability, it makes no difference if there is a layer of protection (such as encryption). Such is the reason you can legally decode the GRN, pagers, MPT, etc - data sent over a frequency is data, regardless of whether it is encrypted, it is still just a bunch of 1's and 0's.

There are some exceptions listed under legislation, such as phones etc. But generally if you can receive the data on a scanner then you can decode if - assuming you have the abililty.

This is different to accessing a system using decoded data, or to accessing a system and decoding data that you are not entitled to - that is what those two charges you posted earlier relate to. They don't relate in anyway to data that is decoded over a radio frequency.

[ivahri]

Just another case of the law not keeping up with the advancements in cybercrime. There is clearly still the belief that RF encryption is beyond the ability to be "cracked", however if it now is then the law needs to be changed to reflect the same seriousness as that of mobile phone communications. Laws can be changed, just because it is not illegal today does not mean that it always will be, or that it is right.

Cheers,

Richard

[matthewn1983]

The only thing so far I can find in the Radio Communications Act is the following...

http://www.austlii.edu.au/au/legis/cth/ ... 8/s47.html

Unlawful possession of radiocommunications devices - obviously having a scanner is not illegal as it doesn't decode/decrypt an encrypted transmission. But having for instance a Motorola XTS2500/5000 with appropriate encryption hardware and required keys, would fall under this category. Only other way would be a computer and a SDR with the right software, but if you bring this into the argument there is law that will get you for creating/writing software to gain access to unauthorised services.

It will be an interesting presentation by Matt and co. at Ruxcon this year, Im sure there will be plenty of interested parties there to see the next chapter of your hard work!

[citabria]

Richard, its exactly that perception that we are trying to change..

Its a worry when theres people out there like this:--> http://www.ebay.com/itm/Motorola-Astro- ... 710wt_1139

[ivahri]

That is for a System Key not an Advanced System Key... not going to go into the difference in public but it is of no use with a radio that has been programmed with an ASK (which should be all NSW government radios).

As someone has pointed out to government going with an open standard like P25 has its pluses, but it also has its minuses. Having multi-vendors is great in one sense but it opens things up to a whole lot of new headaches. Some of us realised what that meant.

Cheers

Richard

[citabria]

a System Key will still let you affiliate with a P25 network though.. It just won't let you reprogram a radio thats been hit with an ASK.

[Scotty]

Unlawful possession of radiocommunications devices - obviously having a scanner is not illegal as it doesn't decode/decrypt an encrypted transmission. But having for instance a Motorola XTS2500/5000 with appropriate encryption hardware and required keys, would fall under this category.

Nup. If you had a XTS portable, with encryption hardware, on a conventional P25 frequency, being used as a receiver (with TX inhibited, as CB, etc) and somehow managed to program relevent keys etc then it would be perfectly legal - it is no different to a scanner. Again, the radio is simply decoding data - it makes no difference if the data is encrypted or not.

Data is data - it doesn't matter if that data is encrypted. It is all just 1's and 0's.

Different story if you program a trunked system to affiliate to a network. Then you may be in breach of the section you mention, as the radio accesses the network and you would not hold the appropriate licence. But then that has nothing to do with the fact that the channel is data (encrypted or not) as you would be committing an offence in regards to licencing, nothing to do with the data being encrpyted or not.

[centralcoastscanman]

Just another case of the law not keeping up with the advancements in cybercrime. There is clearly still the belief that RF encryption is beyond the ability to be "cracked", however if it now is then the law needs to be changed to reflect the same seriousness as that of mobile phone communications. Laws can be changed, just because it is not illegal today does not mean that it always will be, or that it is right.

Cheers,

Richard

FYI it is actually illegal to decode paging systems... I'll see if i can dig out the document i acquired from the Police Prosecutors some time ago when did some work for them....
Richard is however correct, if enough idiots are getting around a law they will change it to plug that hole

[centralcoastscanman]

Richard, its exactly that perception that we are trying to change..

Its a worry when theres people out there like this:--> http://www.ebay.com/itm/Motorola-Astro- ... 710wt_1139

that guy is nuts Matt... it's probly a fraud trying to rip people off as i would not imagine people with that sort of knowledge would advertise their services on ebay...