SignalsEverywhere: The Ethics of Decoding and Sharing Private Information with SDRs

Over on the SignalsEverywhere YouTube Corrosive has uploaded a new video that addresses the ethics about decoding private information with SDRs. The radio spectrum is full of private communications with little to no security around it. For example hospital pagers in many countries and cities are completely unencrypted and easily decoded by anyone who can run a radio and install software on Windows. These messages often contain very private patient data. Another example he gives is Inmarsat AERO Medlink voice communications, and how he's seen full phone calls being shared online.

In the video Corrosive discusses the ethics about publicly sharing these private communications, even if they may be legal to receive and share in your country. He argues that sharing someones private data and phone calls on the internet is in poor taste and is not okay, which I think is something everyone should be able to agree with.

However, on the other side of the coin several responses to his video on Reddit share a different point of view. On that forum several expressed disagreement, noting that it's because these services are so insecure, that we should actively be sharing intercepted messages and trying to raise outrage and awareness about these privacy flaws. The argument stems from the idea that many information security researchers seem to take: if the public is not aware about their lack of privacy, only the bad guys will be taking advantage, and nothing will end up being properly secured by companies.

We've seen this approach taken by information security artists in the past like the Holy Pager art installation in New York. The temporary installation used a HackRF to continuously print out all pager messages being broadcast in an attempt to raise awareness about what private information is being sent for anyone to read. However, it may be one thing to share private data with a few art gallery patrons, versus the entire internet.

I think we should all at least agree on a middle ground. If you are listening/decoding radio services that are meant to be private but are unsecure for all to listen to, at least keep it to yourself, and don't share peoples private conversations/data on the internet. If you want to raise awareness about the lack of security to put pressure on companies, censor peoples private information and only mention generally about what you are hearing.

Subscribe
Notify of
guest

2 Comments
Inline Feedbacks
View all comments
Jake Brodsky, AB3A

Realist comments from the likes of Jyyt notwithstanding, if you want to continue this hobby, you’d better realize that we need to advocate ethics.

As a starting point I would like to suggest looking at Section 604 of the original Communications Act of 1934 from the US. As an aside, that act was what created the Federal Communications Commission in the US.

This section is commonly referred to as the Radio Secrecy clause. Basically, if you’re a third party and nobody has consented to you revealing the conversation, you are obliged to not publish it (at least not without significant time delay and anonymization). There were exceptions for law enforcement and for a captain of a ship at sea. So for example, if you overhear pirates conversing with each other and you’re at sea, it is both ethical and legal for you to notify the ship’s captain. Yes, piracy on the high seas is still practiced today. Ask any ship captain who has been through the gulf of Aden.

However, anything on the ISM bands is fair game. They’re not licensed. If they’re not encrypted, that’s their own damned fault. Anything concerning ham radio is also fair game. The licensees know that they’re not expecting privacy on the air, and likewise for broadcast radio and TV.

The later concepts such as the Radio Privacy Act of 1986 is garbage. It basically tried to outlaw radios that covered a certain range of frequencies use by analog cell phones at the time. There is no Privacy on radio. There can be Secrecy if ethical people follow reasonable guidelines.

I ask that people consider what Corrosive has to say here. Just because you can do something with technology does not mean it is a good idea.

Jyyt

I got your SDR ethics laws right here, First come First came if your idea is more useful and realistic than the next guys sounds like your burnt. Your talking about internationally shared space and think people are gonna respect ethics and copyrights for ANY amount of time, yah good for you for having more hope in the general desire of humanity to put others before themselvessadly theres a reason why we have countless religions as a pre-warning we screwed up so long ago we cant redeem the golden rule as a planet anymore, too many people suck and dont care