NDA for FOUO CAP Radio Freqs to be released

[Flying Pig]

http://www.radioreference.com/apps/db/?aid=1092

http://wiki.radioreference.com/index.php/Civil_Air_Patrol

Is this some of the classified stuff we are talking about?

Doesn't matter.  YOU as a CAP member agreed not to release the information.  You're not going to jail over it.  You'll get a lifetime 2B.

I didnt release anything.  I Googled it.  Took about .12 seconds.

[wuzafuzz]

Guilty.  I was the first to mention NDA's in that other thread.  I swear I read somewhere an NDA is required, but can't find it now.  It's clear CAP wants to keep the frequencies discreet and has directed us not to blab away.  (Seems a little silly in light of the ease with which scannists will find and publish.  Whatever.)

Some of the previous rants in the thread made for entertaining reading.  Wow.  However, people trying to follow the rules as they understand then does not make them wanna-be ninjas, secret agents, or operators.  Sure we all know of some folks like that, but I'm not convinced that's the same crowd as people trying to do what they believe to be the right thing.

[desertengineer1]

I guess what I really don't understand is why CAP would have someone sign an NDA in the first place (unless it's just as a "deterrent"), since I'm not really sure I could see CAP suing someone for breaking an NDA and disclosing our frequencies.

In large part because frequency information, though it IS sensitive, isn't really *that* important in the grand scheme of things.

From my perspective as a CAP comm and AF guy, the legal boundry between protecting FOUO information and release to a third party for technical, mission related needs is blurred.  AFI 10-701 makes it clear that OPSEC information should not make the mission suffer.  I argue that as guests installing repeaters on civilian owned sites, we shouldn't be making those owners sign NDA's, especially if there is any threat of federal law - or even an eludation made.

The USAF cannot come after you for spilling CAP frequency information.  They can hold CAP in the AUX ON mode accountable through CAP-USAF (i.e. yell at them), but there should be no spookiness or irrational fear of lawful authority involved.   It's essentially a courtosy.  USAF asks CAP to protect the info because it's in the OPSEC CI list.  CAP tells members "DO NOT RELEASE".

If a CAP member disobeys, the USAF can't come after the member.  That's just stupid.  But CAP can, and it has been promised to me that they will not hesitate to issue a 2B if someone violates the policy.

Now, my personal opinion as an RF guy, it's a pretty stupid rule.  You are radiating waves into free space.  I could figure out the frequencies on my scanner in a couple of days, and happily listen to all the traffic (until we get encryption).  I can hear some pretty scary stuff still on analog from the local air base.  Because contractors are using their own radios, I know which airplanes are broken and why - many times by tail number.  I know who's ordering pizza through the command post, and can even hear phone patches on HF.

But the black cloaked ninja's aren't going to come get me in the middle of the night.  If the AF wanted to be serious about radio OPSEC, they would have funded LMR encryption to everyone - which they obviously haven't... yet.

[desertengineer1]

Guilty.  I was the first to mention NDA's in that other thread.  I swear I read somewhere an NDA is required, but can't find it now.  It's clear CAP wants to keep the frequencies discreet and has directed us not to blab away.  (Seems a little silly in light of the ease with which scannists will find and publish.  Whatever.)

Some of the previous rants in the thread made for entertaining reading.  Wow.  However, people trying to follow the rules as they understand then does not make them wanna-be ninjas, secret agents, or operators.  Sure we all know of some folks like that, but I'm not convinced that's the same crowd as people trying to do what they believe to be the right thing.

LOL.  Sokay... The really good side to this is that 99.999% of our members want to do the right thing.  Do I desire more clear direction from CAP-DC?  Absolutely.  But remember this is a human organization run by other humans.  Sometimes all we can do is keep poking up the chain until something pokes back.

[wuzafuzz]

I guess what I really don't understand is why CAP would have someone sign an NDA in the first place (unless it's just as a "deterrent"), since I'm not really sure I could see CAP suing someone for breaking an NDA and disclosing our frequencies.

In large part because frequency information, though it IS sensitive, isn't really *that* important in the grand scheme of things.

Given that the frequency data is already out there, and will only improve over time, I wonder if CAP could successfully claim damages for breaching an NDA.  (Recognizing they may not be required.)  What would be the point, if the "damage" is already done?

Obviously, I am not a lawyer.  Just wondering. 

[desertengineer1]

http://www.radioreference.com/apps/db/?aid=1092

http://wiki.radioreference.com/index.php/Civil_Air_Patrol

Is this some of the classified stuff we are talking about?

Doesn't matter.  YOU as a CAP member agreed not to release the information.  You're not going to jail over it.  You'll get a lifetime 2B.

I didnt release anything.  I Googled it.  Took about .12 seconds.

But they aren't after googlers.  They are after violators.

[raivo]

Given that the frequency data is already out there, and will only improve over time, I wonder if CAP could successfully claim damages for breaching an NDA.  (Recognizing they may not be required.)  What would be the point, if the "damage" is already done?

Obviously, I am not a lawyer.  Just wondering.

I wonder if CAP could even claim "damage." Certainly there's no financial damage to be done.

Where's a legal officer when you need one?

[Eclipse]

I wonder if CAP could even claim "damage." Certainly there's no financial damage to be done.

Here's an example.

Frequencies are compromised forcing a change of tones, or maybe forcing repeaters to be reprogrammed.

That costs money, which equals damages.

[Eclipse]

From my perspective as a CAP comm and AF guy, the legal boundry between protecting FOUO information and release to a third party for technical, mission related needs is blurred.  AFI 10-701 makes it clear that OPSEC information should not make the mission suffer.  I argue that as guests installing repeaters on civilian owned sites, we shouldn't be making those owners sign NDA's, especially if there is any threat of federal law - or even an eludation made.

The USAF cannot come after you for spilling CAP frequency information.  They can hold CAP in the AUX ON mode accountable through CAP-USAF (i.e. yell at them), but there should be no spookiness or irrational fear of lawful authority involved.   It's essentially a courtosy.  USAF asks CAP to protect the info because it's in the OPSEC CI list.  CAP tells members "DO NOT RELEASE".

The line is bright and clear.  You're just making things up to try an win an argument about the philosphical point of whether an NDA should be required.

Right now it is.  Ignore that at your own peril.  If being "right" is more important than being a "member", enjoy.

[desertengineer1]

From my perspective as a CAP comm and AF guy, the legal boundry between protecting FOUO information and release to a third party for technical, mission related needs is blurred.  AFI 10-701 makes it clear that OPSEC information should not make the mission suffer.  I argue that as guests installing repeaters on civilian owned sites, we shouldn't be making those owners sign NDA's, especially if there is any threat of federal law - or even an eludation made.

The USAF cannot come after you for spilling CAP frequency information.  They can hold CAP in the AUX ON mode accountable through CAP-USAF (i.e. yell at them), but there should be no spookiness or irrational fear of lawful authority involved.   It's essentially a courtosy.  USAF asks CAP to protect the info because it's in the OPSEC CI list.  CAP tells members "DO NOT RELEASE".

The line is bright and clear.  You're just making things up to try an win an argument about the philosphical point of whether an NDA should be required.

Right now it is.  Ignore that at your own peril.  If being "right" is more important than being a "member", enjoy.

How about backing that claim up with something other than a 2 letter word for "because I said so"?

Pony up an example of an NDA with the authorization from CAP-DC commpermissions then, so I can run point to get the policy clarified.

I can back the claim up with official traffic.  Can you?

[wuzafuzz]

I wonder if CAP could even claim "damage." Certainly there's no financial damage to be done.

Here's an example.

Frequencies are compromised forcing a change of tones, or maybe forcing repeaters to be reprogrammed.

That costs money, which equals damages.

Playing devils advocate: Short of catching your local source of mailcious interference, you'll never know where they got their info.  Acme Radio Repair or Google?  A scanner that reads CTCSS/DCS tones and NAC's?  A CAP member (or former member)?

I'd be more interested in baking the person doing the interfering than the source of the data.

[Spaceman3750]

I'd be more interested in baking the person doing the interfering than the source of the data.

This is just a hunch, but I think the concern is folks eavesdropping on potentially sensitive conversations (say, coordinates of an object of interest on some type of mission) than interference. The FAA can already bake people for interfering with our frequencies, provided someone can find them, regardless of all this secret squirrel FOUO top secret Q-clearance yankee white stuff.

[desertengineer1]

We've had a pretty good record with interference issues - very few reported.  I think that's a good testimant to how we've managed equipment and personnel.  I can't recall having any problems in our wing.

Most of this will be essentially moot if we ever get encryption up and running - or at least of minimal risk.

Of course, the normal comm procedures apply anyway.

If someon's being a dork, we'll work around them...

[JoeTomasone]

I'd be more interested in baking the person doing the interfering than the source of the data.

This is just a hunch, but I think the concern is folks eavesdropping on potentially sensitive conversations (say, coordinates of an object of interest on some type of mission) than interference. The FAA can already bake people for interfering with our frequencies, provided someone can find them, regardless of all this secret squirrel FOUO top secret Q-clearance yankee white stuff.

It'd be the FCC, but saying the FAA is an acceptable mistake for an organization like ours.   

Quite frankly, I'd be most concerned about interception of CD traffic - but then, not being involved in CD, I would hope that they do not report "finds" over the air.


The long and short of it is this: No attempt to keep the frequencies unknown will ever work.   Even if every member and non-member who is granted access to the frequencies took them to their grave, the technical means and the opportunities to discover them are too widespread to make it anything but an exercise in futility.   Of course, we follow directives and don't go posting them, blabbing them, etc.   It's just like any other reg that doesn't make sense (yes, 39-1, I'm looking at one or two of your provisions) that we follow because we as members have an obligation to obey the regulations.

In (computer) network security, you presume that the communications medium is compromised and work to secure it with that premise.  The same is/should be true for our radio communications.

[kd8gua]

This is exactly right.

The long and short of it is this: No attempt to keep the frequencies unknown will ever work.   Even if every member and non-member who is granted access to the frequencies took them to their grave, the technical means and the opportunities to discover them are too widespread to make it anything but an exercise in futility.   

Completely true. If someone really wanted the frequencies, all one needs is a digital/analog scanner and a current FCC / NTIA band plan. There are tons of generic band plans out there that show the min and max frequencies allotted for specific purposes. If someone was really radio savvy, a frequency counter is the simplest and most sure-shot way. However, the only people with enough close contact with the equipment itself to use the frequency counter would be CAP members, and they can simply ask for permission to receive a copy of the frequencies, completely making the aforementioned process a total waste of time for that member.

Eventually all things come to light. The US DHS put out the National Interoperability Field Operations Guide back in March of 2008. A lot of the frequencies and information in there hardly seems kosher to just give to anyone, but yet a Google search will pull up a link to the pdf format of this guide.

[MikeD]

If you already have served in the RM and KNOW how to operate in the SECRET, TOP SECRET. FOUO, Classified and NON Classified world that is great

If you are a civilian and in CAP and batting some new found FOUO knowledge.....  go settle yourself down.

Hey, share some love with us civilians who still understand the difference between Secret, ITAR, and SBU.    

That said, aren't all things FOUO considered SBU, or is that up to agency rules?  Based on work rules I think any electronic copies of the channel plan would have to be encrypted with PKI if kept on any portable media, including laptop drives.  But I also don't see us all being given copies of Entrust anytime soon.

[JoeTomasone]

Completely true. If someone really wanted the frequencies, all one needs is a digital/analog scanner and a current FCC / NTIA band plan. There are tons of generic band plans out there that show the min and max frequencies allotted for specific purposes. If someone was really radio savvy, a frequency counter is the simplest and most sure-shot way. However, the only people with enough close contact with the equipment itself to use the frequency counter would be CAP members, and they can simply ask for permission to receive a copy of the frequencies, completely making the aforementioned process a total waste of time for that member.

Actually, it's easier than that.   Pick up a scanner with frequency counter-like abilities (many modern ones, including RS models, have this), connect it to a decent antenna on your car, and go somewhere that CAP is operating (air show, encampment - heck, most units post their schedules online) and it's pretty much over.

And for those who might be concerned that I'm enabling this by describing techniques - trust me, the scanner buffs have been doing this for a long time now.   Heck, I used a similar technique to determine the ISR frequencies when I wanted them in MY scanner.

You cannot use a radio frequency without revealing what that frequency is, no matter how much anyone might wish otherwise.

[N Harmon]

Based on work rules I think any electronic copies of the channel plan would have to be encrypted with PKI if kept on any portable media, including laptop drives.  But I also don't see us all being given copies of Entrust anytime soon.

I use Truecrypt to protect sensitive CAP files. It's free and works great.

[wuzafuzz]

Eventually all things come to light. The US DHS put out the National Interoperability Field Operations Guide back in March of 2008. A lot of the frequencies and information in there hardly seems kosher to just give to anyone, but yet a Google search will pull up a link to the pdf format of this guide.

Plenty of federal freqs are listed: plenty of military or LE public safety frequencies I would consider far more sensitive than CAP.  Our CGAUX cousins are there. (I would imagine their "security" needs closely match ours?  Auxies care to weigh in?)   Even with all that freely published intel, no mention of CAP (at least on first skimming of the doc). 

Appears to be yet another example of CAP's insular thinking, while simultaneously wondering why we are seldom asked to participate in joint missions or exercises.  We really need to learn to play well with other children.  How many of our successes in that area are the result of local, rather than national, efforts?  Along those lines, it's time for me to get ready for a morning meeting with my local sheriffs ES folks, to discuss interoperability.   

[JoeTomasone]

I use Truecrypt to protect sensitive CAP files. It's free and works great.

After reading the FAQ, I'm not sold on the overall security of the system, but it's "good enough" to avoid the normal type of prying eyes.