marko peljhan on Sun, 11 Oct 1998 11:42:12 +0200 (MET DST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]



In the past four years we have been accustomed to receive information on
the extent of global signit work that has actually been going on without
the knowledge of civil populations, communications infrastructure users
and developers and in many cases even governments. A very quiet debate
has started around issues arising from the knowledge about the ECHELON
system, which has now spread also into mainstream politics, and we
should be very careful observers of this processes. One should also be
aware of the fact, that possible „sister" systems exist in the EU
countries, Russia, France and China, although not much is known about
them, except what can be gathered from each countries encryption
regulations, which in this respect can be taken as an information on
each of the countries civil rights and signit polices. We can also
assume that Israel possesses strong signit mideast oriented
capabilities. To understand what this kind of system does, I will quote
a simple definition of ECHELON: 

ECHELON consists of a global network of computers that automatically
search through millions of intercepted messages and data packets for
pre-programmed keywords or fax, telex and e-mail addresses. Every word
of every message in the frequencies and channels selected at a station
is automatically searched. The processors in the network are known as
the ECHELON dictionaries. ECHELON connects all these computers and
allows the individual stations to function as distributed elements in an
integrated system. An ECHELON station's dictionary contains not only its
parent agency's chosen keywords, but also lists for each of the other
four agencies in the UKUSA system (NSA, GCHQ, DSD, GCSB and CSE).
Allegedly ECHELON is concentrated on the comsat traffic, although one
could suppose that signit work is done also on terrestrial HF and
microwave networks. 

So, with the dawn of knowledge about this signit systems, the civil
community of the world should think twice before it uses the
communications infrastructure for tactical, socio-evolutionary work. The
systems are of course in place to protect the national security of each
of the signatories to the UKUSA agreement, and other respective
countries operating their own signit processors. The problem being, that
national security is a highly broad and specifically expandable
definition, that can in specific circumstances lead to prosecution of
completely innocent individuals with a slightly different political view
than that of the current governments. 

In this respect it is maybe time to redefine national security as the
right to security of the nation and all its citizens and other
individuals, before the nation, its social and especially economical and
corporate structures and within it, and in front of all other nations
and their respective national security definitions. Such a definition
and its enforcement would of course complicate the work of any signit
agency or its corporate partners, trying to indiscriminately process
communications of its own citizens and individuals, and the individuals
and citizens of other nations. 

Privacy laws, law-enforcement information sharing and encryption laws
and regulations are also being used, all for the protection of
respective national securities in a very broad sense.
One thing must be clear: the board of this game has been set long ago,
and the rules redefined thereafter in continuity. That's why the civil
tactical sector of society has to engage in the development and
implementation of its own systems to actively and consciously take part
in this global system of information sharing and especially protection.
And since the internet is the main communication vehicle for the sector,
together with phone and fax, one must be aware that internet is of
course also very vulnerable to any kind of privacy and information
abuse, as are the phone and fax networks. Internet is also not so
redundant as it was enthusiastically thought when the community started
using it, but can be virtually shut down, channeled and single user
disconnected. The other problem with the internet is of course the
restriction of privacy through encryption control and key recovery
policies and export and import controls. 40-56 bit DES keys which are
exportable can be nowadays cracked very effectively, and there are
strong export limitations for RSA, RC5 and triple DES or DES_RSA key
combinations and similar protocols, which ensure higher protection. Of
course there are ways for companies to actually export some of this
encryption protocols, either through the release and sale of source code
printouts, or export through friendly nations. One remembers the PGP
source code release through a printout for the HIP 97 meeting. So, some
of the doors remain open and corporations, private individuals and
states are still engaged in a battle of words and legislation concerning
internet encryption policies, and the very interesting case in this
respect is, that the legislation concerning encryption differs from
country to country and that in many of those it is completely non
transparent and each individual case subject to approval by the security
agencies or even the military and p.e. in the case of France of a lot
of political lobbying and shouldering. One exception that many
restrictive states implement is for the use of higher encryption for the
banks and financial services, again, with the exception of France.  
So, the battle for encryption rights in the internet is ongoing, but
internet should not be the final communications frontier of the tactical
civil sector. The reasons are mainly its reliance on global telecom
infrastructure and its vulnerability that arises from it. The other
reasons are the no point to point availability and the extensive use of
satellite technology by global telecoms. This are all points of
weakness, in respect to signit work, and privacy protection, that's why
an alternative insulator strategy must be used. 

The proposal here is the implementation and construction of a High
Frequency (HF) radio, point to point secure analog-digital network first
within Europe and its tactical media centers and further around the
globe in the range of 1.6-30 MHz. 

The system would consist of base HF stations, portable units and
gateways to connect it to the global data network. We can gather from
military analysis and amateur radio experience over the last 50 years,
that HF technology has unique characteristics that make it ideal for
long haul communications. The broad operational range of HF permits both
line of sight surface or groundwave communications and over the horizon
skywave connections, using the reflecting properties of the ionosphere.
Further, the costs of HF use during one year of operations are in
connection to certain calculations, 15 times lower that the costs of
satellite based communications. Another issue that is important is the
possibility of mobility using HF communications, with its
non-directional antenna systems, and with proper selection of 
equipment, HF can overcome blockage from trees, buildings and
mountainous terrain. 

The system we are proposing is called INSULAR TECHNOLOGIES (IT) and it
is a product of PACT SYSTEMS (Projekt Atol Communication Technologies),
with the first two station prototype being currently developed.  The
open architecture of the different parts that make up the base station,
will enable the users to implement their own changes and work on
parallel networking solutions with their IT partners. The system will
come as a finished product or as a development kit, or source code and
plans only package. 

Each IT station consists of the following:
- PC based computing module
- HF transceiver
- HF modem
- CRYPTO module
- Key management hardware and software
- Amplifier (for specific solutions)
- Antenna system

At the present time, high quality off the shelf commercial equipment is
being used for the first two prototypes. The security of the IT system
for voice and data will be ensured through the use of the GOST 28147-89
encryption standard, using 256 bit private keys with key information
stored on smart card modules. For each communication session, a new key
is generated. As you can see, key management and security is the primary
point of weakness of this system, so a policy of strict security
standards for the users and key management operators will have to be
implemented within the IT users community. 

The system will have at first a simple selective call solution, for the
desired connection of two stations in the network and will enable over
the internet network status reports. It will basically function as a
telephone or radio station for voice, and  as a rtty, arq, fec an packet
station for data. The most suitable mode for data transmission has not
been set yet, but data rates from 60-1200 bps are expected.  When the
internet is down, the system switches to lower data rate secure channels
on HF for network status reporting, which is otherwise done via the
internet, using RSA compatible encryption. Automatic link establishment 
(ALE) will be implemented and developed after the number of users in the
system is high enough, to make such development viable. In an Automatic
link establishment system, the  processor performs link quality analysis
in real time, storing a measurement of the signal quality for each
frequency in memory. Then it automatically establishes communications
with the other radio on the best available channel. ALE automates
addressing of individual radios, or groups of radios, as well as selects
frequency. These traditionally have been the most labor intensive
operations of radio operation, requiring experienced operators. 
The system will have two main modes of operations, which will also
enlarge the community of users at each IT point. These will be Amateur
and IT-CRYPTO operations. The amateur operations will enable radio
amateurs in the community to use the system as a complex HF transceiver
for non-secure voice and data communications, whereas the IT-CRYPTO
operations will be dedicated to tactical media issues and policy
discussion, when data protection and security is needed. Technology
transfer in the developmental phases of future projects will also be
IT-CRPYTO designated. ITU land service allocated frequencies will be
used for the IT-CRYPTO services, with up to 60 channels chosen for the

How will the IT network system look like?
At first, a web of base HF station with or without internet access will
be established. Targeted are former Yugoslavia and  Albania, together
with partner organizations in the EU and other wireless encryption
friendly states. An IT consortium has to be established for this purpose, 
with a research & development pool and a financial pool for the production 
of units and further software development and a legal pool for legal issues 
connected with the establishment of these stations. PACT SYSTEMS will 
provide on site training and set-up of the hardware.

Each station will have a 7 unit alpha numerical id designator, p.e.
GA452L7, which will be used for ID purposes and selcal operations. The
designator will also be the stations e-mail address and crypto key ID.
There will be a central crypto key management office, which will manage
the production of keys on smart card modules, but won't have the actual
control of them and will serve as a service to the IT community.  A web
of trust would have to be established to ensure the total security of
the system for all its users, and key management procedures would have
to be implemented. 

As it is clear from the above, the IT system has the main security flaw
in the web of trust, as all advanced encryption based systems. If a key
is passed along to a third party outside the IT network, the network is

In the future, the system could include frequency hopping, frequency
offset and burst data transmission for enhanced prevention of
interception, jamming, direction finding and spoofing. 

Any of these new developments would of course need a new series of
research work and in this respect new funds. 

With IT, the civil tactical community will get access to relatively
cheap and reliable secure point to point voice and data communication,
together with possibilities of audioconferencing, electronic message
store and forwarding service and bulletin dissemination. Each of the
stations will also be a valuable research tool for the
telecommunications in the community where it will be used, with the
possibility of serving as an r&d platform for future development and the
furthering of knowledge and know how in the field of digital
communications as well as serving as a temporary platform for tactical
broadcasting.   Mobile IT units will bring access to the global digital
networks to communities, which need this kind of empowerment in hostile
environments. The IT consortium will also take a proactive role in
policy issues concerning the use of the HF spectrum for civil tactical

Technical information for the prototype IT system unit:

- frequency range 1.6-30 MHz TX 
- frequency range .5-30 MHz RX
- 100 programmable channels
- 60 scan channels
- power output: from 150W to 1 kW, depending on solution
- frequency stability: +/- 10 Hz
- operating modes: J3E, H3E, R3E, J2B, CW, SSB, RTTY, PACKET, ARQ, FEC
- power: 12VDC
- processor: pentium II.
- ADSP open architecture modem
- 60-1200 bps data rates at 3kHz transmission bandwidth limitations
- microprocessor controlled antenna coupler
- multi-band base station antenna 
- cooling fan for continuous transmit operations (tactical broadcast
  radio implementation)
- hardware 256 bit GOST 28147-89 encryption module with session key
- smart card private key storage
- ethernet internet gateway 
- software RSA 56-128 bit encrypted IP support
- voice conferencing
- selective call availability (selcal 7 units)
- open architecture

Target countries for the IT HF system: 
EF (wireless encryption friendly), EH (wireless encryption hostile)

Austria                         EH
Belgium                 EH (4 weeks notice)
Bulgaria                        EF
Czech Republic          EF
Denmark                 EF
Finland                 EF
France                          EH
Germany                 EF
Greece                          EF
Hungary                 EH (license for import)
Ireland                         EF
Israel                          EH
Italy                           EF
Netherlands                     EH (keys must be given to law
enforcement on demand)
Norway                  EF
Poland                          EH  (license for import)
Portugal                        EF
Romania                 EF
Russia                          EH (licenses required but probably not
Slovakia                        EF
Slovenia                        EF
Spain                           EH
Sweden                  EF
Switzerland                     EH (license for use required)
Turkey                          EH (license for use required)
Ukraine                 EF
UK                              EF
USA                             EH (export prohibited, import

Note: the above information is published without thorough research from
PACT SYSTEMS and was first printed in Data Communications International,
July 1998
#  distributed via nettime-l : no commercial use without permission
#  <nettime> is a closed moderated mailinglist for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: and "info nettime-l" in the msg body
#  URL:  contact: