[aprssig] APRS-IS Passcode alternative: SSL + Certificates, with no data encryption

[Steve Dimse]

On Mar 29, 2014, at 10:02 AM, Andrew P. <andrewemt at hotmail.com> wrote:

> Let me see if I can summarize to ensure we all agree on the problem.

I don't even agree there is a problem ;-)
> 
> "Because there is no strong validation of the license status of any connector to the APRS-IS, it is possible for a non-ham to make illegal RF transmissions through the APRS-IS."

I would clarify this to make it clear that any illegality is done by the IGate operator, not the non-ham. There are no laws that preclude anyone from sending through the APRS IS.

> The US FCC regs specifically state that the first forwarding station is liable for illegal transmissions and ensuring the originator is legally allowed to send the data; subsequent stations are not liable, but are expected to stop forwarding the illegal transmissions once they become aware of them.

There is an important subtlety here in the US rules. The RF-originating station of an automatic message forwarding system accepts responsibility for the content of the message, unless s/he has verified the non-RF originator was a ham. If there is nothing in the message that a ham cannot transmit (e.g. profanity, commercial or encrypted traffic), it does not matter that it originates with a non-ham. Is is not whether "the originator is legally allowed to send the data", it is whether the message content is legal for ham frequencies.

So an IGate that retransmits a CWOP weather report is not violating the law, unless the comment on the weather report is "F**k you" or "Eat at Joe's". Nor is there a violation if a non-ham husband uses messaging on findU that results in a transmission to a ham wife "Buy milk on the way home". There must be BOTH illegal message content and non-ham origination to make an IGate operator liable for a violation of the rules. And then the FCC must prove that the original transmission originated from the IGate operator's transmitter.

With the FM band brimming with pirates with 100% duty cycle the FCC is extremely unlikely to dedicate a field team to tracking down something as ephemeral as an IGated message. We will notice an ongoing problem long before the FCC, and we can handle it ourselves without generating any adverse consequences for the IGate operator.

> Due to the distributed nature of the APRS-IS, we would need a way to ensure all servers were compliant with enforcing origination ID's. So servers that didn't provide origination ID's in their sideways or upwards links to other APRS-IS servers would eventually have to be removed from the network.

But the key point to me is that all of this effort, which requires the mandatory signing of each and every packet, does nothing except indemnify IGate operators from the regulatory risk of retransmitting profane, encrypted, or commercial messages - something which AFAIK has never happened, which certainly has never brought the involvement of the FCC, and which because of the legalities involved in proving it, is extremely unlikely to involve the FCC. Two extremely rare events are extremely-extremely rare to occur together ;-)

As you mention this is the US viewpoint, and I'd like to hear if there are any other countries where this makes more of a difference.

Unless something more significant can be accomplished I'd say that is not worth the effort and the contraction of the network involuntary removal would cause.

Steve K4HG