Privacy talk at DEF CON canceled under questionable circumstances

Anti-surveillance tool ProxyHam will never see the light of day

1 2 Page 2
Page 2 of 2

[Note: The original article is on page one.]


Shortly after this story was posted, readers on Twitter pointed out that there doesn't appear to be an FCC license for Caudill listed. Salted Hash has reached out to confirm the status, because it is possible the FCC intervened on the talk for that reason, or because there were devices for sale. (Thanks: @t0x0pg & @Err0r10 )

Another reader noted that using the devices would violate FCC rules, but there have been other talks where such a conflict potentially exists, and those were not canceled.

Shortly after this update was posted, Caudill responded to questions about the FCC stating that no, licensing had nothing to do with it. The 900MHz licensing was something they were just starting to look at, but the ProxyHam devices were limited to 1Watt as required by the FCC.

"Proxyham devices did not break the FCC standards as the 900MHz antennas were capped at the 1-watt limit," he said.

Update 2:

When asked about patents, and if those held by Ubiquity or Intel are related to the problems he currently faces, Caudill told Salted Hash that IP related matters were not at issue.

"[There's] no IP related issues," he said. The answer was the same when it came to potential issues with the FCC.

The FCC question resurfaced because if encryption were used, it would violate FCC part 97 against amateur radio operators encrypting. There's also the issue of sales, which under FCC part 95 (sub one-watt consumer use device), requires validation – a slow and often expensive process.

Adding context, Michael Harris, Principal Security Analyst and Adjunct Instructor at the University of Missouri, commented via email:

"Many Hams have experimented with IP over ham bands, lower frequencies have throughput issues as one might expect and gear up a the 1.2 Ghz range is still too expensive. The current sweet spot is in the 800 to 900 Mhz range but is saturated by many other services fighting for that space from legacy cell phones to industrial controls doing short haul data to many spread spectrum and frequency hopping commercial radios.

"That general frequency range is a really noisy place to be and a proliferation of ProxyHam devices in that range would cause lots of problems in whatever particular band was selected. There is a huge fight over that frequency range going on already not just here but worldwide."

So if patents were not a problem, and if the FCC wasn't a problem - as confirmed by Caudill himself, why was this tool forced out of the public's reach? We may never know.

There is another possible reason, one that I felt was too extreme when I first pinned this rant: a National Security Letter.

If a NSL was issued, unless Caudill goes the way of Lavabit, he has little recourse and almost no defense against this. There have been cases where a NSLs have been used inappropriately, but it's rare to actually see proof in such cases until long after the fact.

But again, this is pure speculation. The point of the rant was that people need privacy tools, and ProxyHam would have made a great addition to the existing mix, but now we'll never get it.

For the record, I asked Caudill about getting a NSL, Caudill would only answer, "No comment."

Update 3:

There was an AMA on Reddit about ProxyHam earlier this month, for those who don't know. Also, Rob Graham has posted his thoughts about the issue on the Errata Security blog.

Update 4:

On Tuesday, Ars Technica spoke with the EFF about this topic. General Counsel and Deputy Executive Director Kurt Opsahl told them the NSL option was as far fetched as I thought. Given he's a legal expert, I'll trust his word.

Copyright © 2015 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 hot cybersecurity trends (and 2 going cold)