On Friday, I filed a lawsuit against the Little Rock Police Department under the Arkansas Freedom of Information Act, requesting access to historical audio recordings and encryption keys. This lawsuit became necessary because Little Rock denied my request for record access for unsubstantiated reasons.

Let’s start from the beginning. Not with the creation of mankind but somewhere towards the end of July 2014. That’s the time when Little Rock Police started changing their communications on the Arkansas Wireless Information Network (AWIN). This move made it not only nearly impossible but also possibly illegal for anyone to listen to the radio transmissions of Little Rock Police (“LRPD”). Since timely access to radio traffic is a big issue for News Media, KATV asked LRPD if recordings exist and if they are subject to a Freedom of Information Act (“FOIA”) Request. On August 6th, KATV reported that LRPD responded by stating that “Encrypted scanner traffic is recorded and subject to Freedom of Information Act requests.” [1]

On August 19th, I filed a FOIA request with LRPD and requested (among encryption keys and talkgroup IDs) a week’s worth of recordings. To my surprise and contrary to their initial statement towards KATV, LRPD denied my request. Sgt. Sloan argues for LRPD that “The encrypted audio recordings that you requested contain information that is exempt from disclosure under the Arkansas Freedom of Information Act (‘FOIA’) and the department does not have software with the capability of removing the information that is not subject to disclosure. Therefore, the only way respond to your request would be to have an employee physically listen to recordings and note information that should be redacted, identify where it is on the recording, and then create a new record that does not contain such information. The FOIA does not require the creation of a [new] record in order to respond to a request.

No longer able to listen to Little Rock Police: BCD996XT APCO25 radio scanner

This is, of course, nonsense. LRPD and – judging by a statement Little Rock city attorney Carpenter made toward the Arkansas Democrat Gazette [2] – misinterprets what documents I have requested. I did not request transcripts of audio recordings. The records I requested were the recordings themselves. The response could be incompetence or a slick and classic manipulation technique. Misinterpreting a small detail of a request, maybe even adding a fictitious reason (lack of software), to manipulate the outcome of an argument is a classic in legal matters. LRPD’s statement would be correct if I would have requested transcripts. But I didn’t.

LRPD would be required to redact the original record. In this case, that would mean to either silence or otherwise remove information exempted from disclosure. It’s the equivalent of redacting a paper record by blacking out certain sections. This is not considered a creation of a new record. Therefore, LRPD has to do it to be in compliance with the FOIA. If LRPD argues that they don’t have the right software, it is the paper equivalent of arguing to be out of black markers. It simply does not matter for the substance matter of the law. An agency is required to dedicate resources to fulfill FOIA requests. Furthermore, the question needs to be asked why LRPD is all of a sudden concerned about citizens’ privacy. In retrospect, citizens should ask: Why did LRPD not mind to blast names, phone numbers, addresses and license plates over the air in the clear for everyone to hear in the past? A sudden change of heart and department wide tolerance for a person’s right to privacy? I think not.

The previous paragraph assumes that such information is even present in the audio recordings. LRPD occupies 34 different Talkgroups (Channels) on the AWIN system. The statistical odds of every single recording for the given time frame for every Talkgroup containing information exempt from the Arkansas FOIA is lower than me winning the lottery. And that is considering that I don’t even buy lottery tickets. Therefore, LRPD is legally required to submit at least a partial record of non-exempted information. The Talkgroup labelled “LRPD Training,” for instance, had absolutely no activity relating to real information that may fall under privacy laws in the time frame I requested. The funny thing is that Little Rock has no idea how much access to their system I currently already have. I don’t want to give them too much strategic information upfront, but let me say that I’m looking forward to their faces when I will introduce my evidence in court. No matter what the legal outcome will be, exposing lies of government officials is always a great embarrassment. And who is going to trust a police department that blocks access to records and lies to the public about such records? Not saying that LRPD is lying but you can make up your own opinion once I introduce my evidence.

Just to be nice to LRPD, let’s assume what they claim is true. Let’s assume every single second of the recordings for all 34 Talkgroups contains only exempted information. And let’s assume they couldn’t find any possible way to redact without creating a new record. In that case, Little Rock still has certain formal requirements to comply with. A government agency has to indicate that it has a) performed a search for responsive documents, b) analysed them, c) found information exempt from disclosure, and d) indicate what EXACT nature the exempted information is. Little Rock can’t just use a “catch-all” assumption that such information may possibly be present. They have to back this claim up. And that’s the part that should make this case very interesting: It may not even come down to the legal substance at all if LRPD isn’t even able to write a proper denial.

Deeper into the legal substance it will be interesting how the value of Privacy Laws vs. Freedom of Information Laws will play out. Even if LRPD can claim that private information may be present, it may not be a valid reason for exemption if the FOIA’s right to access trumps the privacy law’s right to privacy. The Arkansas FOIA most certainly does not provide an exemption for the information LRPD alleges to be present in the recordings. A complete list of reasons for exemptions can be found in Arkansas Code § 25-19-105 (b). On the federal level, this has been decided in favor of the (federal) FOIA multiple times. LRPD’s illegal attempt to block access is not new; the FBI has tried this nationwide on several occasions. After courts put them in their place, they stopped this behavior for the most part. The average city attorney is far from being an overachiever when it comes to educational and intellectual properties. So cities sometime try things that others have failed doing simply because they didn’t do their research. Anyhow, bottom line is what city attorney Carpenter said: “I think, frankly, maybe a judge is going to have to decide.”

If you want to get updates on the development of this story, either bookmark the following link or subscribe to this article by leaving a comment below and checking the “Notify me of new posts via email” box: http://jaunty-electronics.com/blog/category/other/lrpd/

The complete set of documents for the lawsuit is available here: http://jaunty-electronics.com/blog/wp-content/uploads/2014/08/Sebastian_vs_LRPD_et_al.pdf

[1] KATV: http://www.katv.com/story/26212791/q-a-encrypted-police-communication
[2] Arkansas Democrat Gazette: http://www.arkansasonline.com/news/

## Hobbyists and the Cost of Software Options

This article takes a closer look at the cost and value of software license keys as found in modern test equipment.

Today I came across an article on Hackaday [1]. The article was Hackaday’s response to a DMCA Takedown Notice they have received from Tektronix. The DMCA Takedown Notice was aimed by Tektronix at a previous article that explained in great detail how to enable software options in Tektronix oscilloscopes without actually paying the licensing fee. What really shocked me was Hackaday’s attitude towards those software keys.

First off, let’s talk about how software options are installed on some Tektronix oscilloscopes. Instead of using actual text keys that a user would have to type into the oscilloscope, Tek has come up with rather nifty little hardware dongles. I find them nifty because they do not tie the license to a given scope. Technically speaking, you are buying a “floating license.” Just insert it into the scope you’d like to use a certain feature on and voilà, the software option is enabled.

Tektronix License Module installed in my Tek MDO4104B

Apparently, these modules, or rather the whole key authentication, can be hacked quite easily. Hackaday responds to this fact as follows:

“The real story here is that Tektronix designed a woefully weak system for unlocking these modules. Learn from this. If you’re ever designing a hardware key, don’t do it like this!

An EEPROM, a connector, and a plain text string of characters which is already published publicly on their website is all that is necessary to unlock these “crippled” features. Let’s just say that again: apparently every hardware key is the same and just uses a plain-text string found on their website which is not encrypted or obfuscated. If you were selling these keys for $2.99, perhaps this would be adequate but Tek values these modules at$500 apiece.”

All I can say, in kind: Hackaday, you have demonstrated how disengaged you are with the matter.

Judging by the comments under the referenced article, I couldn’t help but notice that understanding software options and associated cost seems to be a common problem among hobbyists. Since most of my readers are hobbyists, I thought I’ll help out.

First off, let me state the obvious: When purchasing a license module, you are purchasing a license that allows you to use a certain feature on your oscilloscope. You do, however, not pay for an EEPROM, a connector and a plain-text string. The module is merely the delivery method of the license key (i.e. your right to use that software option). It’s the same with PC software keys that are nowadays offered on a plain plastic card in retail stores. Nobody would accuse Adobe of selling overpriced plastic cards. People know they are paying for the software, not the card. Therefore, I was quite surprised to see how tough it seems for some to understand the concept of license keys in modern test equipment.

The irony is really this: Hackaday and many commenters suggest that Tektronix should learn its lesson and improve proper encrypted serial number based keys. Guess what happens to the cost? That’s right, developing such a system will cause non-recurring engineering (NRE) cost that has to be recovered from the customers legally purchasing the options. Isn’t it funny how a group complaining about the cost of such software options suggests a narrow minded solution that will only increase such cost?

The next thing that seems very hard for many people to grasp is why they have to pay for something that is technically available (but not enabled) in the instrument they purchased already. This is actually a very common complaint I hear at trade shows in particular. The complaints usually go on about how much more certain options cost and how that’s just not right for something that’s already there.

Like with the previous statement, this is something that is usually viewed from the wrong perspective. It is not the case that users who use more advanced features have to pay a steep surcharge. It is more so the case that customers who don’t use these features get a hefty discount. And companies don’t do this because they’re super nice. Sure, this is also used to drop the “starting at” sticker price a bit, but the secondary reason is something that hobbyists probably have a hard time understanding. Hobbyists are used to being “alone” when trying to figure things out. If they run into issues with their equipment, they will consult other hobbyists on online forums. A commercial user who paid a 5-digit amount of money for their instrument will call an Applications Engineer at the company who he bought the instrument from and demand instant help. And he will receive it. Thanks to pathetic customer support of cheap Chinese companies like Rigol, this doesn’t even cross a hobbyist’s mind.

The amount of support (and the associated cost) is highly dependent upon the feature set that a customer uses. If you take a look at what kind of software options are available, you’ll find that only very few are generic. Most of them are designed for very specific and complex tasks. Helping someone with a support request originating from such a complex task costs a whole lot more money than telling someone how to push a button on the front panel.

## KF5OBS #21:LeCroy WS3162 and HDO4024 Bugs

Exposing some bugs on LeCroy’s new WaveStation 3162 and the HDO4024 oscilloscope.

Bug 1 (WS3162): When modulation is applied to a channel, the amplitude drops below the set value.

Bug 2 (WS3162): Phase control dysfunctional on both channels when modulation is applied to either one channel.

Bug 3 (HDO4024): Spectrum calculation locks up and slows the spectrum update down significantly if “Average” or “Max Hold” mode has been selected previously to switching into “normal” mode. FW: Version: 7.3.0.5 & 7.4.0.5

UPDATE (06/16/2014): Just 15 minutes after I published the video, Dan Payne (Director of Distribution, Teledyne LeCroy) writes this: “Thanks Sebastian – I’ll have the applications team look at it immediately – The video makes it a lot easier to see the application.”﻿

## KF5OBS #20: VOR NAV Receiver Testing

This video shows how to generate a complex test signal to emulate a ground based radio navigation system for aircraft (VOR). The generated signal can then be used to verify the accuracy of navigational receivers intended to be used with a VOR. Used in this video: LeCroy WS3162, LeCroy HDO4024 and Yaesu FTA-720

## Tiger / Rat Tail for Handheld Radios

Handheld radios are getting more and more sophisticated and versatile. The bottleneck for modern handheld radios is often the stock antenna. There is an extremely simple yet very effective add-on called a “Tiger Tail” or “Rat Tail” to remedy this situation. This article is going to explain how to make your own.

For less than \$1 in material, you can significantly increase the receive and transmit performance of pretty much any handheld radio. Not just amateur radio, but practically any radio out there, including WiFi routers. The following picture shows a Tiger Tail for a 2m band HT.

Tiger Tail installed on an Alinco DJ-G7

So if all you need is a bit of wire and a ring terminal, then why bother to write a lengthy article? Well, there are a few caveats and tricks with a Tiger Tail. For instance, some math needs to be done to get the exact wire length just right. Most articles about the Tiger Tail just mention fixed numbers and completely disregard that the amateur radio bands are not the same around the world. They also neglect commercial and low-power (Part 15) applications. And to my surprise, many articles do not even bother to mention that a Tiger Tail is a tuned element. A Tiger Tail that may work perfectly on VHF, may perform pretty bad on UHF. So let’s get started!

The following shows all the tools you will need in some form or another:

Tools needed to make a Tiger Tail for your HT

You’ll need a ring-terminal appropriate for your wire diameter, some wire (14 AWG / 1.6 mm), wire strippers, a crimping tool and quite possibly a calculator.

Like I said above, the Tiger Tail is a tuned element and needs to be calculated for the specific frequency range of interest. Since I favor metric over imperial units, let’s start with the formula to use if you like metric:

$Length = \frac{30 000}{4 * f} * 1.05$

Length = length of Tiger Tail in cm
f = frequency in MHz

What this formula does is calculate a quarter wavelength for the given frequency + 5%. The same formula rearranged for imperial looks like this:

If you would like to calculate the length in inches, simply divide the result by 2.54. Or use the following formula instead:

$Len(in) = \frac{30 000}{10.16 * f} * 1.05$

Lenn(in) = length of Tiger Tail in inches
f = frequency in MHz

Remember that this Tiger Tail works for a single band ONLY. But there’s a pretty easy trick: if you would like to cover more than one band, like 2m and 70cm at the same time, simply calculate a Tiger Tail for each band individually and connect them to the radio at the same time.

So after you calculate the correct length, simply crimp a ring-terminal on the wire and — just for good luck — isolate the other end with a piece of heatshrink tubing. That’s it, no black magic at all. And this is what the final result should look like:

Ring-terminal crimped onto the end of the wire

And in case you don’t like to read and you’d like to see some of the math being done for you, here’s a video I made on the same topic. The video also contains a cross-check of the math using a spectrum analyzer:

## 850 MHz Scanner Preamplifier / Filter Project

This article shows how to use off-the-shelf parts to improve the performance of a radio scanner in the 800 – 900 MHz band. Furthermore, it shows how to expand radio coverage by using two different receive antennas at the same time.

For some reason, my new BCD996XT scanner wasn’t working as expected on the statewide digital (APCO 25) radio system. Since this radio system is the primary reason why I got this new scanner, I had to come up with a solution. In addition, I really wanted to expand my receive coverage geographically. This article shows how to improve receive signal strength, greatly increase geographical coverage and reduce out-of-band interference.

So where to start? The obvious. Taking a snapshot of the current situation. I am using a wideband discone antenna mounted on my roof. Since this is a very broadband antenna, I imagined that it was catching a whole lot of signals that I didn’t really care about. A look at the MDO4104B-6′s spectrum display confirmed this.

0 MHz – 1 GHz spectrum without preamplifier

The bandwidth is 0 – 1000 MHz (100 MHz / div). Even though the resolution bandwidth is 5 kHz, the MDO4104B-6 was actually pretty fast. But that’s just an aside. You can clearly see the strong broadcast VHF signals on the left. Then there are a lot of signals between 500 and 700 MHz, as well. I have absolutely no interest in signals in that range. And over to the right, you can see — among other things — the desired signals. The control channels for the APCO 25 systems in my area are mostly between 850 and 860 MHz.

Since I am primarily using the BCD996XT scanner for the APCO 25 system, I was willing to filter out anything that’s not in the 800 – 900 MHz range. I realize that I’ll lose the capability to monitor most of the VHF and UHF channels (Aircraft, Amateur Radio, Law Enforcement, Business, etc.) by doing this. But I do have plenty of other analog scanners and I also have 2 more wideband discone antennas laying around. So my decision was made; Optimize the antenna system for 800 – 900 MHz and set up a second scanner (BCT15X) for analog channels.

I also decided to combine the signals of the wideband discone antenna (for local sites) and a commercial 850 MHz Yagi antenna (remote sites).

The two scanner antennas in my yard

APCO 25 sites are smart in that they actually know what data it needs to relay and what not. If there is no radio logged into the site with a certain talk group, there is no need for this site to relay activity associated with that talk group. So while the discone picks up local sites very strongly, it may be of absolutely no help for communication of a neighboring county if there are no radios of those agencies being used locally. Looking at the map, I realized that there were about 6 remote sites northeast of my house. Perfect for a commercial 850 Mhz Yagi made by Larsen.

So besides filtering, I now had to combine two signals from the two antennas. And I thought while I was at it, I might as well include a preamplifier. For practical reasons, mostly cable loss compensation, it’s always smart to put the preamplifier close to the antenna. I did have a rugged outdoor case laying around. All I had to do is select the right things to put in it.

850 MHz Preamp Box

While looking for a combiner, I found one that actually had a bandpass characteristic for 800 – 920 Mhz. It’s the Mini Circuits ZN2PD-920+ [1]. From Mini Circuits are also the 800-1050 MHz SMA inline filter [2] and the amplifier (ZX60-2534M+) [3]. That’s pretty much everything needed except I did not want to run an extra power line for the amplifier. Therefore, I also ordered two Bias-Tees [4].

Inside the 850 MHz combiner / preamp / filter box

The wiring is pretty straight forward. The two signals from the antennas are being combined by the combiner, then being amplified by the amplifier and filtered by the bandpass filter. In that order. I was debating to put the bandpass filter in front of the amplifier. After all, amplifiers behave according to the “garbage in, garbage out” principle. Since the combiner had a bandpass characteristic, I did not want to introduce anymore loss.

Close-up of the 850 MHz combiner / preamp / filter set-up

I cut a small piece of rigid RF cable in half and soldered two capacitors (100 µF & 100 nF) as well as two wires for the amplifier’s voltage supply on the end. An old power supply for a USB hub supplies the 5 V for the amplifier on the other side of the coax.

The BCD996Xt scanner is very happy with the signal levels

Immediately after hooking up the scanner, I could tell a great improvement in performance. Not just remote, but also local signals were much clearer and the lock time for the scanner was significantly faster. Beforehand, I often missed the beginning of a transmission. Now I can eavesdrop right from the start. A quick look at the spectrum analyzer confirms that the signal situation increased significantly.

0 MHz – 1 GHz spectrum with preamplifier

In case you’re interested in building a similar setup, here are the links to the datasheets of the Mini Circuits products used.

[1] Mini Circuits: ZN2PD-920+, Power Splitter/Combiner, 800 to 920 MHz: http://www.minicircuits.com/pdfs/ZN2PD-920+.pdf
[2] Mini Circuits: VBFZ-925, BPF, 800-1050 MHz: http://www.minicircuits.com/pdfs/VBFZ-925+.pdf
[3] Mini Circuits: ZX60-2534M, Low-noise amplifier: http://www.minicircuits.com/pdfs/ZX60-2534M.pdf
[4] Mini Circuits: ZFBT-4R2G+, Bias-Tee: http://www.minicircuits.com/pdfs/ZFBT-4R2G+.pdf