Who did you say is calling? – Weather Spotter Identity Authentication 28 - June - 2007Posted by k9zw in Amateur Radio, Emcomm.
In the news over the past month has been the accounts of several instances of false weather spotting information fed into the systems resulting in emergency posturing and badly flawed forecasts & warnings.
How the FBI was investigating was covered in my previous article Bogus Storm Spotters and has been gather comments in an eHam discussion thread.
Problem with systems with weak “authentication” and little report weighting based on that authentication – systems like the “Skywarn Number” weather spotters use to identify who is supposed to be making the report – is that the system design is basically dependent on trust and competence expectations that are open to abuse.
The system has a design expectation that it can trust someone with a Skywarn Spotter Number or with an Amateur Radio Call Sign. Traditionally this has been an excellent way to put the familiarity of a regular group of weather spotters with each other in play as the main validation of the reporter. The group knows each other, tends to recognize the spotter by habit, location and voice.
This direct-personal validation prevents much abuse if the group is static and remains composed of spotters who know each other personally.
Obviously when situations change and reports are flowing through a de-personalized system, either as digital message traffic, Internet or phone entered reports, or in an ad-hoc group of spotters who do not know each other well, the usefulness of “trust authentication” is dropped.
One has to wonder about the nature of false reporting. Are the false reports “Mischief,” “Criminality” or perhaps even some sort of “Terrorism?”
“Mischief” false reporting may be pranks played just because someone identified a reporting vulnerability and was disgruntled or dysfunctional enough to “play games.”
“Mischief” reports are basically vandalism of the reporting system.
“Criminality” based false reports maybe be an attempt to cause a Law Enforcement response to false weather reports that takes limited Law Enforcement resources away from a target of criminal activity. If false reports could cause all the squad cars in a rural area to positioned away from where a crime is going to go down, the criminal definitely has used a false report to advantage.
There is potentially exposure for “Terror” use of false reports, by either getting an Emergency Government response providing an enhanced terror target, or by doing the same thing to the populace. If false reports could cause the emergency system to become distrusted by the populace, reports of terrorism against that population may be delayed while it is discerned if the reports are bonafide or just more false alarms.
Can solutions be found?
Needs for solutions – confidence level, ease of use, ease under stress, fallback, tiers of confidence – the solutions have to promote easier separation of false reports from true reports, be reliable, and not become a system to create falsely-authenticated false-reports.
First where possible the group’s self-awareness of each other and common sense should continue to be a primary validation method.
For non-voice or other reporting systems where the person listening to a voice spotter’s report likely does not know the spotter, a Weather Reporter Pad System & Tactical Call Out ID system might be employed.
If a Weather Spotter had an authentication pad, they would be able to include in their report a number from the pad based on an easy hash – say something like going down the lines to match the day of the month (so today we would go down 28 lines) and going across columns to the month itself (so we would go to the 6th column) and attaching the short code to their report.
The pads could be assigned to specific spotters, and the results be slightly different – where I might have found B23AD as my authenticator, another reporter’s pad might have given them B23BG.
Obviously after the first report is transmitted over the air, that spotter is open to impersonation if the same authenticator was used every report.
To help address this on the second report they would use the authenticator directly below the last one use, and report as “report 2 – C34FG.”
Unless the physical pad was in the hands of fake spotters, there would be little way to falsify authentication.
Limitations of overhead, the downgrading of spotters who mess up using their reporting pads and overhead to check the authentication against the receiving station’s master pads should not be discounted.
Nor should the problem that other listening stations have no way to check the authentication, so the potential of bogus reports causing an Emcomm Team to self-activate needlessly doesn’t go away.
One questions whether reports alone should result in weather warnings?
Is the problem less with the reports being of varying quality and authenticity, being more in the evaluation system needing a more effective way to evaluation unauthenticated reports.
The “better safe than sorry” rule requires a response unless it is “known” the reports are false. Unless the weather service has known spotters in place observing weather different than the bogus reports, or can “see” that the weather is different through their technology, the safety first principle makes responding mandatory.
Having those secondary quality reporting resources may the be real solution to the bogus weather spotting problem