Police Department Accused of Updating Their Radios With Pirated Software (www.cbc.ca) 143
Winnipeg's police department used encrypted radios to stop the public from listening in to their conversations with police scanners. But did they pirate their software keys?
Long-time Slashdot reader Curtman shares this report from CBC News: Winnipeg police have arrested a manager with the city for allegedly updating police radios with fraudulent software he got from a person considered to be a security threat by the U.S. Department of Homeland Security, CBC News has learned. Back in 2011, Ed Richardson allegedly obtained millions of dollars worth of illegal software and instructed city employees to use it, police said in a January 2018 sworn affidavit, submitted to the Provincial Court of Manitoba when officers were seeking permission to search the man's emails...
In the affidavit, police said the Motorola radios needed frequent updating, which could only be done if the city purchased a "refresh key" or licence from the company to unlock the proprietary software. Motorola charged about $94 per update per radio, the document said, and a radio shop employee told police Richardson didn't like that. "[The employee] does not believe his actions were for personal gain; he believes that Richardson likes the idea of not giving more money to Motorola," the affidavit said.
The affidavit alleges that Richardson gave one employee 65,000 refresh keys, and told him that "you don't want to know where these came from."
In the affidavit, the employee adds that they "clearly" didn't come from Motorola.
Long-time Slashdot reader Curtman shares this report from CBC News: Winnipeg police have arrested a manager with the city for allegedly updating police radios with fraudulent software he got from a person considered to be a security threat by the U.S. Department of Homeland Security, CBC News has learned. Back in 2011, Ed Richardson allegedly obtained millions of dollars worth of illegal software and instructed city employees to use it, police said in a January 2018 sworn affidavit, submitted to the Provincial Court of Manitoba when officers were seeking permission to search the man's emails...
In the affidavit, police said the Motorola radios needed frequent updating, which could only be done if the city purchased a "refresh key" or licence from the company to unlock the proprietary software. Motorola charged about $94 per update per radio, the document said, and a radio shop employee told police Richardson didn't like that. "[The employee] does not believe his actions were for personal gain; he believes that Richardson likes the idea of not giving more money to Motorola," the affidavit said.
The affidavit alleges that Richardson gave one employee 65,000 refresh keys, and told him that "you don't want to know where these came from."
In the affidavit, the employee adds that they "clearly" didn't come from Motorola.
Sounds like (Score:4, Insightful)
A certain company is bilking governments and the taxpayers. Hmmm.
Re: (Score:3)
Yeah, it sounds like these paid and required updates are a way of going around a ban on subscription services.
Re: (Score:1)
Not to mention it sounds like a total ripoff... 94 dollars per update per radio? Thats highway robbery...
Re:Sounds like (Score:5, Insightful)
I'm thinking it's been something like $7.95 per month per radio, but rounded off to a yearly 'update' payment. Still ridiculous, of course. They should be opening an investigation into Motorola to see just how much money they're getting across your country.
Re: (Score:2)
They should've thrown the law at motorola, or at least not signed that stupid contract in the first place and instead should have demanded functional radios rather than artificially crippled them.
As such I fully understand why and hey savings for the taxpayer is all dandy. But it's the police and they gotta abide by the rules better than anyone else. So no pirating, eh. So this is more of a tax on idiot buyers getting suckered by sleezy sales. Too bad the taxpayer gets to pay for it, and not the bureaucrat
Re: Sounds like (Score:1)
What makes you believe being hightly profitable, including off government contracts is grounds for an investigation? What kind of mental gymnastics is required to even beging conteptating this when the starting point is âpolice gets caught utilizing illegal software licensesâ?
Re: (Score:2)
Now, I am not entirely well versed in US law and am certainly not a lawyer, but I seem to recall some law stating that any commercial offer extended to the state or government (and I'm assuming police falls under the state for this) must be the best possible available price-wise.
This ... doesn't seem to match that. That's all.
And as I said further up the thread, it sounds a lot like these paid updates only exist to get around calling it a subscription service, which in itself is borderline fraud.
Re: (Score:2)
Manitoba isn't covered by American law. What the Manitobian law actually is, I have no idea.
Re: (Score:2)
But government purchasing officers have a mandate to evaluate multiple suppliers and get the best deal for the government.
I can't tell if you're unfamiliar with our government or extremely naive, but our Federal government has spent literally billions of dollars trying to sort out its payroll software, and various governments of various political parties have not managed to figure something out yet in three decades of trying.
This latest attempt by the previous Conservative government, they spent $2 billion on IBM software that IBM said wouldn't work when they began. Now the whole thing is being thrown in the trash and th
Re: (Score:2)
And this is why Motorola is really afraid of Chinese brands like Hytera and Excera. Especially the patent fight with Hytera that effectively ended up being for some corner functionality that really doesn't matter for most users. The goal was to try to get rid of a serious competitor on the markets where Motorola dominates.
Also be aware that the radios that people used to joke about like Baofeng, AnyTone and Tytera all are improving fast and are really challenging Motorola. You can buy 10 of them for what a
Re: (Score:2)
You aren't too hot on geography either.
This is aboot Canada, y'hoser.
Re: (Score:2)
To be fair to myself I was running low on coffee and was just commenting off the replies, having forgotten exactly where this was going on. It just sounded like something you'd hear out of America.
Re: (Score:1)
Re: (Score:2)
Why would they do this? Motorola is free to set whatever price they wish to set. Winnipeg could just move to another vendor if the pricing is objectionable.
No they can't. There is incredible vendor lock-in with systems like this. At best, they find a local dealer who will cut them a deal to make it cheaper, but moving to another vendor is a multi-million dollar deal, and city governments don't do this lightly.
Disclaimer: I work in this industry but not for Motorola. Also, Motorola is known for shennigans like this, but they can generally get away with it because they are in the #1 position, sort like in the 80's where "you can't get fired for recommending IB
Re: (Score:2)
Still ridiculous, of course.
Hardly. For public safety infrastructure it's a small cost compared to the total ownership cost of the system itself. Last I checked with a Motorola TETRA system (the USA favours even more expensive P25) we were looking for 2 base stations in one system covering 400 radios a cost of $100k per year for license and maintenance. Radios are in the order of $2k each. And don't get me started on their cloud offerings. We balked at the cost as well and went to a competitor only to be greeted with figures that were
Re: Sounds like (Score:1)
Already exists. Called Yaesu.
Re: (Score:1)
Not to mention it sounds like a total ripoff... 94 dollars per update per radio? Thats highway robbery...
Highway robbery is the bane of traffic cops.
Re: (Score:2)
Re: (Score:2)
Have you not met people? You just described humans. We are great creatures. But at the same time were too smart for our own good. And were doomed to doom ourselves.
Re: (Score:1)
Re: (Score:2)
I see you've never had to deal with critical infrastructure before.
jail / prison maybe the wrong way. an government (Score:4, Insightful)
jail / prison maybe the wrong way. an government did this and the government may have to face fines.
As for this manager what pressure was put on him from higher up's?
Did they have the funds to even buy the keys?
Why is the key giver not in jail?
Will they be able to read the EULA line by line in court?
What about the government contract with Motorola what is in that and will they be able to read that line by line?
What is the real cost of the software???
1. if they can't go over both any EULA and the contract then the case should be removed from criminal court. But moved to an civil court.
Re: (Score:1)
Is there any proof that an EULA was agreed on or even shown to any party?
If there is a contract then that is what matters.
Digital EULAs are nothing but hearsay.
Re: (Score:2)
what about vendor / distributorship contract? vs the Motorola contract / EULA?
Re: (Score:1)
As I said, the contract is what matters.
If there is any claims of a digital EULA the response can be "I never saw it" or "this isn't what I agreed to" and then you have word against word.
Re: (Score:2)
I'm sure it can be read. My question is, will they finish before the heat death of the universe?
and will they a jury that can live on $10/day that will wait that long?
Re: (Score:1)
How do you know that the EULA that is shown in court is identical to the original EULA?
Re: (Score:2)
Why is the key giver not in jail?
The article doesn't go into technical details, but if this guy developed an independent programmer and key generator, he may not be under contract with Motorola at all and it's not [yet] illegal to write software to mod devices.
The police department more than likely is under contract and apparently used that software to engage in theft of services (and possibly copyrighted software) from Motorola.
I'm sure they'll want to scapegoat him anyway, as cops very rarely face punishm
Re: (Score:2)
it's not [yet] illegal to write software to mod devices.
If the programmer is in the US, then it most certainly is illegal, for better or worse. If the DMCA can be used by John Deere, it can be used by Motorola. They are circumventing a digital restriction.
intercepted transmission ... (Score:1, Funny)
>> Real transcription from an encrypted broadcast -->
After decryption -->
Re: (Score:2)
>> Real transcription from an encrypted broadcast -->
After decryption -->
Seriously, why are they using encrypted transmissions?
CAP === 'scorch'
To prevent outrage that the cops are buying dunkin donuts instead of timmies.
Re: (Score:2)
I don't believe you, but my latin isn't good enough to check your translation.
The real criminals (Score:4, Insightful)
The real criminals here are Motorola for charging $94 per radio per update to let them change settings on hardware the police dept already owns.
Re: (Score:3)
The real criminals here are Motorola for charging $94 per radio per update to let them change settings on hardware the police dept already owns.
Owning the radio and having a license to use them on a system are two different things. $94 is nothing, it's pennies when it comes to public safety radio systems. The radios cost thousands. The infrastructure 100s of thousands. The management and licenses hundreds of thousands again.
Little people ... (Score:2)
Quod licet Iovi, non licet bovi [wikipedia.org]. In other words, laws are for little people ...
Police on a leash. (Score:4, Insightful)
If you find you are suddenly in danger of being unable to use some functionality of your device then you have leashed yourself with closed-source software. If they had invested in contributing to an open source software then they would not be leashed. The real problem is that when people think of open source software, they think that because it's free that they should not allocate money toward supporting the software. [slashdot.org] This short-term MBA style thinking has kept open source projects very weak ("Why financially support a project if there is no immediate benefit?") and thus caused so many fools to put themselves on a software leash. In the case of expiring licenses, that leash is really a noose that slowly tightens around their neck until they pay.
If businesses were smart then there would be billions of dollars invested to build/improve open source software. Instead there are peanuts because corporations are only looking out for "number one" as they cut their own face.
Re: (Score:2)
This is delusional. People buy "closed source" software from known companies because t
Re: (Score:2)
That should be "How many times have you tried to enforce this"
Re: (Score:3)
People can sell support for open source just like closed source. Redhat for example has made a business of selling support for mostly GPL software.
Likewise, Motorola could be selling GPL software with a support contract, only drawback is that if they charge too much, someone else can offer support as the actual source code would be available.
Re: (Score:2)
So you are saying they spend massive bux and leash themselves so someone calling himself Bob will tell them it will be goodly if they will reboot the device?
Re: (Score:2)
A point. I, personally, am much more a proponent of free software, but in the 1980's open source frequently worked as you describe.
Re: (Score:3)
Nice sentiment, but completely unrealistic. There is a lot of work to be done to create systems like this and the market is pretty small, compared to many things in tech. These are multi-million dollar systems and don't get changed just because someone feels like it. That creates incredible vendor lock-in. Also the expertise to create these systems can be hard to find. "Public safety" systems are not easy to do and really take a company to stand beh
Re: (Score:2)
If they had invested in contributing to an open source software then they would not be leashed.
If it existed then it may be viable. But quite frankly there is no competitor to a P25 or TETRA based public safety system in the open source world. Unlike Oracle you can't just download an alternative off the internet. Just like you wouldn't download a car.
Motorola tried this with us over Y2K (Score:5, Informative)
After researching further, we learned that when the officers logged on to our dispatch system that it downloaded the correct date/time from the Unisys mainframe, overriding the Windows clock. Y2K endrun, Motorola doesn't get a trunkfull of money from us. Everybody working 3rd shift on 31 December 1999 were instructed to log off just before midnight and sign back in just after. Everything worked just fine. The MDTs continued working properly for years until they were eventually replaced.
The only Y2K casualty that we had was the Dispatch system on the HP minis! A patch was supposed to self-deploy at midnight: it was compiled and ready to go, but someone didn't run the link/edit step, and when it deployed, crashed it crashed the whole shebang. At least our Windows network was flawless.
While I can understand the guy not wanting to pay Motorola a ridiculous amount of money to update the radios, if you sign the contract, you're obligating yourself to the licensing fees. Motorola was infamous for this, so either read the fine print and negotiate a better contract, or find a vendor that will give you a better deal - you don't have to deal with Motorola directly to buy Motorola equipment!
Re: (Score:2)
and our mobile data terminals (MDTs) were not Y2K compliant ...
This does not make sense
Everybody working 3rd shift on 31 December 1999 were instructed to log off just before midnight and sign back in just after. Everything worked just fine. The MDTs continued working properly for years until they were eventually replaced.
Then obviously it had no Y2K problem.
if (XX99 < YY00)
Works completely different if XX and YY exist or not and one is 19 and one is 20
Re: (Score:2)
Well, yes, but if they didn't have any log files, then restarting after the century rollover would fix things. Only when you need to keep dates from both centuries is this a problem.
Re: (Score:2)
Parts of a much wider network had to be considered and worked on.
Re: (Score:2)
What does the $94 per update per radio cover? (Score:2)
I highly doubt that there are 'software' on the iButtons, they are basically just another 'small' storage media like a diskette, or a USB flashdrive.
Are the $94 covering:
1) Are they paying a one time fee to unlock the encrypted communication feature.
2) A fee to get special trusted X509 time limited certificates to create trust between the radios.
3) A combination of 1 and 2.
For certificates to be used within an organization having its own chain of trust, getting a certificate from a third-party is less secur
Re: (Score:2)
Re: (Score:1)
The firmware updates for the radios mentioned are downloadable for free from Motorola's website as long as you create a free account, but to legally install them you are required to purchase a hardware "key" from Motorola. The key is nothing but a counter containing how many "updates" you purchased, and authentication from the firmware upgrading program telling you that you have upgrades available. The counter goes down by one every time you attempt a firmware update, whether it's successful or not. Flaky p
Re: (Score:1)
This remind me of the Shell car wash back in the early 2000's, where an iButton fob was used as a prepaid token for a number of car washes.
It was possible to do a 'backup' of a new fob, and 'restore' it again when it was empty.
Re: (Score:2)
I highly doubt that there are 'software' on the iButtons, they are basically just another 'small' storage media like a diskette, or a USB flashdrive.
While you are almost certainly correct about what's on these iButtons, they actually have "Java iButtons" which have a processor onboard capable of running simple Java code. They are intended for upgradeable crypto tokens. Think SIM card.
And they only use them to block us out (Score:5, Interesting)
Once upon a time, you could just buy a scanner and listen in on what the police are up to. They didn't like that, so they went to encrypted radios, and they give access to the system to cherry-picked journalists that won't hold their feet to the fire. The whole reason they even have radios that need updating is to keep us from keeping tabs on their misdeeds.
Re: (Score:2)
Re: (Score:2)
Which is probably very true for the Winnipeg police. Don't want to publish dropping people off 10 miles out of town when its 40 below.
Re: (Score:3, Informative)
Bullshit. HIPAA applies to covered entities and that's not the police
https://www.hhs.gov/sites/defa... [hhs.gov]
Re: (Score:2)
If you get the spirit of the US Bill of Rights, it's that a low level of crime will be tolerated to ensure freedom and transparency of government.
Certain states go further - in New Hampshire, 'officers and magistrates' are accountable to the people 'at all times'. In its framing, the People are explicitly supreme to the employees of the State. They're not legally allowed to hide and ambush the People (they do anyway of course because the Rule of Law is out the window).
If your only choices were protecting
Re: (Score:2)
Now, we have locks on our front doors because we have to to keep people from stealing things. Now, the police have to encrypt their radio systems otherwise some [negative word of your choice] people will not only use sc
Re: (Score:3)
Now, we have locks on our front doors because we have to to keep people from stealing things. Now, the police have to encrypt their radio systems otherwise some [negative word of your choice] people will not only use scanners, but will also use their radios on the police networks and create nuisances of themselves at best,
We have to have unencrypted police radio because if we don't, [a subset of] the police will use the radio system to facilitate crimes against The People.
Re: (Score:2)
Re: (Score:2)
Wow, what an amazing conspiracy theory you have there
Not a theory [slashdot.org]
How'd you get modded up?
People with a clue must have got modpoints somehow.
I used to listen to police scanners all the time and they're boring as hell. A lot of mundane business.
These days, murdering the innocent is mundane police business [vox.com], and so is hiding the fact [theconversation.com].
Re: (Score:2)
These days, murdering the innocent is mundane police business [vox.com], and so is hiding the fact [theconversation.com].
These days?
You are obviously a person with bad memory or in the flower of your youth.
Today's police violence/misconduct pales in comparison to the sheer majesty of brazen nefarious activities found in the 60s, 70s, and 80s.
Re: (Score:2)
Today's police violence/misconduct pales in comparison to the sheer majesty of brazen nefarious activities found in the 60s, 70s, and 80s.
They are killing us in record numbers, so I don't believe that for a second. They are still up to all the same old tricks.
US DHS ... (Score:2)
This is more about Motorola having made a promise to their customers which they can not keep. And as anyone involved with software knows, nobody can keep in the long term.
So, there are some bad ideas. (Score:2)
Giving money to and paying for a product/service are not the same thing.
This is the bigger question - why? Do radio signals get stale?
Re: (Score:2)
This is the bigger question - why? Do radio signals get stale?
Digital encryption certificates expire and may need to be updated, allocated radio frequencies may change and need to be re-programmed in, and more.
Re: (Score:2)
This is the bigger question - why? Do radio signals get stale?
Digital encryption certificates expire and may need to be updated, allocated radio frequencies may change and need to be re-programmed in, and more.
Okay... but frequently? Certificates should last a while, unless the vendor is trying to rip-off customers and I can't imagine cities re-allocating their EMT frequencies that often. Sounds more like a business model designed to generate income for Motorola. I imagine that they're probably locked-in at this point and finding an alternative secure radio vendor *and* migrating over would be a HUGE hassle. Still not an excuse for a LEO to get the certificates illegally.
Re: (Score:2)
Not just that, but the department should be able to load their own certs, or program their own frequencies.
bone spurs (Score:2)
Re:Zipping doo da (Score:5, Insightful)
Copyright infringement is neither theft nor a crime according to everything I read here.
In the US, copyright infringement is a civil offense, and I believe it is the same in Canada. So it doesn't make much sense that he was arrested for that.
According to TFA, the actual criminal charges are for other things, including fraud and unauthorized use of a computer. Most likely they are just piling on charges to coerce him into a plea bargain.
Re: (Score:1, Troll)
Re: (Score:2)
Why is copyright infringement relevant here?
Because there is more to law than a two worded title that you looked up in a dictionary, and the practices being described have always been codified as illegal in criminal copyright legislation.
Re: (Score:1)
Re: Zipping doo da (Score:2)
In the US, copyright infringement is a civil offense
Not if you're uploading, it isn't.
Re: (Score:1)
Re: (Score:2)
It's because of assholes like you that this is the exact direction the software industry is headed. Software as a rental.. I can't just buy Photoshop anymore..
Don't be daft. Adobe would have gone that reason regardless just to get the people who don't need the new features to give them more money anyway.
Re: (Score:2)
Maybe, maybe not. You have no proof they would have.
And you have no proof that they wouldn't have. If you get near a point, make it.
What we do know is Photoshop was one of the most widely pirated software titles out there.
So what? We also know that you're blaming people who would never have bought it anyway, who aren't reducing sales at all and who may one day purchase the software, for Adobe's corporate decisions. If you want to be upset at someone, be upset at the professionals who aren't paying for it, and are then making money with it, because they represent actual lost sales — and therefore an actual reason to implement this type of sc
Re: (Score:1)
my pal's sister makes $69/hour on the internet.
How exactly does she 69 over the Internet? Asking for a friend...