Design preview · adopts the Kaharagian design system
An official training service of the State of the Kaharagians
Royal Army CollegeRoyal Army CollegeRoyal Kaharagian ArmyThe College of the Army
SIG 220 Communications Security and Digital Discipline
Lesson 4 of 10SIG 220

Security Without Encryption

Lesson Overview

There is a hard fact at the centre of communications security that surprises almost everyone who meets it for the first time: on amateur and licence-free radio, you are not allowed to encrypt your traffic. The law that grants the amateur licence forbids any code or cipher intended to obscure the meaning of a message. So you cannot make radio traffic secret simply by scrambling or encoding it. This is not a limitation of your equipment; it is a limit set by law, and a lawful force keeps within it.

That fact forces a different way of thinking. If you cannot hide the meaning of what you send on the air, then security cannot come from secrecy on that bearer. It comes instead from discipline: from emission control, from brevity, from authentication, and above all from what you choose to say and, more importantly, what you choose never to say in clear. Sensitive detail does not go out over an open net at all; it travels by a bearer that may lawfully be encrypted, such as the internet, a virtual private network, or the Army's Team Awareness Kit traffic, or it is passed in person. The skill is matching the sensitivity of a message to the right bearer.

This is the knowledge layer of that skill. Reading and understanding it is the start; the operating, choosing bearers under time pressure, running a clean net, and passing detail securely, is practised and signed off in person and on airsoft milsim exercises, where radio is actually transmitted only by licensed members or on licence-free, low-power sets. By the end you will be able to state plainly why encryption is unlawful on amateur and licence-free radio, explain why security on those bearers therefore comes from discipline rather than cryptography, describe the role of brevity codewords and appointment titles (brevity and not naming individuals, never secrecy), apply the rule that sensitive detail is never read in clear on an open net, and choose the right bearer for the sensitivity of a message.

Key Terms

  • Encryption: the transformation of a message into a form unreadable to anyone without the key, so that its meaning is hidden even from someone who receives every bit of it.
  • Plain language (in clear): speech sent in its ordinary, readable form, with nothing done to hide its meaning; anyone listening understands it.
  • Obscuring the meaning: any code, cipher, or trick whose purpose is to stop a listener from understanding what is meant; this is what the amateur licence forbids, not just formal encryption.
  • Bearer: the path a message travels by, such as voice radio, the internet, a VPN, the TAK server, or a person carrying it; different bearers offer different lawful protection.
  • Brevity codeword: a single agreed word standing for a longer common phrase, used to keep transmissions short and to avoid naming individuals; it shortens, it does not legally hide.
  • Appointment title: a name for a role rather than a person, such as "Sunray" for the commander, used so a person is not named on air; again for brevity and not for secrecy.
  • Secure bearer: a path on which encryption is lawful and in use, so that meaning genuinely is protected; the place sensitive detail belongs.
  • Open net: a radio net any receiver can hear, where nothing said is hidden; treat everything on it as public.

The hard legal fact: you may not encrypt on the air

Begin with the rule, because everything in this lesson follows from it. The licences that let amateurs and the public use the radio bands forbid encryption and, more broadly, any code intended to obscure the meaning of a message. In the United States this is FCC Part 97 for the amateur service; equivalent rules apply under the law of every jurisdiction the Army's members operate in. The principle is consistent: the amateur and licence-free bands are a shared, open resource, and the law keeps them open by requiring that traffic be intelligible, not hidden.

Read the rule carefully, because people misremember it. It does not say "no strong encryption" and allow weak codes. It forbids anything whose intent is to obscure meaning. A homemade substitution code, a private codebook that turns sentences into nonsense words, pig latin meant to confuse a listener, all of these are caught, because the test is intent to hide meaning, not the cleverness of the method. There is a narrow, well known exception for the control links of model craft and satellites, which is not communications between operators and does not help you here. For the traffic this course is about, voice between members on amateur or licence-free sets, the answer is simply: no.

So the conclusion is unavoidable. You cannot make your radio traffic secret by encrypting or encoding it, because doing so is unlawful, and the Royal Kaharagian Army trains and operates lawfully. Listening, by contrast, needs no licence and breaks no rule: assume someone is always listening to you, because lawfully they may. Security on these bearers cannot come from a secret you keep inside an open transmission. It must come from somewhere else.

   WHY ENCRYPTION IS NOT THE ANSWER ON THE AIR

   The amateur / licence-free licence says:
      "no encryption, no code intended to OBSCURE THE MEANING"

   Therefore on amateur + licence-free voice radio:
      - You may NOT scramble traffic to make it secret ......... unlawful
      - You may NOT use a private code to hide meaning ......... unlawful
      - Anyone may listen without a licence .................... lawful

   So secrecy-by-encryption is OFF THE TABLE on this bearer.
   Security must come from DISCIPLINE, or from a DIFFERENT bearer.

Security comes from discipline, not from a secret code

If you cannot hide what you send, you protect yourself by sending less, sending it briefly, proving who you are, and choosing your words so that nothing sensitive ever leaves your mouth on the open net. These are the tools of the earlier lessons in this course, gathered here around one idea: discipline is the security.

Emission control, taught in Lesson 02, is the first and greatest of them. The transmission you never send cannot be intercepted, cannot be direction-found, and cannot be fed into traffic analysis. Transmit as little as possible, as briefly as possible, at the lowest power that still works, and observe radio silence when ordered. Brevity is part of the same logic: a short transmission gives a listener less to intercept, a direction-finder a shorter signal to fix, and an analyst less to read in your volume and timing. Authentication, taught in Lesson 03, lets a station prove it is genuine and exposes an imposter trying to inject false orders; it protects you not by hiding meaning but by confirming identity.

None of these hides the meaning of a word you speak. A listener with a receiver still understands every plain-language transmission you make. What discipline does is make sure that the plain-language transmissions you do make are short, few, authenticated, and empty of anything worth hearing. The security is not in a code the listener cannot crack. It is in the fact that you gave them almost nothing, and nothing sensitive, to begin with.

Brevity codewords and appointment titles: for brevity, not secrecy

This is the point most easily misunderstood, so hold it firmly. The Army uses brevity codewords and appointment titles on the net, and a newcomer naturally assumes these are a code that hides meaning. They are not, and you must never treat them as if they were.

A brevity codeword is a single agreed word that stands in for a longer common phrase, so that one word does the work of a sentence. It exists to keep transmissions short, which serves emission control and reduces what an interceptor and a direction-finder can use. An appointment title is a name for a role rather than a person: "Sunray" for the commander of a sub-unit, "Sunray Minor" for the second in command, and so on. Its purpose is to avoid naming an individual on the air, so that a listener building a picture of your force does not also collect personal names. Both are lawful precisely because they do not obscure meaning in the legal sense: their meanings are well known, even published, and any informed listener can follow them. They shorten and they depersonalise. They do not make traffic secret.

Treat them accordingly. Because they are not secret, you cannot lean on them to carry sensitive content. Saying "Sunray, send the figures for the package" hides nothing if you then read exact numbers in clear; the appointment title protected a name, but the numbers are now public. The codeword "MINIMISE" tells everyone to cut non-essential traffic, and that everyone hears it is the whole point. Use brevity codewords and appointment titles for what they are, a way to be short and to avoid naming people, and pass anything genuinely sensitive a different way.

   WHAT BREVITY GIVES YOU, AND WHAT IT DOES NOT

   Brevity codeword / appointment title
        |
        +-- GIVES:  a short transmission (less to intercept / DF / analyse)
        +-- GIVES:  no individual named on the air
        |
        +-- DOES NOT GIVE:  secrecy. The meaning is NOT hidden.
                            An informed listener follows it.

   RULE: never let an appointment title or codeword tempt you into
         reading sensitive detail "behind" it. The detail is still
         in clear, and the net is still open.

The rule: never read sensitive detail in clear

From everything above comes one rule you can carry into every transmission you ever make. Never read sensitive detail in clear on an open net. Sensitive detail means the things that would help an adversary if overheard: exact numbers (of people, of stores, of vehicles), full personal names, precise plans (timings, routes, objectives), grid references tied to a named person or task, and the identities of casualties. None of this goes out on an open net in plain language, and since you cannot lawfully encrypt it on that net, it does not go out on that net at all.

What, then, does go on the open net? The light, the routine, and the non-sensitive: a radio check, an authenticated call, a brief acknowledgement, a request to switch to a secure bearer, a position report on a tool built for it. When you must coordinate around sensitive content, you can name that the content exists without reading it: "I have casualty details for you, pass me by secure bearer," not the casualties' names and injuries over the air. You are allowed to say that there is detail; you are not allowed to read the detail.

The discipline of choosing your words this way is the daily form of operational security, which the final lesson of this course takes further. It is a habit of the tongue: before you key, ask whether a listener could harm the Army, a member, or a national with what you are about to say. If the answer is yes, the open net is the wrong bearer, and you change bearer rather than change your mind about saying it.

   SAY / DO NOT SAY IN CLEAR ON AN OPEN NET

   SAY (light, routine, non-sensitive)     | DO NOT SAY IN CLEAR
   ----------------------------------------+----------------------------------
   "Radio check, over."                    | Exact numbers (people, stores,
   "THIS IS <callsign>, authenticate ...". |   vehicles): "we are FIGURES NINE".
   "ROGER, OUT."                           | Full personal names of members
   "Request you SEND by secure bearer."    |   or nationals.
   "I have detail for you, not in clear."  | Precise plans: timings, routes,
   "MINIMISE" / move-to-frequency words.   |   objectives, the time of a task.
   Position reports on a tool built for it.| Grids tied to a named person/task.
   Brevity codewords (for brevity).        | Casualties' identities and injuries.
   Appointment titles (to avoid names).    | Anything that helps a listener if
                                           |   overheard.

   If it belongs on the right, it does NOT go on the open net at all.
   Move it to a secure bearer or pass it in person.

Choosing the right bearer for the sensitivity of the message

Because secrecy cannot come from the open net, it comes from choosing where a message travels. This is bearer selection, and it is the practical heart of the lesson. Some bearers may lawfully be encrypted and so can carry sensitive detail; the open net may not, and so cannot. Matching the message to the bearer is how a lawful force keeps secrets without breaking the law of the air.

The internet, used over a virtual private network, is encrypted and lawful: a VPN protects the content end to end, and the Army's online services sit behind it. The Army's Team Awareness Kit traffic runs to a self-hosted server, OpenTAKServer at tak.kaharagia.org, over connections that may be encrypted and authenticated by per-user certificates; that bearer can carry position reports, markers, and chat that you would never read in clear on voice. In person, mouth to ear with no transmitter involved, is the most secure of all and the right choice for the most sensitive detail when members are together. The amateur and licence-free voice net sits at the other end: lawful, useful, and open, fit for light and authenticated coordination, never for secrets.

So the bearer is chosen by sensitivity. Light, routine, time-critical coordination goes by voice, kept short and clean. Sensitive detail goes by an encrypted bearer where that is lawful, the internet over a VPN or the TAK server, or by a person. This is exactly the spirit of a PACE plan from your earlier signals training: you decide in advance, calmly, which bearer carries which kind of traffic, so that under pressure you are not improvising the choice. The discipline is to make the decision before you key, not after a listener has already heard what they should not.

   ENCRYPT WHERE IT IS LAWFUL / DISCIPLINE WHERE IT IS NOT
   Matching the message to the bearer

   BEARER                 | ENCRYPTION       | LAWFUL TO     | USE FOR
                          |                  | ENCRYPT?      |
   -----------------------+------------------+---------------+--------------------
   Amateur / licence-free | none allowed     | NO            | light, routine,
   VOICE (open net)       | (plain language) |               | authenticated
                          |                  |               | coordination only
   -----------------------+------------------+---------------+--------------------
   Internet over a VPN    | yes, end to end  | YES           | sensitive detail:
                          |                  |               | numbers, names,
                          |                  |               | plans, casualties
   -----------------------+------------------+---------------+--------------------
   TAK server traffic     | may be encrypted,| YES           | positions, markers,
   (tak.kaharagia.org)    | per-user certs   |               | chat; detail not
                          |                  |               | said on voice
   -----------------------+------------------+---------------+--------------------
   In person (no radio)   | n/a, nothing     | n/a, most     | the most sensitive
                          | transmitted      | secure of all | detail when together

   DECISION (make it BEFORE you key):
     Is the content sensitive?  --NO--> open voice net, kept short.
                                --YES-> encrypted bearer (VPN / TAK) or in person.
                                        NEVER read it in clear on the open net.

In Practice: A Relief Section Passes Casualty Detail

A section of the Royal Kaharagian Army is supporting a humanitarian relief task after a flood has cut a community off. They are working a licence-free, low-power net for local coordination, because not every member present holds an amateur licence, and the net is short-range and entirely in plain language. Their TAK devices are running, talking back to the Army's server over the mobile network, and the section commander, a Corporal, has the unit's VPN-protected messaging on a phone.

A team out at the edge of the flooded ground finds two injured nationals and needs to get casualty information back so transport and care can be arranged. The young Private with the radio feels the pull to do the natural thing: read the names, ages, and injuries of the two casualties straight over the net, because it is fast and the people are right there waiting. The training holds instead. The Private keys only what is light and lawful in clear: an authenticated call, then "Sunray, I have a casualty report for you, two persons, detail to follow by secure bearer, over." An appointment title kept the commander's name off the air; "two persons" is a count light enough to pass; the identities and injuries, which are sensitive, are named as existing but not read.

The detail then travels by the right bearer. The Private sends the casualties' names, ages, and injuries to the Corporal over the VPN-protected messaging, and drops a casualty marker on TAK at the location, where it rides an encrypted, certificate-authenticated link rather than the open air. When the Corporal needs to brief the team leader who is now standing beside them, the most sensitive judgements are spoken mouth to ear, with no transmitter involved at all. Nothing was encrypted on the radio, because nothing lawfully could be; nothing sensitive went out on the radio either, because it did not need to. The section kept the casualties' details secret by choosing where those details travelled, and it stayed entirely within the law of the air while doing so.

Check Your Understanding

  1. State the hard legal fact about amateur and licence-free radio in your own words. Why does it mean you cannot make your radio traffic secret by encrypting or encoding it, and what must security on that bearer come from instead?
  2. Brevity codewords and appointment titles are used on the net. What two purposes do they actually serve, and why is it a serious mistake to treat them as a way to hide sensitive content? Give an example of the mistake.
  3. You have casualty identities and a precise plan to pass. Walk through how you decide which bearer carries which part of the traffic, naming what you may say in clear on the open net and what you must move to a secure bearer or pass in person, and why.

Reflection (write a short paragraph): The vignette turns on an operator who wanted to do the fast, natural thing, reading casualty detail straight over the radio, and instead held to the rule and changed bearer. Think of a moment in training or ordinary life when the quick, convenient way of communicating something would have exposed information that deserved protection. What would the disciplined choice have been, and how would you decide in advance, calmly, which things you will and will not say on an open channel, so that the decision is already made when the pressure is on?

Summary

  • The amateur and licence-free licence forbids encryption and any code intended to obscure the meaning of a message (for example FCC Part 97 in the US, and equivalents elsewhere), so you cannot lawfully make radio traffic secret by encrypting or encoding it; the Army operates within that law.
  • Because secrecy is off the table on that bearer, security comes from discipline: emission control, brevity, and authentication, none of which hides meaning but all of which leave a listener little, short, and verified to work with.
  • Brevity codewords and appointment titles are for brevity and for not naming individuals, not for secrecy; their meanings are not hidden, so never let them tempt you into reading sensitive detail behind them.
  • The rule: never read sensitive detail (exact numbers, full names, precise plans, grids tied to a task, casualties' identities) in clear on an open net. Light, routine, authenticated coordination may go by voice; sensitive detail does not go on the open net at all.
  • Choose the bearer by sensitivity: pass sensitive detail by an encrypted, lawful bearer (the internet over a VPN, the TAK server traffic at tak.kaharagia.org) or in person, and decide which bearer carries which traffic in advance, in the spirit of a PACE plan.
  • Threads to follow: Lesson 02 (emission control and the quiet net) and Lesson 03 (authentication and recognising intrusion) within this course; Lesson 10 (operational security in the information age); FLD 220 (Signals and Field Communication) and SIG 201 for voice procedure and message handling; PME 210 (Staff Duties) for written orders; HCR 220 (Emergency Preparedness) for resilient comms in a crisis.

Crown Copyright © 2026 | Published by Authority of H.R.H. The Prince of Kaharagia

Lesson 4 · Knowledge Check

Question 1 of 3

Why can you not lawfully make amateur or licence-free radio traffic secret?