I am being asked by another member to consider "AG" status. Frankly, none of the current three authentication options appeal to me as-is. I would however consider the option to upload a scanned image of my FCC license, but ONLY under the following conditions:

a) I can superimpose a transparent watermark that says "COPY" or "Digital Copy" over the image of my license, and either:
b) Be assured that the upload link is SSL encrypted, or
c) Allow me to encrypt my image in a password-protected ZIP file.

Is this possible?

I hope I am not sounding "paranoid" here, but there is something about sending an unprotected scan/JPG of my license over a potentially unprotected connection that bothers me.

Dan Reese, N9XX

---

N9XX Dan Reese

Hi Dan,

You have an understandable concern. But, if you simply take a picture with a camera where it is legible... that is the same information as what is in the FCC databases and a picture is hardly going to reproduce a printable copy.

If someone wants to print out a "copy" of your license, they only need go to the FCC website or others and print a "reference copy". Physical possession of a printed paper license does not "confer authority".

http://wireless2.fcc.gov/UlsApp/UlsSearch/printAuth_amateur.jsp?licKey=766331

Sending in a copy or picture of the "original" license (printed on the special paper) to eQSL is just a way of showing "I'm that guy." The FCC only mails the "original" to the ham. And if someone gets a copy of that picture, the only place I know of that they can spoof being you is on eQSL... but they can't because you'd already be registered! Maybe just print over it "For eQSL use only: 08/25/2010" somewhere not covering vital info. Can't see how they can object to that! Just submit it and if there is a problem they will let you know. (Staff doesn't often peruse the forum for questions to answer, they get enough by e-mail. This is kind of user help here I think.)


Hope that allays your fears. You are not alone, it is a common fear in more than ham radio. When methods change technologically, people have to change with them. You are simply like Dr McCoy of Star Trek not liking to have his "molecules spread all over God's creation", when everyone else practically leaps into the transporter. I'm not making fun of you, just saying it is an understandable fear, just likely unwarranted.

And I'm not staff here, just a user. So I may be wrong.

Kevin, N4UFO

---

Tropicana Twister TV commercial - "It's from ALIENS!!! I seen'em!"

although you are correct that the link would be unencrypted, you have to also consider other factors when thinking of the security.

Factor 1: Value of the information. In this case, the value is nearly zero. The personal info can be looked up from other sources. Someone could print a copy of your licence, of course, but realistically, what does that buy them. Information with low intrinsic value is highly unlikely to be the target of a complicated intercept attempt.

Factor 2: Threat environment. There is no obvious heightened threat to the security of amateur radio licences that might give any plausible reason to believe that a photo of one's licence is any more likely to be intercepted than any other information. Add to that the fact that intercept attacks are quite rare, and it is difficult to come up with a valid threat agent.

Factor 3: Making an intercept attack is not as easy as the FUD-sayers would have you believe.

So... low value asset, no threat to the asset, difficult attack vector adds up to negligible risk.

This is not the same as taking a picture of your passport, birth certificate, social security and credit cards and blasting it around the internet as a unit (medium value asset, known threats, still a difficult attack vector but definitely some risk).

---

VE3OIJ P. Darin Cowan

Thanks to both N4UFO and VE3OIJ for the great replies. Very thorough discussions, allaying my concerns. What is easy to lose sight of, as N4UFO so adeptly points out, is that the license information is "all out there" to begin with. The link to the FCC replacement license image was news to me!

And I agree with VE3OIJ comment that the value of the information is nearly zero. What is invaluable to me is the license itself. That's a matter of great personal pride, especially since that license was earned "the old fashioned way" with sit-down 20 WPM code exam at the FCC office in Chicago - a pretty good excursion for a 15-year old from Wisconsin in the early 70's.

There is just that feeling of "is the eQSL website/service as secure as it needs to be?" Note that I'm saying "as it needs to be" and not "as it can be". My take is that it probably is, given the kind of content that we are dealing with. After all, it's not our credit card numbers, it's our QSO data - many hard-earned, and certainly valuable to those chasing the awards (and I have quite a few earned the "old fashioned way" too!)

Thanks and 73, Dan N9XX

---

N9XX Dan Reese

I have to admit, it should be a pretty trivial matter to SSL-encrypt such an upload process. However, purchasing and maintaining a valid SSL certificate costs money. Whether such a purchase can be made from the eQSL budget I don't know.

Honestly, if it gets more people into AG, I'm all for it even if there isn't really a security risk.

---

VE3OIJ P. Darin Cowan