Why Your Scanner Has A Hole In It

The SDR revolution has completely changed the way radio enthusiasts pursue their hobby, but there is still a space for the more traditional scanning receiver. If you are an American, have you ever noticed that it has a gap in its coverage between 800 and 900 MHz? The curious reason for this is explored by [J. B. Crawford], and it’s a tale of dusty laws relating to a long-gone technology, remaining on the books only because their removal requires significant political effort.

What we might today refer to as “1G” phones used an entirely analogue transmission scheme, with an easily-receivable FM carrier for the voice and extremely low-bandwidth bursts of serial data only for the purposes of managing the call. Listening to these calls was an illegal activity, but for those with the appropriate scanners it became a voyeuristic hobby within a hobby. It even made the world news via the pages of the gossip sheets, when (truthfully or not) it was credited for the leak of a revealing and controversial conversation involving Diana Princess of Wales.

This caused significant worry to the cellular phone companies who understandably didn’t want their product to become associated with insecurity. Thus they successfully petitioned the US Congress to include a clause restricting the capabilities of scanning receivers into another telecoms-related Act, and here we are three decades later with analogue phones a distant memory and the law still on the books. It may be ancient and unnecessary but there is neither the will nor the resources to remove it, so it seems destined to become one of those curious legal oddities that remains on the books for centuries. Whether an RTL-SDR breaks it is something we’ll leave for the lawyers, but the detail in the write-up makes it well worth a read.

Header image: krystof.k (Twitter) & nmuseum, CC BY-SA 3.0.

51 thoughts on “Why Your Scanner Has A Hole In It

    1. Could you imagine the horror of legislators having to affirmatively vote for or against every law on the books? You would wind up with only things like rape, murder, and robbery being illegal just due to the time it would take to reauthorize things!

      Then really important things like how much water my toilet uses or which vegetables I’m allowed to grow in my own garden or whether my barber gets to have an aquarium in his shop might go unregulated! It would be total anarchy!

        1. No. The number and scope of federal laws is way, way too high.

          The problem is that the US Supreme Court in Wickard v. Filburn and Gonzales v. Raich have effectively said that literally everything is related to “interstate commerce,” making a mockery of the 9th and 10th amendments.

          1. Remember that Congress delegates its authority. That brought us the BATFE saying that a shoestring is a machine gun, corrected after about 5 years to “a shoestring is *sometimes* a machine gun”.

      1. I sort of like the idea of a law renewal “budget”, so to speak. Maintaining an ordered priority list shared between laws to be renewed and new laws to be put into place. Only the top X entries based on time it would take will be completed in a given year.

        Since removing bribery of representatives has proven to be an impossible task, it would at least have the effect of spreading thin existing bribery, slowing down the passing of new laws. Which lets face it, most shouldn’t exist in the first place anyway.
        It just might also encourage congress to fix the process of removing laws to be better. This is the main reason we need two or three hundred laws in place, all to “fix” mistakes in previous ones poorly, that wouldn’t even be needed if the root “bad law” could simply go away.

      2. > just due to the time it would take to reauthorize things!

        That’s exactly the point. Law is no good if it’s so complicated and archaic that nobody actually knows what’s in it. The justice system stops working because anyone can read different bits of the law and apply them selectively, and since there’s so much of it the fault either goes unnoticed or it takes decades of legal battles to reverse a wrong judgement.

        An ever-growing system of laws and statutes and regulations will eventually paralyze the system. It has to be pruned one way or another, so it’s simply better to have a law that prunes itself. For example, “if this law hasn’t been applied in ten years, the next time it applies once and then has to be re-authorized.” This means laws that are in constant use do not need to be renewed constantly, and laws which are written to deal with special corner cases enter a state where every future application leads to a re-evaluation of whether we need that law at all.

        1. “This means laws that are in constant use do not need to be renewed constantly, and laws which are written to deal with special corner cases enter a state where every future application leads to a re-evaluation of whether we need that law at all.”

          Common sense. That is why you’ll never see it proposed by politicians ;P

    2. Laws that are made for the sake of technology that has a limited lifetime should have a limited lifetime too. Rape and murder don’t come and go as technology does. And for that reason your idea seems perfect. When making laws they should be made infinite or with an ending date. You could always extend the lifetime by adding something to the law but after the technology has long gone, the law destroys itself.

      1. This can both help and hurt. Certain laws protect you, as a consumer, and could die–corps with deep pockets lobbying could kill future legislation to continue your protection. Gun laws, which allow citizens to manufacture firearms at home, could die and open up the potential to take away all rights to have any home or personal defense. It is far more effective to leave the laws on the books, and let the ones who want to change them do the work. It can take significant effort to change or repeal the laws, but as we have seen–laws can pop up overnight, completely screwing people. Laws that stay put give peace of mind. Laws that self-repeal open doors to fast acting politicians with a reason to control without reasonable merit.

    3. I thought so too for awhile. But you know that they’d just put all of the to-be-sunsetted laws into a big unanimous “renewal” bill that nothing would ever get removed from.

      Sort of like the “defense reauthorization acts”. It’s been 20 years, and the Patriot Act provisions still get renewed like clockwork, often with even more riders and pork.

  1. That law is a total relic. Not only does it no longer serve any purpose as there are no longer any cell signals that scanners can receive, it doesn’t cover a whole bunch of other frequencies that are now used for cell service.

    I once made good use of the fact that my RTL-SDR can receive the 700 MHz band. A few years back before FIOS came to the neighborhood and I still had cable internet from Comcast, we suddenly started to have major problems with service at my house. (TV was fine; only internet was affected.) By looking at the management interface of my cable modem I was able to determine that my internet service was carried on channels that were on the same frequencies that had been recently sold to wireless carriers, and my RTL-SDR verified that there was a strong signal on the air that looked like OFDM — presumably a cell site in the neighborhood that had just come on the air. Armed with that information, I was able to give more detailed information to the cable technicians when they came.

    First they sent a low level tech, who quickly concluded that the problem was above his pay grade. A higher level person came and spent a couple of hours here diagnosing the problem, including remotely checking other cable modems in the neighborhood for their error rates. The problem was actually fixed about a day later; it likely took that long to track down the location where the wireless signal was leaking into the cable system and repair it. By the standards of home internet service I grade that as a good experience; a business customer would likely disagree.

    A typical story for Comcast. The company combines a high level of technical competence and mind-bogglingly bad customer service. If they handled customer service half as well as their network, they would be a highly ranked company instead of one of the most unpopular companies in the nation.

    1. As cable companies use frequencies occupied by several different services beyond TV, they are required by law to prevent leakage that might interfere with those services. Fortunately, preventing leakage out also prevents leakage in. IIRC, there was one channel that overlapped the amateur radio band between 144 – 148 MHz and another one at 50 – 54 MHz.

        1. MAybe that’s why I used to get TV audio (ch 6 if I remember right) on 50.54MHz. This was true in at least two towns that I spent time in and they didn’t even have the same cable provider.

    2. That, plus not trying to block and filter user traffic on their networks, and not trying to extort businesses into becoming their customers by throttling peering links and trying to balkanize the whole internet.

    3. “A typical story for Comcast. The company combines a high level of technical competence and mind-bogglingly bad customer service.”

      I used to work in internet tech support for Comcast. OMG the temptation to spend the rest of the day writing a book in response to this… But I’m going to try to keep it reasonably short.

      When I started there my region had been previously serviced by another, smaller (and much loved) company which Comcast had purchased. The tech support office was far too small and most of the calls went to a contractor company in Canada. The contractors were paid per-call with no measurement of customer satisfaction or if the problems were actually fixed so their strategy was just to get the customer off the line as quickly as possible. They would have the user unplug their modem, tell them that leaving it so for some amount of time would fix it and then end the call.

      Customers would typically call back and reach contractors 9-10 times before finally by chance getting to one of us. We actually were kept accountable with stats on whether of not the customer has to call back. Plus most of us actually wanted to do a decent job. So we would make every effort we could (from our cubicle) to fix the problem. By this time the caller would be understandably frustrated. So were we! But since Comcast was the hand feeding us we couldn’t exactly tell the customers this.

      And yet, despite the absolute uselessness of the contractors, and despite the fact that we were actually helping them the customers loved the contractors. Many would eventually figure out that there were two offices. Probably by the accents. And they would often tell us (on our ever-recorded and monitored lines) that they liked the canadians because they were more polite.

      It absolutely mystified me and it still does to this day. What did those people say or how did they say it that was so much more “polite”. I certainly wasn’t rude! I would be saying only the nicest things I could imagine and in the sweetest voice I knew how to produce and still have customers actually tell me “I know when I get your office because you actually fix my problem but I prefer talking to those Canadians because they are so polite”. WTH?! If getting sweet talked was more important to them than their internet service why were they calling an ISP? Perhaps a 1-900 number would serve them better?

      Subliminal messages in the background maybe? “We are sooo polite…. you love us….”

      Comcast took notice of this and changed their hiring practices. My interview started with a test asking technical questions. They hired me based on my technical background. Now it’s all about having a customer service background, no technical requirements. By the time I left they were hiring seniors with zero computer experience for internet tech support!

      Training day 1: This is a mouse…

      I left for greener pastures over 15 years ago now but I still hear what goes on from friends who remain. They have since merged internet and cable tv tech support and given sales stats. That person helping you with your modem problem spends far more of their day arguing over non-pay disconnects and embarrassing pay per view charges. And no matter how sleazy it makes them feel they HAVE to try to upsell you, even when you are rightfully angry your current service doesn’t work because if they don’t hit stats on making sales they lose their job.

      Much of this is due to Comcast being the epitome of everything that is wrong with big American corporations. They are run by short-sighted execs looking to make it big in this quarter’s bonuses. They don’t understand nor care that good customer service makes a company money by keeping long term, happy customers. They need something like a sales stat that they an point at to justify the cost of keeping the the tech support office open.

      But it’s not just the execs. I strongly believe that Comcast is a beast that was created at least in part by it’s own customers. When you told them you cared more about that polite voice on the phone than you did having your service actually function… they listened!

      I could go on for hours with stories about abusive customers, dumb things corporate did that made it harder for us to actually do our jobs and help customers, nasty non-customer facing higher departments that would bounce legitimate requests for a line-tech back at us, etc… Just try to remember that whatever company you call the person you get on the phone is probably several layers below the one who caused your problem and probably has even more reason to hate the company than you do. And unless you have already been abusive the person on the phone would probably prefer to fix your problem than argue with you.

      Be nice!

  2. Funny story…
    I worked for Radio Shack (Roosevelt Field Mall, Garden City, NY) at the time they were selling a rebadged version of the phone in the picture (17-1003 if I remember correctly) and at that time they also sold portable radios… One of these radios picked up the audio for TV stations on both VHF(2-13) and UHF(14-83). One night we’re playing around with this radio, and we hear one half of a conversation. Tweak the dial, and get half of another conversation. It wasn’t long before we realized we were picking up cellular phone calls. Funny thing, the following year, that radio could only tune up to channel 80, and no longer picked up cellular.

    Then there was the PRO-2004 scanner (20-119)… When it was first released, it also picked up cellular frequencies. It was quickly replaced with an “A” revision that didn’t pick them up… until you opened it up and replace a missing diode. Add a couple more and you went from 300 channels to 400, and increased scanning speed as well.

    1. i’d say get an old (analog) cable-tv tuner; the kind that tunes the upper portion of channels and hook an antenna to the cable-in jack…

      although you might need a standalone FM decoder hooked to the insides of the unit as the FM in tv might not be the same frequency/ect. and the video-out jack blocks the FM-carrier

      where i live, some people abuse UHF and use it solely for the FMaudio-within-TV scheme analog TV uses. but some transmissions use a different FM both with and without a black-screen signal. there is also abuse transmitting AM-audio, so audio will come out the video jack and drive your HorizontalOutputTransistor CRAZY on an older tv.

      i have yet to find a transmission where the Left is AM (instead of picture) and the Right is FMsubcarrier just like normal tv-audio.

      PS: “HOT” means 4 things: HorizontalOutputTransistor, >1000vAC(flyback) & >100vDC(supply), >50deg.C.(normally), hot like a loud rock song when it shorts-out, and stolen as in stolen from one tv to fix another.

    2. I still have a RS Pro-2048. I bought it in the early 90’s to monitor the various emergency bands in an extremely low population rural area. At the time I still used a Motorola bag phone as I greatly appreciated the 3 watts. I definitely COULD pick up my own phone calls with it. I don’t have a use for it not as most everything has gone digital.

  3. Just as upconverters allow a cheap RTLSDR to receive HF, a basic downconverter would allow you to receive on the band mentioned in this article.
    Assuming there was something to receive, anyway.

    1. I remember such converters being a frequently reoccurring project in Popular Electronics magazine. Usually something based on an NE602. I sooo wanted to build one as a kid but was mostly limited to the parts the Rat Shack sold.

  4. Mine doesn’t. Got a Radio Shack one put away made just before the law came in. 30Mhz to 1100 I think it does. All my radio gear is stashed though because my current residence seems horrible for reception of much, terrible noise across all bands, and I never really sorted out a radio safe place to hook up real grounds and high antennas to improve things. I’d have pretty close to literal DC to daylight capability if I got everything set up.

  5. Scanners long had holes in their coverage, originally they were 30-50MHz, something like 144 to 174MHz and maybe reception at 450MHz. The aeroband originally required a separate receiver.

    The earliest “scanners” didn’t scan, they were either analog tuning or required a crystal for each channel. When actual scanners arrived (ie the ability to check some channels until there was a signal), thise two needed a crystal for each channel.. Lots of holes there, unless you knew the frequency of locally used channels, you’d never hear local signals.

    It took a few iterations of synthesized scanners befkre they had such broad tuning.

    In the US and Canada, it was never against the law to tune any frequency. There were rules preventing you from repeating what you heard. The exceptions were broadcast and amateur radio (which is another way to explain no encryption for ham radio).

    Of course, cordless and then cellphones made it a lot more personal, and a lot more to hear, and scanners by then had become cheap and available.

    Those celebrated cases broke laws, but once scanners moved beyond radio hobbyists, who would know any of the radio laws?

    I’m pretty sure the law against cellphone reception is actually about selling receivers that cover certain segments. It didn’t limit building your own, or listening to those frequencies. But it got it out of consumer hands.

    1. Some of those holes were due to the receiver design. Back in those days, a receivers that could continuously cover a large portion of the spectrum were difficult to make. Also, the aircraft band was AM and most scanners received only FM.

    2. “In the US and Canada, it was never against the law to tune any frequency. There were rules preventing you from repeating what you heard.”

      No.

      I can’t speak for Canada but in the US at least this WAS the law for a time. You could listen to anything so long as you didn’t need to break encryption to do so and you didn’t record or repeat it. (kinda like the DMCA)

      Then the telcos lobbied and it actually did become illegal to even just listen to cellular conversations. You could still listen to cordless phones (the kind that depended on a base station that plugged into one’s landline) but cellular networks were off limits. Cause money, not sense makes laws.

      I suppose it probably still is the law although since all cellular communications have gone digital and I assume encrypted that exception no longer means anything.

      As for selling receivers that was even weirder. You couldn’t market a device as a scanner and let it receive the cellphone bands. Communications receivers marketed as test equipment that covered those frequencies were just fine although priced out of reach of the casual listener. Also I believe it was legal for ham radios to be marketed that received those frequencies and maybe even some overlap between ham and cellular bands around 900MHz although analog cellphones were a bit before my own ham radio days so I’m not sure about that.

      1. I think you’ll find that the law in the US is about commercially available receivers, maybe specifically scanners, rather than a prohibition against tuning into that range of frequencies.

        For most people it means they can’t listen because they can’t get a receiver. But people can have existing receivers, surplus receivers, home made receivers, or buiod converters, and the law says nothing abiut that.

      2. Agreed. The original Communications Act of 1934 had a provision in Section 605 which was nicknamed the radio secrecy provision. The activities of certain services such as ship to shore radiotelephony services (phone patches and the like) could not be divulged except by request from a ship’s captain, a court of law, and I think there were a few other cases. Also, you could not profit from anything you heard. So if you heard some heavy stock trades going by, you couldn’t use that information.

        Then, around 1980, there was a television service on 2154 MHz that was used to distribute HBO TV to subscribing houses. Naturally there were people who built their own receivers. When these kits were discovered by the service provider, they tried to sue the end users for “profiting from the transmission.” This actually sailed right through the FCC regulatory process and that sealed the notion that there could be prohibited frequencies. It was widely regarded as a stupid idea, but it became policy.

        Then they quietly tried to ban scanners on AMPS cellular systems. One removed diode next to a processor chip usually fixed that problem. And finally in the mid 1980s, Newt Gingrich, while he was speaker of the House, got caught talking to one of his mistresses. It was a couple of Democrat party operatives who discreetly followed him with a scanning receiver and recorded his conversations. They then created a terrible law called the “Radio Privacy Act.” It was a classic example of how terrifying technical ignorance of a subject lead to a very bad law.

        That is how we have the laws as we do today. Of course there are no more AMPS systems. But the laws remain.

        I wrote my protests to the FCC along with many others. But Congress spoke and the FCC jumped.

        Today, if it matters we use encryption. Police departments are starting to catch on to this too. Many of them are beginning to use encrypted trunking systems, even for the main dispatch channels. The beleaguered city of Baltimore is one of them. I can understand encrypting certain internal investigation channels and the like, but the main dispatch channels? What little trust the city police may have had will be long gone when people realize they have no independent way to check up on what their police force is doing.

        So is there anything we can do? Yeah. There is. We can record the whole trunking system with an SDR and eventually decrypt it when the keys are figured out. I have heard persistent rumors of poor key handling on the air with these current systems.

        My mentors told me when I was a young teen just getting started in radio: Never say anything on the air that you wouldn’t want the whole world to hear. It was good advice then and it is still good advice today. The legislatures of the world should think carefully before they make up pointless, unenforceable laws like these.

        To the judges and lawyers who preach to us, warning that ignorance is no excuse for the law, I say ignorance of science and technology is no excuse for an impractical and unenforceable law. They are both corrosive to society. People will monitor whatever they can receive on the air from the privacy of their homes. If you don’t like it, don’t put it on the air.

  6. If you take measures to encrypt a conversation, then you could have a legal expectation of privacy? But AMPS cellular was not encrypted, so there should be no such privacy expectation. It may be logical to state the conversation was in “plain view” or within “earshot”. Today’s equivalent might be an open WiFi access point, versus another protected by encryption. One is an open door, while the other is locked. But to ban the radio (ears) over public spectrum…. seems very authoritarian.

    1. You had a statutory expectation of privacy stemming from the Communications Act of 1934 which created the FCC. It also had a section concerning secrecy of communications. It made it illegal to divulge or profit from anything you heard over a radio that wasn’t transmitted by a broadcaster, amateur or a station in distress.

      The secrecy of communications provisions still apply today, even to Part 15. So sniffing open WiFi is illegal.

      Of course, making something illegal doesn’t do a damn thing to prevent it.

      1. Just realized that there is another exemption to the secrecy of communications provisions – you are obviously allowed to divulge or profit from a communication when you are a party to it. Duh.

        But in any event, nothing in the communications act outlawed listening. You just couldn’t *do* anything with what you heard.

        This became an issue in the 70s when home-brew C band satellite receivers started to become a thing. HBO and related outfits tried to make the argument that merely receiving their signals implied you were “profiting” because you weren’t paying for the service. This wound up being clarified in the Cable Communications Policy act of 1984, which made receiving and watching/listening to unencrypted signals explicitly legal, but it also made decrypting encrypted signals without authorization explicitly illegal. Thus HBO and their ilk invented VC2 and C band spelunking started a rapid decline.

    2. In Canada zones, RF emissions are considered public when broadcast, domestic encrypted packet radio is fine as long as call-sign beacons are shown, and there are no explicit restrictions on scanners given it is part of a sane global emergency response policy.
      However, there are some of the most draconian rules regarding transmitters, and now even owning equipment that can emit RF on restricted bands falls under federal criminal law as of 2018. Given the broad definition of “equipment” in these laws, it means any IQ modulator in your cellphone/SDR/nanoVNA/Baofeng-handy is now technically illegal given software cold cause it to reach/spatter restricted bands.
      Many wrote the ministers about this ill conceived policy, but there was obviously some unknown underlying reason political folks deemed these lame legal mechanisms necessary. However, if you have a ham license in the US, than you still fall under an exemption where lab equipment needed to verify your compliance with FCC guidelines is generally legal (last I checked in 2019).

      73
      VE7NTP

      1. I used to be a DOC/IC “Radio Inspector” … Canadian equivalent to FCC Field Engineer. Still not much enforcement happening in Canada, so worry not. Even if you do attract attention, there will be many letters to cease and desist before anything legal happens. Regarding what drives the “L” gov’t of JT, he likes Cuba, and respects lite forms of authoritarian regimes, so we see this creeping in with many things happening these days. Just saying… receiving RF signals is like having your ears open. Excuse me for existing! Decrypting is an activity that shows intent or gain. Who said politics is logical. It is not. Those of us with lab equipment can receive or even transmit (up to +27 dBm) from DC to Daylight. So arrest us! Or is this a law that is convenient when it needs to be?

    1. That was my first mobile phone. I bought it in May or June 1986 in London for £1,800 ($2,664 at the time). I looked up the inflation rates and that would be £4,250 in 2020 ($5,747)! It was also more expensive than my car, a 1972 VW.

      About 2 months ago I bought my first smart phone for £60 on eBay. Cheap, but still Android 10, quad core, 2G RAM, 16G SSD, 4G & WiFi. I’m retired, so I don’t really need one, but my doctor recommended it so I can keep track of my calender and use an app for my blood pressure.

  7. I remember when that law came in. However, it was a U.S. only law, so it was possible to get some gear elsewhere that didn’t have that hole. Also, it was possible to tune the analog cell channels on an old TV set that had a continuous tuning dial that covered up to channel 83. That type of set was made for many years, before the FCC mandated that UHF & VHF channels be equally accessible by viewers. When I was a kid we had an RCA set that had one of those dials. Several years ago, I sent an email to the American Radio Relay League suggesting that they try to get that law repealed. However, I don’t know how far they went with that. Regardless, now that cell calls are all digital, and with Voice over LTE encrypted, I doubt there’s much to listen to in North America. I don’t know what those frequencies are used for elsewhere, where they used different frequencies for the cell networks.

    As for intercepting the calls, the law in general was that it was legal to receive any radio transmissions, but not legal to divulge anything other than broadcasts.

    1. As for intercepting the calls, the law in general was that it was legal to receive any radio transmissions, but not legal to divulge anything other than broadcasts.

      My protest letter to my US Representative at the time noted that I would gladly oblige not listening to those frequencies when they would stop sending them through my body. Otherwise, it was my “right” to “intercept” those frequencies.

    2. Messing around with with my “brand-new” RTL dongle back in the day, I found a clear-air transmission of WYPR(88.1MHz – Baltimore), Maryland Public Radio – but around 930MHz. I contacted the station engineer about it, curious – and he was very friendly and informative – I was told that this is a narrow-beam feedback link from their simulcast station over the mountains in Hagerstown so they can verify remotely that it is transmitting what it is supposed to be transmitting. I just happened to be on azimuth to the beam.

      It was a very interesting conversation to have between an Amateur operator and a commercial operator.

  8. The really strange part of the law was how easily it was subverted!

    There were tonnes of sources for hacking scanners and broad-band radios to remove the limitation. It was not a hardware limitation, as all the RF and IF bits would work nicely through the cell-phone hole, but it was an imposed limitation, and one generally only had to snip the lead of a single diode or resistor to disable the hole.

    And one could import stuff from other countries that never had the hole disabled! That was often how the US models were hacked: “Hey, this version from India doesn’t have R42 installed! Let’s clip it on the US model and see what happens!”

    I’ve modded numerous receivers that way, including an Icom R-7000, an early “DC to light” receiver, but also a ~$99 Radio Shack hand-held scanner.

  9. Amusingly the pictured 1G phone is a Mobira MD59 or ME59 for the Nordic NMT networks.
    Both of which ware easily listened by scanners and no band limits ware introduced, they ware just deprecated when GSM came to being.

    Amateurs liked converting them to hambands. The 450MHzNMT450 MD59 was pretty easily converted to 433MHz 70cm band and the 900MHz NMT900 ME59 could be converted to 23cm or the 1297MHz with some considerable effort.
    I have also seen an MD59 converted to 6m (51MHz) from 450MHz.

Leave a Reply to DainBramageCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.