Everyone in Hawaii received a ballistic missile threat today under a system that currently has no good testing protocols.
“BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL,” read an emergency push alert sent to the cell phones of people in Hawaii Saturday. It wasn’t a drill, but it was a mistake.
Moments after the alert was issued, the Hawaii Emergency Management System tweeted that there was “NO missile threat to Hawaii.” In the coming hours and days, we will surely learn more about how such a horrifying mistake could have occurred.
In any case, the system used to send the message has been the subject of sharp criticism and ongoing controversy as public safety officials beg telecom companies to give them the capability of doing live, opt-in tests of the system without scaring the shit out of everyone.
The push alert Hawaiians received are known as “Wireless Emergency Alerts.” They were deployed in 2012 by the Federal Communications Commission, FEMA, and the telecom industry. They are sent directly by federal or local agencies to phones using technology developed specifically for the system—they are not text messages. There are three types of WEAs: alerts issued by he president; alerts involving imminent threats to safety or life; and Amber alerts for missing children.
Crucially in this case, the new regulations require telecom companies to offer a testing system for local and state alert originators, but because of lobbying by Verizon and CTIA (a wireless telecom trade group), this specific regulation does not go into effect until March 2019
WEAs have been subject to a back-and-forth between the FCC and telecom companies, who have fought against upgrades to the system: Telecom companies are currently only required to offer messages with a maximum length of 90 characters of text (the one Hawaii sent was 87 characters long). Until recently, so-called “Alert Originators” could not send clickable links or phone numbers, the geographic targeting of the alerts isn’t particularly good, are presented only in English, and don’t tell people when an alert should become inactive. The system’s infrastructure is based on 2G cell phone technology, which allows the alerts to be pushed to users simultaneously (and doesn’t affect cell phone network traffic because 2G is barely used for anything else). But the 2G network is woefully limited.
In September 2016, the FCC enacted new rules, and required telecom companies to increase maximum message length from 90 to 360 characters, allow for clickable phone numbers and web links, and picture or videos, and improve the system’s geotargeting.
Crucially in this case, the new regulations require telecom companies to offer a testing system for local and state alert originators, but because of lobbying by Verizon and CTIA (a wireless telecom trade group), this specific regulation does not go into effect until March 2019, 30 months after the regulations were adopted.
Most of these comments stated that testing and training is necessary to ensure that their alerts do not undermine public confidence in the system, and to ensure that novice Alert Originators understand how the system works
Dozens of state and local law enforcement and public safety groups asked the FCC for this testing capability, and asked for the ability to do end-to-end tests as opposed to just offline testing ("proficiency training is an essential element of verifying competency," one emergency department wrote in comments to the FCC.) Most of these comments stated that testing and training is necessary to ensure that their alerts do not undermine public confidence in the system, and to ensure that novice Alert Originators understand how the system works. The tests would be sent only to people who "opt-in" to them.
"Requiring State/Local WEA Tests to be received and delivered in accordance with our Alert Message requirements will ensure that emergency managers have the opportunity to test in an environment that mirrors actual alert conditions," the FCC wrote in its regulations. But "Verizon and CTIA state that providing consumers with the option to opt in to receive State/Local WEA Tests would require new standards to implement, militating for a 30-month implementation timeframe."
- The character increase regulation does not become active until March 2019
- Regulations requiring Spanish-language alerts do not become active until September 2018
When we spoke to him in 2016, Hakan Erdogmus, a professor at Carnegie Mellon University who has recommended improving the system and has offered alternatives, told us that “there is open resistance from wireless carriers and platform developers to the idea of adding more functionality to the system.”
We do not know yet know what happened in Hawaii, but in an era in which we are expected to be constantly on edge as our President verbally spars with a country that has made direct nuclear threats to the United States, it’d seem that a functional way of testing WEAs would at the very least be good for our psyches. With an impulsive president, it's not difficult to see how Hawaii's screwup could have quickly become much, much worse.