You could build a more secure version and mandate it’s the only one used for new devices / in all future SW updates for phones.
Over time it would supplant the old one and the vast majority of people would get the secure alert today.
During an emergency you’d send both but spoofs would only be able to hit old phones that don’t receive software updates / don’t support the secure variant.
Securing is also pretty simple since the government could just publish the public key they’ll use for signing these alerts and OS vendors could refresh that key on a regular basis.
> Securing is also pretty simple since the government could just publish the public key they’ll use for signing these alerts and OS vendors could refresh that key on a regular basis.
That would mean hundreds of keys to manage and regularly update, with various entities at various levels of government needing their own keys, etc. It's not impossible, but it certainly wouldn't be pretty simple for OS vendors.
Nope. Just a single pair of keys for one country. Make signing the message the responsibility of the country’s government. If city x needs to generate an alert, it sends the message over secure channels to state Y with the keys internal to them. State Y sends it up to the federal level. Federal signs it. Can even do it with a wrapped chain of trust. Then all you need is to validate 1 key per country with the rest acting like a chain of trust. Think domain names but for governments.
It’s a legitimate issue if the different levels of government are disfunctional / fighting with each other, but it’s better at that point to leave it as a political problem for them to solve.
That's a very simplistic take, and it's not going to work in many places. Like Belgium, I'm pretty sure the various sublevels would just setup their own channels and ignore the federal one.
Belgium isn't going to become unitary again because of a telecommunications standard.
Or French Polynesia, New Caledonia, in case of emergency they're going to send a message to mainland France to sign it and back? That's very impractical and better hope the emergency doesn't involve a problem with long-distance communications.
Over time it would supplant the old one and the vast majority of people would get the secure alert today.
During an emergency you’d send both but spoofs would only be able to hit old phones that don’t receive software updates / don’t support the secure variant.
Securing is also pretty simple since the government could just publish the public key they’ll use for signing these alerts and OS vendors could refresh that key on a regular basis.