Cold War shortwave numbers stations broadcast strings of digits to anonymous listeners, content that’s meaningless to anyone without a matching one-time pad. They still operate today.

As it turns out, GPS broadcasts in much the same way.

Buried in every L1 C/A navigation message is Subframe 4, Page 17—a 176-bit field that IS-GPS-200 reserves for “special messages with the specific contents at the discretion of the Operating Command.” Every satellite broadcasts it. Every receiver decodes the subframe that contains it. And for nearly two decades, no one has publicly explained what it contains.

We analyzed 12.16 million observations in this field from 2007 through early 2026. The content is not text. It is encrypted material consistent with the military’s Over-the-Air Distribution (OTAD) global rekeying network. For 19 years, every operational GPS satellite has been a numbers station—broadcasting ciphertext on a public channel, to billions of receivers, in plain sight.

If you build receivers, write firmware, run signal monitoring, or care about the gap between civil and military signal transparency, this is your field too. You just have not been reading it.

What follows is the story of how a forgotten 176-bit slot in the world’s most successful navigation signal turned out to be its quietest and most consequential broadcast—and how a few weeks of analysis on a laptop, applied to 19 years of public archive data, was enough to read its operational history off the bytes.

176 Bits, Eight Words, One Forgotten Page

The L1 C/A signal carries 50 bits per second. Every bit must earn its place. The Legacy Navigation message organizes those bits into 1,500-bit frames, each frame into five 300-bit subframes, each subframe into ten 30-bit words. Subframes 1 to 3 carry the heavy work—clock corrections, ephemeris, the data your receiver needs every few seconds. Subframes 4 and 5 multiplex 25 rotating pages. A receiver sees Page 17 of Subframe 4 every 12.5 minutes.

Across 32 satellites, that is roughly 3,700 special-message payloads per day, fleet-wide. Multiplied across 19 years and the global ground-station archive, the figure climbs to 12.16 million observations.

176 bits is barely enough for a few floating-point numbers, but in a 50 bps signal, it is roughly 12% of every Subframe 4 broadcast. For the control segment to use that bandwidth consistently for two decades implies the content matters—even if no civilian receiver has ever rendered it.

Figure 1 shows how the bits are arranged. The 176-bit payload is fragmented across Words 3 to 10 of Subframe 4, Page 17: 16 data bits in Word 3 (after eight bits of Data ID and SV ID = 55, the marker that identifies Page 17), 24 data bits in each of Words 4 to 9, and 16 data bits in Word 10. The final six bits of every word carry the parity bits. After parity stripping and reassembly, the 22 bytes of payload are decoded under a subset of Code Page 437.

Mining 19 Years of Navbits

The corpus comes from the GFZ Potsdam open archive GNSS recordings collected from a wide network of ground stations, dating back to 2007. After extraction, the numbers settle: 12.16 million observations of Subframe 4, Page 17, drawn from every operational PRN, spanning 19 years, yielding 3,994 unique 176-bit messages.

Initial Python implementations needed hours to process a single year. To make iterative analysis practical, we wrote a Julia pipeline: NetCDF source files are converted to Apache Arrow, then thread-parallel bit extraction is performed into a DuckDB database. The full 19-year corpus extracts in seconds on a laptop. SQL across the lot returns in milliseconds.

With 12.16 million payloads in a queryable database, the question becomes: What does this field actually contain?

It Is Not Text. It Never Was.

The first thing a researcher tries in an unknown field is the obvious one: maybe it is text in a different encoding. We computed the frequency of each of the 45 alphabet symbols defined by IS-GPS-200 across all 12.16 million observations. In English, frequencies have a fingerprint—E and T are common, J and Z are rare, spaces and full stops are more common than digits. In a uniform random stream, each of the 45 symbols should appear with probability one in 45—about 2.22%.

The observed frequencies tracked the uniform baseline with remarkable precision. A chi-squared test against uniform yielded a z-score of 1.84, well inside the range where we cannot reject the null hypothesis of randomness. Across 12.16 million observations, the distribution is statistically indistinguishable from random data.

A stronger test asks the same question from a compression angle: How much information does each unique message contribute, given the others? An order-8 PPM-D compression model trained on the full corpus measures the marginal entropy of each payload—the additional cost, in bits, of encoding that message given everything else the model has seen. Real text would compress: Any recurring phrase, formatting block, or repeated formula would become almost free to code. Random data would not. Figure 2 plots the resulting distribution alongside a synthetic random baseline of 3,994 messages drawn uniformly from the 45-symbol alphabet and scored against the same model. The two distributions overlap almost perfectly, with means within half a bit of each other. By every available statistical lens, the GPS messages are almost indistinguishable from random, but there are intriguing outliers. At the lower end, messages are much more predictable than you would expect from random data; at the higher end, sentinels stand out from the rest. 

In Figure 2, blue indicates the marginal coding cost of each of the 3,994 unique 22-byte payloads under an order-8 PPM-D model trained on the corpus (μ≈131.5 bits per message≈6.0 bits per byte, σ≈7.6). Red indicates the same model scored against a synthetic baseline of 3,994 messages drawn uniformly from the 45-symbol GPS alphabet (μ≈132.0 bits, σ≈3.8). The two distributions overlap almost perfectly—the GPS messages are indistinguishable from random under the model. 

The next issue is that high-entropy output can come from encryption, compression or genuine randomness, and entropy alone cannot tell us which. This is correct. It is also the entry point to the rest of the article. If the field is encrypted, the protocol shape may still leave traces—placeholders where no payload is loaded, regime changes where policy shifts. In these structural metadata, the cipher does not reach. Encryption doesn’t hide “traffic data” of when and how often messages are sent and from which satellites. Each of those is a crack in the randomness, and the rest of this story walks through them in order.

What the entropy result does close off is the comfortable interpretation. Between 2007 and late 2023, no readable English appears anywhere in the dataset. No call signs, no acknowledgments, no test patterns of “the quick brown fox” variety. The field has not carried text in any conventional sense for the entire archived history of the GPS constellation.

For an engineer, that absence is itself information. The interface specification says this field is for text from the control segment. The bytes flatly disagree, and they have done so consistently, across every satellite, for 19 years.

High entropy on its own tells us only what the field is not. To learn what it is, we had to look for the cracks in the randomness.

A Single Byte, Repeated 22 Times, for 10 Years

The first crack in the randomness is also the most visible. Three messages, out of 3,994, have Shannon entropy of exactly zero. They are sentinels: 22 consecutive identical bytes broadcast as a single repeating pattern across the full payload.

• All-spaces—22 of byte 0x20.

• All-NUL—22 of byte 0x00.

• All-¬—22 of byte 0xAA, the CP437 negation glyph.

The all-¬ pattern is the longest-lived artifact in the dataset. It first appears on PRN 25 in February 2010, and quickly becomes the dominant default for the constellation, persisting intermittently across all 32 satellites for more than a decade.

The choice of byte 0xAA is not accidental. In binary, it is the perfectly alternating bit pattern 10101010—the canonical test sequence for bit synchronization, parity verification, and frame-alignment checks in receiver hardware. A satellite broadcasting all-¬ is broadcasting the protocol equivalent of a tone: present, parseable and intentionally empty. It is also outside of the characters permitted in the special message field, causing receivers to flag up data validation errors.

That intentionality matters. Encryption alone does not produce a constant. A genuinely random stream visits all-0xAA with negligible probability. The sentinels are placeholders by design—slots in the protocol marked as “no operational payload loaded.”

Their behavior fits that reading. Cross-referencing with GPS status reports (Notice Advisory to Navstar Users—NANU) shows satellites often enter sentinel states during commissioning and decommissioning. PRN 25 itself is the textbook case. The Block IIA satellite using that slot was decommissioned in December 2009. By February 2010, the slot was broadcasting all-¬. Its replacement, the first Block IIF, launched in May 2010, began pre-commissioning tests in August and also broadcast the all-¬ sentinel for several days before being declared fully operational on August 27. The pattern is unambiguous: When no operational payload is loaded, the field broadcasts the sentinel.

In a corpus where messages are replaced and never repeated, the sentinels are the only payloads that recur. Every other unique 176-bit message in the dataset appears in fewer than two calendar months for any given PRN. The sentinels persist for years. So, messages are replaced, never repeated—except the sentinels.

Why a system would broadcast a no payload loaded placeholder at all, and to what kind of receiver, needs the operational context that the rest of this article rests on.

Why GPS Carries Encrypted Signals—and What That Costs to Run

GPS broadcasts more than the open civilian C/A code. Since the activation of Anti-Spoofing on January 31, 1994, the constellation has carried encrypted military signals on the same frequencies: the Y-Code (the encrypted form of the precision P-Code on L1 and L2) and, on modernized satellites, the newer M-Code introduced with the GPS IIR-M block from 2005 onwards. These signals provide authorized receivers with jamming and spoofing resistance that civilian users do not have. The separation between open and encrypted signals also allows the operator to degrade the accuracy of civilian receivers while maintaining the precision of authorized ones. 

Encrypted signals need keys. Authorized receivers built since the late 1990s integrate a tamper-resistant cryptographic module called the Selective Availability Anti-Spoofing Module (SAASM)—the cryptographic basis of in-service infantry units such as the Defense Advanced GPS Receiver (DAGR). The SAASM holds a cryptographic key that lets the receiver lock onto the encrypted signal; without a current key, the receiver falls back to the unencrypted C/A code that anyone can track.

Keys do not sit still. To limit the damage from any single compromise, operational keys rotate on a schedule that, depending on the key class, can be as short as a single day. Every receiver in service—and the U.S. military operates them in the hundreds of thousands, across every theatre, vehicle platform, weapon system, and aircraft—needs each new key before its current one expires.

For most of GPS’s history, that meant physical key-fill: specialized loader devices had to be carried to each receiver, plugged in, and used to push the new key into the SAASM module. The keys themselves were distributed through NSA secure-courier channels. The logistics were demanding even in peacetime; in deployment, units that missed a key-fill window lost access to the encrypted signal until they could be reached again.

Over-the-Air Distribution (OTAD) and the closely related Over-the-Air Rekeying (OTAR) were the answer to that logistics problem. The principle is straightforward. A receiver that is powered on and already holds a valid current key can have its next key delivered via the GPS navigation message itself—encrypted under the current key and decoded within the SAASM module—without physical contact, a courier chain, or missed-window failures. The OTAD payload, the “next black key” in military parlance (where “black” denotes encrypted-at-rest), is what the GPS control segment must deliver to every authorized receiver on a schedule, via a public broadcast channel.

That delivery mechanism is what we believe Subframe 4, Page 17 has been carrying since at least 2007. If so, the constellation should reveal somewhere in its 19-year broadcast history the moment the delivery system went operational. And it does.

May 26, 2011: The Day the Constellation Spoke in Unison

May 26, 2011. Above the Earth, 31 active GPS satellites in 12-hour MEO orbits, each in its own slot, each broadcasting its own special message. By the end of the day, every one of them was broadcasting the same one.

Within a window of a few hours, all 31 operational satellites switched to the all-¬ sentinel. Every active PRN. Same payload. Same byte. Same coordinated event.

Figure 3 shows the 48-hour per-PRN timeline of the transition. It reads as a vertical bar slicing across the constellation: a step change so sharp and so simultaneous that no observational artifact can explain it. The data come from multiple receivers, ruling out a station-side glitch. Every PRN is involved, ruling out a single-satellite anomaly. No NANU was issued announcing a fleet-wide event of this kind.

In Figure 3, the Per-PRN broadcast state across a 48-hour window is centered on the transition. Each row corresponds to one of the 31 active GPS satellites; time runs from left to right in UTC. Within a few hours, every PRN switches to the all-¬ sentinel (red), holds it for between three and 24 hours, and exits to a new operational message at the end of the day. No publicly recorded NANU announces a fleet-wide event of this kind in the surrounding window. The transition coincides with the operational activation of the U.S. Over-the-Air Distribution rekeying network.

What remains is a coordinated, control-segment-driven blanking of the field across the entire operational constellation—the kind of thing that happens once, when an underlying system goes operational.

Declassified documentation places such a milestone in this exact period. A 2015 briefing by Maj Scott Tyley of the Space and Missile Systems Center describes the operational rollout of the U.S. OTAD system and its companion OTAR. The briefing identifies March 2011 as the start of continuous operational U.S. OTAD on all space vehicles.

Temporal alignment is not enough on its own to prove the connection; operational systems achieve operational status every year, and most of them do not announce themselves on L1 C/A. What raises the alignment from coincidence to causation is what happened next.

In the pre-OTAD era of 2007 to 2010, the constellation rotated unique payloads on average every 3.4 days; the 2007 to 2008 sub-period averaged about 2.3 days. In the operational era of 2012 to 2021, that rate jumped to once every 0.9 days, with a median message duration of 23 hours—almost exactly once a day. The H1 2011 period itself shows a cascade of four coordinated change points (January, February, May, June) culminating in the May 26 fleet flash, consistent with a phased activation rather than a single instantaneous transition. The result is consistent with the field being switched from a pre-operational test mode to an automated daily key-distribution cadence—exactly the operational tempo OTAD requires to deliver “next black keys” to SAASM-equipped receivers in the field.

Within a single 24-hour window, every operational GPS satellite switched to the same value.

From One Message a Week to One a Day, and Back Again

The 2011 flash drew a line through the dataset. Looking across the full 19 years, the field exhibits three behavioral regimes, each separated by a coordinated change point detected by Cumulative Sum (CUSUM) analysis applied to per-PRN message rotation rates.

The Pre-Operational Era, 2007 to 2011: A new payload per satellite roughly every 3.7 days on average. The rotation is irregular, the diversity is low, and the sentinel fractions are high. The pattern is consistent with field testing, including the 2010 coalition key transition exercises described in Tyley’s briefing. The system existed but was not yet running at operational tempo, or perhaps a predecessor system was in operation.

The Operational Era, 2011 to 2022: A new payload per satellite roughly every 1.8 days, fleet-wide, with median per-message duration of 23 hours. Daily cadence is the lifetime of a tactical cryptographic key; daily replacement of the field’s content is the operational signature of automated key distribution. The sentinels recede into the background; unique payloads dominate, with 162 to 381 distinct messages per year. For 11 years, the GPS constellation has operated the most widely used automated rekeying network on Earth.

The Modern Era, 2022 to Present: In May 2022, there is a sharp coordinated change point. The rotation rate drops to one payload every 4.3 days at the regime boundary, then keeps slowing. By 2025, it is approximately one payload per 6 days, and by early 2026 it is closer to one per 6.8. The shift is fleet-wide, simultaneous across 17 to 32 satellites, depending on which metric is examined, and again unaccompanied by a publicly recorded NANU.

Three rates: 3.7, 1.8, 4.3+ days per payload (the third era’s rate is not stable and has continued to slow). Three regimes: pre-operational, operational, post-2022. Figure 4 shows them as three plateaus separated by sharp coordinated transitions.

The fleet-mean per-message duration in days is plotted across the full 19 years of the corpus in Figure 4. The pre-OTAD era (2007 to 2010) cycles roughly every 3.7 days. From May 2011 the rotation accelerates to one payload every 1.8 days, sustained for 11 years and consistent with daily tactical key distribution. In May 2022, a coordinated change point detected by CUSUM analysis reverses the trend on roughly 30 satellites simultaneously; rotation slows to 4.3 days per payload at the boundary and continues to slow within the era — to 6.8 days by early 2026. Vertical lines mark coordinated change points (≥ 8 PRNs within ± 3 days).

The 2022 reversion is the most interesting open question in the dataset. Several readings are consistent with the data, and none are conclusive.

It could mark the migration of OTAD traffic from L1 C/A to a different signal, most plausibly M-Code on L1/L2, where modernized military receivers have been operating since the GPS III deployments began.

It could reflect a change in cryptographic policy: longer key lifetimes, fewer rotations, more reliance on session-key derivation at the receiver.

It could be the first visible footprint of the recently terminated Next Generation Operational Control System (OCX) ground segment, whose deliberate, staged rollout was a public program for years.

What the data say definitively is that whatever the explanation, it was a single decision applied across the entire fleet at once, and the public record contains no notification of the kind we would expect.

A field that announces operational changes by the cadence of its own ciphertext is a field worth watching.

When Encrypted Messages Share Their Spelling

If the messages were genuinely random—random or properly encrypted with independent keys, padding, and initialization vectors—then no two unique payloads should share any meaningful structure. Each 176-bit message would be statistically independent of every other.

They are not.

A Prediction by Partial Matching (PPM-D) order-8 compression model, trained over the full 3,994-message corpus, identifies pairs and small groups of unique messages that share long, identical substrings at the same byte positions. Examples from the catalog:

• Two messages broadcast on October 8, 2014, share 10 identical characters in identical positions.

• A message from June 2021 and a message from September 2020 share a 9-character substring at the same offset.

• A pair of late-2019 messages, broadcast three weeks apart, share eight characters at identical byte positions.

• The substring LY47IRP16—9 bytes—appears in messages broadcast nine months apart.

• S°6L.D°—7 bytes—recurs three months apart.

The probability that any given pair of 22-character messages drawn independently from a 45-symbol alphabet would share a nine-character substring at the same offset by chance is negligible. Across the full corpus, the matches are not coincidental; they are structured. 

In Figure 5, five message pairs are identified by an order-8 PPM-D compression model as sharing long substrings at identical byte positions, despite being broadcast days, weeks or months apart. Each pair is shown one above the other, with shaded cells highlighting the matching bytes. The remainder of each message is the high-entropy ciphertext that fills almost the entire corpus.

The most likely explanation is protocol metadata leaking through. Every cryptographic transport protocol wraps its payload in headers—key identifiers, sequence numbers, etc. However, this alone is not a sufficient explanation because these values are encrypted and should therefore differ for every message. In addition to fixed metadata, there would need to be re-use of a key, whether due to operational error or exceptional circumstances. In such a scenario, we would expect to see partial matches between two different messages.

There is a practical consequence. If the substring matches are protocol metadata, they offer an external observer something the cryptography was meant to deny: a way to fingerprint and track individual key-distribution events from public signal data. A monitoring receiver, watching a small set of fixed byte positions across the entire constellation, could, in principle, detect when a particular key identifier or routing header is reused, retired or correlated with a NANU-announced operation. Cryptographically, the keys remain secure. Operationally, the metadata is loud.

In a stream that should be indistinguishable from noise, the protocol left a fingerprint.

The First Readable Bytes in 19 Years

In the corpus that runs from 2007 to mid-2023, no payload anywhere contains a recognizable word from any language that’s intended for direct human consumption. Then, on December 13, 2023, PRN 8 broadcasts a message that begins with the literal four-byte string TEXT.

After 16 years of pure ciphertext, the field has begun to use the format the standard always described. 

The migration is both staged and deliberate, reading like a deployment plan rather than just a casual flip of a switch.

• December 13, 2023—first appearance, on PRN 8 alone.

• March 18, 2024—the same TEXT-prefixed message broadcast on 10 PRNs simultaneously: a one-day fleet-wide distribution event.

• July 31, 2024—a second TEXT message, on PRN 3 alone.

• October 10, 2024—a four-PRN distribution.

• December 29, 2024—January 13, 2025—daily TEXT messages on PRN 1, with a different payload each day.

• March, June 2025—the daily-broadcast PRN moves to PRN 21.

• July–August 2025—the daily-broadcast PRN moves to PRN 20.

Each TEXT-prefixed message rotates daily and carries an 18-byte payload following the prefix. The payload itself remains high-entropy—by every statistical measure indistinguishable from the ciphertext that preceded it. The format has changed. The content shape has not.

The most plausible reading is a generational upgrade. OCX is rolling out. GPS III satellites are operational and growing as a fraction of the constellation. A new variant of OTAD, or a new auxiliary use of the field bolted alongside it, is being commissioned by PRN.

For receiver firmware, the migration matters in a way the previous 19 years did not. A field containing static-looking ciphertext is one that most parsers ignore. A field that apparently carries a structured type identifier followed by a payload must be parsed correctly.

The September 2020 SVN 74 anomaly is a cautionary tale, even though it concerns a different field: an ICD-defined alarm pattern transmitted as prescribed, with a minority of commercial receivers failing to handle it correctly and pushing bad positions to ADS-B users. The TEXT-prefix migration is an analogous situation—content that finally matches the special-message field’s standard format, arriving on receivers that may have spent two decades treating this field as static or ignored. Either direction of mismatch, content the standard did not describe, or content that suddenly does, can produce the same kind of outcome.

For the receiver and firmware teams, the practical action is short. Audit any code path that touches Subframe 4, Page 17. If the field is currently being skipped, logged as static, or assumed to be text, that assumption now has an expiration date. The TEXT prefix suggests the message is intended for human consumption; the trailing 18 bytes are the payload, which the standard has always permitted. Code that handles both is forward-compatible. Code that handles only one is the next September 2020 waiting to happen.

The migration is happening now. As of early 2026, only a handful of satellites have broadcast TEXT-prefixed messages, and the rest of the fleet continues to use the unstructured format. Which PRN converts next, and what its first TEXT-formatted message says, is the most accessible real-time measurement of GPS ground-segment evolution available to anyone with a receiver and patience.

Figure 6 plots every TEXT-prefix broadcast event in the corpus, satellite by satellite.

It shows 26 unique messages, 38 (PRN, day) combinations and 2,398 total observations. Marker size scales with daily observation count. Five distinct phases are visible. The first TEXT message appears on PRN 8 on December 13, 2023 (red). Three multi-PRN distribution events follow in 2024 (teal): a 10-PRN event on March 18, 2024, a single-PRN appearance on July 31, and a four-PRN distribution on October 10. From December 29, 2024, the protocol stabilizes into bursts of consecutive daily broadcasts that migrate between satellites: first PRN 1 (dark grey, December 2024 to January 2025), then PRN 21 (purple, March and June 2025), then PRN 20 (amber, July to August 2025). The migration looks far more like a staged deployment than an organic spread.

The Bottom of the Rabbit Hole, Or the Top of It

For nearly two decades, every operational GPS satellite has broadcast an encrypted stream consistent with the backbone of the U.S. military’s global cryptographic key distribution system.

The 2011 fleet flash was the constellation-wide synchronization that brought the system to operational capability. The 0xAA sentinel is the protocol’s no payload loaded marker. The shared substrings are the structural fingerprints of an OTAD frame leaking through the cipher. The 2022 reversion is the system in transition. The TEXT prefix is the system in renewal.

This matters in three ways:

• For signal authentication. OTAD is the proven, decades-long predecessor to civilian schemes like Galileo OSNMA and GPS CHIMERA. Its operational history, until now invisible, is data that the authentication community can study.

• For operational transparency. Both the 2011 flash and the 2022 reversion happened without the kind of public NANU record one might expect for a fleet-wide operational change. The methodology in this article, open archives, off-the-shelf tooling, 18k lines of Julia, gives the GNSS community the means to monitor the constellation’s internal states for itself.

• For pure engineering curiosity. Every receiver in the world decodes Subframe 4, Page 17. Almost none of them have ever looked at it. The lesson generalizes: There is more to learn from the bytes already arriving at our antennas than from the bytes we wish were specified differently.

The data are publicly available. The signal is overhead, twice a day, every day. We invite the GNSS engineering community to join the audit for L1 C/A and the newer signals that will inherit its role.

Every GPS satellite is a numbers station. The receivers were always listening. We just had not been. 

Acknowledgements 

This article is based on a project developed by Ahmed Kamruddin during his MSc studies at University College London. Thanks also to Ramsey Faragher and Markus Kuhn for valuable comments on this work. The initial stages of the work were performed within the Trusted Innovative GNSS receivER (TIGER) project, co-funded by the European GNSS Agency (GSA) under grant agreement 228443. Source code supporting this project can be found at https://doi.org/10.5281/zenodo.20073222.

Author

Steven J. Murdoch is Professor of Security Engineering, head of the Information Security Research Group and lead for the Foundational Computer Science section in University College London. His research encompasses payment system security, privacy enhancing technologies, online safety, and the intersection of computer science and law. He teaches on the UCL MSc in Information Security. He has worked with the OpenNet Initiative, investigating Internet censorship, and for the Tor Project, on improving the security and usability of the Tor anonymity system. His current research focuses on how computer systems can generate evidence to facilitate fair and efficient dispute resolution. He is a member of REPHRAIN, the National Research Centre on Privacy, Harm Reduction and Adversarial Influence Online and co-leads the CRANE NetworkPlus on Cybersecurity. He is a director of the Open Rights Group, a UK-based digital campaigning organization that works to protect rights to privacy and free speech online. He is also a Fellow of the IET and BCS.

The post The Empty Field that Wasn’t: GPS, OTAD and Two Decades of Encrypted Broadcasts appeared first on Inside GNSS - Global Navigation Satellite Systems Engineering, Policy, and Design.