Wireless Emergency Alerts

Wireless Emergency Alerts (WEA, formerly known as the Commercial Mobile Alert System (CMAS), and prior to that as the Personal Localized Alerting Network (PLAN)), is an alerting network in the United States designed to disseminate emergency alerts to mobile devices such as cell phones and pagers. Organizations are able to disseminate and coordinate emergency alerts and warning messages through WEA and other public systems by means of the Integrated Public Alert and Warning System.

Background
The Federal Communications Commission (FCC) proposed and adopted the network structure, operational procedures and technical requirements in 2007 and 2008 in response to the Warning, Alert, and Response Network (WARN) Act passed by Congress in 2006, which allocated $106 million to fund the program. CMAS will allow federal agencies to accept and aggregate alerts from the President of the United States, the National Weather Service (NWS) and emergency operations centers, and send the alerts to participating wireless providers who will distribute the alerts to their customers with compatible devices via Cell Broadcast, a technology similar to SMS text messages that simultaneously delivers messages to all phones using a cell tower instead of individual recipients.

The government issues three types of alerts through this system:
 * "National alert" (formerly "Presidential alert"): Alerts issued by the President of the United States or the Administrator of the Federal Emergency Management Agency (FEMA)
 * Alerts involving imminent threats to safety of life, issued in two different categories: extreme threats and severe threats
 * Amber alerts

When the alert is received, a sound is played even if the ringer is off. On nearly all devices, the Emergency Alert System radio/TV attention signal sounds in a predetermined pattern.

The system is a collaborative effort among FEMA, the Department of Homeland Security Science and Technology Directorate (DHS S&T), the Alliance for Telecommunications Industry Solutions (ATIS) and the Telecommunications Industry Association (TIA).

Participation
Within ten months of FEMA making the government's design specifications for this secure interface for message transfer available, wireless service providers choosing to participate in CMAS must begin development and testing of systems which will allow them to receive alerts from alert originators and distribute them to their customers. Systems were required to be fully deployed within 28 months of the December 2009 adoption of such standards and were expected to be delivering alert messages to the public by 2012. Although not mandatory, several wireless providers, including T-Mobile, AT&T, Sprint, and Verizon have announced their willingness to participate in the system. Providers who do not wish to participate must notify their customers. Some phones which are not CMAS-capable may require only a software upgrade; while others may need to be replaced entirely.

CMAS messages, although displayed similarly to SMS text messages, are always free and are routed through a separate service which will give them priority over voice and regular text messages in congested areas. Devices may offer the capability to disable most CMAS messages, but end-users must not be able to disable alerts issued by the President or Administrator of FEMA ("National Alert"), as prohibited by the Warning, Alert, and Response Network Act.

Public television stations are also required by the FCC to act as a distribution system for CMAS alerts. Within 18 months of receiving funding from the Department of Commerce, all public television stations must be able to receive CMAS alerts from FEMA and transmit them to participating wireless service providers.

In January 2018, FCC chairman Ajit Pai said the commission planned to vote on overhauling wireless alerts, with a goal to make their targeting more granular and specific, citing issues with uses of wider alerts during Hurricane Harvey, and perceptions by users that they are receiving too many alerts that do not necessarily apply to them. The FCC voted in favor of these new rules on January 30, 2018; by November 30, 2019, participating providers must deliver alerts with only a 0.1 mile overspill from their target area, require that devices be able to cache previous alerts for at least 24 hours, and that providers must support a 360-character maximum length and Spanish-language messages by May 2019.

The House of Representatives passed the READI Act in November 2020 which amends the Warning, Alert, and Response Network Act to additionally require mandatory distribution of alerts issued by the Administrator of FEMA.

National Weather Service
The Commercial Mobile Alert System (CMAS), interface to the Wireless Emergency Alerts (WEA) service, went live in April 2012. The NWS began delivering its Wireless Emergency Alerts on June 28, 2012. Warning types sent via CMAS include tornado, flash flood, dust storm, hurricane, typhoon, extreme wind, tsunami warnings, "destructive" severe thunderstorm warnings, and sometimes snow squall warnings. Also, until November 2013, blizzard and ice storm warnings were also included in CMAS; they were discontinued based on customer feedback due to such warnings typically issued well in advance of approaching winter storms, thus not representing an immediate hazard. While blizzard and ice storm warnings are no longer sent to phones by the National Weather Service, some local authorities continue to send winter weather related alerts at their discretion; for example in New York City during the January 2015 North American blizzard, alerts were sent to people's cell phones to warn users of a travel ban on New York City streets.

Beginning Fall 2019, NWS significantly reduced the amount of Flash Flood Warnings that are issued over WEA to only those with a considerable or catastrophic damage threat. It was noted that the NWS over-alerts FFWs over WEA, and the Federal Emergency Management Agency (FEMA) has noted a large number of public complaints about overnight WEAs for FFWs with perceived little impact.

As of August 2, 2021, NWS has added Severe Thunderstorm Warnings labeled with a “destructive” damage threat, for wind gusts over 80 mph and hail over baseball (2.75") size.

The Snow Squall Warning is a warning that began operation out of seven NWS offices beginning mid-January 2018. Unlike Blizzard and Ice Storm Warnings which are issued well in advance, Snow Squall Warnings are issued when life-threatening snow squalls that will produce strong winds and poor visibilities are occurring. These are issued as Storm-Based Warning Polygons, like Severe Thunderstorm and Tornado Warnings. This is in effect for the nationwide WEA Program as this event requires immediate action unlike Blizzard or Ice Storm Warnings. In addition to the change, the Dust Storm Warning is now polygon based, and will activate WEA. The zone-based Dust Storm Warning issued in advance was replaced by the new Blowing Dust Warning, which does not activate WEA. Nationwide Implementation of these new events occurred in late 2018.

Notable uses

 * Boston Marathon bombing – A shelter-in-place warning was issued via CMAS by the Massachusetts Emergency Management Agency.
 * A child abduction alert in the New York City region in July 2013 for a 7-month-old boy who had been abducted. The massive inconvenience caused by the 4:00 am timing raised concerns that many cellphone users would choose to disable alerts.
 * A blizzard warning in February 2013 for New York City. (Note: As of November 2013, blizzard warnings are no longer included in the CMAS program.)
 * A shelter-in-place warning for New York City in October 2012 due to Hurricane Sandy.
 * A child abduction alert in the New York City Region on June 30, 2015, for a 3-year-old girl who had been abducted.
 * 2016 New York and New Jersey bombings – A wanted alert was issued in New York City with a suspect's name two days after the bombings.
 * On October 24, 2018, an alert was sent to those in the area of the Time Warner Center to shelter in place while the NYPD investigated a suspicious package sent to CNN.
 * An amber alert issued in Utah in late-September 2019 was mocked on social media for its accompanying WEA message, which only contained the unclear shorthand "gry Toyt" (an abbreviation of "gray Toyota", referring to the suspect's vehicle).
 * WEA was used extensively during the COVID-19 pandemic to provide notice of health guidance and stay-at-home orders. Utah attempted to use localized alerts to inform drivers entering the state that they must fill out a mandatory, online travel declaration. However, this was dropped and replaced with road signs after the state reported that the alert was being received by residents up to 80 miles away of the intended area, and that "some of them received the alert more than 15 times."

National periodic tests
Although national tests of the related Emergency Alert System have been conducted nearly annually since 2011, the first national test that concurrently included WEA was held on October 3, 2018, at 2:18 PM EDT. The message was expected to reach an estimated 75 percent of cell phones.

The lead-up to the test attracted controversy, due to the false assumption that then-president Donald Trump was personally executing the test, and reports suggesting that he could abuse the system to send personal messages similar to those he issued via social media. A lawsuit was filed requesting a temporary restraining order blocking the test, claiming that it violated users' First Amendment rights to be free from "government-compelled listening", the system could allow the dissemination of "arbitrary, biased, irrational and/or content-based messages to hundreds of millions of people", and could frighten children. The suit was thrown out, citing that a Presidential alert can only be used to disseminate legitimate emergency messages. The judge also clarified that the test itself would be conducted and executed by FEMA employees, with no personal involvement from the President.

The "Presidential alerts": they are capable of accessing the E911 chip in your phones – giving them full access to your location, microphone, camera and every function of your phone. This not a rant, this is from me, still one of the leading cybersecurity experts. Wake up people! October 3, 2018On the day of the test, John McAfee (then running for the 2020 United States presidential election) made a false statement that the Presidential alert involved the E911 system, alleged phones to have a "E911 chip" capable of giving the government access to the phone's location and microphone. The Electronic Frontier Foundation reported that there is "no such thing as an E911 chip". Fact-checking website Snopes stated that "WEA messages are not [related] to E911 functions".

Another National Periodic Test of the Emergency Alert System took place on August 11, 2021, at 2:20 PM EDT, which also included a test message for Wireless Emergency Alerts. Unlike the first NPT for WEA that took place in 2018, the WEA portion of the test was only administered for phones that were opted in to receive the test message. However, it also sent the messages in both English and Spanish, depending on the language the phone was set to. It is unknown which language the message was sent for phones not set in English nor Spanish. A National Periodic Test of the Emergency Alert System took place on October 4, 2023, at 2:20 PM EDT. It was issued by mobile phone (Wireless Emergency Alert), radio, satellite radio, television, and cable television.

False alarms

 * On January 13, 2018, a false alert of an inbound missile to Hawaii was mistakenly issued through EAS and WEA by the Hawaii Emergency Management Agency, as the result of an employee error during a routine internal system test.
 * On March 2, 2021, as part of a scheduled tornado drill, emergency alerts simulating a tornado warning were issued by the NWS in Kansas City for Missouri and Kansas. However, while the alert issued via the EAS did contain notices disclaiming that it was a test message, an actual tornado warning message was mistakenly issued via WEA due to a miscommunication surrounding the protocols for the drill.

Testing errors

 * On April 20, 2023 at 4:45 a.m. ET, a routine early-morning test of the EAS by the Florida Division of Emergency Management for television stations was accidentally delivered via WEA as well, leading to many residents being woken up early. The error drew the ire of Governor Ron DeSantis, who described the accident as a "completely inappropriate use of this system"; the state briefly rescinded its contract with Everbridge to provide alerting services, but reinstated them shortly afterward.

Criticism
Many members of the public disabled the alerts due to the alerts overriding silent settings on their phone and being of limited relevance to them.

Security
At the 2019 MobiSys conference in South Korea, researchers from the University of Colorado Boulder demonstrated that it was possible to easily spoof wireless emergency alerts within a confined area, using open source software and commercially available software-defined radios. They recommended that steps be taken to ensure that alerts can be verified as coming from a trusted network, or using public-key cryptography upon reception.