
How the NSA obtains and uses airline reservations (2013) - spaceboy
https://papersplease.org/wp/2013/09/29/how-the-nsa-obtains-and-uses-airline-reservations/
======
Canada
This recent CCC talk demonstrates that airline reservation data is wide open:

[https://media.ccc.de/v/33c3-7964-where_in_the_world_is_carme...](https://media.ccc.de/v/33c3-7964-where_in_the_world_is_carmen_sandiego)

~~~
TazeTSchnitzel
Somehow, that not only the NSA has it, but basically anyone, is reassuring.

~~~
cinquemb
I think that one of the interesting aspects of this talk was explaining that
the airline companies really have no incentive to fight abuse beyond
recognizable fraud.

I mean, someone could build some really interesting services on top of these
holes, one I was thinking of is that for customers who do not check into their
flights before a certain period of time, somehow one could get those flight
codes and change the information, and then people nearby the airport can hitch
the ride while everything looking good from the perspective of the airline
company or even a Frequent flier miles as a service, where someone just
creates accounts by automatic means, and scans for trips that don't have ff
codes applied and uses "their" code for it and passes those miles to someone
else for a price.

As we amass more and more data, and devices get cheaper to leak stuff, i
wouldn't be surprised to see some interesting power shifts from traditional
incumbents (the NSA's of the world, to more lean operations who are
increasingly in a position to mine/exploit similar large amounts of
information at scale).

------
pasbesoin
Now I'm waiting for the story about how they are vacuuming up the output of
all those license plate readers.

Meaning, there is no current such story I'm aware of. But I'm _certain_ it's
being worked on. And if not by them, directly, that they are ensuring they
have a feed from/to the resulting system.

We encounter little in the way of stories about all this data collection, that
demonstrates these agencies' claimed restraint. At this point, you pretty much
have to figure, if and when they can, they will.

P.S. Think that "domestic" jurisdiction will stop them? I'll just remind you,
among other things, of the stories about just how much of the U.S. can be
interpreted as being withing 100 miles of an international border. The CPB's
jurisdiction within that territory, per reported documents. And the CPB's
"need" for data analysis of people transiting its... "system".

I'm just speculating... But so far, it seems almost no speculation has been
too outlandish to be eventually realized.

~~~
nol13
im guessing will prob just piggy-back on the system that tracks the rfid chips
in your tires

~~~
leeoniya
well, that's disturbing.

[https://www.reddit.com/r/privacy/comments/3kl3e9/which_manuf...](https://www.reddit.com/r/privacy/comments/3kl3e9/which_manufacturers_insert_a_rfid_tag_inside/)

~~~
puddintane
Seems like this was de-bunked reading the comments [1], the system would have
to be incredibly huge considering the RFID tag inside the tire is only a few
inches (so it is not generating a very far field - the 20 feet seems
incredibly far for such a small tag).

On top of that it would be far easier to just track the giant visible license
plate since we already have that technology available.

The destroying with a camera flash is legit (not because of the flash but
because of what seems to be caused by capacitors in the device - light reading
on this so I may not be correct) however many users point out why read that
when there are much easier ways to track a vehicle where-a-bouts.

Interesting and disturbing however much more complex then just OCR!

[1]
[https://www.reddit.com/r/privacy/comments/3kl3e9/which_manuf...](https://www.reddit.com/r/privacy/comments/3kl3e9/which_manufacturers_insert_a_rfid_tag_inside/cuynazn/)

~~~
nol13
had just been assuming the readers were embedded in strips laid under the
roadway :/

------
sandworm101
That NSA was tracking flight data was no great reveal. When we fly we share
that fact with countless international organizations. Government boarder
services. Airport secuity. Credit card companies. Insurers. And certainly the
airlines. Anyone who thinks that air travel was ever private, pre or post-911,
doesnt appreciate the number of information systems involved with moving
people across boarders via aircraft. The data was always open to whatever
organization could express a reasonable need.

~~~
wheelerwj
just because it is this way doesn't mean we can't do better.

~~~
cloakandswagger
What would be better in this case? Should anyone be able to show up to an
airport, pay for a ticket and board a flight anonymously?

I'm a pretty staunch libertarian and even I can see the benefit here. Until we
reach the border-less, one-world utopia that so many people seem to be gunning
for, it's valuable to know who is coming/going from your country.

~~~
u801e
> Should anyone be able to show up to an airport, pay for a ticket and board a
> flight anonymously?

People can already do this when boarding a bus, boarding a train or riding in
a taxi.

~~~
JumpCrisscross
Buses, trains and taxis only threaten their occupants. Planes can be
weaponised as missiles.

~~~
grzm
Ground-based vehicles can definitely be used as offensive weapons. Plenty of
examples of people not in vehicles being injured. The truck used in the attack
in Nice, France is a very clear example. Granted, it wasn't a transit vehicle,
but there's no reason why one couldn't be.

~~~
JumpCrisscross
There's a psychological difference between taking out pedestrians and taking
out a building.

~~~
grzm
Your claim was that taxis, buses, and trains couldn't be weaponized, not that
there was a psychological difference between them. A bus or taxi can be run
into a building as well. (I'll grant a train is different.)

------
tyingq
The Secure Flight program isn't a secret, and already shows that every flight
that originates, terminates, or flies over the US has its data sent to the US
Government.

This is a bit short of what's being shown in the article, as it doesn't send
the whole PNR. However, it does make it clear that data connections exist, and
already share flight and passenger data...the bulk of what's interesting in
the PNR.

See this doc[1] for examples of what is sent.

[1][https://www.trams.com/home/support/notice/tsa_secure_flight_...](https://www.trams.com/home/support/notice/tsa_secure_flight_program_-
_gds_format_samples)

Edit: Worth noting that if you already have the PNR record locator, and the
information already sent via SecureFlight, it's fairly easy to get the rest of
the PNR data.

------
lwf
The "timestamped IP address", 172.24.96.31, is in the private network RFC1918
space — I doubt that was the IP address of the end-user. :)

------
adekok
I first heard this 13 years ago. A friend visited an airline, and had a set of
cables pointed out to him: "That's the feed to the NSA".

I thought it was well known that the NSA had feeds into the airline
reservation system. We know for sure that the CBP gets data from all flights
which overfly the US, or which _might_ overfly the US.

There are well known stories about planes making unscheduled landings in the
US (emergency, storm, delays, etc). Cue CBP opening the front doors, walking
down the aisle, and pulling one guy off the plane.

"Sorry sir, you are forbidden to enter the US, and you have just done so
illegally. You're under arrest".

Except for most people, we haven't cleared customs, and haven't tried to enter
the States. So the rest of the passengers are "OK". Mostly.

This is known as having your cake and eating it, too.

~~~
chx
Everything in your post rings false.

> 13 years ago. A friend visited an airline, and had a set of cables pointed
> out to him: "That's the feed to the NSA".

13 years ago, that is 2004 noone would openly talk about the NSA, Room 641A
was only exposed in 2006. I would also venture that in 2004 noone had or
needed a direct feed to the NSA, the Internet would already do. In case you do
not remember, how 2004 was, by 2000 you have Expedia, Travelocity, Priceline,
Hotwire, Tripadvisor all launched. Edit: as comments below and the article
itself points it out, the NSA would get your data from the GDS if it's there,
what I mean here is that OP claims a dedicated line running to the NSA when it
could have just used the Internet instead of a dedicated line to connect to
your system. By 2004, the Internet was plenty established for that. That's all
I meant.

> There are well known stories about planes making unscheduled landings in the
> US

This is, in fact, extremely rare. A flight which does not start or end in the
USA rarely has the need to fly over it. Europe/Asia - Central America would
and not much else -- and there are very few such direct flights, mostly only
to Mexico City. Even a London-Bogota flight wouldn't.

> CBP opening the front doors, walking down the aisle, and pulling one guy off
> the plane.

While the previous event is merely rare this would be extraordinary and all
over the news, even if not mainstream news. All the news I can remember about
law enforcement boarding an emergency landed plane is about unruly passengers,
not this Bond shit. So... source?

~~~
objclxt
> I would also venture that in 2004 noone had or needed a direct feed to the
> NSA, the Internet would already do. In case you do not remember, how 2004
> was, by 2000 you have Expedia, Travelocity, Priceline, Hotwire, Tripadvisor
> all launched.

That doesn't cover airline bookings that happened via travel agent or directly
into the booking system. Many airline reservation systems pre-date the
internet (SABRE, for example, came online in 1964), and much of the
architecture driving the airline industry is archaic (which is one reason why
a system outage can have such a massive impact on flights).

