Hacker News new | comments | show | ask | jobs | submit login
How do you track a plane? (bbc.co.uk)
43 points by ColinWright 1038 days ago | hide | past | web | 40 comments | favorite

The more this story unfolds, the more I realize just how wrong I was about how I thought things like FlightAware and everything involved in tracking an airplane works.

What exactly is the barrier between just having two way satellite communications on every plane for the purposes of tracking and reporting its location?

Cost mostly if I got it right? The value in knowing the position doesn't justify equipping all airplanes with some kind of satellite position update system (the two-way part that is), and there is almost no value in that information outside freak incidents like this.

In the United States, the FAA is implementing a program called NextGen Air Transportation System that would feature two-way, GPS-based satellite communication. There are numerous benefits outside of an accident: http://en.wikipedia.org/wiki/Next_Generation_Air_Transportat...

I would have to assume that at some point the cost of two dozen countries looking in between every nook and cranny of 1/3 of the planet exceeds the cost of a two-way position updating system, not to mention the value of being able to avoid even one disaster like this and whatever potential related disasters we have yet to see.

Yes, now that a plane has disappeared (instead of just being flown to a different airport and hostages kept; or being flown into a building) means that there is a reason to implement costly tracking devices that previously had little use.

I used to build devices for aerospace. These were groundside, never ever airside. The systems (and thus costs) for building these devices were extensive and complex. Every item, every component, every screw, every washer, all the chemicals (paint, conformal coating, etc) could be traced from a finished unit (via its serial number) back through the manufacturing chain. When my company moved from a paperworks systems (suprisingly good) to computers (unsurprisingly flawed) they kept the paperwork system for these products because it was so important to never fail audit.

It's easy to look at consumer grade off the shelf systems and think that the cost would be maybe four or five times higher, but I think the cost would be significantly greater.

Add to that the difficulty of getting any component on a circuit diagram changed and the need to continue producing these units for every aircraft for many years and there's additional complication there.

What satellites are you using that have world wide coverage and enough bandwidth for this purpose?

Such a system also wouldn't be immune to being disabled as the current tracking systems are. People need to learn to live with uncertainty instead of trying to remove it.

I do not know how much bandwidth you would need to track the entire fleet of all major airlines (even if you, say, limited yourself to international and/or flights longer than X hours/km), but worldwide tracking of automated instrumentation (I'm an earth scientist) is done regularly. A few examples:

- The iridium satellite network, which provides phone service, also provides a Short Burst Data service, which I suspect could be used for this purpose.

- The Argo network tracks thousands of ocean drifters (http://www.argos-system.org/?nocache=0.9626778103411198). Some of those drifters are using the Iridium network now.

I didn't say it can't be done, I said the people arguing for real time satellite tracking haven't even examined whether it is feasible.

Iridium only has ~8Mhz of bandwidth, that is fine for a sensor platform that probably only transmits a couple of times a day, but could quickly run into trouble with constant positional updates from thousands of planes (especially with streaming of cockpit data recorders, as has been argued for as well). And the saturation of the Iridium network is not something that can be controlled without extensive re-engineering to enable QOS.

The claim is that it's way to expensive to retrofit existing planes due to regulations: http://blogs.law.harvard.edu/philg/2014/03/10/why-dont-we-ha...

I don't think that reasoning is correct. My comment on that blog was:

I don’t think the fixed cost should be as high as you suggest because the functionality would (arguably) not be safety-critical, in contrast to your examples, and therefore subject to weaker regulations.

Emergency geolocation doesn’t affect flight safety, only rescue operations. What happens if the new GPS location functionality fails? The only deleterious consequence is if the other locations systems fail (ELT) and the error causes, in the event that saving passengers is possible, for SAR to look in the wrong place when they otherwise would have looked in the correct one.

> Emergency geolocation doesn’t affect flight safety,

I am not sure of that. Consider the implications of an electrical fire. If the system can be turned off it wouldn't have helped here. If it couldn't be turned on then you have electrical fires killing people.

I am not sure the problem of this incident can be fixed by looking at the plane. I think we need to know more about who, why, and how first.

I don't understand your comment.

You need to read my comment in context of the linked blog post I was responding to which addressed only the cost of adding additional emergency geolocation and the reason why it was expensive.

I suggest that it shouldn't actually be expensive because the safety impact is negligible.

So I worked at Trimble Nav in the radio group, so this by no means perfect || expert on the first go:

Rough specs of something that might be respectable:

  - wind & solar powered
  - externally-mounted, self-contained, near zero maintenance
  - compatible with deicing chemicals & equipment
  - multiple redundant location sources: GPS, GLONASS, LORAN, cell-tower 
  - jam-resistant multi antennnae / recvr config
  - highly compressed satellite telemetry with cellular, pager and HF backups
    - location & alt delta every 3 minutes (12 bits +- 100m)
    - absolute location & alt every 8 hours (46 bits +- 100m)
  - physically hardened against several hours blunt-force phsyical damage
    - (eg enough to slow down a die-grinder w/ a diamond cutoff wheel)
  - pretty app similar to google earth where carrier operators can see their fleet live or in the past
Unit cost of ~$100k USD at first, getting to $35k at scale

Shoe-string budget dev costs: $1.2 mil for a bump to fit the most popular model of jet first, then expand to others and airbus if successful.

Assumes engrs that can bust it out quickly and hustlers that can finagle enterprise & get distribution (Eg make it an FAA mandatory device for classes of airframes).

They also omit the fact that the 4 digit code in the transponder is entered by the pilot. When I've flown with friends typically the transponder is set to 1200 until ATC tells them what number they want them to emit, and then the pilot sets that number and from then on they know who they are.

It is worth mentioning that transport aircraft carry Mode S [0] transponders which emit a unique ICAO 24 bit address assigned by aircraft registration. This data is available regardless the pilot-entered 4 octal digit Mode A transponder code. The transponder can still be turned off, however.

This contrasts to small aircraft which typically have Mode A/C only (no mode S).

[0] http://en.wikipedia.org/wiki/Aviation_transponder_interrogat...

So.... why?

All airplanes should have a MAC address. No plane should have a user-servicable-power-switch to the transponder.

Can you tell why the opposite woud be needed?

Transponders are active radio transmitters, there are plenty of situations where they need to be shut down (electrical faults, interference with airport radars, safety of maintenance technicians).

A plane being hijacked in this way is so incredible rare that having always-on transponders is not worth the safety trade off.

In case an electrical fault is detected.

Protecting the passengers from the pilot is anyway a false goal. You can't really do it without removing the pilot.

This and: (electrical faults, interference with airport radars, safety of maintenance technicians).

Sound like utter BS.

Show me a case where an IN-FLIGHT transponder shutdown is a needed issue, or where this does not need a better engineered solution.

Also - Don't tell me why this is not done (based on past issues) - tell me why this is impossible to fix.

I challenge you to give me any reason in the universe which is acceptable for not tracking, in real time - uninterrupted streams, flying packages of hundreds of humans.

Give me any reasonable response to why this is not something that should be fixed.

It's obviously not possible to give you a response that you find reasonable, so why bother trying again? But an electrical fire in a plane is sort of a real problem that there needs to be contingencies for.

Planes doing something strange doesn't happen often enough for it to be the most important thing in the universe.

Obviously - so thanks for being defeatist.

I don't think it is defeatist.

The whole point of security is risk management. You address your most common risks first, and then the less common risks later. Electrical fires are more common than hijackings, especially after you figure in airport security. Therefore in plane design you worry about electrical fires far more than you do hijackings.

Additionally this is the first incident of its kind. This is not a typical hijacking. In fact it is entirely unprecedented. For this reason it is a game changer, and I think you are right to point that out. But electrical fires are orders of magnitude more common so you aren't going to ever risk one based on a much less likely possibility here.

To be honest, I have faith that investigators will eventually track the culprits down. Then once we know who and why we can decide what to do about it. However consider what is required to pull this off:

1. Having an airport capable of landing a 777 that nobody knows about

2. Having refuling equipment and fuel.

3. Having a hangar capable of storing the 777 out of the eyes of satellites.

These are not small requirements. Whoever did this was quite prepared. It was not pilot suicide based on the data we have. Whoever did this was large, organized, and had tons of resources (we are talking about a large drug ring or a small country here). Against a determined enemy like that I don't know that you really can stop them at the plane. Instead you need real defence in depth, and we can't even talk about that until we know more.

> Show me a case where an IN-FLIGHT transponder shutdown is a needed issue, or where this does not need a better engineered solution.

Certainly. There's always more than one transponder on board a big jet, for safety and redundancy reasons. If a transponder begins to misbehave, it might position the aircraft incorrectly on the ATC screen, very dangerous, or the transponder could be getting bad information from the altimeter (class C transponder), which would cause ATC to paint the aircraft at the wrong altitude -- also very dangerous.

These are just two reasons among many, for flight deck officers to require an immediate way to disable a transponder.

> Give me any reasonable response to why this is not something that should be fixed.

There's something you need to understand about the relationship between an aircraft and its pilot. The aircraft is designed to protect the pilot and the passengers, not the other way around. All this talk about protecting the aircraft from the pilot and passengers has it backwards. Obviously this means if a pilot goes crazy or someone unauthorized gets into the cockpit, the results can be catastrophic.

>Show me a case where an IN-FLIGHT transponder shutdown is a needed issue

How would the system determine it is in-flight and thus prevent a maintenance shut down? You would need another device to determine in-flight from ground operations, and thus another device that can malfunction and thus can be defeated by an attacker.

>Give me any reasonable response to why this is not something that should be fixed.

Give me a reasonable response why spending a bunch of money to fix this rare issue is worth it over other safety improvements? Old aircraft, poor maintenance, and overworked pilots kill many times more people than hijackers.

P.S. Why don't we track buses? Why don't we track cars? Why don't we track everybody?

  How would the system determine it is in-flight and thus 
  prevent a maintenance shut down?
You would connect it in parallel with something that cannot be shut down in flight.

If you had a transponder in parallel with each engine, on the ground you could shut down all engines; or for an in-flight fire you could shut down a single engine; but you could not shut down all engines (transponders) while in flight.

  Why don't we track buses? Why don't we track cars?
You've heard of LoJack, right? We track cars worth far less than a jet airliner.

>If you had a transponder in parallel with each engine, on the ground you could shut down all engines; or for an in-flight fire you could shut down a single engine; but you could not shut down all engines (transponders) while in flight.

Dual transponders linked to engines is not a safe design. You are significantly increasing the chance of an aircraft crash for a slight reduction in uncertainty of the location of crashed/hijacked aircraft.

>You've heard of LoJack, right? We track cars worth far less than a jet airliner.

People voluntarily deploying tracking systems is different from mandating tracking systems.

Cars and buses are at a much higher risk of hijacking per passenger/travel distance than planes.

>P.S. Why don't we track buses? Why don't we track cars? Why don't we track everybody?

Buses are at alt==0 and never over an ocean - you're an idiot for comparing the two.

Why don't we track everybody? Do you understand what the NSA has been doing?

I'm sure you have valid points to make, but I would ask that you reconsider how you make them. From the guidelines[0]:

    In Comments

    Be civil. ...

    When disagreeing, please reply to the argument
    instead of calling names. E.g. "That is an
    idiotic thing to say; 1 + 1 is 2, not 3" can be
    shortened to "1 + 1 is 2, not 3." 
[0] http://ycombinator.com/newsguidelines.html

>Buses are at alt==0 and never over an ocean

And what does that have to do with it? In the event of a passenger jet crashing into the ocean an enhanced transponder system would not raise passenger survival by any notable rate (because aircraft crashes where the passengers survive and aren't immediately rescued are incredibly rare in the modern age).

Aircraft hijacking where the craft and passengers go missing is incredibly rare even among hijacking incidents.

If you have a look at the FAA AIM, there is controller phraseology "squalk standby" which means to disable the transponder. This is to be used when the transponder is seen by the controller to be emitting unreliable or incorrect information. Keep in mind the transponder system design originated in WW2 and is quite crude. The crew and controllers are the main form of error detection and correction.

> Show me a case where an IN-FLIGHT transponder shutdown is a needed issue

When changing squawk codes, it is procedure at most airlines to put the transponder into stand-by mode. This prevents inadvertent transmission of incorrect squawks should the pilots mis-key.

e.g. once squawk 7500 Hijack is transmitted, ATC must implement appropriate measures regardless of what the crew subsequently do or say. Consider that fact given 7050 is a valid non-emergency squawk.

Once the squawk has been confirmed as correct the transponder is returned to active status.

What is the first thing you do when you land? I don't know about you, but I check my phone. If even one phone on that plane was not off or in airplane mode it would immediately connect with the nearest cell tower no matter where they landed, if there was a cell tower in range that is. I know for a fact that I've simply forgotten to turn my phone off... on occasion... and sure enough, my phone starts ringing as soon as I land.

Now, who here would say that the NSA isn't backdoored into every cell tower on that planet. I wouldn't be surprised if they are. How could we not know as soon as one of the cells on that plane popped up on a tower anywhere in the world? So, exclude all cell tower coverage areas in projected flight area and search there to rule out potential hijack/landing.

You're assuming that the passengers are still alive (the plane climbed to 45,000 feet after disabling its transponder), and if they are, that they haven't been intimidated into giving up their phones.

What does getting the last known cell phone tower contact have anything to do with whether anyone is alive? Like the OP says, all that is a single phone making contact with the nearest tower.

Most people still turn their phones off before a flight to save power or because they think it will keep them safe. If they are dead, they can't turn the phones back on and the hijackers can go around searching for phones if they really want to. So it's pretty unlikely that phones will attempt to make contact with cell towers.

But assuming that a phone does make contact, there would be massive cooperation required to detect it. The airline and victims' families would have to give a list of phone numbers that could be on the flight, and all the carriers in the region would search through their towers' logs to see if any of those IMEIs (assuming they keep those logs for at least a week).

All it takes is one phone to be on, regardless of human intervention. I would wager someone forgot to turn their phone off. Nevertheless, if the flight was hijacked and the hijackers were pros, as they clearly must be, they might have had a cell jammer. Regarding IMEIs, cell numbers of passengers, and tower logs, well that's what we have all those 3 letter acronym agencies for. I'm sure they haven't just been sitting around all this time. I don't think it's just the navy and air force sending search and rescue.

These guys were also incredibly prepared it seems. I would suggest that it would be unlikely that passengers, if they were still alive, would be allowed to just move about and grab things. They could be blindfolded and told not to move, for example, during landing, refueling, and so forth (though blindfolds may not be as relevant at night.

Does anyone know the exact information that the Rolls Royce engines would have transmitted if the airline had paid for the "basic plan"?

Forgive my ignorance, but why the plane could not fly straight rather than north or south that is put forth as the only options? Straight is as suicidal as going south, still a vast ocean ahead.

Somebody down voted a genuine question, and left no comment at all for why did it? There's no corner of the world short of mean people.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact