Even as the revelations about the extent of NSA spying and snooping on our communication systems continue to grow — based on top-secret documents revealed by former contractor Edward Snowden — it is to be expected that the travel industry would be swept up into it as well. More specifically, the airline industry, both as a result of its key role in keeping tabs on movements of suspected terrorists, and as a target of disruption by them as well.
The latest blockbuster revelation came yesterday, via a joint report by The New York Times, The Guardian and Propublica, about NSA long-running secret war on encryption, and how it has foiled most of the secure communication systems we have come to rely on, on a daily basis, in our digital life.
As this NYT story put it, “the agency has circumvented or cracked much of the encryption hat guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world.”
Buried in the story is an innocuous reference to NSA’s program about breaking into airlines communication systems as well as the airline booking (GDS) systems that everyone in the travel ecosystem relies on.
According to New York Times story:
But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government’s nuclear department and another’s Internet service by cracking the virtual private networks that protected them.
No further details were given in the stories, except implying that post 2006, NSA moved away from trying to crack individual companies’ systems, and worked on breaking overall Internet/digital encryption systems instead, for a broader reach.
Post 9/11, airlines passengers have gotten used to fewer and fewer expectations of privacy when traveling through airports and airlines, especially after governments bodies like TSA took over the security of this strategically important sector. The creation of no-fly list, “secure flight program” and of course deployment of the high profile full-body scanners all contributed to these reduced expectations. Also, the sharing of air passengers’ PNR numbers between U.S. and European Union has been common since a treaty was signed in 2011.
But tapping directly into airlines systems, both for carriers and reservation systems, is going much further. We fully expect that it has gone beyond these said 3 foreign airlines and one GDS, and into other airlines (possibly even U.S. ones), GDSs, and even online booking services (OTAs), both U.S. based and foreign ones, looking at search and booking data, among other things.
For now, this is the realm of speculation beyond the anemic details above, but expect more such revelations to come, and the travel industry at some point will get swept into this public revelations controversy, as much as the tech and Internet giants have so far.