Gogo has revealed that it is in active discussions with Google to resolve a conflict over the in-flight connectivity company’s issuing of fake Google SSL certificates to users connected to Gogo’s in-flight Wi-Fi services.
The company has also released a statement explaining that it only monitors usage on its network to prevent logged-in passengers from working around video streaming restrictions, potentially using up a lion’s share of bandwidth available on a flight, which would slow or ruin the user experience for other paying customers.
The issue arose January 2 when Adrienne Porter Felt, an engineer on the Google Chrome security team, called Gogo out publicly via Twitter for issuing Secure Socket Layer (SSL) certificates on its network.
— Adrienne Porter Felt (@__apf__) January 2, 2015
By issuing SSL certificates labeled as “*.google.com,” but actually issued by Gogo, Gogo superimposes its own encryption protocols in place of Google’s. This filters data transmitted through Gogo’s own network, potentially allowing it to gather additional information on passenger’s internet activities. This practice negates the purpose of SSL certificates, which are designed to provide a unique secure encrypted connection to websites — without interference by middle-men.
The discovery of Gogo’s Google “copy-cat” certificates has raised alarms that users’ private data could be shared with third parties at Gogo’s whim.
Do No Evil
For its part, Gogo explains that no such nefarious intent exists. The company insists its objective is merely to limit access to video streaming sites, like YouTube, which was the site Porter Felt of Google visited when she captured her screen image of the fake certificate, which she attached to her Tweet.
Because of the current limits of internet connection bandwidth on aircraft, the expense of transmitting data in this manner, and the need to distribute available capacity to all users of the onboard network, Gogo states, the company has to block customers from streaming online video in-flight.
As Anand Chari, Executive Vice President and Chief Technology Officer of Gogo, says in the company’s statement:
“Gogo takes our customer’s privacy very seriously and we are committed to bringing the best internet experience to the sky. Right now, Gogo is working on many ways to bring more bandwidth to an aircraft. Until then, we have stated that we don’t support various streaming video sites and utilize several techniques to limit/block video streaming.
“One of the recent off-the-shelf solutions that we use proxies secure video traffic to block it. Whatever technique we use to shape bandwidth, it impacts only some secure video streaming sites and does not affect general secure internet traffic. These techniques are used to assure that everyone who wants to access the Internet on a Gogo equipped plane will have a consistent browsing experience.
“We can assure customers that no user information is being collected when any of these techniques are being used. They are simply ways of making sure all passengers who want to access the Internet in flight have a good experience.”
Gogo’s Conflict With Google
The conflict with Google over Gogo’s methodology has yet to be resolved, and a company spokesperson told Skift we would be notified of developments when they can be made public. But this is a reminder that any connection to a network includes certain restrictions and data vulnerabilities.
In-flight connectivity suppliers have different methods to control what content is accessed, not just to protect bandwidth but also to address concerns by the content owners over licensing and piracy. Connecting to the internet in the sky may feel like the connection on the ground (sometimes slower, sometimes faster) but it never is.
What other Guys Do
There are other ways to control traffic flow than resorting to SSL certificate “man-in-the-middle” interference. Global Eagle Entertainment (GEE), which provides connectivity and entertainment services for a number of airlines around the world including Southwest Airlines in the US, tells us they use a proprietary Intelligent Traffic Prioritization (ITP) Engine instead.
“By prioritizing the flow of traffic on-the-fly – i.e., in real-time, ongoing – the ITP Engine is able to deliver a superior experience to each passenger. The ITP Engine is a proprietary software solution that manages and adapts to each passenger’s bandwidth needs,” a GEE spokesperson explains. “If excess traffic is identified, flow control is managed to the end device / service so that rate limiting is graceful.”
JetBlue took an opportunity to tout the benefits its Fly-Fi service, when we asked about their management of bandwidth available. Jamie Perry, Director of Product Development at JetBlue, tells us: “JetBlue’s Fly-Fi platform is the best Wi-Fi implementation in the industry. Fly-Fi delivers a great video streaming experience to each customer regardless of how many are using it. With the most bandwidth in the industry, we don’t need to try to block customers from video streaming.”
No Free Lunch
In-flight connectivity is always accessed through a dedicated connection in a monitored proprietary network. To put it simply, Internet use in the air is not free access in this sense even in the few instances that it is offered at no charge.
All connections, on the ground and in the air, give various service providers and sites an opportunity to gather our usage data for internal analytics and, potentially, to share data with third parties for the purposes of generating revenue. User agreements give details on the extent of that data-sharing, but often include legalese which leaves generous room for interpretation.
Gogo will have to address its SSL practice with Google, but users of this, or any network, can verify the certificate attached to the lock icon on their browser which represents an SSL connection. Browsers and email programs will also alert users to a connection which has a dubious SSL certificate.