Subscribe: The Practical Nomad
http://hasbrouck.org/blog/index.rdf
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
airline  airlines  amazing race  amazing  atilde paulo  atilde  dar  data  flight  government  paulo  race  travel  world 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Practical Nomad

The Practical Nomad



Edward Hasbrouck's blog



Published: 2017-04-27T11:48:18-08:00

Last Build Date: 2017-04-20T23:59:15-08:00

 



The Amazing Race 29, Episode 4

2017-04-20T23:59:15-08:00

Stone Town, Zanzibar (Tanzania) - Dar es Salaam (Tanzania) I've written before, when the The Amazing Race passed through Tanzania, about my own visit to Dar es Salaam and Zanzibar in 2008. If we judged places by events, we would have left with bad impressions of Dar, Zanzibar, and the trip between them. In Dar es Salaam, it was hard to finding a decent affordable hotel during the visit of U.S. President Bush and his entourage and army of camp-followers. My cellphone was stolen out of my shirt pocket by a pair of sidewalk snatch-thieves impersonating staggering midday drunkards on a downtown street. We wasted time at a consulate applying for visas to Eritrea, which we hoped to visit later on the same trip, and were told that our visas had been approved, only to find out weeks later that our visa applications had been denied. When our ferry (one of the same ones the cast of The Amazing Race 29 took back and forth) from Dar arrived on Zanzibar, corrupt officials checking passengers' papers tried to tell us that we had underpaid for our visas to Tanzania, and needed to pay the difference to them on the spot, in cash (they generously offered to accept either U.S. dollars or Euros), without a receipt. It was one of only two times I can remember being shaken down for a bribe in decades of travel around the world. We called their bluff, declined to pay, and were allowed to go on our way after an hour or so in a sweltering little guard shack at the ferry landing when they found someone wealthier and more vulnerable -- a Chinese trader -- to target. But this didn't get our time on Zanzibar off to a good start. A few days later, we had just settled down for a restful vacation within a vacation at a beach resort on the east coast of Zanzibar when we learned of a death in the family, and had to agonize over whether we could, or should, try to make our way back to the U.S. in time for the funeral. But none of these mishaps kept us from enjoying our time in Dar es Salaam, Stone Town, and elsewhere on Zanzibar. You should never judge a country (including, of course, the USA) by its border guards, bureaucrats, or criminals. Dar es Salaam was and still is relatively untouristed: Most foreign tourists in Dar are only passing through en route to or from wildlife preserves in the interior of mainland Tanzania, or Stone Town and the beaches of the island of Zanzibar. In 2008, Dar es Salaam gave me the impression of a being more relaxed and accessible than other big African cities I've visited, or than I would have expected from its population. Strolling through the center, it felt more like a small town than a mega-city. That may have changed: What I noticed first in the establishing shots of Dar es Salaam in the latest episodes of The Amazing Race 29 was a skyline of highrise buildings and construction cranes that didn't exist a decade ago. It was an important reminder that the pace of change is typically far greater in the "developing" parts of world than in already "developed" regions. The corollary, of course, is that it is more important to have up-to-date information in planning a trip to Africa (or anywhere else in the "developing" world) than a trip to Europe, and more likely to be misleading to rely on other travelers' memories (or our own!) of what a city like Dar was like a decade ago than what a European or U.S. city was like twice that long ago. It was also a reminder that Africa is increasingly citified, even though the overwhelming majority of foreign tourists go to Africa to see its non-human animals, not to meet its people, and stay away from big cities as much as they can. In population, Dar is one of the fastest-growing cities, perhaps the fastest-growing city, on the world's fastest-growing and fastest-urbanizing continent. Growth like this doesn't mean just more of the same, but qualitative change in the urban environment and, often, in the demographics and culture of its people. You might not agree with the political spin of this article (see also the thread of comments), but it gives a picture of some of the [...]



Chicago airport police attack passenger on Republic Airlines plane

2017-04-19T08:23:29-08:00

[Schedule of "United Airlines" flights from Chicago O'Hare to Louisville on April 9th] Many of my readers, and NPR listeners who heard me interviewed on WBEZ in Chicago last week about air travel and class, have been asking for my take on the airline passenger dragged off a plane by police at O'Hare Airport on April 9th. Inquiring minds want to know why four members of the crew for another flight were trying to board a flight that was already full and otherwise ready to depart, why the airline was willing to remove paying passengers to make room for the deadheading crew, whether an airline has the legal right to remove a paying passenger who has already been given a boarding pass and seated, who called the police, and what authority the airport police had in this situation. I've held off on posting this while I tried to find out more about the back story and identify who was really responsible. But since none of the airlines involved have chosen to talk to me, despite my diligent efforts, and many questions may be answered publicly only at trial (or never publicly if the likely lawsuits are settled out of court), here's my educated guess as to what happened and who's responsible. There's plenty of blame to go around: The as-yet-unnamed police, who worked for the city of Chicago and were accredited as law enforcement officers although through an agency independent of the Chicago Police Department (more on that below), deserve much more serious sanctions than they have received to date. So does the city of Chicago for its continuing failure to hold any of its multiple police forces accountable or rein in their bigotry and brutality. (Full disclosure: I write this as a former Chicago resident and victim of "minor" but routine Chicago police torture who still feels the pain of my police-inflicted injury occasionally, more than 35 years later.) United Airlines -- the airline most passengers thought was operating the flight -- shares significant blame, especially for its initial choice to defend the actions of the police who roughed up the passenger and of the gate agents (who may or may not have worked for United) and/or the flight attendants and pilots (who definitely didn't work for United) who called in the police. But some of the responsible companies have yet to be sufficiently shamed, and some may not yet have been publicly named. For starters, this flight wasn't operated by United Airlines. It had a United Airlines flight number, but it was a Republic Airlines flight operated by Republic Airlines pilots and flight attendants and under the operational control of Republic Airlines management. This wasn't the sort of bait and switch code-sharing that occurs when a flight is labeled with multiple flight numbers. This is a different but equally deceptive form, in which an airline puts its flight number -- i.e. its brand label -- on a flight actually operated by a contractor. The contractor's identity is disclosed to ticket purchasers or passengers as inconspicuously as the law allows, if at all. Typically, the flight crews and gate agents handling these flights are required to wear United uniforms, even when they are employees of a ground handling service or a contractor airline like Republic. Regular travellers on some routes come to realize what airline actually operates the flights on that route. But as the schedule at the top of this article shows, "United Express" flights with United flight numbers from Chicago O'Hare to Louisville are operated by three different contractors: Skywest, Republic Airlines, and Trans States Airlines. In this situation, it's unlikely that any but the most sophisticated passengers noticed which airline would be operating their flight, even if that information was somewhere in the fine print. If you choose to fly on United Express on this route, you are taking pot luck (especially in case of any change of schedule) on which of three airlines will actually operate your flight. Even fewer of the passengers on Republic Airlines Flight 3411 probably realiz[...]



The Amazing Race 29, Episode 3

2017-04-13T23:59:02-08:00

São Paulo (Brazil) - Dar es Salaam (Tanzania) - Stone Town, Zanzibar (Tanzania)

(image)

[A travel writer on "vacation": working on my laptop in the shade of a palm tree at a beach resort on the east coast of Zanzibar. I'll have more on The Amazing Race 29 in Dar es Salaam and on Zanzibar next week.]




The Amazing Race 29, Episode 2

2017-04-06T23:59:17-08:00

Panama City (Panama) - São Paulo (Brazil) My feelings about São Paulo are considerably more mixed, and in some respects more favorable, than you might infer from some of my past mentions of the megalopolis. On the good side, São Paulo is one of those urban agglomerations that is so large, so important, and so distinctive (in some respects) that a visit is essential to a well-rounded picture of the world. You might realize that São Paulo is the most populous conurbation in the Southern Hemisphere, but did you know that is also essentially tied with New York and Mexico City as the most populous urban area in the Western Hemisphere? Despite that, it's utterly, astonishingly, off the international tourist map. When foriegners think of a Brazilian city, they think of Rio de Janeiro, even though greater São Paulo has more than twice as many people as Rio, and an even greater share of economic power. There are lots of foreign business visitors to São Paulo, but few foreign tourists and especially few foreign backpackers. Local people ("Paulistas"), whether rich or poor, are unlikely to relate to you as a "tourist". Because they have few occasions to deal with foreigners, ordinary Paulistas of all classes are also unlikely to speak English or understand any foreign language other than possibly Spanish, which they will typically answer in Portuguese. Brazil is its own self-contained world, and the language barrier is high. Many of the reasons for the lack of foreign tourists in São Paulo are related to "class war", which in Brazil is more than a figure of speech. Street crime is epidemic and often violent, unlike in some parts of the world where it is largely confined to theft and other property crime. Of the places I've been, only the USA and South Africa have rivaled Brazil for the risk of violent crime against ordinary foreign tourists. São Paulo sprawls, and upper-class Paulistas (i.e. those who, like their counterparts in the USA or among white South Africans, call themselves "middle class" even if they are in the top 10% of national wealth) get around mainly by private car. Except for the limited number of destinations served by the Metro system (which is priced out of reach of the poor), urban public transit is slow and uncomfortable at best, dangerous at worst. Like Los Angeles or Gauteng (metro Soweto/Johannesburg/Pretoria), the urban areas with which it is most comparable, São Paulo can be impenetrable without a local host to drive you around and introduce you to the many parallel worlds being lived by different classes of people behind different walls, whether those of the favelas or those of the "gated communities" of the rich. All that said, the Paulistas we met were wonderfully generous, hospitable, and open to us about their lives and the city they love. We couldn't have asked for more of a welcome. Travel can be at its best when looking at foreigners and foreign places enables us to better understand ourselves and the places we call "home". São Paulo is sui generis, but it also focused my attention on relationships of class and urban geography that influence the terrain of travel in many places while often being hidden from tourists' notice. In that anthropological sense, and as a mirror in which to look at the way class shapes cities in the USA, I've never been anywhere as thought-provoking as São Paulo. I highly recommend City of Walls: Crime, Segregation, and Citizenship in São Paulo, by Teresa P. R. Caldeira, which makes these comparisons between São Paulo and Los Angeles explicit.[...]



The Amazing Race 29, Episode 1

2017-03-30T23:59:21-08:00

Los Angeles, CA (USA) - Panama City (Panama) This season of The Amazing Race has a cast composed entirely of "blind date" travelling couples who met their partners for the first time at the starting line of the reality-TV race around the world. Whatever lessons the remainder of the season may have in store about romance (or breakup) on the road, success or failure at the travel tasks in this first episode of the "blind date" season didn't appear to have much to do with the racers' unfamiliarity with their teammates' strengths, weaknesses, or travel and relationship styles. Road navigation was what separated the winning and losing teams this week. The racers never got more than an hour's drive from Panama City, but team after team got lost for several hours at a time. Why was it so hard for the racers to find their way, even with maps in hand and in a place where the road signs are in English and/or Spanish? It's tempting for television viewers to blame the blind date couples' navigation problems on their lack of experience working with their partners as teams. But the TV producers love arguments between teammates, and would likely have shown them to us if they had been the cause of teams being delayed or eliminated. Some of the racers blamed a general lack of street signs. I've read that road signs are absent from many intersections in Panama, even junctions of significant rotes. But I don't find this an adequate explanation for the racers' difficulties. Many of this season's racers have experience in the military, where one has to be prepared to navigate without road signs or in places where the signs are all in an unfamiliar alphabet or writing system. The racers had paper maps. With a map, an automobile odometer, a compass (something anyone on "The Amazing Race" or travelling independently ought to be carrying), and some practice, it's possible to do a fair amount of navigation by dead reckoning. The problem, I suspect, is a lack of practice at dead reckoning. Let this be a lesson to my readers who aspire to compete on "The Amazing Race". That, in turn, may be a consequence of an "Amazing Race" rule that has made the "reality-TV" show increasingly different from real-world travel: Members of the cast aren't allowed to bring cellphones, GPS receivers, or other electronic devices with them on the race around the world. That wasn't such a big deal in the first season of "The Amazing Race" in 2001. There were a few cellphones (Nokia Communicator) and handheld PDAs that could connect wirelessly through a cellphone (I had a Psion Revo Plus) with touchscreen Web browsers. But none of these devices had integral GPS receivers, and the iPhone (which popularized the concepts Psion pioneered) wouldn't be introduced for another five years. Even for early adopters of these devices, international cellphone roaming was prohibitively expensive. Neither travellers nor locals, anywhere in the world, were expected to rely on pocketable electronic devices for navigation or other travel services. In the early seasons of "The Amazing Race", teams sometimes gained an edge by borrowing a cellphone. But they weren't lost without one. Fifteen years and twenty-eight seasons of "The Amazing Race" later, the ubiquity of entry-level Android smartphones has led to substantial decline in non-smartphone products and services for travellers and atrophy of the skills -- such as map-reading and dead reckoning -- to make use of them. Paper maps still exist, but today the people who are willing to pay for the most detailed, accurate, and up-to-date mapping -- wealthy people, delivery and emergency services, and even the military -- want maps in digital formats, and that's where all the effort is going. Printing paper maps has always been expensive, especially since the more frequent the updates, the smaller the press run and the greater the cost per copy. There is no longer a critical mass of buyers for good paper maps of many places.[...]



Tips for travellers about the "Muslim laptop ban"

2017-03-24T12:27:21-08:00

The "Muslim laptop ban" goes into effect today: The U.S. government has ordered airlines to prevent passengers from bringing laptop or tablet computers or other electronic devices "larger than a cellphone" (whatever that means) on their person or in carry-on baggage on direct flights between 10 airports in countries with predominantly Muslim populations in the "Middle East" (West Asia) and North Africa and the USA. These items will still be allowed on these flights in checked luggage, where either lithium batteries or explosives pose a greater danger because in-flight fires are harder to detect or put out in the cargo hold than in the passenger compartment. According to a report by Kaveh Waddell in The Atlantic (in which I'm also quoted), "The ban was communicated to the relevant airlines and airports at 3 a.m. Eastern on Tuesday, in the form of an emergency amendment to a security directive. From that point, the airlines and airports will have 96 hours to comply." Many others including airline pilot Patrick Smith ("Ask The Pilot") and experts interviewed by the Guardian (here and here) and the Washington Post have made the point that the Muslim laptop ban uses "security" as a pretext for trade sanctions (no US-based airlines serve any of the airports subjected to the laptop ban, which include the hub airports of airlines with which US-based airlines have been fighting a trade war) and Islamophobic harassment (the affected flights are those on which the largest numbers of citizens of countries that President Trump tried to ban from the US, but which the courts have at least temporarily enjoined him from excluding from the US, are likely to arrive). Aside from making the US government look more bigoted and stupid, it remains to be seen whether the Muslim laptop ban will affect travellers' choices of airlines or force carriers like Turkish Airlines to lower their fares even further to offset the disadvantage (especially for the most profitable business travellers) of not being able to work (or play games) on laptops in flight. But what does the Muslim laptop ban actually mean for travellers? What are the rules? There are no "rules", in any normal sense of that word. Airlines have been given orders by the DHS, in the form of "Security Directives". But those orders are secret. Airlines can, and often do, make things up out of ignorance or to serve their own profits, and blame them on the government. In this case, the orders are probably real, and certainly disliked by the airlines to which they apply (although welcomed by their US-based competitors). But, "The government made us do it," is a great excuse for anything airlines want to do -- especially when it's impossible for passengers to tell if it's true. Is this legal? Nobody knows. It's almost impossible for travellers to challenge the orders given by the government to the airlines. Airlines have standing to challenge these orders in court, but none of them have done so. It's one more example of the craven complicity of airlines in government harassment and infringement of the rights of travellers -- including airline complicity in, and failure to challenge, President Trump's Muslim ban. But how can I tell what I will be allowed to carry on? You can't. Even before the Muslim laptop ban, and regardless of what the government requires, airlines reserve the right to make you check your bags, including whatever you planned to carry on. Their tariff and conditions of carriage, as of the time your buy your ticket, give you a contractual right to have a certain amount of luggage transported to your ticketed destination. But they don't guarantee that any of your luggage will be transported in the passenger cabin, or even on the same plane, just as they don't guarantee that you will be transported on the original schedule or routing. As long as you and your luggage are delivered to your destination without being charged extra, the airli[...]



Testimony in Alaska on the REAL-ID Act

2017-03-21T13:06:35-08:00

I'm testifying today (by teleconference) at two hearings in the Alaska State Legislature on state bills related to the Federal REAL-ID Act.

In 2008, the Alaska State Legislature enacted a state law prohibiting any state spending to implement the REAL-ID Act.

Now, in response to Federal threats to interfere with Alaskan residents' freedom of movement if the state government doesn't upload information about all state license and ID-card holders to a national ID database, the state legislature is considering bills to authorize that spending and implementation.

It makes no sense for Alaska to call for repeal of a disliked Federal law of dubious Constitutionality, and simultaneously to authorize state spending to comply with that law, without first getting the courts to rule on whether the (unfunded) mandate for state action or the threatened sanctions against state residents are Constitutional.

Details and links to the proposed legislation and my testimony at PapersPlease.org: Alaska and the REAL-ID Act




Palantir, Peter Thiel, Big Data, and the DHS

2017-03-14T22:57:55-08:00

[On the sidewalk in front of Palantir founder and Trump supporter Peter Thiel's house at 2920 Broadway in San Francisco.] On Saturday, I joined an ad hoc group of picketers outside the Pacific Heights mansion of Palantir Technologies founder and Trump supporter Peter Thiel (photo gallery from the SF Chronicle, video clip from KGO-TV; more photos from the East Bay Express). San Francisco and Silicon Valley are among the centers of opposition to President Trump and his fascism, especially as it relates to restrictions on movement, border controls, immigration, and asylum. Bay Area technology companies and their better-paid classes of employees like to think of themselves as building a better world that reflects the distinctive values that have attracted dreamers and futurists to this region -- as it attracted me, 35 years ago -- from across the country and around the world. But some of these companies are key developers and providers of "big data" tools for the opposite sort of "Brave New World". As Anna Weiner reported in the New Yorker ("Why Protesters Gathered Outside Peter Thiel's Mansion This Weekend"): David Campos, a former member of the San Francisco board of supervisors, who emigrated from Guatemala, in 1985, stood on the brick stoop and raised a megaphone. "The reason we're here is to call upon the people who are complicit in what Trump is trying to do," he said. Clark echoed the sentiment. "If your company is complicit, it is time to fight that," she said. Trauss, when it was her turn, addressed Thiel, wherever he was. "What happened to being a libertarian?" she asked. "What happened to freedom of movement for labor?" Edward Hasbrouck, a consultant with the Identity Project, a civil-liberties group, took the stand, wearing a furry pink tiger-striped pussyhat. "The banality of evil today is the person sitting in a cubicle in San Francisco, or in Silicon Valley, building the tools of digital fascism that are being used by those in Washington," he said. "We've been hearing back that there are a fair number of people at Palantir who are working really hard at convincing themselves that they're not playing a role -- they're not the ones out on the street putting the cuffs on people. They're not really responsible, even though they're the ones who are building the technology that makes that possible." It's easy to rationalize the creation of technological tools by saying that they can used for good as well as evil. But you can't separate the work of tool-making from the ways those tools are being used. Palantir workers' claims to "neutrality" resemble the claims made in defense of IBM and Polaroid and when they were making and selling "general purpose" computers, cameras, and ID-badge making machines to the South African government in the 1970s. None of this technology and equipment was inherently evil. But in South Africa, it was being used to administer the apartheid system of passbooks and permissions for travel, work, and residence. The same goes for "big data" today. To understand what's wrong with the work being done by Palantir for the U.S. Department of Homeland Security, it's necessary to look not just at what tools Palantir is building but at how and by whom they will be used; not just at the data tools but at the datasets to which they are applied, the algorithms they use, and the outcomes they are used to determine.[...]






President Trump, Populist Politics, and the Prospects for Privacy

2017-01-27T06:10:04-08:00

(image)

I was on a panel on Wednesday at the Computers, Privacy, and Data Protection conference in Brussels on the topic of "Populist Politics and the Prospects for Privacy".

Through no fault of the organizers, who were extremely accommodating of my last-minute proposal for this panel after the US elections, we had less time than we had hoped for. There's video of the session, but I was rushed and probably not always clear.

(image)

[My pussy hat -- the symbol of the Women's Marches last weekend after Trump's inauguration -- was popular at CPDP. Photo by kind permission of Wendy M. Grossman. Thanks to Suzanne and another Wendy for knitting and giving me the hat!]

By popular request, below the jump is a summary of the main points I tried to make.

(For those interested in more detail, I've posted my notes on issues I would have liked to raise, if we had more time. I've also posted a separate article at PapersPlease.org on President Trump's executive order repudiating the EU-US agreement on transfers of PNR data from the EU to the US government.)




Unresponsive "comments" from Amadeus

2017-01-18T00:17:45-08:00

Exactly three weeks after a public demonstration of the insecurity of public Web gateways to computerized reservation systems (CRSs) -- a threat to travellers that I've been writing, speaking and telling the CRS operators about for more than 15 years -- one of those companies has responded to my request for comment, but without answering any of my questions.

Here, in its entirety, is the statement I received late Tuesday from Amadeus (which hosts PNR data for airlines and travel agencies and operates the CheckMyTrip.com for viewing PNR data), followed by my comments:




The REAL-ID Act and the TSA proposal to require ID to fly

2017-01-14T16:58:45-08:00

Much of my work for the last decade as a consultant to the Identity Project (PapersPlease.org) on travel-related civil-liberties and human rights issues has focused on requirements to obtain government permission and/or show government-issued ID credentials in order to travel by common carrier.

No law in the USA requires you to show ID to fly, as I have explained to state legislators and Washington think tanks.

The TSA tells travellers they have to show government-issued ID to fly, harasses those who decline to do so, and sometimes has them arrested by local police on trumped-up (will that word now have new meaning?) charges.

But people with no ID at all fly every day. "We have a procedure for that," the TSA says whenever its demands for ID are challenged in court.

Now the TSA has proposed -- in a backhanded way calculated to evade public or Congressional debate or judicial oversight -- to impose a new official requirement for all airline passengers either to show government-issued ID or to certify that they live in a state that the DHS deems sufficiently compliant with the REAL-ID Act 2005. This ID requirement would be an additional prerequisite before the TSA will give them "permission" to pass though its checkpoints or board airline flights.

For more on what's wrong with this proposal, see the comments filed this week with the TSA by the Identity Project and this post from the Identity Project blog.




"What can I do to protect my PNR data?"

2017-01-12T21:02:14-08:00

Since the recent public demonstration of some of the security and privacy vulnerabilities of airline reservations systems that I've been writing and speaking about for more than 15 years, people have been asking me, "What can I do to protect myself against stalking, harassment, surveillance, and fraud when I travel?"

Here are some answers from an interview I gave last week to Lucia Blasco of the BBC World Service:




CRS/GDS companies and travellers' privacy

2016-12-30T21:13:07-08:00

[In the middle of the presentation by SRLabs at 33C3 on Tuesday, Nemanja Nikodijevic discovered that Amadeus had taken its "CheckMyTrip.com" PNR-viewing Web site offline to prevent the vulnerabilities of the site from being demonstrated in real time. Screen capture from CC3C video by permission of SRLabs. Click images for larger versions.] This past Tuesday at the 33C3 conference in Hamburg, Germany, Karsten Nohl and Nemanja Nikodijevic of SRLabs publicly demonstrated that airline reservations systems still have the same fundamental insecurity, in the same ways that I have been writing and speaking about for more than 15 years. Lest there be any doubt, while the the team from SRLabs was inspired to investigate this subject in part by an interview with me on a German IT news site, I had no contact with them and was entirely unaware of their work until they contacted me last week. They worked entirely independently of me, and had no access to any information from me except my published writing and public speeches. When they contacted me last week to let me know that they would be giving a presentation on this topic at 33Cc, their research was already complete. I thought that expert security researchers might have found more vulnerabilities than I had found. Perhaps they did, but haven't yet discussed them publicly. But all of the attacks they demonstrated in their public presentation at 33C3 exploited the lack of real passwords on public Web gateways to Passenger Name Records (PNRs) operated by computerized reservation systems (CRSs/GDSs) for itinerary viewing, and by airlines for online booking, ticketing, check-in, changes, and cancellations. These specific vulnerabilities have been publicly reported and discussed in print for at least 15 years, starting around the time Amadeus began its beta test of CheckMyTrip.com. In light of some of the statements attributed to Amadeus -- the target of most of the sample exploits demonstrated by SRLabs -- in other news stories this week, it's important for the public and for government officials with authority over privacy and data protection to understand that this was not a demonstration of new vulnerabilities or anything that wasn't already well-known to Sabre, Amadeus, and Travelport (the current owner of both Galileo/Apollo and Worldspan). Amadeus' reported responses have focused on the brute-force attack on PNR record locators, but the real problem, which has long been known, is the use of the record locator as though it were a password and without telling travellers that they need to keep it secret like a password that can't be changed if compromised. In many real-world targetted attack scenarios, the attacker will have other ways than trial and error to obtain a record locator. And real-world attacks are likely to be targetted: There are easier ways for hackers to obtain credit card numbers or money. The motivation for hacking a CRS/GDS or obtaining PNR data is to find out where someone will be, and when, so that the cyber-attacker can stalk their victim, surveil her, harass or attack her physically, rob her home while she is away, kidnap her and/or her children, or kill her. To set the record straight, below is more detail than I would normally go into about the chronology of my reporting on this subject, followed by my recommendations for action and the questions I have asked Amadeus.[...]



"Travel data: fraud with booking codes is too easy"

2016-12-27T02:54:15-08:00

[Some of the privacy and security threats to PNR data and the CRS network, from my testimony in 2013 as an invited expert witness before the Advisory Committee on Aviation Consumer Protection of the U.S. Department of Transportation. Click image for larger version.] Video, slides, and blog post of presentation by SRLabs at 33C3 (27 December 2016, Hamburg, Germany) Who's watching you while you travel? (details of this vulnerability published on my Web site, 18 April 2002) Flight booking systems lack basic privacy safeguards, researchers say (by Eric Auchard, Reuters, 27 December 2016) Reisedaten: Betrug mit Buchungscodes ist zu einfach (by Patrick Beuth, Zeit, 26 December 2016) Unsicherheit bei Flugbuchungen: "Greift mehr Legacy-Systeme an" (by Hauke Gierow, Golem.de, 28 December 2016) Une étude alerte sur les failles des réservations de vol (by Alexis Orsini, Numerama.com, 28 December 2016) 33C3: Gravierende Sicherheitslücken bei Reisebuchungssystemen (by Stefan Krempl, Heise Online, 28 December 2016) Amadeus-Sicherheitsproblem: Einladung für Cyber-Vandalen (by Frank Patalong, Der Spiegel, 27 December 2016) Today at the 33rd Chaos Communication Congress (33C3) in Hamburg, Germany, white-hat hackers from Security Research Labs inspired by news reports in Germany about my work will publicly demonstrate their ability to access and alter other people's airline reservations (PNRs) by exploiting vulnerabilities including ones that I wrote about and called to the attention of all of the four major Computerized Reservation Systems in 2002, but that the CRSs have made a deliberate choice not to close because (a) government authorities have not enforced existing data protection laws (in other countries than the USA, which has no such laws) against CRSs, airlines, or travel agencies, and (b) these travel companies put their profits ahead of passengers' privacy and security. There's been some advance coverage in German print (mentioning my work) and television news media. (Zeit, Handelsblatt, Der Spiegel.) But the CRS exploits discussed in these news stories are not the most serious of those that I expect the folks from SRLabs (well-known for their previous public exploits) to demonstrate at 33C3. Watch the livestream here at 21:45 CET in Hamburg, 12:45 p.m. PST in San Francisco. Recorded video will be posted later, but I don't know how soon. I'll add a link once it is available. As I wrote in my book, The Practical Nomad Guide to the Online Travel Marketplace, which was published in early 2001 before 9/11, "Privacy is the Achilles heel of Internet travel planning." In that book (page 121), I also wrote about the vulnerability of the public Web gateways operated by CRS companies -- the vulnerability exploited in today's demonstration at 33C3, of which the first was Sabre's VirtuallyThere.com: If you make reservations through Travelocity.com or any other Sabre travel agency, you can view your itinerary at Sabre's "Virtually There" Web site (www.virtuallythere.com) by entering your last name and the six-character "record locator"" for your reservations. This is good if you've misplaced your printed itinerary, but at present is dangerously insecure. Anyone who sees your name and record locator on an itinerary (through a window envelope, for example, or over your shoulder in an airport check-in line) can find out your home address, the exact dates you''ll be away, where you are staying, etc. Properly secured, it could be a great feature, and hopefully Travelocity.com will have secured it before you read this. If they haven't, don''t make any reservations in Sabre until they do, unless you want every detail of your trip to be publi[...]