Slashdot Mirror
In-Flight Wi-Fi Provider Going Above and Beyond To Help Feds Spy
An anonymous reader sends in a report from Wired that GoGo, a company the provides in-flight Wi-Fi access to airline passengers, seems to be making every effort to assist law enforcement agencies with wiretaps. From the article:
"Gogo and others that provide Wi-Fi aboard aircraft must follow the same wiretap provisions that require telecoms and terrestrial ISPs to assist U.S. law enforcement and the NSA in tracking users when so ordered. But they may be doing more than the law requires. According to a letter (PDF) Gogo submitted to the Federal Communications Commission, the company voluntarily exceeded the requirements of the Communications Assistance for Law Enforcement Act, or CALEA, by adding capabilities to its service at the request of law enforcement. The revelation alarms civil liberties groups, which say companies should not be cutting deals with the government that may enhance the ability to monitor or track users."
...terrorism!
And yet nothing will happen to them but have some impotent nerd rage flung at them.
Where's Antonio Prohias when you need him?
A feeling of having made the same mistake before: Deja Foobar
The last time I used gogoinflight I was using it to search for and download freely available academic papers for work. I know I should be appalled at them giving up the data, but I wouldn't use a service like that for anything that I would be worried about the feds looking in on.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
not surprised, considering we live in the optomicon. everybody likes to exclaim "1984!" but I read the book recently and don't think it applies much. In terms of the technical invasion of privacy it is accurate, but I don't think the remaining brainwash / control aspects of the totalitarian govt are realistic.
The other thing that's accurate is the use of endless warfare to put the population into defensive mode. Think of the airports and their "status yellow/orange" bs that GWB was shown to manipulate during his re-election.
You know what will prevent this sort of thing in America? Everybody wants to be part of the 1%. And as long as there is an upwardly mobile class, there will be demand for change and new opportunities. One class will never be able to cement control over the other.
I have OpenVPN installed on my portable devices, and it connects back to my VPN server, using my own CA. I have the devices set to use the VPN server as the gateway so when I'm doing any kind of data retrieval that I want to keep confidential, it's going through an encrypted tunnel. Yes, it does slow things down a bit, but I find most public WiFi sucks pretty serious donkey balls anyways.
Nothing is 100% secure, but I pretty much treat any public network; airport, airplane, hotel, restaurant, or the like as hostile territory.
The world's burning. Moped Jesus spotted on I50. Details at 11.
While it would be nice to have Internet access on a domestic US flight, I find it's a nice break to not have it. Things I can do 'offline' are, read, nap, converse with strangers sitting next to me, admire the view from the window, hit on the cute female flight attendant, sketch... If you need to be connected for business that's one thing. For 90% of people on planes, that probably isn't that case!
Now, Internet on international flights? Absolutely!
Take a moment and unplug, people! It will do you some good!
So what happens when they fly over countries with proper privacy regulations? Hopefully those countries will issue INTERPOL warrants for the company executives.
Can't say I blame them. What's the downside for GoGo? They're not going to lose any revenue over this. They have monopoly control over a captive audience that literally can't go elsewhere for service. On the other hand, the airline industry is already deeply, deeply in bed with law enforcement. When it comes time to get a franchise as an in-flight provider I expect that an endorsement by the TLAs is only going to work in GoGo's favor.
It'd be nice if they'd keep their hands off our packets, but who are we kidding? Unless all network providers suddenly get regulated as common carriers that's just not going to happen. Whether you're in the air, in Starbucks, or leeching wi-fi from your next-door neighbor you have to assume that your packets are being logged and analyzed.
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
As if any actual NSA target of interest is going to google bomb-making information, email other members of their sleeper cell, or update their subscription to Inspire magazine while actually ON a flight.
I have OpenVPN installed on my portable devices, and it connects back to my VPN server, using my own CA. I have the devices set to use the VPN server as the gateway so when I'm doing any kind of data retrieval that I want to keep confidential, it's going through an encrypted tunnel. Yes, it does slow things down a bit, but I find most public WiFi sucks pretty serious donkey balls anyways.
Nothing is 100% secure, but I pretty much treat any public network; airport, airplane, hotel, restaurant, or the like as hostile territory.
That's all pointless. They've tapped your home connection too. Your ISP gives them anything they want on a silver platter.
After going through airport security I'm pretty sure everybody already assumes privacy is up in the air
These days a VPN is pretty much basic protection, like a firewall was 10 years ago. Particularly if you travel or use public wifi, but even at home/work.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
They need a nice good old fashioned class-action lawsuit to brighten up their day, they need to get sued for violating privacy and acting as enablers of illegal law enforcement activity. US Congress may well give them retroactive immunity, they are free to show their true colors.
The last time I used gogoinflight I was using it to search for and download freely available academic papers for work. I know I should be appalled at them giving up the data, but I wouldn't use a service like that for anything that I would be worried about the feds looking in on.
In my case, being a medical student -- what if I happen to be studying infectious diseases at the moment? Maybe some novel Influenza strains, or bacterial antibiotic resistance profiles, or epidemiological models of disease spread? Possibly even actual bio-terrorism agents, as these were a pretty big item on my board exams (probably someone at the federal level pushed the NBME/NBOME to emphasize them, there was way too much given the relative clinical utility of the topic).
My colleagues would find those topics perfectly normal and usual items of study, but I'd hate to end up on a watch list because MUH TERRORISM.
Can't say I blame them. What's the downside for GoGo?
As I work with secured customer data, knowing that I'm possibly getting MITM'd sounds like a likelihood I won't be able to use GoGo (now I have to go and verify if it's ok). So abstinence is always an option, despite me being gogo's captive.
Make sure everyone's vote counts: Verified Voting
Interestingly, the article says that, at the request of law enforcement, they added CAPTCHA support. The article then goes on to say that this must be a deception because they used a plural, it "doesn't make sense", etc.
Actually, it makes a lot of sense. How is every IED detonated these days? Cell phone. Buy a cheap, anonymous phone, wire it up, and call it to detonate it. Wifi that wasn't resistant to automated signup would make this trivial. They could just sign up with an anonymous phone and pre-paid Visa. Then, when it's in the air, *BOOM*
It also makes a lot of sense that they don't want to talk about it. Don't want to give people ideas.
I think Mauve has the most RAM. --PHB (Dilbert Comic)
"by adding capabilities to its service at the request of law enforcement. The revelation alarms civil liberties groups, which say companies should not be cutting deals with the government that may enhance the ability to monitor or track users."
Uh, companies should not be cutting deals?
That is absolutely the wrong mentality to have here.
How about we address the fact that law enforcement likely knowingly asked for capabilities that exceed their legal purvey. And they knew damn well those requests would likely be granted only due to their federal standing and considerable influence, which again is an abuse of power.
Why in the hell this appears to be pointing blame solely at the companies here is beyond me. Sure, they're complacent, but certainly not the real problem.
The US is very free except for the parts of the government that are ruled by Republicans.
Funny, that. The last time I was sexually molested at an airport, the Democrats were fully in power.
If you use public WiFi without ssh/vpn/tor/etc then you deserve to be spied on.
Oh, you mean we're only spied on when using public WiFi hotspots?
Boy that's a relief. For a minute there I thought hundreds of millions of people were overreacting to the fact that private or public doesn't really fucking matter anymore...
While this won't make the tinfoil-hat people happy, there's almost nothing here.
The PDF is pretty harmless, and the Wired article is 100% speculative bullshit.
CALEA was the law when they built their system, so they built their system to support it. Saying things like "in close conjunction with law enforcement" is just flowery wording to say they made a phone call or two. The PDF is the most boring "meets or exceeds expectations" paper I've ever read.
Nolan, asked about those statements, said, “Despite what the person said in 2009, what I can tell you today and what the truth is today is that we adhere to CALEA and we do everything in conjunction with what law enforcement has asked us to do.” He added that, “There is no ‘super CALEA’ capability. Our capabilities and what we adhere to are exactly what any communications provider, including on the ground networks, adhere to when they abide by CALEA. Nothing more and nothing less.
Um, what does your home vpn server connect to to mr. wizard? Unless you run your own ISP I don't see how this really matters unless you're only worried about joe schmo hacker out in the real world.
Are you talking about the TSA? The Bush junta created the TSA and continues to force them upon us.
There's other times.....?
You might have a different "problem" alltogether.... Mr "victim".
If you pay for gogo inflight you're basically paying for 28.8k circa 1990 service. Quite nestalgic but not exactly a hot bed of terrorist activity.
Oh, you mean we're only spied on when using public WiFi hotspots?
No, that isn't what i said. Try learning some reading comprehension, sarcastic pinhead.
---- Booth was a patriot ----
I have OpenVPN installed on my portable devices, and it connects back to my VPN server, using my own CA. I have the devices set to use the VPN server as the gateway so when I'm doing any kind of data retrieval that I want to keep confidential, it's going through an encrypted tunnel. Yes, it does slow things down a bit, but I find most public WiFi sucks pretty serious donkey balls anyways.
Nothing is 100% secure, but I pretty much treat any public network; airport, airplane, hotel, restaurant, or the like as hostile territory.
That's all pointless. They've tapped your home connection too. Your ISP gives them anything they want on a silver platter.
I wouldn't say pointless. He's protected from public wifi that is easily monitored/manipulated by anybody with physical access to it.
Brave Sir Robin ran away. ("No!") Bravely ran away away. ("I didn't!")
Tapping us?
http://media3.giphy.com/media/...
I work for an ISP that provides in air wifi wholesale to the likes of the goofy companies that sell it in air. We have traffic shapers. If you want to control connections of people in air, you must have traffic shapers. Traffic shapers in and of themselves massively report (by default) on the activity and log tonnes of data about each person connected. This is done for many reasons. Mostly to study and trend behaviour on one's network. CALEA requires a small subset of the reporting AND taps be in place. We also have taps to aid troubleshooting the network. If CALEA has done anything, it's required us to get more taps and put them in more places. We wanted them there to begin with; it's just easier to approve the hundreds of millions in taps if it's 'for CALEA' and thus a requirement.
1 back up your drive.
2 encrypt your back up drive
3 ship the drive to your destination
4 wipe your drive with a clean install, don't encrypt it.
5 fly and enjoy something from a ripped DVD No need to set off alams with encryption or shady content.
6 after passing security with a sanitized drive, arrive and pick up your real data.
The truth shall set you free!
Agreed. I'm an engineering student and I'm the head of one of my student competitions which happens to involve building a high powered rocket. I had to travel on the day of an important meeting for the competition and was forced to leave the task to a rather junior member of the team. I couldn't check in on one of team members when I was in either airport because I was afraid of being labeled as a terrorist and end up in an interrogation room because I was discussing basic rocketry with a team member.
The Government seems to become more and more of a mafia, so why continue ranting but still keeping the system the same?
We have enough resources and technology to make a system whereby the entire nation gets to vote/decide on any small decision that gets taken. We can even add a weightage system to it so as experts in the field's opinion get more value.
It is about time that we eliminate that form of central decision making, which instead of working for the people, are indulging into spying on them, under the pretense that it is for your own good.
All that trouble because stupid fearfull people might put you on a no fly list for doing your god damn job? Nice country. Great people. Land of the free.
Let me break it down.
The letter is from Gogo LLC to the Federal Communications Commission. In the letter, Gogo was trying to persuade the FCC that it was unnecessary for the FCC to specify a mandatory list of capabilities that Gogo would have to implement as a condition for their license. This mandatory list is being pushed for by the U.S.Department of Justice, the Federal Bureau of Investigation, and the U.S.Department of Homeland Security. Gogo's argument is that it was unnecessary because, in their own words :-
What I see here is a company trying to get it's business off the ground and fighting not to be saddled by mandatory government rules violating the privacy of its customers. Did they bend over backwards to try and "accommodate" the spy agencies? Undoubtedly, yes. But by far the larger portion of the blame has to rest with the government spy agencies who made it impossible to do business unless you play ball with them.
It's not like an actual terrorist would be searching the net on directions of use and lab reports.
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
Then they could make money by selling your internet access data to the government AND selling your trades to high frequency trading firms. Two birds One Stone.
Yes, protected from a few hops ... at which point it then turns around and goes right back out on the public internet ... which can be easily monitored/manipulated by anybody with physical, virtual, remote or local access to it.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Oh, you mean we're only spied on when using public WiFi hotspots?
No, that isn't what i said. Try learning some reading comprehension, sarcastic pinhead.
Ah yes, you're right. My bad. Apparently you only need to use encryption on public WiFi hotspots. Obviously you're perfectly secure behind private ones and have little or no need.
Yup, got it. Comprehension wizard you are.
flies in the face of conventional wisdom.
I feel like you haven't thought this through. The problem isn't you doing it. Because if the fed's knock on your door and say, "GIVE ME ONE GOOD REASON YOU WERE LOOKING AT THIS VIRUS!". You can say, it is my job. Conversation over. But, if I did it, because I find them interesting, _I_ have no legitimate reason to, so I'm a potential terrorist.