Connecting the DHS to the airline industry
A Request For Information (RFI) posted on a website for Federal government contractors gives a glimpse into the degree to which the Department of Homeland Security (DHS) has embedded itself into the information technology infrastructure of the airline industry.
The RFI for Services to Electronically Transmit Airline Data was posted April 5, 2021, by US Customs and Border Protection (CBP). Responses from potential vendors are due by April 19, 2021.
CBP says it is “conducting market research to gain a greater understanding of the full range of available options for services for obtaining names and related information of passengers who are arriving and departing the U.S. on commercial airlines.” Although the RFI was put out by CBP, which surveils and controls international air travel and cargo transport to and from the US, it appears to contemplate integration with the parallel systems used by the Transportation Security Administration (TSA) for data-driven surveillance and control of domestic US air travel as well.
According to the RFI:
CBP is evaluating transmission options for air carriers to use in compliance with these requirements.
- The vendor must have established connectivity with the airline community.
- The vendor must be able to test and certify with the air carriers, the vendor, CBP and TSA as required.
For those unfamiliar with the “parallel universe” of airline IT and data communications networks, this RFI might best be conceptualized by analogy to the specifications for the equipment — revealed by whistleblower Mark Klein — that was installed in the facilities of AT&T and other telecommunications companies to provide real-time copies of message data to the National Security Agency (NSA).
While the NSA receives metadata about the movements of our messages in the form of telephone calls, email messages, Web browsing, and other Internet traffic, CBP receives metadata about the movements of our physical bodies, whenever we travel by air, in the form of, according to the RFI, “Passenger Name Records (PNR), air cargo manifests, advance passenger information (API), passenger manifests, and other airline-related data.”
The TSA receives a similar but somewhat different dataset of all domestic airline flights in the form of Secure Flight Passenger Data (SFPD).
The RFI requests information from vendors that already have “an available global private network primarily used by the aviation industry to enable the aviation industry to send/receive API, PNR, and other information to CBP and other entities.”
The gateways provided by these vendors would also, presumably, position these vendors to serve other governments wanting to surveil and control air travel while using common gateways to connect to airlines without having to connect to each airline separately.
As the NSA did with telecommunications companies, CBP embeds itself in vendors’ data centers and message switching hubs:
The contractor shall provide the following to permit the electronic transmission of airline data to CBP’s computer network and host systems:
Provide Ethernet Internet Protocol (IP) connections to the contractor’s private global network. CBP routers are located on vendor’s premises. Contractor provides physical space at their datacenter(s) to include ¼ communications rack to house DHS/CBP co-located equipment that connects to the contractor’s private global network.
Unlike the “black boxes” installed in AT&T and other telecommunications and Internet switching centers to send mirror copies of messages to the NSA, the CBP/DHS connection to the global airline reservation cloud is bidirectional. The role of the DHS is not limited to passive surveillance, which would require only a unidirectional data feed. DHS exercises positive permission-based prior restraint and control of the issuance of each boarding pass, which requires reliable real-time transmission of Boarding Pass Printing Result (BPPR) permission messages from DHS to airline check-in counters and Web check-in systems worldwide.
Currently, each airline has the option of connecting directly to CBP for bi-directional transmission of PNR and API data and receipt of BPPR messages through a virtual private network using CBP-specified protocols and vendors, or connecting to DHS through one of two vendors approved by CBP to act as intermediaries: ARINC or SITA.
It’s unclear what other companies, aside from the major Computerized Reservation Systems, a/k/a Global Distribution Systems (Sabre, Amadeus, and Travelport) might be in a position to provide the services currently provided to the DHS by ARINC and SITA.
Both ARINC and SITA were formed by consortia of airlines as joint ventures to share the cost of building and operating global real-time data communications networks. At the time, neither the the telegraph network nor any other third-party service was sufficiently real-time or reliable or had sufficient global coverage to meet airline operational needs. So, as with other pioneering aspects of airline IT, airlines built their own global real-time data network before any other industry or any general-purpose commercial provider had one.
ARINC, founded in 1929 as Aeronautical Radio, Inc., is now part of the the Collins Aerospace division of Rockwell Collins. SITA, founded in 1949 as the Société Internationale de Télécommunications Aéronautiques, remains primarily airline-owned. Both provide a range of licensed software and software-as-a-service to airlines that prefer to outsource IT functions ranging from data communications to flight crew scheduling. Smaller airlines that can’t afford to develop their own IT systems tend to be especially reliant on SITA, but essentially all airlines make use of some services provided by ARINC and/or SITA.
One of those services to which the DHS demands access is IATA “Type B” messaging. Type B messaging (often referred to colloquially in the airline industry as “SITA messaging” even when provided by ARINC) is offered by both ARINC and SITA, but using the same structured addresses and with an AIRINC-SITA gateway. Customers of either company can send and receive Type B messages without needing to know if they are served by AIRINC or SITA.
If you know what to look for, you can often spot 7-letter Type B addresses on business cards and letterhead and in email signature lines of workers in the airline industry. A Type B address consists of a 3-letter IATA airport or city code, a 2-letter designator for a functional component, and the 2-letter IATA code of the airline. “LAXSSTG”, for example, would be the Los Angeles (LAX) sales office (SS) of Thai Airways International (TG).
Type B messages are in plain text and mostly human-readable. But like air traffic control communications, they are composed in a highly structured jargon, and many Type B messages are machine-generated and machine-processed, while remaining backward-compatible with manual processing and delivery methods ranging from email to hand delivery in hardcopy by messenger. Type B messaging is one of the methods specified by IATA for transmitting mirror copies of PNRs from airlines to governments.
According to the RFI posted by CBP:
Contractor shall support interactive messaging when 7-letter IATA Addressing is used by the Airlines. Contractor shall mitigate the protocol mitigation in order to deliver messages sent to CBP systems, as well as messages originating at CBP and destined for delivery to the Airlines.
[Contractor shall] Provide unlimited Type B messaging.
Type B messaging is guaranteed, store-and- forward message delivery. Type B messages are an IATA standard. Type B messaging is widely used by airlines, and computer reservation systems and used by CBP to receive Advance Passenger Information, based on the International Air Transport Association (IATA)/Airlines for America (A4A) endorsed standard. It is a Messaging service that allows centrally controlled communications with every participant in the extensive Type B community and a Value added service that provides security, traceability, integrity, and sender and receiver identification on top of connectivity through one connection.
It’s unclear exactly what use the DHS may be making, or plan to make, of Type B messaging, aside from receipt of PNR, API, and SFPD and sending of BPPR data. We would welcome any tips from readers as to DHS use or planned use of Type B messaging and/or the Type B addresses used by DHS or its components including CBP and the TSA.
We’ll be making a Freedom Of Information Act (FOIA) request for all of the responses to this RFI as soon as the solicitation deadline has passed.
It will not be “Your papers, please.” It will be “Your papers…or else!”
Pingback: Sabre and Travelport help the government spy on air travelers – Papers, Please!