Inflight Wi-Fi providers allegedly cut wiretap deals with feds

Tammy Parker, FierceWirelessTech

Some inflight Wi-Fi providers have allegedly voluntarily exceeded the requirements of the Communications Assistance for Law Enforcement Act, or CALEA, by providing U.S. law enforcement and the National Security Agency (NSA) with additional surveillance or control capabilities not provided for by the law. Further, it is unclear what the full scope of those capabilities might be.

CALEA--also known as the federal wiretapping law--was passed in 1994 during the presidency of Bill Clinton and was later expanded to cover voice over IP and broadband Internet traffic. Inflight broadband providers must abide by CALEA's requirements.

However, Wired reports that Gogo and Panasonic Avionics both added extra capabilities to their inflight networks that went beyond CALEA's requirements as requested by law enforcement. Further, they may have done so to keep the FCC at bay by promising to work with law enforcement directly rather than having the commission dictate additional regulations for inflight operations.

Wired cited a July 2012 letter that Gogo submitted to the FCC, in which Gogo attorney Karis Hastings wrote: "Gogo worked closely with law enforcement to incorporate functionalities and protections that would serve public safety and national security interests." Hastings went on to state that Gogo implemented into its system design "a set of additional capabilities to accommodate law enforcement interests."

Asked about the letter, Gogo spokesman Steve Nolan told Wired that the company made only a single concession beyond CALEA, which was the addition of a CAPTCHA feature to "prevent people from remotely accessing the system." Nolan also said there is no truth to comments made in 2009 by an executive of Gogo subsidiary Aircell to Flight Global regarding the existence of a "Super CALEA" arrangement between Gogo and the FBI.

As described in the 2009 Flight Global article, the purported "Super CALEA" agreement not only allowed federal law enforcement to monitor inflight Wi-Fi users and see "what the traffic looks like" in real time, per CALEA's requirements, but also allegedly enabled the shut-down of inflight communications service on a flight to all but U.S. air marshals.

More recently, an FCC notice of proposed rulemaking, issued in December 2013, regarding use of cellular phones on aircraft cited a "Panasonic Application Narrative" in which the inflight communications provider said it had been "engaged in active discussions with U.S. law enforcement officials" regarding lawful interception and network security functionality for its eXConnect System. In the narrative, Panasonic said it was implementing required intercept capability as well as "additional functionality subject to final agreement with U.S. law enforcement."

Chris Soghoian of the American Civil Liberties Union contends the inflight Wi-Fi providers have cut deals with the government primarily so the FCC wouldn't hound them. The agency often "acts as the enforcer for the surveillance community," Soghoian told Wired.

In its December 2013 NPRM, the FCC emphasized that issues of onboard security and inflight safety are primarily reserved for the Federal Aviation Administration, Department of Transportation and the airlines. However, the commission added that "there may be measures within our regulatory purview that can be taken to further the commission's interests in preserving and promoting public safety and homeland security."

While it is hard to argue with anything that might add to the safety and security of commercial aircraft, I find it troubling  that deals related to inflight surveillance may have been negotiated outside of public perusal. CALEA is secretive enough. The idea that government may have pressured companies to comply with any wishes and whims of law enforcement, regardless of whether they are codified by law, is downright creepy.--Tammy