[HN Gopher] The FBI is secretly using Sabre as a global travel s...
___________________________________________________________________
The FBI is secretly using Sabre as a global travel surveillance
tool
Author : AndrewBissell
Score : 230 points
Date : 2020-07-20 17:14 UTC (5 hours ago)
(HTM) web link (www.forbes.com)
(TXT) w3m dump (www.forbes.com)
| crb002 wrote:
| The FBI is probably using all information sold to advertisers.
| The EU passed GDPR for security, not just privacy.
| justanotheranon wrote:
| https://search.edwardsnowden.com/docs/FullSpectrumCyberEffec...
|
| see page 8.
|
| GCHQ has a program called ROYALCONCIERGE, where they hack the
| reservation systems of hotels to watch for targets renting rooms.
| then GCHQ sends teams ahead of time to intercept the targets,
| preaumably to spy on them, or assassinate them or rendition them
| to a black site.
|
| from another Snowden doc which i can no longer find, it was
| revealed that ROYAL CONCIERGE hacked hotels owned by Starwood,
| one of the biggest umbrella corps owning multiple global hotel
| chains.
|
| you think NSA only went after Starwood hotels? remember NSA said
| their "Full Spectrum Domination" posture means "Collect It All."
|
| you think if NSA/GCHQ are hacking into hotel reservation
| databases to exfiltrate the whole shebang, that Airline
| reservation systems are NOT a higher priority?
|
| a commenter said it is ridiculous hypocracy how we blast China
| for forcing its tech companies to become appendages of their
| military/intelligence complex, while ignoring FBI/CIA/NSA do the
| very exact same thing under the rubric of NSLs and Bulk FISA
| Warrants and Business Records "All Tangible Things" and EO12333
| get-out-of-jail-free cards to target anything loosely related to
| "understanding foreign intelligence."
|
| there is zero difference between what China does and what the
| FVEYs do, except that our Overlords tell us they are not spying
| on us, while every peasant in China knows they are being spied on
| by their govt because the Chinese govt openly admits to it.
| echelon wrote:
| > there is zero difference between what China does and what the
| FVEYs do, except that our Overlords tell us they are not spying
| on us, while every peasant in China knows they are being spied
| on by their govt because the Chinese govt openly admits to it.
|
| We can fight it by electing the correct people.
|
| But more importantly, I won't be spirited away to a black site
| by speaking ill about the president. Nor can the government
| decide it doesn't want me as CEO of my company anymore. Or
| prevent me from funding the opposition party.
|
| There's an enormous difference between the West and
| totalitarian dystopia China.
| duncan_bayne wrote:
| > We can fight it by electing the correct people.
|
| No, you can't. Because the people you're allowed to elect are
| all complicit in the creation and maintenance of these
| systems.
| hedora wrote:
| > _I won 't be spirited away to a black site by speaking ill
| about the president._
|
| Trump started doing that in Portland last week.
|
| Earlier today, he said he plans to expand the program to New
| York, Chicago, Oakland, Detroit, and a bunch of cities with
| in blue states.
|
| Apparently, the Chicago PD's leadership is welcoming it
| because the mayor "makes them fight with kid gloves" and this
| will let them ignore state and local regulations.
|
| They also say they're planning to bypass the state courts
| because federal courts have harsher sentencing guidelines.
| marta_morena_25 wrote:
| > We can fight it by electing the correct people.
|
| Can we? Please explain how that would work... Your faith in
| democracy is admirable, although misplaced.
| LegitShady wrote:
| Many forms of Government have been tried, and will be tried
| in this world of sin and woe. No one pretends that
| democracy is perfect or all-wise. Indeed it has been said
| that democracy is the worst form of Government except for
| all those other forms that have been tried from time to
| time...
| chooseaname wrote:
| > We can fight it by electing the correct people.
|
| Can we? I don't see anyone on either side [0] of the isle
| doing much of anything about this.
|
| > But more importantly, I won't be spirited away to a black
| site by speaking ill about the president.
|
| No, but you can be if you're in Portland any time soon.
|
| [0] Why TF are we stuck with TWO?
| Forbo wrote:
| Because game theory and first past the post electoral
| system. Nearly any other voting system would be better than
| what we have.
| [deleted]
| iso1210 wrote:
| > [0] Why TF are we stuck with TWO?
|
| No STV for congress/senate
|
| No AV for president
|
| Imagine you could rank you votes
|
| 1) Cruz
|
| 2) Bush (J)
|
| 3) McCain
|
| 4) Johnson
|
| 5) Sanders
|
| 6) Trump
|
| 7) Clinton (H)
| ahahahha wrote:
| > Can we? I don't see anyone on either side [0] of the isle
| doing much of anything about this.
|
| I dont see the point of this argument.
|
| If a person has lost faith in US democracy, the person is
| free to leave. The US does not stop its citizens from
| leaving like China does with HK.
|
| The other option is to stay and work towards a more
| representative democracy. Doomer questions like "can we"
| are a waste of everyone's time.
|
| On whats happening in Portland:
| https://thehill.com/regulation/court-battles/507922-aclu-
| fil... https://www.bbc.com/news/world-us-canada-53460495 I
| dont see China or Chinese cities doing either of the above.
| So stop with the false equivalence.
| dragonwriter wrote:
| > Why TF are we stuck with TWO?
|
| We have hundreds of parties.
|
| We have have had at most two _viable_ parties nationally,
| and in each state--though not always the same two--since
| the founding (with brief moments of only _1_ nationally,
| and a lot more of only one in particular states) because of
| our FPTP election system for Congress and most state
| executive and legislative offices, and our even-more-
| hostile-to-minor-parties Presidential election system.
| wonnage wrote:
| While in theory we could fight it via electing people, the
| fact is that these programs were built over the last three
| decades by elected administrations (both D and R), and this
| two-party setup doesn't seem to be changing any time soon.
| Allower wrote:
| You are simply exploring the scope of the problem, I'm glad
| to see that. But the fact remains, in the west we have a
| cultural duty to eliminate this tyranny from our societies.
| kortex wrote:
| Annoyed at both sides enabling surveilance? Time to
| advocate for STAR Voting and NPVIC, your cure to "lesser of
| two evils"! (not implying parent comment is both-siding, I
| am just trying to boost these ideas wherever it's relevant)
|
| https://en.m.wikipedia.org/wiki/STAR_voting
|
| https://en.m.wikipedia.org/wiki/National_Popular_Vote_Inter
| s...
| dcposch wrote:
| > Nor can the government decide it doesn't want me as CEO of
| my company anymore.
|
| You sure about that?
|
| https://www.washingtonpost.com/news/the-
| switch/wp/2013/09/30...
| dylan604 wrote:
| I was going to comment on just the recent use of unmarked
| federal agents in Portland. I never thought that within the
| single term of US president things could swing so far. I
| used to question how it happened in WWI/II, but now I see
| it first hand.
| deadbunny wrote:
| > We can fight it by electing the correct people.
|
| Can you point to any candidate let alone party (that stands a
| snowballs chance in hell of being elected) that has "reduce
| surveillance" anywhere in their manifestos?
|
| The last 70 years of Democrat and Republican rule would
| suggest not.
| throwaway0a5e wrote:
| >Can you point to any candidate let alone party (that
| stands a snowballs chance in hell of being elected) that
| has "reduce surveillance" anywhere in their manifestos?
|
| Every year for a long time there has been a senator named
| Paul who has complained about this stuff nonstop. Nobody
| has listened because it is not a partisan issue. If this
| were a partisan issue we'd have billions of dollars behind
| it on both sides and the pendulum would eventually swing
| one way or the other.
| [deleted]
| fossuser wrote:
| I'm pretty skeptical of the comments on issues like this when
| new accounts show up and immediately have a pro-china, false
| equivalence, or argumentative whataboutism posture (like the
| one you replied to):
| https://en.wikipedia.org/wiki/50_Cent_Party
|
| I agree there are clear and important differences between the
| west and China.
|
| Chinese Police Are Making Threatening Video Calls to
| Dissidents Abroad:
| https://www.vice.com/en_in/article/jgxdv7/chinese-police-
| are...
|
| The World's Most Technologically Sophisticated Genocide Is
| Happening in Xinjiang:
| https://foreignpolicy.com/2020/07/15/uighur-genocide-
| xinjian...
|
| Leaked drone footage of CCP authorities loading Uyghurs onto
| trains, presumably to transport them to reeducation camps: ht
| tps://twitter.com/ne0liberal/status/1283422710555607045?s=...
|
| Also, Hong Kong security law, tight speech controls,
| government restriction of the internet, political prisoners
| (https://en.wikipedia.org/wiki/Liu_Xiaobo#Death_and_funeral)
|
| Suggesting the US and Chinese approach to their citizens and
| spying are equivalent is wrong and plays into the hands of
| authoritarian countries that push that exact message. The
| irony is it's _because_ of strong speech protections in the
| US people can loudly and publicly state stupid positions. You
| 'd have less ability to do so in China.
|
| This doesn't mean there aren't problems in the US or that we
| don't need tighter controls and more public
| accountability/oversight in the US, but they are not
| equivalent.
| antocv wrote:
| China spying on us thru Tiktok 5g huawei, somehow this gives
| China power over us and that is bad.
|
| Meanwhile, no no, CIA/GHCQ/Five-Eyes, spies on us, nothing to
| see, nothing to fear, no.
| tdeck wrote:
| I don't understand what this has to do with China. Can't they
| both be bad? How does the NSA spying on people make China doing
| it any better? If I've got five eyes spying on me I'm still not
| keen to add a sixth.
| TheSpiceIsLife wrote:
| It has to do with China as the parent comment made clear:
|
| We're constantly told China is a threat, and that's probably
| a reasonable bit of advice.
|
| We're not constantly told our own governments are a threat,
| and that forms the basis of propaganda and misinformation.
| thephyber wrote:
| > We're constantly told China is ...
|
| > We're not constantly told our own governments are ...
|
| When I read these statements, I can't help to substitute
| these nouns with "a used car salesperson".
|
| _Of course_ a used car salesperson will talk up the cars
| on their lot and won 't go out of their way to point out
| the defects or bad value. That's exactly why we should look
| for sources other than the salesperson and their allies.
| Look for data supplied by neutral third parties who have a
| slight adversarial stance. Also look for data from strong
| adversaries and evaluate the likelihood of truth versus
| pure propaganda.
| roenxi wrote:
| And just to be clear; in the normal case a local government
| is _much_ more of a threat than a foreign government. The
| experience in the 20th century made it very clear - if a
| government causes you to die, it was probably your
| government. Not a foreign government.
|
| The experience in the 21st century has thankfully been a
| little bit milder but (1) we're only 20 years in and (2) if
| you are going to be persecuted it is still far more likely
| to be by a local government than a foreign government.
| thephyber wrote:
| Also worth mentioning: Five Eyes is an older concept. That's
| an inner circle, but the outer circle is at least 14
| countries strong[1].
|
| [1] https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/
| inopinatus wrote:
| Hypocrisy on ethical concerns fosters abuse and corrupts the
| host.
|
| The key bias here is normalisation of deviance, both on an
| individual and regime level.
| mNovak wrote:
| Are the US co's complicit in the hack, or is NSA et al doing it
| adversarially? That would be at least a slight difference.
| MAGZine wrote:
| Airlines report flights booked directly to security agencies,
| including new, cancelled, and changed itineraries, with
| complete customer information. They don't need to hack airlines
| --the regulatory system has given them what they need.
|
| https://papersplease.org/wp/2013/09/29/how-the-nsa-obtains-a...
|
| For all we know, all major hotel chains could just be forced to
| comply with secret injunctions from FISA, and it would still be
| totally legal, and totally cool.
| coliveira wrote:
| Exactly. The moment the US created a global network of cyber
| spying it gave the motivation for all other countries to do the
| same. After all why would anyone believe in the goodness of the
| US when it is already proven that they will use this data as a
| commercial advantage?
| TheSpiceIsLife wrote:
| Global cyber surveillance was inevitable.
|
| First mover advantage matters.
|
| But now first movers are watching their lunch get eaten by
| new comers who can move with more agility and know the lay of
| the land.
|
| Same bit of typical history-repetition.
| DangerousPie wrote:
| I can see your point for why China is not unlike the US in this
| regard. But where the two countries differ are the
| concentration camps, the huge restrictions on press and
| individual freedom, the imprisonment of political opponents and
| the massive censorship. Yes, the US does some bad things and
| may be moving in the wrong direction but you can't tell me that
| the degrees to which the two countries are bad are even
| remotely comparable.
| deadbunny wrote:
| Or how about we're not fine with the bad things either does?
| imroot wrote:
| The travel industry (esp the airlines) are moving to puzzle piece
| style integrations -- I know that Hilton Uses Sabre for incoming
| GDS reservations, but, uses salesforce internally for managing a
| lot of the guest interactions (including bookings and customer
| support): AA (as mentioned previously in this thread) uses
| multiple commercial systems, and Marriott uses a mixture of
| FOSSE, MARSA (there might be an H in there, but, it's been a
| while since I've been at MI) that talk to their backend
| microservices for their .com system.
|
| MI picked up a LOT of technical debt and a LOT of security bugs
| when transitioning SPG programs and properties into MI's
| portfolio (thankfully, I was off of that project at that point in
| time).
|
| I don't think this is the case where the FBI or other
| conglomerates have direct SQL-style access into their systems,
| but, more-so where FBI has retired or plans internally to pull
| data from systems when requested: When it's hard as hell for
| employees with the proper need-to-know for their application to
| pull up data in a meaningful fashion, you know that it's next to
| impossible for Law Enforcement to have a nice little dashboard
| where they can just type "Ian Wilson" and get a list of every
| place I've ever stayed ever (unless they're working with VISA:
| that's something that I kinda expect, tho).
| imglorp wrote:
| Pretty sure they've also got feeds on everyone's credit card
| purchases, emails of itineraries, text message confirmations,
| your phone homing and roaming (from the cell networks), from
| scores of apps that wanted your location squealing to whoever
| wants to buy it, from face rec at airports, etc etc.
|
| Your travel is certainly no mystery to the state without this one
| airline feed.
| [deleted]
| neximo64 wrote:
| How is this interesting?
|
| Any old school travel agent can look up names and follow their
| travel history anyway? (No matter how it is booked btw)
|
| You could call one up and ask if X has got on the flight and they
| can check. I've done it before to check if I wanted to know the
| persons flight was delayed and made it to the airport on time.
| [deleted]
| jorblumesea wrote:
| They're also a target for APTs and foreign governments. Pretty
| much everyone wants to get their hand on travel data. Also fairly
| likely that other GDS such as Amadeus has similar issues.
| Speaking from personal experience, Sabre's code base is very
| outdated, and filled with tech debt and hacks. They haven't done
| a good job controlling bloat and many teams are skeleton crews
| that are consumed with ops and can barely fix bugs. I'm sure you
| don't need to "hack" anything.
|
| Contrary to what some posters here seem to be saying, Sabre is
| very widely used in many parts of the travel industry.
|
| https://www.forbes.com/sites/leemathews/2017/07/06/travel-gi...
| skim_milk wrote:
| I work in the travel industry as a programmer (god only knows for
| how much longer) - I can tell you that Sabre and other GDS's are
| only used if you go through a travel agent or use _some_ online
| reservation systems. If you book through the airline 's systems
| or on online reservation systems they likely use the airline's
| systems to track travel instead of GDS since the GDS wants to
| take a big cut of every ticket sale. And obviously only legacy
| travel companies like Hertz and Mariott integrate with GDS's, new
| travel companies Uber and Airbnb likely don't have any
| relationship with Sabre.
|
| You're only likely to be in a Sabre system if you've been booked
| by your company through a travel agent and rent using legacy
| car/hotel companies also through your company's travel agent.
| ta17711771 wrote:
| So, corporate bigwhig types who don't understand technology?
| skim_milk wrote:
| Having travel agents for companies is actually a good idea,
| having someone work to set up travel for workers saves a
| crapload of time and money for everyone and better done if
| its outsourced to someone that knows travel.
|
| Lots of board and CXX whigs book their vacations through
| their agent on their company's dime as a part of their
| benefits package which is actually a great deal for them. I'm
| more of a thrill seeker so I wouldn't use one but the average
| person who just wants a stable planned-out vacation that they
| only get once a year it's a really good idea.
| BryanBigs wrote:
| At my old SP500 firm, Corp travel agents were always - and
| I mean ALWAYS - worse than what I could get from the
| airline directly. Why? Internal accounting. Some part of HR
| got to count part of the "fee" as revenue, billed against
| my travel budget. Insane. Once that became common
| knowledge, my coworkers and I were 'strongky encouraged' by
| our department head to buy travel with our Corp cards. This
| led to a strongly worded memo from the head of HR at FY end
| demanding we stop the process. That led to meetings,
| committees, more dueling memos. Great use of everyone's
| time.
|
| I am so glad I don't work there anymore.
| Spooky23 wrote:
| Yup, that's pretty common with legacy contracts. Internal
| accounting bullshit ruins all sorts of things.
|
| I worked at a place where "thou shalt" use some stupid
| travel agent to buy intercity train tickets. You had to
| call the company and pick up the paper ticket in some
| inconvenient place between the hours of 10-3, closed from
| 12-1. The ticket cost ~$5-10 more than buying it at the
| train station, split between the travel agent and
| procurement group, unless you purchased it a month in
| advance, and could be used for 6 months.
|
| The "hack" was that business units with lots of travel
| would buy 100 at a time every couple of months, and you'd
| need to find a secretary with a stash to get a paper
| ticket. I would ply them with my wife's baking to ensure
| a steady supply. Not surprisingly, many tickets were
| wasted unused (in pursuit of saving the $5), or people
| took unnecessary trips to avoid wasting money on tickets
| (and wasting 3x more in per diems, etc).
|
| The next innovation was to declare that the trip was an
| emergency, and then you could buy the ticket from the
| conductor, in cash. The penance for less hassle is that
| you had to write a sad tale about why attending a
| training class met some standard for "emergency" travel.
| Xylakant wrote:
| I've seen engineers with a three digit hourly rate spend
| multiple hours trying to achieve double digit savings.
| cosmie wrote:
| Corporate bigwig types (whether technical or otherwise) are
| generally not booking their own travel - that's what
| executive assistants are for. I'm a technologically literate
| corporate peon, and still booked >$15k in travel last year
| through SABRE via our online corporate booking system, and
| about $10k in bookings executed manually by our travel team.
|
| The online bookings still routed through an internal travel
| agent for final approval and execution of the booking, but I
| never actually interacted with anyone. The manual bookings
| were the only time I ever spoke with an agent, and it was
| almost always to handle an itinerary that was too complex for
| the UI of the online booking system to accommodate.
| walrus01 wrote:
| You think US intelligence doesn't have access to other major
| airlines' back end databases, or things like major hotels'
| reward programs, airbnb, uber, lyft?
| morpheuskafka wrote:
| This is largely a moot point. All names of departures and
| international arrivals are sent to the Department of Homeland
| Security via the Secure Flight/APIS data pipeline. This
| returns to the airline authorization to board, select for
| additional screening (SSSS on boarding pass), or inhibit
| boarding (unless overridden by a TSA call center), as well
| as, for international flights, authorization for who can even
| overfly the country.
| walrus01 wrote:
| Intelligence agencies are also highly interested in things
| that don't involve the DHS or have a flight involving a
| destination in the USA. Such as obtaining PNRs for people
| who buy flights from Dubai to Mogadishu.
| skim_milk wrote:
| Of course it's laughable to think you could get away with
| doing anything on a plane in a post-9/11 USA - they're
| obviously going to have data on every citizen's and
| foreigner's flights. Beyond that I wouldn't know.
|
| All I can say is you're very likely not a point in Sabre's
| private data mining set.
| monksy wrote:
| They have PNRs
|
| https://arstechnica.com/tech-policy/2014/05/ask-ars-can-i-
| se...
| lawnchair_larry wrote:
| As someone who has worked on security for said systems, and
| who is somewhat familiar with the types of requests that are
| serviced to LEAs and TLAs, I do think that they don't have
| access to back end databases.
|
| What, you think we set up a VPN for them so their SQL client
| in Fort Meade can just query as they please? Or do you think
| they hack us?
| znpy wrote:
| Subpoena? You wouldn't even be allowed to disclose that you
| had received a subpoena.
|
| Some companies establish subpoena canaries for that
| specific reason.
| Scoundreller wrote:
| Sabre would include a lot of companies that are outside
| the borders of a US subpoena.
| walrus01 wrote:
| In some ways that actually makes it a lot easier for the
| NSA doing its role as sigint agency against anything
| "foreign", which doesn't have any US legal protection
| related to the 4th amendment.
| grey-area wrote:
| If you work for a useful target yes they probably have
| hacked you. They've certainly hacked google in the past for
| example - see below. These agencies are lawless and
| motivated. I imagine knowing where targets stay/travel in
| advance could be very useful.
|
| https://www.google.com/amp/s/amp.theguardian.com/technology
| /...
| 2OEH8eoCRo0 wrote:
| >These agencies are lawless
|
| Citation needed
| grey-area wrote:
| Here you go:
|
| Stellar Wind, Tempora, Prism.
|
| https://www.nytimes.com/video/opinion/100000001733041/the
| -pr...
|
| This is a particularly interesting profile of Binney, who
| worked on stellar wind.
|
| https://www.forbes.com/sites/emmawoollacott/2018/09/13/uk
| -ma...
|
| https://www.bbc.co.uk/news/world-us-canada-23123964
|
| Of course they claimed after being exposed that these
| programs are legal, but I think lawless is apt as these
| agencies don't consider the law as a boundary they need
| to respect.
|
| O tempora, o mores
| DubiousPusher wrote:
| Excellent long form piece that covers several of these
| topics as well.
|
| https://www.newyorker.com/magazine/2011/05/23/the-secret-
| sha...
| opnitro wrote:
| [https://en.wikipedia.org/wiki/James_Clapper#Testimony_to
| _Con...]
| remus wrote:
| https://en.wikipedia.org/wiki/Global_surveillance_disclos
| ure...
| dylan604 wrote:
| Is that data encrypted in transit? If so, what encryption
| was used? The ones "suggested" that NSA knows how to
| decrypt? Also, do you know what agreements have been made
| that are "above your pay grade"? Do you know what every
| piece of equipment in your data center does? What about
| what equipment is installed at the ISP level?
|
| Don't be so quick to say "you" are not actively having data
| taken. "You" just might not be aware of it.
| gruez wrote:
| There's precedent for all the things you described.
|
| >What, you think we set up a VPN for them so their SQL
| client in Fort Meade can just query as they please?
|
| https://cdn.vox-
| cdn.com/uploads/chorus_asset/file/12801415/p...
|
| >Or do you think they hack us?
|
| https://i.stack.imgur.com/jWW5v.jpg
| ChrisKnott wrote:
| Your first link doesn't support your quote. The queries
| are sent to the data holder who send back the data, the
| agency does not have direct access
| gruez wrote:
| >the agency does not have direct access
|
| Sure, NSA can't directly query against whatever database
| gmail uses to store your email, but they still have all
| your emails, photos, and login history. As far as your
| privacy is concerned, there isn't really any meaningful
| difference.
| ChrisKnott wrote:
| Do you mind explaining precisely what you mean by "NSA
| has all my emails"?
|
| Suppose I sent an email yesterday from my Gmail to a
| friend's Gmail, are you saying the text of this email is
| stored on an NSA machine?
| gruez wrote:
| >Suppose I sent an email yesterday from my Gmail to a
| friend's Gmail, are you saying the text of this email is
| stored on an NSA machine?
|
| Maybe not today, but during its heyday must certainly.
|
| >Internal NSA presentation slides included in the various
| media disclosures show that the NSA could unilaterally
| access data and perform "extensive, in-depth surveillance
| on live communications and stored information" with
| examples including email, video and voice chat, videos,
| photos, voice-over-IP chats (such as Skype), file
| transfers, and social networking details.[2] Snowden
| summarized that "in general, the reality is this: if an
| NSA, FBI, CIA, DIA, etc. analyst has access to query raw
| SIGINT [signals intelligence] databases, they can enter
| and get results for anything they want."
|
| >[Glenn Greenwald] added that the NSA databank, with its
| years of collected communications, allows analysts to
| search that database and listen "to the calls or read the
| emails of everything that the NSA has stored, or look at
| the browsing histories or Google search terms that you've
| entered, and it also alerts them to any further activity
| that people connected to that email address or that IP
| address do in the future."[44] Greenwald was referring in
| the context of the foregoing quotes to the NSA program
| X-Keyscore.[45]
|
| https://en.wikipedia.org/wiki/PRISM_(surveillance_program
| )#E...
|
| But let's suppose they _don 't_ have your emails stored
| in their datacenters. Instead, it's still stored on
| google's servers but they can access your emails via
| automated requests to google, via search terms or by
| providing your user handle. Is that a meaningful
| difference, in terms of privacy?
| some_random wrote:
| What are you trying to say with the second picture?
| Getting access to a GFE gets you access to what's going
| through it? What does that have to do with the FBI
| hacking into the backend of a airline company?
|
| The FBI (and NSA for that matter) are a lot more
| constrained by the law than HN seems to think, they can't
| just shell anyone they want especially if the target is a
| third party that has done nothing wrong.
| DubiousPusher wrote:
| > they can't just shell anyone they want especially if
| the target is a third party that has done nothing wrong.
|
| The reality is not that clear. A lot of what governs what
| these agencies can and can't do comes from executive
| branch policies. There is a lot of gray around what is
| "legal" and congress likes it that way because it keeps
| responsibility for allowing to much or not enough
| surveillance far away from them.
|
| What's more, you cannot adjudicate what you don't know
| about and a lot of the secrecy in programs like this is
| just as much about keeping away civil libertarian
| attorneys as it is about confounding "the enemy". There's
| a reason the FISA court rules nearly 100% of the time
| with the state. Responding attorneys are rarely involved
| and when they are they are often hamstrung due to a lack
| of knowledge that prevents them from filing any kind of
| useful motion or raising serious opposition.
| gruez wrote:
| > What are you trying to say with the second picture?
| Getting access to a GFE gets you access to what's going
| through it?
|
| https://en.wikipedia.org/wiki/MUSCULAR_(surveillance_prog
| ram...
|
| Pretty much that, and also tapping any traffic that's in
| their internal networks, since that's not encrypted
| either.
|
| > What does that have to do with the FBI hacking into the
| backend of a airline company?
|
| That's one possible attack that the FBI could be carrying
| out. ie. sabre doesn't encrypt its communications in
| their internal network, and that's being tapped similar
| to how the NSA tapped google's internal networks.
| lawnchair_larry wrote:
| Oh make no mistake, I am very familiar with those slides.
|
| PRISM is not a VPN with a SQL client, or anything close
| to it.
|
| The second one does not refer to domestic hacking. They
| don't do that.
| throwaway5370 wrote:
| > The second one does not refer to domestic hacking. They
| don't do that.
|
| What do you believe is happening in that second image?
|
| One could argue semantics as to whether a fiber tap is
| "hacking" or not, or whether tapping a domestic company's
| network from an international transit link counts as
| "domestic hacking"... but there is ample evidence that US
| intelligence agencies do target domestic companies and
| their networks.
|
| See also, the rest of the docs on MUSCULAR: https://en.wi
| kipedia.org/wiki/MUSCULAR_(surveillance_program...
| aerostable_slug wrote:
| There's also ample evidence that various companies choose
| to cooperate with the intelligence community for a
| variety of reasons. AT&T has made a healthy living off
| .gov, but I'm not sure Western Union was ever compensated
| for giving CIA decades' worth of international telegrams,
| and it appears their recent cooperation with the Agency
| regarding international money transfers was spurred by
| patriotism.
|
| Since the links are likely compromised, ubiquitous
| encryption is your friend.
| satisfaction wrote:
| I don't imagine they have raw sql access but you probably
| have an API that takes a name or social or other
| identifier and returns relevant results. This access may
| have been granted to an account that is not described as
| "FBI" it's probably another sub-contractor or analytics
| provider.
| jjuel wrote:
| Are you saying you think that if the government asked your
| company to turn over some information that my be useful
| they would deny the request?
| Spooky23 wrote:
| The person you're replying to very specifically said they
| don't provide access to backend systems.
|
| No entity is going to ignore subpoenas or warrants. They
| may challenge them for reasons that are applicable to the
| business.
| Svip wrote:
| What about airlines that only operate in said
| government's jurisdiction, but is not based there?
| lawnchair_larry wrote:
| I feel that I was pretty clear as to what I was and was
| not saying.
|
| If you'd like to ask a different question, feel free, but
| I am not interested playing the "are you saying..." game.
| [deleted]
| keithnz wrote:
| I used to work for Sabre, they do a lot more than just
| bookings, they provide all the software to run an airline
| basically. I worked in the area for scheduling air crew. But
| also crossed over into all the flight tracking. Their systems
| hold a lot of data, though the airlines own and host that data
| in secure facilities.
|
| Fun Facts, when I worked there, you could fly for free on
| American Airlines ( the company got split out from AA ). They
| claimed to employ the most PhDs at one time ( lots of
| operations research). Also claimed to invent database
| transactions for the problem of people trying to book the same
| seat on airplanes at the same time (early 60s I believe)
| aahhahahaaa wrote:
| They don't use a GDS on the front end, but doesn't all that
| data feed into a GDS somewhere on the backend? I don't know
| much about Sabre but I know Amadeus reaches pretty far across
| everything.
| skim_milk wrote:
| Travel agencies still like to use the frontend even though
| they're even less user friendly than VIM. This isn't the
| right time for it but once upon a time you could research
| what travel agencies use what GDS by the job requirements
| these agencies put out - usually you need like 5 years
| experience with Sabre/Apollo/whatever for any job here.
|
| Once your travel details are in the GDS then the airline
| clerks, car rental sales person, hotel clerks, and your
| travel agent can check out or update your travel info for you
| just based on the PNR number on your airline ticket for
| convenience if you're just not into that weird smartphone
| thing. You can change a bunch of things during the trip like
| what car you drive and hotel amenities during your stay so
| after the trip ends we download your trip from Sabre and
| build reports for your boss or whatever.
| useful wrote:
| The industry is moving to a being able to purchase products
| instead of complete PSS/GDS solutions. As an airline you'll be
| able to buy an inventory management system from Amadeus, a
| pricing system from Sabre, a support system from TravelSky, and
| a website from Travelport.
|
| The best example I can think of is American. They have Amadeus
| running their international website. Their ticketing system is
| internal. And all their inventory is managed in Sabre.
|
| Southwest was similar, for a while Amadeus ran their
| international site while Southwest ran an outdated internal
| system for domestic travel that didnt support flights leaving
| and arriving on different days. They eventually had Amadeus
| move into running their domestic stuff a few years ago and now
| they have red-eyes.
|
| Delta runs all their own stuff on a mainframe and from the
| outside it looked like a slow moving disaster. I know Amadeus
| sees all their inventory and looks at each passenger.
| dave5104 wrote:
| > They eventually had Amadeus move into running their
| domestic stuff a few years ago and now they have red-eyes.
|
| Heh. I remember thinking years back that it was odd that
| Southwest never had any overnight flights, especially
| transcontinental. Just assumed it was the way they did
| business and some sort of cost cutting measure. Didn't think
| it'd be due to a software limitation!
| redbeard0x0a wrote:
| > due to a software limitation
|
| This _is_ a cost cutting measure. They decided not to pay
| for their software to support red eyes.
| 112012123 wrote:
| Well, it was due to cost cutting! The point of using an in-
| house solution was that it was cheaper than buying a
| reservation system.
| 112012123 wrote:
| Definitely depends on the airline. The big US carriers all have
| their own systems, but the vast majority of foreign carriers
| use a GDS on their backend. It's just not worth building in-
| house unless you're at very large scale.
| Svip wrote:
| Old non-US airlines definitely have their own systems. I know
| Scandinavian Airlines have their own, and it looks like
| Lufthansa and KLM-Air France do too.[0]
|
| I would be surprised if say British Airways didn't.
|
| [0] https://www.emirates247.com/business/corporate/buying-
| ticket...
| Uberphallus wrote:
| Nope, they all use Amadeus, except for Scandinavian
| Airlines. Actually Lufthansa and Air France CREATED Amadeus
| to consolidate their GDS operations. They're now pissed
| because Amadeus takes a piece of the cake and plays weird
| pricing shenanigans, but they're still there.
|
| Source: worked at Amadeus.
| 112012123 wrote:
| These guys do use Amadeus on the backend to manage their
| ticket inventory. Specifically Amadeus Altea - though you
| are correct that they try very hard to avoid paying GDS
| distribution fees for selling tickets through the GDS third
| party sales channels (which is what that article is
| discussing).
| cm2187 wrote:
| When you mean travel agent, do you also include the likes of
| expedia, opodo, etc?
| splonk wrote:
| Both of them also have GDS integrations. I don't know exactly
| how much but I'd assume it's the bulk of their traffic.
|
| As a general rule the large majority of anything you don't
| book directly with the airline/hotel (and for all I know,
| some of what you do) is very likely to be in a GDS somewhere.
| znpy wrote:
| Is there a way to know if you've gone through sabre?
| opportune wrote:
| If you're an EU resident, I'm guessing you could force their
| hand using GDPR?
| coip wrote:
| "Secretly" well there goes that headline as fact. How meta
| 01100011 wrote:
| National Security Letters basically turn any private database
| into a tool of the state:
| https://en.wikipedia.org/wiki/National_security_letter?wprov...
|
| I'm not saying the US is as bad as China, but I roll my eyes when
| people talk about China forcing its companies to serve the
| interests of the state. Our government does it all the time and
| it doesn't require a warrant.
| koheripbal wrote:
| This is a "both sides"/whataboutism argument. China is
| absolutely worse than the US in this regard. Chinese military
| intelligence actually conducts offensive espionage _on behalf_
| of Chinese companies to steal IP from western companies.
|
| The US has a court system that reviews National Security
| Letters, and can accept challenges to them, and while that
| court is secret, it's still bound by rules that are established
| by elected congressional officials. ...and perhaps most
| importantly, they are still somewhat rare.
|
| Chinese companies on the other hand are _required_ to cooperate
| on all requests, even international subsidiaries of any Chinese
| companies. No "letters" or court orders - you either do it or
| the CEO goes to jail, no trial, no judicial review.
|
| It might seem like the results are similar, but having judicial
| and congressional oversight makes a world of difference in
| tempering how/when it can be used and, more importantly,
| rolling it back when it's no longer necessary.
|
| https://en.wikipedia.org/wiki/National_security_letter#Doe_v...
|
| It's a night and day comparison.
| vmception wrote:
| replying "Whataboutism" is just a reductive way to defend
| "hypocrisy" in a geopolitical context. which is worse? Not
| being aware of the similarity and replying "whataboutism", or
| being aware of the similarity just gaslighting and deflecting
| with whoever pointed out the hypocrisy?
|
| most of these observations are very valid
|
| just because you coincidentally respect the due process that
| reaches a result, doesn't mean that it is a functionally
| different or better. its only indoctrination and pure
| happenstance to whatever you were exposed to first.
| sudosysgen wrote:
| Yup. Whataboutism is only fallacious if you use it to claim
| moral superiority. Whataboutism is not fallacious if you're
| trying to draw an equivalent between two actors.
| tdeck wrote:
| It's hypocrisy when X criticizes Y for doing something that
| X also does. It's not hypocrisy for a third party to
| criticize party X for doing something they're not doing,
| even if they fail to bring up a criticism of Y in the same
| breath.
| volgo wrote:
| Sorry I think you've drank the koolaid. There's no judicial
| oversight when it comes to national security. They'll always
| be able to find judges that are sympathetic to the FBI/CIA's
| cause
| trhway wrote:
| >having judicial and congressional oversight makes a world of
| difference
|
| absolutely, no argument here. From your link:
|
| "Based on the U.S. Supreme Court rulings, there is still no
| requirement to seek judicial approval for the FBI issuing an
| NSL. "
|
| Of course US isn't China. Yet. The country though is before a
| roadfork and is choosing it direction. One side, like these
| uncontrolled/unoversighted fed agents in the video in the
| link below has already chosen the China way, the other - like
| that beaten Navy vet in the video - is still keeping US from
| becoming China-like. That 53 year old Navy vet looks to me
| like the archetype of American to whom my old country - USSR
| - lost the Cold War, and there seems to be less and less of
| such people around.
|
| https://www.foxnews.com/us/portland-protest-navy-veteran-
| fed...
| alfiedotwtf wrote:
| > and can accept challenges to them
|
| Is there a public count of how many challenges vs how many
| were rejected?
| divbzero wrote:
| People are right to criticize China for it and just as right to
| criticize the US for similar faults. We should behave better
| and encourage others to do the same.
| antocv wrote:
| Disagree, we should encourage China, Russia, Israel, and any
| other capable state to spy on us.
|
| Disolve the monopoly, let it be a game for many to play. One
| single power is much more dangerous for everybody than a
| plurality.
| hammock wrote:
| While that's not wrong, NSLs are a relatively surgical tool in
| comparison to voluntarily- and involuntarily-added backdoors
| thephyber wrote:
| > NSLs are a relatively surgical tool
|
| Citation needed.
|
| While I suspect you are right, I've never seen an example of
| one and we don't have any proof that this is how they are
| used in practice. The same could have been said about FISA
| warrants, but both civil libertarians and Trump allies have
| been critical in how FISA warrants have been used _in
| practice_ despite the way they were described as few and
| targeted by those "watchers" who were "watching themselves".
| eloisius wrote:
| Absolutely. The only thing that frustrates me about these
| topics is that only discussions about one of them tends to Get
| pummeled with whataboutism. We should condemn authoritarianism
| wherever it exists and not let authoritarianism elsewhere be a
| justification for authoritarianism anywhere.
| mNovak wrote:
| Wondering how effective NSL's would be as a phishing technique
| for e.g. China.. Given the secrecy and non-disclosure aspects,
| it's generally harder for companies to know what 'looks right'.
| colecut wrote:
| heeeyyeyyy Dunder Mifflin is a part of Sabre
| l0c0b0x wrote:
| ROFL... I actually searched for 'Dunder'. I knew someone was
| going to bring it up.
___________________________________________________________________
(page generated 2020-07-20 23:00 UTC)