American and British Spy Agencies Targeted In-Flight Mobile Phone Use – The Intercept
In the troveÂ of documentsÂ providedÂ by former National Security AgencyÂ contractorÂ Edward Snowden is a treasure. It begins with a riddle: “What do the President of Pakistan, a cigar smuggler, an arms dealer, a counterterrorism target, and a combatting proliferation target have in common? They all used their everyday GSM phone during a flight.”
This riddle appeared in 2010 in SIDtoday, the internalÂ newsletter of theÂ NSA’s Signals Intelligence Directorate, or SID, and it was classified “top secret.” It announced the emergence of a new field of espionage thatÂ had not yet been explored: the interception of data from phone calls made on board civil aircraft. In aÂ separate internal document from a year earlier, the NSAÂ reported that 50,000 people had already used their mobile phones in flight as of December 2008, a figure thatÂ rose to 100,000 byÂ February 2009. The NSAÂ attributed theÂ increase to “more planes equipped with in-flight GSM capability, less fear that a plane will crash due to making/receiving a call, not as expensive as people thought.” The sky seemed to belong to the agency.
In a 2012 presentation, Government Communications Headquarters, or GCHQ, the British equivalent of the NSA, in turn disclosed a program calledÂ “Southwinds,” whichÂ was used to gatherÂ all the cellular activity, voice communication, data, metadata, and content of calls on board commercial aircraft. The document, designatedÂ “top secret strap,” one of the highest British classification levels, said the program was still restricted to the regions covered by satellites from British telecommunications provider Inmarsat: Europe, the Middle East, and Africa.
The data wasÂ collected “in near real time” and an aircraft could be “tracked”Â every two minutes, according to the presentation. To spy on a telephone, all that was required was that the aircraft be cruising at an altitude above 10,000 feet. Secret aerial stations on the ground could intercept the signal as it transited through a satellite. The simple fact that the telephone was switched on was enough to give away its position; the interception could then be cross-referencedÂ with the list of known passengersÂ on the flight, the flight number, and the airline code to determine theÂ nameÂ of the smartphone user.
GCHQ and the NSA used bird names to refer toÂ programs involvingÂ theÂ surveillance of in-flight telephone calls; examples includeÂ “Thieving Magpie” and “Homing Pigeon,” as we learn from Glenn Greenwald in his 2014 book “No Place to Hide.” Le Monde examined information about the surveillance of aircraft and their passengers around the world between 2005 and 2013, including unpublished documents from the Snowden archives; the evidence demonstrates that from an early date, Air France drew particular attention from the United States and the United Kingdom.
Air France was targeted as early asÂ 2005, as disclosed in an NSA document setting out the broad outlineÂ of aÂ programÂ for “worldwide civilian aircraft tracking.” Dated July 5, the 13-page memo provides a chronological, detailed listÂ ofÂ the main stages of the program. The document stated that based on a CIA report, some or all âAir France and Air Mexico flightsâ had been âpossible terrorist targetsâ since late 2003. The legal department of the NSA foundÂ “no problem with targeting Air France and Air Mexico flights overseas,” and “when the flights enter U.S. airspace, they should be more than covered by the U.S. air traffic control system.â InÂ February 2005, these same lawyers outlinedÂ legal procedures be adopted for such collection.
The naming of Air France as a risk to the U.S. wasÂ not just a simple hypothesis by a few NSA technicians. An impressive circle of security and intelligence officialsÂ were informed of the purported danger represented by the French company. The 2005 NSA memo was sent to roughly 20Â recipients, including the North American Air Defense Command; the CIA; the Department of Homeland Security; the National Reconnaissance Office, which operates satellites for the U.S. government; the Defense Intelligence Agency; and the Air Force chief of staff. This fixation with Air France continued in the years that followed.
Air FranceÂ first tested the in-flight use of a smartphone on serviceÂ from Paris to Warsaw on December 17, 2007. As an Air FranceÂ spokesperson confirmed to Le Monde, “We began early, but since then, we have carried out tests continuously and today, like other companies, we are getting ready to move directly to Wi-Fi on board.” Questioned by Le Monde about the British and American surveillance activities, the company’sÂ response was measured: “We are visibly not the only ones to have been targeted and we know absolutely nothing about these practices.”
In its 2012 presentation, GCHQ observed that 27 companies had already enabled or were about to enable passenger use of mobile phones, particularly in first and business class on long-haul flights. These included British Airways (which only enabled data and SMS functions), Hong Kong Airways, Aeroflot, Etihad, Emirates, Singapore Airways, Turkish Airlines, Cathay Pacific, and Lufthansa. Air France, however, is synonymous with the surveillance of in-flight calls to the extent that the GCHQ presentation usedÂ a full-page sketch of one of its planes to illustrate the working of in-flight interception in theÂ presentation.
As an example of their know-how, GCHQ and the NSA provide numerous examples of calls intercepted on board commercial flights. The examples show thatÂ data wasÂ intercepted on March 23, 2012, at 1:56 p.m. on the UAE airline Etihad’s flight 8271 between JFK and Denver; on an Aeroflot’s Nice-Moscow flight on May 20, 2011, and subsequently that same year; on Qatar Airways flights from Milan to Doha and from Athens to Doha; and from Jeddah to Cairo (Saudi Airlines) andÂ from Paris to Muscat (Oman Air).
Data collection wasÂ alsoÂ conducted against BlackBerrys, according to the presentation, which identified BlackBerry PIN codes and email addressesÂ on an aircraft on January 2, 2012, at 10:23 a.m., but did not include Â destination or the airline company. The spoils of war â observedÂ phoneÂ uses â are proudly listed in the GCHQ presentation: voice communication, data, SMS, Webmail, Webchat, social networks (Facebook, Twitter, etc.), travel apps, Google Maps, currency converters, media, VOIP, BitTorrent, andÂ Skype. In the course of itsÂ intrusion exercises, GCHQ discovered, somewhat to itsÂ surprise, that it isÂ not alone in itsÂ interest inÂ these in-flight communications. GCHQÂ notes that the Russian company Aeroflot has set up a system of specific connections for GSM phones on itsÂ aircraft “presumably for legal intercept,” as the agencyÂ remarks in a technical memo.
Today, approximately 100Â companies permit in-flight use of telephones. “Customers now consider it normal, even necessary, to remain connected in flight,” an Air France spokesperson said. Aviation security authorities have all approved the use of GSM phones on board aircraft and the experts estimate that the years 2016, 2017 and 2018 will go down in history as the years of the in-flight mobile phone, in particular with the long-term installation of in-flight Wi-Fi.
This will further extend the scope of espionage by providing a pool ofÂ potential targets comprising several hundreds of thousands ofÂ people, a level of popularity anticipated by the NSA seven years ago. This implies a population thatÂ goes far beyond terrorist targets. The political or economic surveillance of passengers in business or in first class on long-haul flights could be put to many other uses.
There is no limit to surveillance activities and each novelty is a technical challenge to be met. The intelligence services even seem to be slightly jaded. In theÂ 2010 newsletter article, NSA analysts were already thinking further afield. “What’s next, trains? We’ll have to keep watching …â
This article was published today in Le Monde.Â It is the result of a collaboration with The Intercept and is based on documents provided by NSA whistleblower Edward Snowden. GCHQ responded to Le Monde withÂ a statement that it does not comment on intelligence matters and that its activities are âauthorized, necessary and proportionateâ and âentirely compatible with the European Convention on Human Rights.â NSA said its activities complied with U.S. law and policy and declined to comment further.