Ocnus.Net

Dysfunctions
The FBI Is Secretly Using A $2 Billion Travel Company As A Global Surveillance Tool
By Thomas Brewster, Forbes, July 16, 2020,
Jul 21, 2020 - 3:29:25 PM

Sabre helps US government carry out real-time, global travel surveillance

American border patrol already has significant surveillance powers and collects vast amounts of data on who is flying into and out of the country. But the U.S. has another tool to watch over travellers across the world thanks to a little-known but influential Texan business called Sabre. As the biggest of three companies that store the vast majority of the world’s travel information—from airline seats to hotel bookings — Sabre has been called on to hand over that travellers’ data and, on at least one occasion, do “real-time” tracking of a suspect. And, say former employees, the same powerful trove of information could be used to help monitor the spread of the Covid-19 pandemic.

To understand how Sabre, which is publicly traded on NASDAQ with a $2 billion plus market cap, came to control such a vast trove of data, you have to go back to the mid-1950s, the very beginnings of what would become the booming - though currently beleaguered - travel industry. In American Airlines offices, bookings staff would take calls sitting at large round tables mounted by a Byzantine-looking contraption: a huge lazy Susan, full of cubbyholes. In each were filed index cards, little records of every separate travel booking, the whole system designed to keep track of who had booked what seat for when. Thanks to predictable human error, it led to inaccurate records, over- and under-booked flights, and peeved travellers who were hoping to explore the world at their leisure in the postwar era of American expansionism and openness.

To make the system more efficient and accurate, American turned to the nascent computer industry, calling on IBM and MIT scientists to build the industry’s first “passenger name record,” a vast database of travel bookings that could be updated and tracked at far greater efficiency. American Airlines dubbed the system the Semi-Automated Business Research Environment and Sabre was born, going live on two IBM mainframes in 1964.

The system worked so well that Sabre would later become its own company and expand to cover other airlines. It would grow further, becoming even more vital to the industry by tracking not just airline bookings but almost anything to do with travel, from the hotel to the rental car. Anyone who’s ever booked a holiday will likely have been facilitated by the Texan company’s technology. It processes well over a third of all air travel bookings in the world, amounting to more than $260 billion worth of global travel spend annually. It’s vast too, with 9,000 employees today (though workers are being laid off and Sabre’s value has dipped thanks to the severe damage wrought by the Covid-19 pandemic).

It’s the biggest of just three players who dominate the hidden connecting tissue of the travel market - known in the industry as “global distribution systems” - the other two being Madrid-based Amadeus and the British Travelport. Together they sit on huge networks and databases full of information on the world’s travel plans: itineraries, fares, reservations, connecting flights and ticket costs are all there, as are crew schedules and other logistical information.

“They have [built] up humongous databases,” says Gloria Guevara, former CEO of Sabre’s Mexican business, now chief executive of the World Travel & Tourism Council (WTTC). She recalls that when she was at Sabre, between 1995 and 2010, it had one of the top two largest privately-owned databases in the world. “They could tell you where [a traveller] came from and the flight that they were on, where they were sitting. Sabre maintains those records,” adds Jim Menge, another former Sabre VP from 1994 to 2004.
Sabre’s US government assistance

Publicly, Sabre’s entanglement with the U.S. government has been apparent for some time. Former CEOs have given testimony to Congressional panels and made it onto presidential committees. Then there’s the secret side of the relationship. Stretching back to at least the 2001 September 11 terror attacks, the government has, on numerous occasions, secretly asked the company to actively spy on suspects’ movements, in both major and minor criminal cases.

For years, the government has asked telecom giants and banks to help track individuals worldwide, whether through tapping calls or sharing the location of bank withdrawals. But with Sabre, it has a particularly powerful snooping option. With financial institutions or the telecoms industry, the government has to go to each separate bank or operator and serve an order on them. It could take a similar approach with the travel industry, asking each airline, hotel and booking agent. But with Sabre, or one of its two chief competitors, it can serve one order to cover all bases. That’s one explanation as to why the company played a role in assisting the U.S. in tracking the movements of the 9/11 hijackers after the attacks on the Twin Towers, as Guevara and Menge tell Forbes. (Sabre didn’t respond to requests for comment).

In that case, the government came knocking only after the atrocity had occurred. But, as detailed in one international cybercrime investigation, Sabre can be compelled to proactively watch and report on a persons’ whereabouts as soon as they start travelling. In an order from December 2019, feds asked Sabre to provide the FBI with “real-time” updates on the travel activities of a hacking suspect, an Indian fugitive called Deepanshu Kher. Sabre was told to provide “complete and contemporaneous ‘real time’ account activity information of the traveler [Kher] on a weekly basis” for six months. Sabre would provide “any travel orders, transactions or reservations” for the suspect.

There’s little information about Kher’s case; an indictment from November 2019 simply notes he was charged with attacking the computer hosting a website of an unnamed San Diego company, causing more than $5,000 in damage. Now under home arrest, Kher was apprehended in January and has pleaded not guilty to one charge of intentional damage to a protected computer. (His legal counsel didn’t respond to requests for comment. The Justice Department declined to comment.)

The order is one of at least four where Sabre agreed to provide such traveller information. In 2015, the FBI was hunting down Aleksei Yurievich Burkov, whom investigators believed was running Cardplanet, a $20 million bazaar for buying and selling stolen credit card data. To track him down, the U.S. government told not just Sabre, but also the U.K.-based, New York Stock Exchange-listed Travelport to provide records on the Russian. That’s according to a brief note on the court docket (a list of events in the course of a court case) for the Burkov case. Further details are under seal. Burkov was extradited from Israel in November 2019 and pleaded guilty to charges of fraud, identity theft, computer intrusion, wire fraud and money laundering in January.

The latest order on Sabre also notes the company had previously complied with three similar orders to “assist in effectuating arrest warrants”: two in the Western District of Washington in 2017 and 2019, another in the Northern District of California in 2016. Again, the documents remain under seal.

 

‘Unusual and excessive’

Legal experts tell Forbes that not only does the Kher order appear unprecedented and disturbing in showing how secretive the snooping operations have been, it is also legally questionable, due to its application of a 1789 law known as the All Writs Act. The law allows the U.S. to force third parties into providing assistance to execute a prior order of the court. Many will remember the Act from its most infamous case in 2016, when the government tried to have Apple unlock an iPhone of the shooter in the San Bernardino terror incident of 2015. In that case Apple fought the government, which eventually stopped chasing the Cupertino company after a hacker found a way onto the iPhone.

Marc Zwillinger, who represented Apple in that case, warns the order threatens to turn Sabre into an “agent” of law enforcement. “It struck me as unusual and excessive… I'd be concerned that the government will now use this as a matter of course every time they want to track a fugitive,” says Zwillinger, whose past clients also include Yahoo.

He says that if it wants to leverage the All Writs Act, the government has to show a third party is necessary and close enough to the matter at hand. With Sabre, given there were other ways of getting the information on Kher’s travel, such as records of him entering the U.S. via Customs and Border Protection databases, that necessity was questionable.

There are also questions on the “reasonableness of the burden” on Sabre, another requirement for All Writs Act orders, he adds. “In one particular order, it might not be that burdensome, but once you start to get some volume here, then it really turns Sabre into a sort of … government agent every time they want to find a fugitive.”

Covid-19 tracking

Sabre’s valuable database could soon go from hunting fugitives to stopping an invisible virus. The same data tap that’s been turned on by the FBI could prove a boon for the U.S. government in surveilling the spread of the Covid-19 pandemic, providing a constant and accurate record of the movements of global populations. It would be possible, for instance, to see how many people flew to New York from Wuhan, and through which airports they travelled. “They can say here's how many people are travelling from China, whether it's nonstop via Japan, via Taiwan, Hawaii, Guam, you know, all of these secondary points back to the US,” says Menge.

Sabre hasn’t revealed any such plans. Such secrecy only means more questions about how deep Sabre and the U.S. government’s ties go and how often the All Writs Act has forced it into becoming an arm of America’s globe-spanning intelligence operations.

No one really knows just how often or widely the government has used the All Writs Act to force companies into surveillance, says Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society. “As long as the government can get away with secret orders to companies that don't fight back, and judges continue to sign off on the orders the government drafts for them, we won't know.”



Source: Ocnus.net 2020