Plane & Pilot
Tuesday, May 7, 2013

No Ghosts In The Air…No Privacy, Either!

The Great ADS-B Scare of 2012

Every civilian ADS-B transmitter has a unique 24-bit address. If you know that address, you can relate it to the airplane's N-number, and since ADS-B transmissions aren't encrypted, in principle, you can track any civilian airplane—at least while operating IFR (one class of ADS-B equipment intended for use mainly in piston airplanes offers a VFR-only "anonymous" function equivalent to squawking 1200 that generates a random 24-bit address and doesn't reveal your N-number).

If, like me, you've taken advantage of websites like to track your friends (and had passengers track you), that may not seem like much of a concern, but some operators of business-class aircraft aren't thrilled by it. There are legitimate concerns about the implications of accurate, real-time locations of every aircraft, searchable by N-number available on a website.

Ghost Is In The Air (Traffic)
Presentation from Black Hat conference
FAA ADS-B Safety Briefing
National Airspace System Capital Investment Plan FY 2013–2017 (FAA)
Plane Finder
For better or worse, such websites exist (see the link to in the sidebar). Until now, the FAA was the only source for aircraft position data, and it dealt with privacy concerns by maintaining an embargo list of N-numbers whose positions weren't reported in the radar-based data streams on which sites like Flightaware are based. Sites like Planefinder, by contrast, depend on ADS-B data passed on by hobbyists who use ADS-B receivers to track airplanes. No embargo list applies in those cases—and the position data they report also isn't subject to the delays mandated by the FAA (and enforced by ITT, the U.S. ADS-B contractor).

In the "Ghost Is In The Air (Traffic)" presentation, this situation was exaggerated for effect: The presenters showed Air Force One being tracked. They went on to note that as a military aircraft, it might be able to use ADS-B modes that aren't available to the flying public. Sources in a position to know tell us that's quite correct—it's naive to assume that Air Force One will consistently report the same 24-bit address.

There are proposals to offer a similar capability to business aviation operators who have legitimate concerns about privacy: Instead of a single, hard-coded address that maps neatly to an N-number, an operator might be assigned a number of different addresses (if you're old enough to remember the movie Goldfinger, think of James Bond's Aston-Martin with the rotating license plates "valid in all countries.") But since ADS-B isn't just an American but rather an international standard, implementing such a proposal would require international negotiations. As one source told me, "Let's face it—if you fly in controlled airspace, you can't expect to do it anonymously."


Add Comment