“The Block Aircraft Registration Request [Barr] program doesn’t really provide privacy; it’s just a barrier,” Dustin Hoffman, president of Los Angeles-based IT engineering firm Exigent Systems, told AIN. Hoffman, who has a private pilot certificate and flies a piston single for his business, set out to prove his point at the Defcon 20 computer security conference last month in Las Vegas.
For a presentation at the computer hacker event, he decided to pick an aviation-related topic, “since aviation seems to draw attention at Defcon.” So Hoffman and his associates spent about 80 man hours developing OpenBARR.net, which uses open-source speech recognition software (called Sphinx, and developed by Carnegie Mellon University) and live air traffic control communication feeds at LiveATC to identify the movements of aircraft, even those enrolled in Barr.
The description Hoffman wrote about the presentation was meant to attract even more attention: “Private aircraft provide transportation to interesting people: corporate officers, business owners, celebrities and high-net-worth individuals. In recent years, sites like FlightAware have made it [simple] to access all public flight plans. However, aircraft owners can opt into a block list (the Barr) that prevents their flight information from being made public. All the interesting people are on the Barr. We’ll explain the basics of how the ATC system and sites like FlightAware work; demonstrate a serious, unpatchable method for tracking otherwise ‘untrackable’ Barr aircraft; and demo our site that lets you do the same.”
NBAA has denounced the effort. “What’s at the heart of the matter here is that Congress has long recognized that there are legitimate concerns related to the personal and competitive security of general aviation operations. That’s why Congress created the opt-out 10 years ago, and has since repeatedly passed legislation including a clear mandate that the FAA ensure aircraft owners and operators can opt out of having their movements broadcast by the government, in real-time, over the Internet,” it said. “The FAA has followed the guidance from Congress, and it’s regrettable that an individual would attempt to violate another person’s security by trying to disable that opt-out capability for ‘fun and profit,’ as the hacker, in his own words, says he wants to do.”
Because Defcon 20 was held in Las Vegas, Hoffman’s team focused only on identifying aircraft flying into or out of Las Vegas McCarran International and Henderson Executive Airports. They had to “train” the software to be able to recognize tail numbers at each airport.
Once trained, the speech recognition software could properly detect N-numbers about 82 percent of the time from just the voice transmissions broadcast over the LiveATC website. “But N-numbers are repeated often in transmissions, so even with the error rate we’re able to get all of them eventually,” Hoffman told AIN.
While he said that the concept could be scaled up to provide national real-time coverage, several barriers remain. First, LiveATC does not carry all ATC channels in the U.S., not to mention that international coverage is somewhat spotty.
There are also availability problems with radio feeds at LiveATC (the site itself relies on a cadre of volunteers to provide the ATC radio feeds). And there are many Twitter posts about unavailability of some channels, which LiveATC administrators acknowledged are “run remotely” and could be subject to volunteers’ network, computer or power problems. In addition, during research for this story, the entire LiveATC site experienced two outages–one of which lasted more than half a day on August 17.
As if ATC feed problems aren’t enough, the software would have to simultaneously listen to more than 10,000 U.S. radio channels–tower, approach/departure and en route centers, among others–which would require supercomputers. While a network of volunteers could theoretically be recruited to perform this function, it would require much work on the part of any willing volunteers, who would have to train the speech recognition software for a specific radio channel. This entails volunteers laboriously transcribing ATC transmissions until the software can meet an 80-percent positive detection rate.
The barriers suggest that real-time tracking of aircraft in this manner isn’t economically feasible. One industry source said that there is also limited demand for this information: “Basically, just the FBOs, paparazzi and those involved in corporate espionage. And the FBOs can already view Barr-restricted aircraft by subscribing to Passur.”
Hoffman told AIN that he has no further plans to expand OpenBARR.net, and the site is no longer monitoring traffic movements. “We were merely demonstrating that it could be done,” he said, “and [proving] that Barr doesn’t really provide any privacy.”
However, he did release the know-how and the code to hackers at the conference, meaning that the Vegas demo might not be the end of the endeavor. Hoffman acknowledged that several hackers have already expressed interest in the project further, but so far none has publicly announced any plans to do so.