The US Department of transportation security has released a statement about enhanced measures to promote aviation security. They seemingly want all smart devices to have charge on them before being allowed through.
Will Semple, VP of research and intelligence at Alert Logic, has provided the following expert comments explaining the possible implication of this new security measure:
“The requirement to have all smart devices capable of demonstrating that it is functioning is the need behind the ‘charge’ directive from the US DoT. It would also imply that the US Intelligence agencies have a specific concern that smart devices are being utilised to bypass standard airport security detection systems.
The concern around surveillance as a by-product of this directive, where tracking can be carried out via public Wi-Fi hotspots in airports is interesting, but perhaps by itself not an efficient way to survey a target. While not all smart devices are cell or GPS capable, the majority are, making Wi-Fi tracking relevant only to a smaller number of devices. It may be possible to track a Wi-Fi device being turned on in an airport and registering with the hotspot. The person doing the tracking would need to either have the device and the targeted person pre-correlated or be looking for specific network traffic in order to utilise the data that is produced.
Wi-Fi only tracking as a means to track ingress and egress from a port of landing such as an airport would produce a lot of data problems. Assuming that the tracking agency has access to the logs from the public Wi-Fi in near real time, they would need to have other data points to make a join and pivot decisions from. Even where public access Wi-Fi requests users login with an email, these can be set up as ‘one time uses’ preventing basic correlation.
The value of doing this type of surveillance can be limited by itself, but when combined with other surveillance capabilities it may prove to be very effective. At that point you would hope to assume that the tracking agency is after a specific target.”
Sati Bains, COO at Sestus, has also given the following says:
“This all sounds like yet more hassle when travelling but most consumers are going to put up with it in order to be safe. Just more to do when travelling to America.
From a government snooping perspective they don’t really need you to turn on your device through customs as you will at some point do so anyway. Measures like this have been in place before, for example in Australia in 2005, and previously directed at specific profiles. In this case the statement is very clear that they perceive a threat from certain overseas destinations. Where this becomes questionable is where the data on the device is subject to a scan. In this instance it is not obvious that this is the intent, although that has been the subject of considerable debate in the US (for example reference David House, a former MIT researcher, in 2011).
There are some logistically points about the statement. Are they proposing that the test be done at the port of embarkation? If so who’s going to carry it out? The airline or the TSA? Which countries are subject to this review and is it all airlines or just a select few? You are pretty much told to have these things off when you go through customs now you need to allow more time travelling in order to turn them on and also now remember to turn them straight off again.”