Viewpoint: A Layered Approach To Privacy

Jim Morgan, Concentric Advisors
Credit: Concentric Advisors

Not only do Taylor Swift and Elon Musk have private drivers, they have private pilots, too. And entrepreneurial fans and stalkers have figured out how to track them, leading to increasing security concerns and Swift selling her jet.

Given the growing interest and potential threats that come with extensive flight data tracking, executives, high-profile individuals and their teams need to understand the continued security risks and be equipped to counter them.

Navigating Tracking Applications
Aircraft data has long been public record, and consumers tracking flights is nothing new, but advancements in technology and increasing interest in the lives of celebrities and high-net-worth individuals make it a hot-button topic.

Jet tracking accounts use various technologies including automatic dependent surveillance-broadcast (ADS-B) data, GPS and satellite tracking to collect and publish information related to an aircraft’s activity. These applications broadcast pertinent details about the aircraft, including the make, model, registration number and ownership.

ADS-B, which is mandated by the U.S. FAA, provides air traffic controllers with an aircraft’s precise position. It helps to prevent midair collisions and allows people on the ground to know where the jet is at all times.

Tracking applications could also integrate data from radar systems, flight planning sources and public websites or aviation enthusiast forums. By understanding how the tracking apps work, the data they collect and the potential threats they present, aircraft owners and operators can better assess their privacy needs and implement the appropriate countermeasures to alleviate these risks.

Potential Flight Risks
ADS-B was not intended for stalking, harassing or gawking at celebrities’ whereabouts, yet there are always bad actors who exploit such data, even though it puts people’s safety at risk. Because the data is unencrypted and publicly available, anyone can pick it up and do whatever they want with the information.

Ergo, the FAA launched a service known as the Privacy ICAO Aircraft Address (PIA) program for private jet owners to apply for an anonymous identification code. Despite the good intentions, it is a laborious process, and the codes are locked in for 60 days. The FAA also offers a free service called Limiting Aircraft Data Displayed (LADD), which allows aircraft owners to redact their tail numbers from public tracking.

While open-source flight tracking applications serve as a useful visibility tool, they also pose significant security risks that can lead to dangerous scenarios if sufficient risk management strategies are not implemented.

The real-time tracking can result in targeted attacks on the aircraft or individual, ranging from terrorism to in-person confrontations, theft, stalking and kidnapping. In less dangerous situations, it can lead to reputational damage.

Corporate espionage, a less discussed threat, could happen if competitors are able to monitor travel patterns of high-profile executives and gain insights into corporate activities and strategies. On the digital front, private jet tracking apps collect and store vast amounts of sensitive flight data, making them a rich target for cybercriminals seeking to exploit vulnerabilities in the system.

Flying Under The Radar
Although the FAA continues to find new provisions to end the doxxing of private jet owners, trackers and hackers will continue to find new ways as technology advances.

For maximum protection, aircraft owners should participate in both LADD and PIA—however, they are not foolproof. It is key to travel alternating routes when possible so bad actors do not learn patterns and anticipate threats based on the travel itinerary. Analyze potential threats along flight paths or specific segments, including the best diversionary options in emergency situations. 

Stand up active monitoring for immediate notifications of moderate or high-risk mentions of tail numbers and the individual's travel plans that could escalate to threats. Conduct periodic reporting on the volume and sentiment of tail number mentions. Hold regular training sessions for security personnel on privacy protocols, procedures and responsibilities. Use a data removal service to clear the aircraft from certain tracking websites.

Jet tracking can bring unwanted media attention, as it has also become a climate accountability tool, and individuals or organizations may receive backlash for their carbon footprint. To avoid the media hot seat and reduce negative exposure, investigate options and tactics to measure, reduce and offset carbon emissions from private jet usage.

Constant collaboration and information sharing among security and intelligence professionals is critical to mitigating risks during travel. By implementing a multi-pronged approach that combines technical protocols, operational procedures, regulatory framework, continual vigilance and ongoing education, owners and operators can protect their privacy and reduce the threats posed by tracking applications.

As tracking tools innovate, so must security teams to ensure people’s safety.

Jim Morgan is chief security officer at Concentric Advisors and a former supervisory special agent with the U.S. Secret Service.