Security and privacy concerns arising from the ability to obtain, and freely share over the internet, ADS-B information transmitted by aircraft have been outlined in a paper to the ICAO Assembly.

Concerns over real-time tracking – particularly of certain flights – on internet platforms have been laid out in the paper, submitted to the triennial meeting in Montreal by Saudi Arabian representatives.

It states that detailed ADS-B data is widely available and there are neither regional nor global mechanisms to control and limit access to “private and sensitive” flights.

The paper suggests that ICAO might consider leading the development of “new provisions” to introduce such measures, to reduce “hazards, risks and threats” related to public sharing of flight data – including encryption of transmissions or de-identification of content.

ADS-B data, it says, is broadcast in an unencrypted format that can be received and processed using “primitive” receivers, and that increasing numbers of flight-tracking websites are offering precise details on aircraft operations.

This information is supplemented by sourcing origin, destination, flightplan and route data, along with provision of registrations or photographs of the aircraft.


Source: Planefinder

Several flight-tracking websites are fed through access to ADS-B data

Flight-tracking has, on occasion, proven controversial. SpaceX chief Elon Musk has been involved in a high-profile spat over public tracking of executive jets associated with him.

ADS-B transmitters cannot easily be de-activated, particularly given that the systems are typically coupled with transponder and collision-avoidance equipment.

But the paper suggests other options to reduce the availability of information to the public.

Agreements with commercial platforms or internet entities could mask flight and aircraft data from real-time tracking, but the paper says this filtering would only be a “partial solution”.

Management of flightplan data by agents, it says, could be reviewed to restrict access to parties directly involved with the flight.

The 24-bit aircraft address allocated to aircraft is “static”, says the paper, and can “easily be used” to identify them, whereas aircraft privacy could be protected through a dynamic 24-bit address system.

“With this scheme, there is a need to allocate generic or anonymous [aircraft identifiers] to ensure complete de-identification of the flight and prevent correlation to other data,” it adds.

Such a measure would need safety-risk assessment to evaluate the potential impact on other systems.

Military-type encryption is another potential avenue outlined, restricting the processing of data to authorised parties and limiting distribution of de-encryption keys.

“Introduction of new standards to protect the identity of aircraft broadcasting ADS-B data may incur financial implication for owners and airlines depending on the solutions and options that will be deployed,” the paper says, adding that this would need to be considered in the definition of new technical specifications.