This week, the Associated Press reported that the FBI is regularly flying "spy planes" over American cities. It's the latest in a series of media reports about government-operated planes outfitted with technology that mimics a phone tower to pick up information from the phones of people below, allowing agencies to locate fugitives on the run, for example. But when the planes fly overhead, they pick up on phone information from lots of innocent people as well (and, annoyingly, can disrupt phone service).
The report, which revealed the front companies the FBI uses to fly the planes, wasn't a surprise to John Wiseman, a technologist in Los Angeles. Based on public records, he had already figured out some of the planes the FBI was flying and, using a device he programmed to intercept airplane transmissions, had identified over the last month the ones flying overhead in L.A. in real time.
The thing is, when you fly planes in the U.S., you have to fill out lots of official forms that become part of the public record. Because the FBI didn't want to publicly acknowledge it was sending "spy planes" out to circle American cities (and potentially alert its targets), it created front companies for them. It seems the FBI is uncreative when it comes to spy craft; the fake companies tracked down by the AP and by Wiseman mainly had three-letter names, including FVX Research, KQM Aviation, NBR Aviation and PXW Services. Because flight records in the U.S. are public, and planes are trackable on radar, the AP was able to track down where these planes flew.
You can also track them fairly easily if you're so inclined. Wiseman used public records to get flight routes, and real-time local information using a customized radio receiver that picks up on transmissions sent by aircraft overhead in his hometown of Los Angeles. Wiseman wrote in a Hacker News comment in May about his findings, revealing a month ago what the AP reported today. He also summed up his findings in a blog post Tuesday.
After a Washington Post report revealed the tail number of an FBI spy plane that flew over Baltimore, Wiseman tracked it down to the company it was registered to in the FAA database and saw shared addresses with a bunch of other fake-looking companies with two- and three-letter names. Through data analysis and airplane forum scouring, he realized the spy planes associated with these companies were using a distinct transmission code or "squawk" as well as a unique call sign, leading him to believe the planes he was seeing overhead with some frequency were probably operated by the feds.
"I decided to check my database for planes that have squawked 4414/4415 or used one of the suspicious callsigns: I found 8 aircraft in the past 2 months, several of which exhibit suspicious behavior," he wrote on Hacker News last month, naming several of the suspicious companies cited in today's AP report. "Flying for hours at a time without going anywhere in particular (I don't have position information for them, but I know they're in the air and not leaving the LA area), flying almost every day for months at a time."
How times have changed: Before you could assume an Internet commenter writing about government spy planes flying over his house was crazy, but now it's possible he's actually a bad-ass citizen journalist. And Wiseman was not the only civilian to piece this together. A Redditor has photos of a FBI spy plane a coworker tracked down to a local airport after seeing it flying over head repeatedly in Phoenix.
If you too want to track planes, Brian Abelson, an engineer at public data analysis tool Enigma, has created an easy way to access relevant public records. Using the information about the FBI's front companies revealed by the AP, he created a database of what he thinks are 84 spy planes currently in use by the agency, by looking up the registration numbers associated with planes owned by the companies.
Abelson's list includes links to the planes' public flight radar information, so you can see their past trips. You could also look up the paths by searching for the planes' registration numbers on sites that track these things, like FlightRadar24 and FlightAware, so you can see, for example, the flight path this suspected spy plane took from North Carolina to Florida in July of last year…
… Or this suspected spy plane's flights around the Bay Area in California just yesterday:
If you're willing to mine public records, it can cut down significantly on government secrecy. Ironically, it's the same kind of mining that civil liberties advocates worry spy agencies will do to us if they have access to metadata and location information from our smartphones — a subject of heated debate over the last week in the context of the Patriot Act.
"I call what I'm doing 'persistent sousveillance': using historical sensor data to retroactively identify and track new subjects, it's just that my subjects are the government," wrote Wiseman. "One of the surprising things I've found is that all you need to do is look: the weird stuff jumps out right away, e.g. Cessnas registered to fake-sounding companies that loiter overhead for hours every day."
It's unclear if warrants are obtained for each of these flights. According to the AP's report, the FBI "said that under a new policy it has recently begun obtaining court orders to use cell-site simulators," which is the kind of technology that is strapped to these planes.
The FBI asked the AP not to publish the names of the front companies to spare taxpayers the expense of changing them. Of course, as evidenced by Wiseman's digging, it was already possible to figure this out based on public records. An FBI spokesperson also told the AP that, while details of how it worked were confidential, "the FBI's aviation program is not secret." It definitely isn't now.