Play Date at the Airlines - Part 1: An Introduction

08 Jul 2017

Update: Version 1.1.0 can be found via PDF here. This is Version 1.0.0 on this page currently.

Here are my intended contents of how I’ll set up and arrange the next few posts, hyperlinked once they’re done since it’ll take me a while. Things may change or get re-arranged later. Over time I’ll go back to add in more sources and links for folks and to also avoid legal issues. After all I’m working off of my CFP which was detailed but it wasn’t everything. Feedback, comments, suggestions, and more can go to my Twitter.

This is much more in-depth than I’d have gone most likely in a talk so I’m kind of glad things happened the way they did. Do feel free to skip to the bottom of this post to begin the actual content.

While I state this at the bottom too I’m stating up here too that everything here on this page was done either in research, observance, Google-ing, and no SSI.

If folks actually enjoy this series I’ll do it for other areas of the airlines. Thanks all.

Contents

Why I’m writing this now

Back in March I intended to submit a CFP to DEF CON on airline security. Why? I absolutely love airlines and air travel, want to help fix it, and I wanted to see if I was capable of writing something that could be presented on a stage. Especially with it being my fifth year of DEF CON this year. It was a challenge to myself.

At first it was a solid two dozen or so pages scattered pretty much in every direction possible because I really want to help with every area I saw issues in. Then I did a Twitter poll asking what folks would be more interested in. From there I narrowed it down to twelve or so pages then began asking folks to review it.

Thank you to all the folks in my life from the airlines who’ve been amazingly supportive of me from the very first day I joined the airlines, laughing about airline things with me while I wrote the CFP, giving me pointers and tips, and overall for being in my life. I love my airline family dearly.

To all those who read and reviewed my CFP thank you, thank you so much. I appreciated all of you folks being honest with me. Of course there was mix review and debate on the length of how long my proposal was but otherwise it was a good first exposure to working on one.

It was after I got the following final review from a wonderful peep in the DEF CON CFP review board (who would have to of course omit voting on mine had I submitted it) that I decided, with all other potential issues legally with it, to not submit.

So why now?

Today has been a hard day to cope with. A former best and close friend of mine died by suicide just over a month ago right at the beginning of Pride Month which also happens to be the day I came out as a trans individual three years prior. She would have been 20 years of age today.

I need to do something today for myself to feel productive. This is something I am deeply in love with, something I’m motivated to do and happy to talk about nonstop even when I’m feeling really sad. So that’s it.

Actually, not completely. I can’t do this alone to fix the problems. They won’t listen to just one voice.

So hopefully you’ll speak up too.

Happy birthday, Eileen, I love you so much.

Who I am

Hi hi, I’m Avi. I love rabbits, cheesecake, and cute things like prime numbers, triangles, half diamond lock picks. Airlines are very 3cute5me. I have an odd habit of ending up working at places where I’m rather obsessed with figuring out how things work, where the systems in place fail and why, and find more cute things inside of it to obsess over.

That included the airlines.

I worked from 16 March 2015 to 16 March 2016 officially in the airlines.

I started out as a customer service ticket counter agent. I was pulled a week or two later to replace the outgoing person who was the station training compliance coordinator so I took over while also becoming for two months the primary station ops agent. I also got recruited and became an emergency response team member and then became the emergency response coordinator maintaining emergency plans and the business continuity for my station.

Outside of other things I was the baggage service champion for my station, was the primary cargo acceptance agent, became an instructor for cargo and new hires. I was also tasked with the transition workforce wise of the legacy system to the new system at my station which was hilarious to me since I loved and never stopped using the legacy system. I’ll explain why later.

At one point I handled and did the regional safety minutes and reports for my region. Oh yeah and I also got to deal with all of the IRROPs like that one diverted flight I got alone at night while also working on two of my own delayed flights. IRROPs loves me and I loved IRROPs, too.

If there’s any interest of what my personal daily workflow used to look like I’d be happy to break it down. If there’s one thing I’m rather pleased with myself on it’s my time management.

So there’s my experience. If it isn’t enough for you to keep reading further because you think I’m not qualified enough please feel free to stop here.

Introduction

Even if you’re a frequent flier or are in the airlines and feel like you already know all of the linguistics of the airlines I recommend double checking with the following examples to make sure we’re on the same page. If you’re new to the entire concept of what the heck happens once you enter through the airport doors this is a requirement to understand this series.

I’m sure I’ll be adding more necessary vocabulary here over time, feel free to reach out to me any time if I say something you don’t understand.

Vocabulary

Important agencies to be aware of

Department of Homeland Security (DHS), Transportation Security Administration (TSA), Department of Transportation (DoT), Federal Aviation Administration (FAA), International Air Transport Association (IATA), etc.

There are countless more whether by local municipality level, city level, state level, and so forth. If you really want me to add one I didn’t list here let me know and I’ll do it.

All of them are crucial and create various rules that airlines must abide and follow by. Which oftentimes means that they make a checklist of things they must do and so airlines will do things until they’re told not to do that anymore. Things change sometimes on the daily for airline folks with what they’re told to do which doesn’t help at all confusion wise. Sometimes it may be even conflicting with the other rule or thing they were told.

While I’ll go super into depth on this later this is a massive weak point and flaw, especially as someone who has seen this first hand by making sure folks did their training.

Issues that make it hard to talk about airline security

Once you start talking about security issues in the airlines whether you’re a researcher or someone who notices things you’re walking on really fragile ice. Which I’m officially on now I’m sure and why I made sure that everything I said could be backed up by public information whether it be Wikipedia articles to Google with folks-

Anyways. The largest issue for me to talk about this as a former airline employee is Sensitive Secure Information (SSI) - 49 CFR §1520.5(b). The shorthand for the entire scary nature of it to airline employees is “a need to know basis”.

Essentially if it’s required in your job duties to know something, you have to know it. Otherwise you shouldn’t know it. Any document that has SSI on it clearly states on it that it has SSI. If you have SSI it must be secured (if you find a document with SSI on it openly at the airport huzzah, that’s super cool! But also totally oh noes for whoever left it).

I really want to talk more about this but I’ll go on it more later with whenever I get to airline employees and airline culture. To get a taste of it, though, for myself as an example I had a lot more exposure to things with SSI due to having to, well, do and know everything. Some things that seem fairly blatantly clear if you’re observant as a passenger and talk about it openly is actually SSI for airline employees.

Maybe this wasn’t the greatest idea to do this but here goes nothing.

Other issues outside of SSI at this point is simply nondisclosure agreements and whatever else you sign when you go work somewhere like the airlines. The FBI has my fingerprints now which I’m not exactly happy with but it’s the deal I agreed to.

Finally to conclude this brief (if you consider this long oh boy, I could have seriously gone into depth on this believe me) introduction I’m officially saying from this entire page and whatever page I have from here on out about this everything I am saying was done either in research, observance, lots of Google-ing, there is no SSI, etc.