legal issues in new it @ airports - the integrator’s perspective amsterdam wala 27 april 2012 by:...
TRANSCRIPT
Legal Issues in newIT @ Airports - the Integrator’s Perspective
Amsterdam WALA
27 April 2012
By: Stephen Baird, Legal Director, SITA
2
- What’s new in the world of IT @ Airports?
- What legal issues are raised?
- What’s the integrator’s perspective?
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
AIRLINES
GOVERNMENTS
GLOBAL DISTRIBUTION
SYSTEMS
AIRPORTS
AEROSPACE
INTERNATIONALORGANIZATIONS
AIR CARGO
Briefly - About SITA
SITA is owned by the air transport industry.
We work collaboratively with:
AIR NAVIGATION
SERVICE PROVIDERS
AIRCRAFT& AIRFRAME
MAKERS
A GLOBAL CUSTOMER BASE
Providing services across 200+ countries and territories
Stakeholders | Services | … Let’s travel …
5 WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
1. From his home, Mr. Barkley:− Checks in online− Downloads airport portal to phone to
register his preferences (food, books, …)− Prints boarding card and bag tag
2. Portal pushes flight status
Mr BarkleyFlight United UA 582 to ChicagoLeaving at 09:38PM
Status: ON TIME
Gate: T15
Mr. Barkley drives to airport (directions on mobile phone GPS system):1. asks where to park and books/prepays his parking space2. once parked, tags parking location to easily find his car upon his return
Proceed to Security Lane #3
This way
1. Mr. Barkley drops off his bag (and will know at all times where it is thanks to end-to-end bag tracking)
2. The portal directs him to shortest security queue via augmented reality interface
Mr. Barkley goes through biometrics- enabled security & documentation control(faster and more secure procedures)
1. Mr. Barkley is informed of relevant and personalised special offers based on his location
2. He purchases items using his mobile phone for checkout and payment
ACCEPT DECLINEBack
Alpha Retail Offers
Select Back
Alpha Retail
Select Back
Meanwhile, Mr. Barkley's aircraft has landed.
Apron Mgr.
Flights
SK456FA123 SO768
Handling crews are optimally allocated and supported by the Airport Management System via information pushed on their handheld devices
Refuelling:78% complete
Gate handling staff too is proactively informed of potential time-breaches via mobile devices and resources are allocated based on real-time data (passenger status and location)
January 28, 2009
08:31
Gate-handling status
Gate open
Cabin crew reported
Boarding started
Pax yet to board
Cabin door closed
Gate closed
8.05
8.10
8.15
15
8.40
8.42
Planned
BA1365
8.05
8.15
8.17
Actual
Gate 44
30
Mr. Barkley is informed that boarding has begun (suggested itinerary with ETA)
Mr. Barkley, your flight UA 582 to Chicagois now BOARDINGPlease proceed to gate T15
Estimated time to reach gate: 6 min.
Suggested itinerary
He reaches his gate where he is able to self-board without queueing
15
Three areas of legal focus:
Poised for rapid
growth – raising data
issues
Efficiency & massive
data transfer
Legal options and models for new infra-structure
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
1. Airport Passenger Tracking
2. Wireless Networking
3. Shared use IT Infrastructure
16
1. Airport Passenger Tracking and Legal Issues
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
17
Pax Tracking – What is it?
• “Passive” anonymous tracking vs.• “Active” tracking and “push” interacting:
• Automatically validating access to secure areas• Sending boarding information• Marketing
• If the passenger data is known:• You are gathering & storing pax personal data• You can “push” information to specific pax (with consent)
• Analyzing output data to improve:• Airport services for pax; and• Airport efficiency – in real-time
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
18
Consolidating and Analyzing Anonymous Data – P@A Dashboard – allowing real-time airport efficiency decisions
19
Using Personal Data @Airports
• Pushing information to known pax – using preferences and a phone no – must comply with data protection laws (if applicable in your country).
• Airlines cannot give data for direct marketing by third parties unless the pax has explicitly consented. (They can give it for airport operational or security reasons.)
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
20
Using Personal Data @Airports
• How do you legally gather knowledge about people – mobile no., age, salary, what they like to read – and obtain their consent to enable direct marketing?
• Buy it from brokers?• Revenue share with airlines?• iPhone / Android apps?• Loyalty / FF cards?
Over 70% of bus. class pax have 1+ FF. • Gather it using other incentives?
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
Mr BarkleyFlight United UA 582 to Chicago09:38PMStatus: ON TIMEGate: T15
21
• Once you have data, under data protection laws:• It can only be used in line with the original consent;• The pax retains ownership and rights eg. to have it
“forgotten” (in EU);• It must be stored securely.
• Passing the data to subcontractors is often possible, but you must “control” the data at all times.
• In the context of cloud services, data “control” means: Access control; Ability to inspect access logs; Ability to alter storage instructions.
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
Using Personal Data @Airports
22
Legal Issues in Passenger Tracking@Airports
SUMMARY
• Airports have the opportunity to be at the forefront of consensual direct marketing via social media – driving both pax satisfaction and beneficial marketing.
• Meaning that airports will become experts in personal data laws and data storage security issues.
• Control and security of data is key.
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
23
2. Wireless Networking and Legal Issues
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
24
Wireless: What’s the available technology?Data transfero Wifi
• Range <100 metres; speed usually 54 MBps
o 3G cellular• Existing networks are PCI secure
o WiMax (4G)• Range 50km; faster than wifi• Some spectrum is regulated, some is not
Trackingo Bluetooth
• Accurate to +/- 5 sec. / 8-15% pax penetration / range = 10m
o Wifi • 25-50% pax penetration and growing
o Laser/Video/Thermal• Accurate to +/- 2-3%
Pax Access / Validationo Near-field Communication (NFC)
• Smartphone (or chip) radio comms eg. Swiping for access – 5cm range
How will wireless networks be used?Linking:
• Each pax Airport• Each aircraft Airline’s data centre (via ground n/w)
• Each pilot Airline / Airport• Airport agents Airport operations• Airside staff Airport operations
3,000+ aircraft with new, heavy wireless networking requirements in next 2-3 years: B777, B787, B747-8, A380, A350 plus retrofits
How to securely download 3 GB of mission critical
data in 45 min?
Airlines now issuing
tenders for many ‘000s
of iPads with wifi
26
Wireless networks: Internal Efficiencies | New Services
• Airports are drawing up plans for: (Source: SITA research)
1. Mobile workforces; and
2. Aircraft-dedicated wireless services
Mission critical; both require professional grade wifi
• Challenges: • How to anticipate future technology• Airlines desire a single integrated global system • SECURITY: Who will be liable for hacking incidents?
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
3,000+ aircraft with new, heavy wireless networking requirements in next 2-3 years: B777, B787, B747-8, A380, A350 plus retrofits
How to securely download 3 GB of mission critical
data in 45 min?
? Great coffee!
Security for Wireless Networking
28
• Payment Card Industry Data Security Standard (PCI DSS) should be aimed for – provides a high standard.
• To seek to protect and mitigate risks of hacking, technical design steps are needed. Nine examples:
SSID (WLAN) hidden from view; 802.1x security requiring user authentication; Certificate based security; Encryption; Firewalls; Traffic management - inbound traffic denial;Testing for rogue access points; Audit log management;Deploying wireless Intrusion Prevention/Detection.
• Infrastructure investment in airport wifi networks
will often be necessary to achieve PCI compliance.
Device W-LAN Ground LAN Ground WAN. No weak links
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
Legal Issues in Wireless Networking @Airports
29
SUMMARY
• Wireless networks offer airports significant possible revenue growth. Security is a value-add.
• Reasonable liability disclaimers will be sought.
• A robust, standardised and secure service will support heavier use – by the thousands of next-gen aircraft and devices (iPads etc) soon to come online at airports.
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
30
3. Shared-use IT Infrastructure and Legal Issues
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
31
What is Shared-use / Common-use?
• Infrastructure/equipment that is used by multiple airlines/GHAs, and contracted by those airlines/GHAs.
• First occurred in 1980s. The following can be supplied on
a common-use basis:
Existing:• Check-in desks / peripherals• Check-in kiosks
New:• Automated “intelligent”* security gates• Self-boarding gates• Self-service bag drop machines
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
* E-Gates have the intelligence, through sensors, to detect if there are any abnormal passenger behaviors such as piggy-backing/tail-gating or reversing direction.
Legal Models for Shared-use Supply
HYBRID – “Airport joins CLUB Option”
Common Use – “CLUB”* model
Airport Sourcing – “Direct” model
Airport buys services, resells to airlines/GHAs.
ADVANTAGES:Airport is in full control as sole reseller of service to airlines/GHAs
DISADVANTAGES:Airport is liable to airlines/GHAs as service provider.
Less used than other models today – but useful if airport seeks to retain a level of
control / influence while avoiding full liability of “Direct” model
“CLUB” model but airport joins the group as a non-fee paying committee member.
ADVANTAGES:Enhanced collaboration. Airport can influence committee and has voting power – veto voting power possible.
DISADVANTAGES:Airport is not in full control as in “Direct” model.
Airlines/GHAs buy services as a group/ committee.
ADVANTAGES:Airport has no operational liability. Airport is free to sell additional services.
DISADVANTAGES:Airport cannot control service.
* CLUB stands for “Common-use Local Users Board”. (Not a legal entity.)
Legal Issues in Shared-use IT@Airports
33
SUMMARY
• Shared-use IT infrastructure in airports has been around for decades – and is likely to remain for many years to come, because it’s convenient and efficient.
• As new “intelligent” IT infrastructure is launched, airports can choose the most beneficial model for shared-use IT for the airport and stakeholders.
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
Legal Issues in New IT@Airports
34
FINALLY: SUMMARY of the SUMMARIES
• Passenger Tracking: Gather & use personal data lawfully & “control” it using access control, etc.
• Wireless Networks: Accept liability measured against value-add & actual security of the network.
• Shared-use: Consider hybrid shared-use model to ensure future collaborative decision-making.
WALA - SITA Presentation: Legal Issues & IT@Airports | Confidential | © SITA 2012
THANK YOU
Stephen BairdLegal [email protected]
LinkedIn:http://www.linkedin.com/pub/stephen-baird/19/9b0/966
About SITAOUR PORTFOLIO, PEOPLE AND PRESENCE
The broadest portfolio for air transport:
OUR PEOPLE ARE YOUR PEOPLE
WE COLLABORATE TO DELIVER COMMUNITY VALUE
39 | Presentation Title | Confidential | © SITA 2012
CUSTOMERS THE WORLD OVER:
A SNAPSHOT
WORKING TOGETHERWe collaborate with leading partners to provide leading solutions
Solution partners
Offshore partners Joint venture partners
Visit: www.sita.aero