I work in the travel industry as a programmer (god only knows for how much longer) - I can tell you that Sabre and other GDS's are only used if you go through a travel agent or use some online reservation systems. If you book through the airline's systems or on online reservation systems they likely use the airline's systems to track travel instead of GDS since the GDS wants to take a big cut of every ticket sale. And obviously only legacy travel companies like Hertz and Mariott integrate with GDS's, new travel companies Uber and Airbnb likely don't have any relationship with Sabre.
You're only likely to be in a Sabre system if you've been booked by your company through a travel agent and rent using legacy car/hotel companies also through your company's travel agent.
I used to work for Sabre, they do a lot more than just bookings, they provide all the software to run an airline basically. I worked in the area for scheduling air crew. But also crossed over into all the flight tracking. Their systems hold a lot of data, though the airlines own and host that data in secure facilities.
Fun Facts, when I worked there, you could fly for free on American Airlines ( the company got split out from AA ). They claimed to employ the most PhDs at one time ( lots of operations research). Also claimed to invent database transactions for the problem of people trying to book the same seat on airplanes at the same time (early 60s I believe)
The industry is moving to a being able to purchase products instead of complete PSS/GDS solutions. As an airline you'll be able to buy an inventory management system from Amadeus, a pricing system from Sabre, a support system from TravelSky, and a website from Travelport.
The best example I can think of is American. They have Amadeus running their international website. Their ticketing system is internal. And all their inventory is managed in Sabre.
Southwest was similar, for a while Amadeus ran their international site while Southwest ran an outdated internal system for domestic travel that didnt support flights leaving and arriving on different days. They eventually had Amadeus move into running their domestic stuff a few years ago and now they have red-eyes.
Delta runs all their own stuff on a mainframe and from the outside it looked like a slow moving disaster. I know Amadeus sees all their inventory and looks at each passenger.
Also a travel industry programmer. Same feelings about for how much longer, heh.
> If you book through the airline's systems or on online reservation systems they likely use the airline's systems to track travel instead of GDS since the GDS wants to take a big cut of every ticket sale.
But in my experience, the airline backend and pricing is usually outsourced to Sabre or Amadeus. Frontier and Southwest are the only big players I know of that handle that sort of thing themselves, and Frontier has a teeny-tiny routelist compared to the others.
You think US intelligence doesn't have access to other major airlines' back end databases, or things like major hotels' reward programs, airbnb, uber, lyft?
Definitely depends on the airline. The big US carriers all have their own systems, but the vast majority of foreign carriers use a GDS on their backend. It's just not worth building in-house unless you're at very large scale.
not true.
BA,LH,LX,OS,AF,KL,... all run on AMA
AA runs on Sabre
Its actually the other way around, some airlines have their own system, but most use some sort of GDS.
i.e. even when you make a booking directly with one of the airlines above mentioned, the entire PNR is still created and used in a GDS.
Even when you use Farelogix (for LH NDC bookings for example) the entire PNR also gets created in AMA. When you want to make changes in the LH PNR that FLX does not support yet, you still have to make the changes in the AMA PNR.
They don't use a GDS on the front end, but doesn't all that data feed into a GDS somewhere on the backend? I don't know much about Sabre but I know Amadeus reaches pretty far across everything.
Pretty sure they've also got feeds on everyone's credit card purchases, emails of itineraries, text message confirmations, your phone homing and roaming (from the cell networks), from scores of apps that wanted your location squealing to whoever wants to buy it, from face rec at airports, etc etc.
Your travel is certainly no mystery to the state without this one airline feed.
I am surprised that this is considered a secret anymore. If you travel anywhere and board a flight, stay a hotel or rent a car, you should assume that the government already knows about this. All companies have data sharing agreements with the government and judges are known to sign very broad data warrants that force companies to give data to governments for any suspicion of crime .
Basically today, everybody should assume that the government knows everything about you - where you live, where you work, what car you drive, where you travel, What property you own, lease , whom you call etc. Privacy exists in name only.
Given that this information is the companies own info, voluntarily shared as a private business, I wonder if we can make a comparison to free speech and the notion that free speech still exists despite most avenues of communication now being privatized and having control over what speech is allowed. Conceptually, if free speech can still be considered to exist in such a realm, cannot privacy? Yes, you may have to choose to note engage in companies that share their data if you want to keep your privacy, but that is much like what happens if you want to be able to speak without having to follow the limits those companies have in place. This is not to say the arguments are identical, but that there does seem to be similarity in their structure.
If one can takes the argument that you can keep your privacy by just refusing to use airlines, credit cards, hotels, etc. and says that being forced to give up so much to maintain privacy means that privacy is dead (or exists in name only), then shouldn't it also be possible to make the argument that you can keep your free speech as long as you avoid the growing list of companies who refuse to business with individuals who engage in certain forms of speech (especially who do so loudly) mean that free speech is also dead?
If instead the 'private businesses doing what they want' argument wins, then shouldn't it also apply in the case of privacy? That the company sharing whom they are offering a service to doesn't violate privacy because it is information you willingly gave them that they can then give others. (The case where the information is gathered through overly broad warrants stands out as an exception, being that it is forced by the government.)
They're also a target for APTs and foreign governments. Pretty much everyone wants to get their hand on travel data. Also fairly likely that other GDS such as Amadeus has similar issues. Speaking from personal experience, Sabre's code base is very outdated, and filled with tech debt and hacks. They haven't done a good job controlling bloat and many teams are skeleton crews that are consumed with ops and can barely fix bugs. I'm sure you don't need to "hack" anything.
Contrary to what some posters here seem to be saying, Sabre is very widely used in many parts of the travel industry.
Any old school travel agent can look up names and follow their travel history anyway? (No matter how it is booked btw)
You could call one up and ask if X has got on the flight and they can check. I've done it before to check if I wanted to know the persons flight was delayed and made it to the airport on time.
It is interesting because it lets you reflect on asine practices. If this level of distrust by government towards citizens is accepted and normalized because of terrorism and subjective security needs, don't cry if people think government wants to intentional feed lead to your kids.
It's more complicated than that. Most tickets aren't in a GDS, but only in an individual airline's CRS. And a travel agent wouldn't have broad SQL like ability to query. They would need at least 2 of name, record locator, or flight/date. And travel agents don't typically have access to every airline CRS and all GDS systems...some subset is more common.
The travel industry (esp the airlines) are moving to puzzle piece style integrations -- I know that Hilton Uses Sabre for incoming GDS reservations, but, uses salesforce internally for managing a lot of the guest interactions (including bookings and customer support): AA (as mentioned previously in this thread) uses multiple commercial systems, and Marriott uses a mixture of FOSSE, MARSA (there might be an H in there, but, it's been a while since I've been at MI) that talk to their backend microservices for their .com system.
MI picked up a LOT of technical debt and a LOT of security bugs when transitioning SPG programs and properties into MI's portfolio (thankfully, I was off of that project at that point in time).
I don't think this is the case where the FBI or other conglomerates have direct SQL-style access into their systems, but, more-so where FBI has retired or plans internally to pull data from systems when requested: When it's hard as hell for employees with the proper need-to-know for their application to pull up data in a meaningful fashion, you know that it's next to impossible for Law Enforcement to have a nice little dashboard where they can just type "Ian Wilson" and get a list of every place I've ever stayed ever (unless they're working with VISA: that's something that I kinda expect, tho).
> No one really knows just how often or widely the government has used the All Writs Act to force companies into surveillance
Seeing how they used Sabre to prosecute a measly $5000 damage, we can surmise that they'll use this and similar systems for just about anything they can possibly be used for.
What's interesting is that names on international flights are already checked directly against several watchlists. So apparently that tool isn't sufficient.
GCHQ has a program called ROYALCONCIERGE, where they hack the reservation systems of hotels to watch for targets renting rooms. then GCHQ sends teams ahead of time to intercept the targets, preaumably to spy on them, or assassinate them or rendition them to a black site.
from another Snowden doc which i can no longer find, it was revealed that ROYAL CONCIERGE hacked hotels owned by Starwood, one of the biggest umbrella corps owning multiple global hotel chains.
you think NSA only went after Starwood hotels? remember NSA said their "Full Spectrum Domination" posture means "Collect It All."
you think if NSA/GCHQ are hacking into hotel reservation databases to exfiltrate the whole shebang, that Airline reservation systems are NOT a higher priority?
a commenter said it is ridiculous hypocracy how we blast China for forcing its tech companies to become appendages of their military/intelligence complex, while ignoring FBI/CIA/NSA do the very exact same thing under the rubric of NSLs and Bulk FISA Warrants and Business Records "All Tangible Things" and EO12333 get-out-of-jail-free cards to target anything loosely related to "understanding foreign intelligence."
there is zero difference between what China does and what the FVEYs do, except that our Overlords tell us they are not spying on us, while every peasant in China knows they are being spied on by their govt because the Chinese govt openly admits to it.
You took this thread into a huge, predictable, and off topic flamewar about China. That's exactly what the site guidelines ask you not to do. Please stick to the rules when posting here.
> there is zero difference between what China does and what the FVEYs do, except that our Overlords tell us they are not spying on us, while every peasant in China knows they are being spied on by their govt because the Chinese govt openly admits to it.
We can fight it by electing the correct people.
But more importantly, I won't be spirited away to a black site by speaking ill about the president. Nor can the government decide it doesn't want me as CEO of my company anymore. Or prevent me from funding the opposition party.
There's an enormous difference between the West and totalitarian dystopia China.
I don't understand what this has to do with China. Can't they both be bad? How does the NSA spying on people make China doing it any better? If I've got five eyes spying on me I'm still not keen to add a sixth.
I don't see why the NSA would have to hack Starwood given the designated nationals checks of the State Dept. I know firsthand that about 15 years ago, every major US hotel chain (and possibly small ones, don't know) matched every guest (globally) against a rather large list of names supplied by the US Gov and reported back the matches. This was done daily for every guest. I do not know if it is still done or not. An aside, the first thing the team tasked with implementing this did was check their names against the list.
Exactly. The moment the US created a global network of cyber spying it gave the motivation for all other countries to do the same. After all why would anyone believe in the goodness of the US when it is already proven that they will use this data as a commercial advantage?
Airlines report flights booked directly to security agencies, including new, cancelled, and changed itineraries, with complete customer information. They don't need to hack airlines—the regulatory system has given them what they need.
For all we know, all major hotel chains could just be forced to comply with secret injunctions from FISA, and it would still be totally legal, and totally cool.
The US doesn't have concentration camps with hundreds of thousands of their own citizens.
At most there is Guantanamo and black sites abroad. And at least for Guantanamo the prisoners have a modicum of rights (see Boumedine, though I concede that the current scotus majority is limiting it as much as possible.)
> there is zero difference between what China does and what the FVEYs do, except that our Overlords tell us they are not spying on us, while every peasant in China knows they are being spied on by their govt because the Chinese govt openly admits to it.
Zero difference ? Except that you don't have a totalitarian power on top for which laws are meaningless pieces of paper. Look at HK and ask them under which regime they would prefer to live in.
I can see your point for why China is not unlike the US in this regard. But where the two countries differ are the concentration camps, the huge restrictions on press and individual freedom, the imprisonment of political opponents and the massive censorship. Yes, the US does some bad things and may be moving in the wrong direction but you can't tell me that the degrees to which the two countries are bad are even remotely comparable.
There is a significant difference, the repercussions for expressing thoughts and opinions in China are much more significant.
I wouldn't argue that we should ignore or accept constant surveillance in our daily lives, but I would argue that I'd rather not have my travel rights revoked for expressing opinions against the state.
Two things afterwards having worked in intelligence:
- your examples are really child’s play, I have seen much more sneaky stuff. For example if you think NSA is interested in you, how would you acquire a new computer?
- The flip side is that there is still reasonable oversight that is adversarial. At least in the country I’m from. And different branches of government is a real difference from China, at least from now although the executive branch clearly has too much power in the US.
[+] [-] skim_milk|5 years ago|reply
You're only likely to be in a Sabre system if you've been booked by your company through a travel agent and rent using legacy car/hotel companies also through your company's travel agent.
[+] [-] keithnz|5 years ago|reply
Fun Facts, when I worked there, you could fly for free on American Airlines ( the company got split out from AA ). They claimed to employ the most PhDs at one time ( lots of operations research). Also claimed to invent database transactions for the problem of people trying to book the same seat on airplanes at the same time (early 60s I believe)
[+] [-] useful|5 years ago|reply
The best example I can think of is American. They have Amadeus running their international website. Their ticketing system is internal. And all their inventory is managed in Sabre.
Southwest was similar, for a while Amadeus ran their international site while Southwest ran an outdated internal system for domestic travel that didnt support flights leaving and arriving on different days. They eventually had Amadeus move into running their domestic stuff a few years ago and now they have red-eyes.
Delta runs all their own stuff on a mainframe and from the outside it looked like a slow moving disaster. I know Amadeus sees all their inventory and looks at each passenger.
[+] [-] squeaky-clean|5 years ago|reply
> If you book through the airline's systems or on online reservation systems they likely use the airline's systems to track travel instead of GDS since the GDS wants to take a big cut of every ticket sale.
But in my experience, the airline backend and pricing is usually outsourced to Sabre or Amadeus. Frontier and Southwest are the only big players I know of that handle that sort of thing themselves, and Frontier has a teeny-tiny routelist compared to the others.
[+] [-] walrus01|5 years ago|reply
[+] [-] 112012123|5 years ago|reply
[+] [-] dagoban|5 years ago|reply
Its actually the other way around, some airlines have their own system, but most use some sort of GDS.
i.e. even when you make a booking directly with one of the airlines above mentioned, the entire PNR is still created and used in a GDS.
Even when you use Farelogix (for LH NDC bookings for example) the entire PNR also gets created in AMA. When you want to make changes in the LH PNR that FLX does not support yet, you still have to make the changes in the AMA PNR.
[+] [-] cm2187|5 years ago|reply
[+] [-] aahhahahaaa|5 years ago|reply
[+] [-] baybal2|5 years ago|reply
It doesn't change the fact that a state will get the PNR from the airline.
[+] [-] 77pt77|5 years ago|reply
[+] [-] znpy|5 years ago|reply
[+] [-] ta17711771|5 years ago|reply
[+] [-] imglorp|5 years ago|reply
Your travel is certainly no mystery to the state without this one airline feed.
[+] [-] sneak|5 years ago|reply
The feds get every card swipe in real-time without a warrant.
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] downvoteme1|5 years ago|reply
Basically today, everybody should assume that the government knows everything about you - where you live, where you work, what car you drive, where you travel, What property you own, lease , whom you call etc. Privacy exists in name only.
[+] [-] SkyBelow|5 years ago|reply
Given that this information is the companies own info, voluntarily shared as a private business, I wonder if we can make a comparison to free speech and the notion that free speech still exists despite most avenues of communication now being privatized and having control over what speech is allowed. Conceptually, if free speech can still be considered to exist in such a realm, cannot privacy? Yes, you may have to choose to note engage in companies that share their data if you want to keep your privacy, but that is much like what happens if you want to be able to speak without having to follow the limits those companies have in place. This is not to say the arguments are identical, but that there does seem to be similarity in their structure.
If one can takes the argument that you can keep your privacy by just refusing to use airlines, credit cards, hotels, etc. and says that being forced to give up so much to maintain privacy means that privacy is dead (or exists in name only), then shouldn't it also be possible to make the argument that you can keep your free speech as long as you avoid the growing list of companies who refuse to business with individuals who engage in certain forms of speech (especially who do so loudly) mean that free speech is also dead?
If instead the 'private businesses doing what they want' argument wins, then shouldn't it also apply in the case of privacy? That the company sharing whom they are offering a service to doesn't violate privacy because it is information you willingly gave them that they can then give others. (The case where the information is gathered through overly broad warrants stands out as an exception, being that it is forced by the government.)
[+] [-] jorblumesea|5 years ago|reply
Contrary to what some posters here seem to be saying, Sabre is very widely used in many parts of the travel industry.
https://www.forbes.com/sites/leemathews/2017/07/06/travel-gi...
[+] [-] vuyani|5 years ago|reply
[+] [-] neximo64|5 years ago|reply
Any old school travel agent can look up names and follow their travel history anyway? (No matter how it is booked btw)
You could call one up and ask if X has got on the flight and they can check. I've done it before to check if I wanted to know the persons flight was delayed and made it to the airport on time.
[+] [-] raxxorrax|5 years ago|reply
[+] [-] tyingq|5 years ago|reply
[+] [-] imroot|5 years ago|reply
MI picked up a LOT of technical debt and a LOT of security bugs when transitioning SPG programs and properties into MI's portfolio (thankfully, I was off of that project at that point in time).
I don't think this is the case where the FBI or other conglomerates have direct SQL-style access into their systems, but, more-so where FBI has retired or plans internally to pull data from systems when requested: When it's hard as hell for employees with the proper need-to-know for their application to pull up data in a meaningful fashion, you know that it's next to impossible for Law Enforcement to have a nice little dashboard where they can just type "Ian Wilson" and get a list of every place I've ever stayed ever (unless they're working with VISA: that's something that I kinda expect, tho).
[+] [-] classified|5 years ago|reply
Seeing how they used Sabre to prosecute a measly $5000 damage, we can surmise that they'll use this and similar systems for just about anything they can possibly be used for.
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] drc500free|5 years ago|reply
[+] [-] mixmastamyk|5 years ago|reply
[+] [-] chishaku|5 years ago|reply
[+] [-] jermier|5 years ago|reply
[+] [-] dboreham|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] criveros|5 years ago|reply
[+] [-] andy_ppp|5 years ago|reply
[+] [-] Cthulhu_|5 years ago|reply
[+] [-] crb002|5 years ago|reply
[+] [-] virologist|5 years ago|reply
[+] [-] justanotheranon|5 years ago|reply
see page 8.
GCHQ has a program called ROYALCONCIERGE, where they hack the reservation systems of hotels to watch for targets renting rooms. then GCHQ sends teams ahead of time to intercept the targets, preaumably to spy on them, or assassinate them or rendition them to a black site.
from another Snowden doc which i can no longer find, it was revealed that ROYAL CONCIERGE hacked hotels owned by Starwood, one of the biggest umbrella corps owning multiple global hotel chains.
you think NSA only went after Starwood hotels? remember NSA said their "Full Spectrum Domination" posture means "Collect It All."
you think if NSA/GCHQ are hacking into hotel reservation databases to exfiltrate the whole shebang, that Airline reservation systems are NOT a higher priority?
a commenter said it is ridiculous hypocracy how we blast China for forcing its tech companies to become appendages of their military/intelligence complex, while ignoring FBI/CIA/NSA do the very exact same thing under the rubric of NSLs and Bulk FISA Warrants and Business Records "All Tangible Things" and EO12333 get-out-of-jail-free cards to target anything loosely related to "understanding foreign intelligence."
there is zero difference between what China does and what the FVEYs do, except that our Overlords tell us they are not spying on us, while every peasant in China knows they are being spied on by their govt because the Chinese govt openly admits to it.
[+] [-] dang|5 years ago|reply
https://news.ycombinator.com/newsguidelines.html
[+] [-] echelon|5 years ago|reply
We can fight it by electing the correct people.
But more importantly, I won't be spirited away to a black site by speaking ill about the president. Nor can the government decide it doesn't want me as CEO of my company anymore. Or prevent me from funding the opposition party.
There's an enormous difference between the West and totalitarian dystopia China.
[+] [-] tdeck|5 years ago|reply
[+] [-] rmah|5 years ago|reply
[+] [-] coliveira|5 years ago|reply
[+] [-] MAGZine|5 years ago|reply
https://papersplease.org/wp/2013/09/29/how-the-nsa-obtains-a...
For all we know, all major hotel chains could just be forced to comply with secret injunctions from FISA, and it would still be totally legal, and totally cool.
[+] [-] cataphract|5 years ago|reply
At most there is Guantanamo and black sites abroad. And at least for Guantanamo the prisoners have a modicum of rights (see Boumedine, though I concede that the current scotus majority is limiting it as much as possible.)
[+] [-] eloff|5 years ago|reply
There is a huge difference between free Western democracies, and totalitarian China, just ask the people of Hong Kong.
[+] [-] ekianjo|5 years ago|reply
Zero difference ? Except that you don't have a totalitarian power on top for which laws are meaningless pieces of paper. Look at HK and ask them under which regime they would prefer to live in.
[+] [-] DangerousPie|5 years ago|reply
[+] [-] nannal|5 years ago|reply
I wouldn't argue that we should ignore or accept constant surveillance in our daily lives, but I would argue that I'd rather not have my travel rights revoked for expressing opinions against the state.
[+] [-] kmonsen|5 years ago|reply