Shut down unrestricted public Internet access to AIS data
My wife and I were walking along a bluff trail overlooking Washington’s Puget Sound last month with some friends. As we sat there taking a break enjoying some hot coffee from our thermos, an inbound cargo ship passed by. Al asked, “Hey Kelly, what do you know about that ship?” Before I could reply, another in the group blurted out “That’s the North Star. It comes in every Wednesday around this time.” I said, “You’re right, Charlotte, but how do you know that?” She replied, “I’m always looking out at the ships and boats going by with my binoculars or telescope. Sometimes, I then go online and check out www.marinetraffic.com. It gives me all kinds of info.”
Our friend Charlotte was right. On my computer, at this moment I am checking out Green Point, a U.S.-flag car carrier. Even though I am thousands of miles away in Seattle, from the information on the Web site I know that just minutes ago the 590-foot by 106-foot ship was at latitude 26.43887 N, longitude 53.35397 E, and averaging 17.2 knots. It is en route from Jebel Ali, United Arab Emirates, to Karachi, Pakistan; the ship’s ETA is 0800 on Feb. 3, 2010. Green Point is just one of more than 12,000 ships and boats around the world whose real-time navigational information is available on the Web site anytime — day or night.
All this ship-specific information found online is picked up directly from the Automatic Identification System (AIS) transponders of the vessels themselves. When the International Maritime Organization (IMO) and the U.S. Coast Guard mandated the use of AIS equipment on commercial vessels over 300 gross tons in 2004, they chose a VHF radio-based technology that is not secure and is easily monitored. An inexpensive AIS receiver can be purchased over the counter for only a few hundred dollars. Even simpler and cheaper, anyone with access to the Internet can now go to Web sites and track real-time AIS data from ships and boats throughout the world — like our friend Charlotte does.
The IMO has publicly denounced the broadcasting of AIS data over the Internet on ship-tracking Web sites, saying that it “could be detrimental to the safety and security of ships.” In a survey conducted by the Nautical Institute, 77 percent of the shipmasters who responded were uneasy about the effect AIS could have on vessel security. An excellent article by two U.S. Navy officers in the November 2009 issue of Armed Forces Journal states that the operation of AIS “raises security concerns because information is broadcast and made available to anyone, including people planning acts of piracy or terrorism.” Pirates have reportedly used AIS data in successful hijackings — including the supertanker Sirius Star. Considering that a maritime terror incident on a ship just arriving in New York Harbor could make the falling of the World Trade Center seem minor by comparison, is it really wise to give the general public unlimited access to real-time AIS information?
While I think it’s wonderful that our friend who lives in a house overlooking Puget Sound has an interest in ships, I don’t think she has any need to know every AIS-transmitted detail of each ship, tug or ferry that passes in front of her home — and neither does any other member of the general public. Personally, I not only consider this uncontrolled, unnecessary and potentially dangerous public access of real-time AIS information a breach of maritime safety and security — but a risk to society at large as well. I believe that AIS-tracking Web sites offering unrestricted access of this information to the general public should be shut down.
Because AIS has a range of around 30 to 50 miles, the concern about public access to AIS information has thus far centered on coastwise and inland vessels near major ports. That has all changed. The launching of two prototype AIS-tracking nanosatellites, one in 2008 and the other 2009, has now ushered in the era of space-based AIS (S-AIS). Active tracking of commercial vessels’ AIS signals far out at sea has been so successful on a test-scale that plans to establish a satellite network capable of monitoring AIS signals from ships anywhere on the globe are well underway — with full worldwide capability anticipated by 2014. Soon every AIS-equipped ship and boat will be able to be tracked — even when thousands of miles offshore.
I see tremendous potential for the use of S-AIS in long-range tracking and rescue applications. The Canadian Department of National Defence successfully used S-AIS data for ship surveillance in a test study conducted in 2009, monitoring an almost four million square mile area of the North Pacific for illegal fishing. I have no problem with governments using and sharing confidential S-AIS data, but when it was reported in November 2009 that a private company had signed a seven-year contract to receive access to this information, like many in the industry I became concerned about the potential for its misuse. As a security measure, under the provisions of the International Ship and Port Facility Security Code, I think that companies or individuals contracting with providers of S-AIS data should not only be required to register and undergo a background check, but also demonstrate a valid “need-to-know” before they have access to this ship-specific information.
Piracy off Somalia is at a six-year high and has increased in Asia in the past year, with reports that hundreds of my fellow merchant mariners are being held hostage for ransom. In these dangerous times, every effort needs to be made to protect merchant ships, crews and the billions of people living in port cities or coastal areas. The authorities have mandated the use of AIS on thousands of commercial vessels; they now need to ensure that this sensitive information does not get into the wrong hands.
Till next time I wish you all smooth sailin’.
Kelly Sweeney holds the licenses of master (oceans, any gross tons) and master of towing vessels (oceans), and regularly sails on a wide variety of commercial vessels. He lives on an island near Seattle. You can contact him at email@example.com.