A computer security researcher on his way to give a talk about computer security vulnerabilities at a major conference was told he couldn’t fly on United Airlines Saturday, due to comments he’d made on Twitter.
Chris Roberts, of One World Labs in Denver, was on his way to San Francisco for the RSA security conference when he was told by United Airlines that he wouldn’t be allowed to board his plane.
“Roberts was told to expect a letter explaining the reasons for not being allowed to travel on United,” his lawyers at the Electronic Frontier Foundation, a cyber rights group in San Francisco, posted on Saturday.
Roberts was able to get a flight on another airline and finally arrived in San Francisco late Saturday, said Elaine Hayoz, a One World Labs spokeswoman.
United made the decision not to allow Roberts to fly on United “because he had made public statements about having manipulated airfare equipment and aircraft systems,” said Rahsaan Johnson, United Airlines spokesman.
“That’s something we just can’t have,” he said.
Not only are such manipulations a violation of United’s policies but, “it’s not something we want our inflight crews and customers to deal with,” Johnson said.
Although some stories have reported that Roberts got through security and to his flight’s gate before he was told he could not board, Johnson said he was actually notified several hours prior to that.
“We reached out to him several hours before departure and had a conversation with him,” Johnson said.
Roberts’ troubles began Wednesday when he flew from Denver, where his company is based, to Syracuse, N.Y.
Once onboard, he pondered on Twitter whether he would be able to hack into the flight’s onboard computer settings.
“Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone ? :)” his tweet read.
EICAS refers to the plane’s onboard communication system, the “engine-indicating and crew-alerting system.”
Clearly someone was paying attention. When Roberts’ plane arrived in Syracuse, he was removed by FBI agents and questioned for four hours.
His next tweet read, “Lesson from this evening, don’t mention planes…the Feds ARE listening, nice crew in Syracuse, left there naked of electronics.”
All of his computer equipment, including an iPad, a MacBook Pro, several hard drives and several USB memory sticks were confiscated, according to an FBI “receipt for Property Received” he posted online.
Roberts was allowed to keep his iPhone, according to Forbes.com.
He later returned to Denver. Then on Saturday Roberts got ready to fly to San Francisco for the RSA conference, which begins Monday.
Ironically, Roberts’ talk, scheduled for Thursday, is in part about the vulnerabilities of transportation systems.
EFF, which has taken on his case, said Saturday that United’s refusal to allow him to fly “is both disappointing and confusing. As a member of the security research community, his job is to identify vulnerabilities in networks so that they can be fixed,” EFF’s Andrew Crocker said on the organization’s website.