I work in the travel industry as a programmer (god only knows for how much longer) - I can tell you that Sabre and other GDS's are only used if you go through a travel agent or use some online reservation systems. If you book through the airline's systems or on online reservation systems they likely use the airline's systems to track travel instead of GDS since the GDS wants to take a big cut of every ticket sale. And obviously only legacy travel companies like Hertz and Mariott integrate with GDS's, new travel companies Uber and Airbnb likely don't have any relationship with Sabre.
You're only likely to be in a Sabre system if you've been booked by your company through a travel agent and rent using legacy car/hotel companies also through your company's travel agent.
I used to work for Sabre, they do a lot more than just bookings, they provide all the software to run an airline basically. I worked in the area for scheduling air crew. But also crossed over into all the flight tracking. Their systems hold a lot of data, though the airlines own and host that data in secure facilities.
Fun Facts, when I worked there, you could fly for free on American Airlines ( the company got split out from AA ). They claimed to employ the most PhDs at one time ( lots of operations research). Also claimed to invent database transactions for the problem of people trying to book the same seat on airplanes at the same time (early 60s I believe)
The industry is moving to a being able to purchase products instead of complete PSS/GDS solutions. As an airline you'll be able to buy an inventory management system from Amadeus, a pricing system from Sabre, a support system from TravelSky, and a website from Travelport.
The best example I can think of is American. They have Amadeus running their international website. Their ticketing system is internal. And all their inventory is managed in Sabre.
Southwest was similar, for a while Amadeus ran their international site while Southwest ran an outdated internal system for domestic travel that didnt support flights leaving and arriving on different days. They eventually had Amadeus move into running their domestic stuff a few years ago and now they have red-eyes.
Delta runs all their own stuff on a mainframe and from the outside it looked like a slow moving disaster. I know Amadeus sees all their inventory and looks at each passenger.
> They eventually had Amadeus move into running their domestic stuff a few years ago and now they have red-eyes.
Heh. I remember thinking years back that it was odd that Southwest never had any overnight flights, especially transcontinental. Just assumed it was the way they did business and some sort of cost cutting measure. Didn't think it'd be due to a software limitation!
Also a travel industry programmer. Same feelings about for how much longer, heh.
> If you book through the airline's systems or on online reservation systems they likely use the airline's systems to track travel instead of GDS since the GDS wants to take a big cut of every ticket sale.
But in my experience, the airline backend and pricing is usually outsourced to Sabre or Amadeus. Frontier and Southwest are the only big players I know of that handle that sort of thing themselves, and Frontier has a teeny-tiny routelist compared to the others.
"But in my experience, the airline backend and pricing is usually outsourced to Sabre or Amadeus"
True, but that doesn't make the reservations visible in the GDS. If Sabre or Amadeus is running your "CRS (Central Res System)", they aren't allowed to do anything with the data that you haven't asked them to.
You think US intelligence doesn't have access to other major airlines' back end databases, or things like major hotels' reward programs, airbnb, uber, lyft?
As someone who has worked on security for said systems, and who is somewhat familiar with the types of requests that are serviced to LEAs and TLAs, I do think that they don’t have access to back end databases.
What, you think we set up a VPN for them so their SQL client in Fort Meade can just query as they please? Or do you think they hack us?
This is largely a moot point. All names of departures and international arrivals are sent to the Department of Homeland Security via the Secure Flight/APIS data pipeline. This returns to the airline authorization to board, select for additional screening (SSSS on boarding pass), or inhibit boarding (unless overridden by a TSA call center), as well as, for international flights, authorization for who can even overfly the country.
Of course it's laughable to think you could get away with doing anything on a plane in a post-9/11 USA - they're obviously going to have data on every citizen's and foreigner's flights. Beyond that I wouldn't know.
All I can say is you're very likely not a point in Sabre's private data mining set.
Definitely depends on the airline. The big US carriers all have their own systems, but the vast majority of foreign carriers use a GDS on their backend. It's just not worth building in-house unless you're at very large scale.
Old non-US airlines definitely have their own systems. I know Scandinavian Airlines have their own, and it looks like Lufthansa and KLM-Air France do too.[0]
I would be surprised if say British Airways didn't.
not true.
BA,LH,LX,OS,AF,KL,... all run on AMA
AA runs on Sabre
Its actually the other way around, some airlines have their own system, but most use some sort of GDS.
i.e. even when you make a booking directly with one of the airlines above mentioned, the entire PNR is still created and used in a GDS.
Even when you use Farelogix (for LH NDC bookings for example) the entire PNR also gets created in AMA. When you want to make changes in the LH PNR that FLX does not support yet, you still have to make the changes in the AMA PNR.
Both of them also have GDS integrations. I don't know exactly how much but I'd assume it's the bulk of their traffic.
As a general rule the large majority of anything you don't book directly with the airline/hotel (and for all I know, some of what you do) is very likely to be in a GDS somewhere.
They don't use a GDS on the front end, but doesn't all that data feed into a GDS somewhere on the backend? I don't know much about Sabre but I know Amadeus reaches pretty far across everything.
Travel agencies still like to use the frontend even though they're even less user friendly than VIM. This isn't the right time for it but once upon a time you could research what travel agencies use what GDS by the job requirements these agencies put out - usually you need like 5 years experience with Sabre/Apollo/whatever for any job here.
Once your travel details are in the GDS then the airline clerks, car rental sales person, hotel clerks, and your travel agent can check out or update your travel info for you just based on the PNR number on your airline ticket for convenience if you're just not into that weird smartphone thing. You can change a bunch of things during the trip like what car you drive and hotel amenities during your stay so after the trip ends we download your trip from Sabre and build reports for your boss or whatever.
Corporate bigwig types (whether technical or otherwise) are generally not booking their own travel - that's what executive assistants are for. I'm a technologically literate corporate peon, and still booked >$15k in travel last year through SABRE via our online corporate booking system, and about $10k in bookings executed manually by our travel team.
The online bookings still routed through an internal travel agent for final approval and execution of the booking, but I never actually interacted with anyone. The manual bookings were the only time I ever spoke with an agent, and it was almost always to handle an itinerary that was too complex for the UI of the online booking system to accommodate.
Having travel agents for companies is actually a good idea, having someone work to set up travel for workers saves a crapload of time and money for everyone and better done if its outsourced to someone that knows travel.
Lots of board and CXX whigs book their vacations through their agent on their company's dime as a part of their benefits package which is actually a great deal for them. I'm more of a thrill seeker so I wouldn't use one but the average person who just wants a stable planned-out vacation that they only get once a year it's a really good idea.
Pretty sure they've also got feeds on everyone's credit card purchases, emails of itineraries, text message confirmations, your phone homing and roaming (from the cell networks), from scores of apps that wanted your location squealing to whoever wants to buy it, from face rec at airports, etc etc.
Your travel is certainly no mystery to the state without this one airline feed.
I am surprised that this is considered a secret anymore. If you travel anywhere and board a flight, stay a hotel or rent a car, you should assume that the government already knows about this. All companies have data sharing agreements with the government and judges are known to sign very broad data warrants that force companies to give data to governments for any suspicion of crime .
Basically today, everybody should assume that the government knows everything about you - where you live, where you work, what car you drive, where you travel, What property you own, lease , whom you call etc. Privacy exists in name only.
Given that this information is the companies own info, voluntarily shared as a private business, I wonder if we can make a comparison to free speech and the notion that free speech still exists despite most avenues of communication now being privatized and having control over what speech is allowed. Conceptually, if free speech can still be considered to exist in such a realm, cannot privacy? Yes, you may have to choose to note engage in companies that share their data if you want to keep your privacy, but that is much like what happens if you want to be able to speak without having to follow the limits those companies have in place. This is not to say the arguments are identical, but that there does seem to be similarity in their structure.
If one can takes the argument that you can keep your privacy by just refusing to use airlines, credit cards, hotels, etc. and says that being forced to give up so much to maintain privacy means that privacy is dead (or exists in name only), then shouldn't it also be possible to make the argument that you can keep your free speech as long as you avoid the growing list of companies who refuse to business with individuals who engage in certain forms of speech (especially who do so loudly) mean that free speech is also dead?
If instead the 'private businesses doing what they want' argument wins, then shouldn't it also apply in the case of privacy? That the company sharing whom they are offering a service to doesn't violate privacy because it is information you willingly gave them that they can then give others. (The case where the information is gathered through overly broad warrants stands out as an exception, being that it is forced by the government.)
They're also a target for APTs and foreign governments. Pretty much everyone wants to get their hand on travel data. Also fairly likely that other GDS such as Amadeus has similar issues. Speaking from personal experience, Sabre's code base is very outdated, and filled with tech debt and hacks. They haven't done a good job controlling bloat and many teams are skeleton crews that are consumed with ops and can barely fix bugs. I'm sure you don't need to "hack" anything.
Contrary to what some posters here seem to be saying, Sabre is very widely used in many parts of the travel industry.
Any old school travel agent can look up names and follow their travel history anyway? (No matter how it is booked btw)
You could call one up and ask if X has got on the flight and they can check. I've done it before to check if I wanted to know the persons flight was delayed and made it to the airport on time.
It is interesting because it lets you reflect on asine practices. If this level of distrust by government towards citizens is accepted and normalized because of terrorism and subjective security needs, don't cry if people think government wants to intentional feed lead to your kids.
It's more complicated than that. Most tickets aren't in a GDS, but only in an individual airline's CRS. And a travel agent wouldn't have broad SQL like ability to query. They would need at least 2 of name, record locator, or flight/date. And travel agents don't typically have access to every airline CRS and all GDS systems...some subset is more common.
Presumably there is some travel agent with access to the data. I think it's concerning that one company maintains so much information, but in terms of government access, if the FBI is going to go through the trouble of getting a court-issued order like this [1] (which is specific to one person for one particular six-month period), then finding the right travel agent to serve the order to doesn't seem like it'd slow things down much (it took at least three days to get the order since some "Judge Huff was not in chambers").
The travel industry (esp the airlines) are moving to puzzle piece style integrations -- I know that Hilton Uses Sabre for incoming GDS reservations, but, uses salesforce internally for managing a lot of the guest interactions (including bookings and customer support): AA (as mentioned previously in this thread) uses multiple commercial systems, and Marriott uses a mixture of FOSSE, MARSA (there might be an H in there, but, it's been a while since I've been at MI) that talk to their backend microservices for their .com system.
MI picked up a LOT of technical debt and a LOT of security bugs when transitioning SPG programs and properties into MI's portfolio (thankfully, I was off of that project at that point in time).
I don't think this is the case where the FBI or other conglomerates have direct SQL-style access into their systems, but, more-so where FBI has retired or plans internally to pull data from systems when requested: When it's hard as hell for employees with the proper need-to-know for their application to pull up data in a meaningful fashion, you know that it's next to impossible for Law Enforcement to have a nice little dashboard where they can just type "Ian Wilson" and get a list of every place I've ever stayed ever (unless they're working with VISA: that's something that I kinda expect, tho).
> No one really knows just how often or widely the government has used the All Writs Act to force companies into surveillance
Seeing how they used Sabre to prosecute a measly $5000 damage, we can surmise that they'll use this and similar systems for just about anything they can possibly be used for.
Readit News
You're only likely to be in a Sabre system if you've been booked by your company through a travel agent and rent using legacy car/hotel companies also through your company's travel agent.
Fun Facts, when I worked there, you could fly for free on American Airlines ( the company got split out from AA ). They claimed to employ the most PhDs at one time ( lots of operations research). Also claimed to invent database transactions for the problem of people trying to book the same seat on airplanes at the same time (early 60s I believe)
The best example I can think of is American. They have Amadeus running their international website. Their ticketing system is internal. And all their inventory is managed in Sabre.
Southwest was similar, for a while Amadeus ran their international site while Southwest ran an outdated internal system for domestic travel that didnt support flights leaving and arriving on different days. They eventually had Amadeus move into running their domestic stuff a few years ago and now they have red-eyes.
Delta runs all their own stuff on a mainframe and from the outside it looked like a slow moving disaster. I know Amadeus sees all their inventory and looks at each passenger.
Heh. I remember thinking years back that it was odd that Southwest never had any overnight flights, especially transcontinental. Just assumed it was the way they did business and some sort of cost cutting measure. Didn't think it'd be due to a software limitation!
> If you book through the airline's systems or on online reservation systems they likely use the airline's systems to track travel instead of GDS since the GDS wants to take a big cut of every ticket sale.
But in my experience, the airline backend and pricing is usually outsourced to Sabre or Amadeus. Frontier and Southwest are the only big players I know of that handle that sort of thing themselves, and Frontier has a teeny-tiny routelist compared to the others.
True, but that doesn't make the reservations visible in the GDS. If Sabre or Amadeus is running your "CRS (Central Res System)", they aren't allowed to do anything with the data that you haven't asked them to.
What, you think we set up a VPN for them so their SQL client in Fort Meade can just query as they please? Or do you think they hack us?
https://arstechnica.com/tech-policy/2014/05/ask-ars-can-i-se...
All I can say is you're very likely not a point in Sabre's private data mining set.
I would be surprised if say British Airways didn't.
[0] https://www.emirates247.com/business/corporate/buying-ticket...
Its actually the other way around, some airlines have their own system, but most use some sort of GDS.
i.e. even when you make a booking directly with one of the airlines above mentioned, the entire PNR is still created and used in a GDS.
Even when you use Farelogix (for LH NDC bookings for example) the entire PNR also gets created in AMA. When you want to make changes in the LH PNR that FLX does not support yet, you still have to make the changes in the AMA PNR.
As a general rule the large majority of anything you don't book directly with the airline/hotel (and for all I know, some of what you do) is very likely to be in a GDS somewhere.
Once your travel details are in the GDS then the airline clerks, car rental sales person, hotel clerks, and your travel agent can check out or update your travel info for you just based on the PNR number on your airline ticket for convenience if you're just not into that weird smartphone thing. You can change a bunch of things during the trip like what car you drive and hotel amenities during your stay so after the trip ends we download your trip from Sabre and build reports for your boss or whatever.
It doesn't change the fact that a state will get the PNR from the airline.
The online bookings still routed through an internal travel agent for final approval and execution of the booking, but I never actually interacted with anyone. The manual bookings were the only time I ever spoke with an agent, and it was almost always to handle an itinerary that was too complex for the UI of the online booking system to accommodate.
Lots of board and CXX whigs book their vacations through their agent on their company's dime as a part of their benefits package which is actually a great deal for them. I'm more of a thrill seeker so I wouldn't use one but the average person who just wants a stable planned-out vacation that they only get once a year it's a really good idea.
Your travel is certainly no mystery to the state without this one airline feed.
The feds get every card swipe in real-time without a warrant.
Deleted Comment
Basically today, everybody should assume that the government knows everything about you - where you live, where you work, what car you drive, where you travel, What property you own, lease , whom you call etc. Privacy exists in name only.
Given that this information is the companies own info, voluntarily shared as a private business, I wonder if we can make a comparison to free speech and the notion that free speech still exists despite most avenues of communication now being privatized and having control over what speech is allowed. Conceptually, if free speech can still be considered to exist in such a realm, cannot privacy? Yes, you may have to choose to note engage in companies that share their data if you want to keep your privacy, but that is much like what happens if you want to be able to speak without having to follow the limits those companies have in place. This is not to say the arguments are identical, but that there does seem to be similarity in their structure.
If one can takes the argument that you can keep your privacy by just refusing to use airlines, credit cards, hotels, etc. and says that being forced to give up so much to maintain privacy means that privacy is dead (or exists in name only), then shouldn't it also be possible to make the argument that you can keep your free speech as long as you avoid the growing list of companies who refuse to business with individuals who engage in certain forms of speech (especially who do so loudly) mean that free speech is also dead?
If instead the 'private businesses doing what they want' argument wins, then shouldn't it also apply in the case of privacy? That the company sharing whom they are offering a service to doesn't violate privacy because it is information you willingly gave them that they can then give others. (The case where the information is gathered through overly broad warrants stands out as an exception, being that it is forced by the government.)
Contrary to what some posters here seem to be saying, Sabre is very widely used in many parts of the travel industry.
https://www.forbes.com/sites/leemathews/2017/07/06/travel-gi...
Any old school travel agent can look up names and follow their travel history anyway? (No matter how it is booked btw)
You could call one up and ask if X has got on the flight and they can check. I've done it before to check if I wanted to know the persons flight was delayed and made it to the airport on time.
[1] https://www.documentcloud.org/documents/6989724-All-Writs-Ac...
MI picked up a LOT of technical debt and a LOT of security bugs when transitioning SPG programs and properties into MI's portfolio (thankfully, I was off of that project at that point in time).
I don't think this is the case where the FBI or other conglomerates have direct SQL-style access into their systems, but, more-so where FBI has retired or plans internally to pull data from systems when requested: When it's hard as hell for employees with the proper need-to-know for their application to pull up data in a meaningful fashion, you know that it's next to impossible for Law Enforcement to have a nice little dashboard where they can just type "Ian Wilson" and get a list of every place I've ever stayed ever (unless they're working with VISA: that's something that I kinda expect, tho).
Seeing how they used Sabre to prosecute a measly $5000 damage, we can surmise that they'll use this and similar systems for just about anything they can possibly be used for.