In my practice, I frequently fly back and forth between the East and West coasts of the United States. Consequently, I do a lot of work on planes and was delighted when several years ago my favorite carrier Delta introduced the Gogo Internet service on cross-country flights. However, because my practice includes cyber security and data breach mitigation, I did what few lawyers do when they open a Gogo account — I actually read the Terms of Service. It turns out that Gogo is very upfront about the lack of security on its in-flight Wi-Fi service. Gogo explains :
The connection through which users purchase Gogo is an SSL-encrypted link. However, following such purchase, due to multiple users of our In-flight Wi-Fi access point, Gogo does not provide an encrypted communication channel (Wired Equivalency Protection known as “WEP”) or (Wi-Fi Protected Access known as “WPA”) between our in-flight Wi-Fi access point and the user’s computer. Gogo does support secure Virtual Private Network (VPN) access. If you have VPN, Gogo recommends that you use that channel for greater security. SSL-encrypted websites or pages, typically indicated by “https” in the address field and a “lock” icon, can also generally be securely accessed through the Gogo In-flight service. Users should be aware, however, that data packets from un-encrypted Wi-Fi connections can be captured by technically advanced means when they are transmitted between a user’s device and the Wi-Fi access point. Wi-Fi customers should therefore take precautions to lower their security risks.
Gogo recommends that users follow good security practices, such as ensuring file-sharing is not enabled while accessing the Internet from an un-encrypted public network and that laptops have firewall and other protection against malware. Gogo recommends that sensitive or private information should not be accessed via or transmitted over an un-encrypted connection.
The bottom line is that Gogo lacks even the most rudimentary encryption capabilities. So listen and heed Gogo’s own advice:— “Gogo recommends that sensitive or private information should not be accessed via or transmitted over an un-encrypted connection” (i.e, Gogo).” This means don’t sign into your bank or financial institution while using the Gogo service. This also means not accessing confidential client information via Gogo.
So to sum it all up, be wary of airborne Wi-Fi, and let’s be careful out there