This is misleading to the point where it's not really true. They can't read your email -- or anything else -- unless you click through the extremely dire security warning in your browser. They don't have some sort of CA cert. This is one of the few threat scenarios where HTTPS works exactly as designed.
They're serving a page with a mismatched certificate becaus they want to tell you why YouTube isn't loading instead of simply just blocking it. Bogus HTTPS is at least a feeble attempt to do that
The fact they block Youtube isn't anything new, it's how they're doing it that's the news story here. They are tricking your browser into thinking they are Google but it doesn't give any more technical details unfortunately.
On a side note, here's a pro tip: Always buy the full day pass before you're actually in the air. It's $16 on any network but their own, which is almost double that once you're in the air. They also don't give better deals for mobile vs laptops like they used to so this is your best bet for a 'deal' these days.
To add to your side note, business AMEX platinum comes with 10 flight segment passes (not day passes, my bad) as well. Probably a few startups here that already have that card and don't know about it.
This story sounded really familiar, so the first thing I looked for in the article was the publication date. It was really hard to find. In small greyed-out print at the bottom, after links to other articles:
CNNMoney (New York) January 6, 2015: 1:30 PM ET
It's poor behavior to make such an important bit of information so hard to find.
They're serving a page with a mismatched certificate becaus they want to tell you why YouTube isn't loading instead of simply just blocking it. Bogus HTTPS is at least a feeble attempt to do that