The tech revolution in the travel world, accelerated by the COVID-19 pandemic, is at once marvelous and invasive of your privacy. Apps, facial recognition, and smart products can make air transit and border crossings more convenient. Their touch-free and skip-the-line elements may help keep you safer from illness-causing viruses.
New tech may also speed up the return to normal travel, like the the World Economic Forum and The Commons Project collaboration CommonPass initiative, which aims to allow governments to validate individuals’ COVID testing and, eventually, vaccination credentials.
But such innovation comes with some risks. For a cautionary tale about travel technology and data security, look no further than a recent episode involving former Australian Prime Minister Tony Abbott, who posted a photo of his Qantas Airlines boarding pass on his Instagram account, only to see a hacker scan the coding and obtain the ex-PM’s passport number.
Paper tickets are old school. But they illustrate that cyber sneaks are eager to use their HTML-scanning, database-mining skills for good—or ill. In Abbott’s case, the hacker exposed security flaws in a ploy to discourage people from flaunting their boarding passes and other sensitive documents online. The airline responded by upgrading security protocols.
When you head back out into a world of new travel technology, how can you protect your personal information?
Facial recognition tech
Singapore, always ahead of the tech curve, announced it will be the first country in the world to use facial recognition on government-issued IDs, starting in September 2020. By 2023, the U.S. Department of Homeland Security expects to be using facial recognition on 97 percent of travelers.
The COVID-19 pandemic has created new technology, too—and concerns about its ramifications. In some countries, visitors must download contact-tracing apps (Belize) or wear a GPS tracker (during quarantine in Hong Kong and for some travelers to Grenada). For the time being, tracking and tracing may be the price of traveling during a viral outbreak. The most secure contact-tracing apps use Bluetooth and don’t auto-upload info to a central database. But in June, Amnesty International called out Bahrain, Kuwait, and Norway for overly invasive apps and Qatar for a security flaw that made personal info vulnerable to hackers.
The ramifications of facial recognition programs for travelers are still blurry. If you have concerns about privacy, you might want to be wary of all that scanning and recording of your features. At U.S. airports, passengers can opt out of biometric identification at customs and other checkpoints, but you’ll have to ask. And it could flag you for further screening or make it look like you have something to hide, so it might be easier to just go with the flow.
While it may feel compromising that your mug—even COVID-masked—will become your passport, boarding pass, or entry to that free hotel breakfast, it’s fair to ask whether this is any more invasive than other ways technology uses photos to track our movements and interests. Google Images is already doing “a great job recognizing you from your online photos,” says Vinny Troia, an “ethical” hacker and CEO of risk-assessment firm Night Lion Security. Facebook automatically does a facial recognition search when you upload photos and suggests tagging the people it detects in each image.
Mostly harmless invasions of privacy?
Boarding a plane with just a flick of your phone screen is futuristic and easy. Reservation chatbots and hotel, airline, and car rental databases seem helpful. But there are ways that this technology could mine and use your data. Some of it is harmless: Your search for a house rental on the beaches of North Carolina might flood your social media feeds with ads for barbecue joints.
Using apps (Facebook, Tiktok, WeChat) does expose your data, which is “sold to third parties for advertising, data modeling, and future uses we have not even considered,” says privacy and data security lawyer Mark McCreary. Thanks to travelers’ data, “businesses are better able to model and predict travel demand, timing, and pricing tolerance. Big data is big business in the travel industry.”
If you have no qualms about posting a selfie the next time you camp at a national park or dine at a restaurant then your anxiety over travel innovations might be misplaced. Minimizing targeted travel ads is easy: Just delete your cookies and search history periodically, or browse for flights or rental cars in private mode.
The good news? “Most general-purpose travel apps (e.g. accommodation and transport booking, city guides, etc.) aren’t especially risky in terms of your privacy,” says Dave Dean, founder of Too Many Adapters, a site demystifying travel tech. He warns that social media apps (Facebook, Instagram) typically collect more sensitive data than booking ones, and use it in more invasive ways. “Yet most people happily use those every day.”
More serious security breaches
Bigger threats than unwanted ads or facial scans include someone using travel technology to hack into your bank accounts, credit cards, or to steal your identity.
Travelers are often in unfamiliar places, easily distracted and more likely to be victims of both physical theft or cyberattacks (for example your phone or computer hacked into via the wifi at a Moscow café). Digital invasions can result in less obvious invasions like sniffing (kind of like bugging a phone), malware, and phishing.
Cybercriminals routinely create networks and legit-sounding websites to steal your usernames, passwords, and contacts. A good precaution is to limit your use of public wifi, which is “typically left unsecured and represents an attractive target for hackers,” says Attila Tomaschek, a researcher at privacy tool review site ProPrivacy.
Paul Lipman, CEO at cybersecurity company BullGuard, recommends using devices that “contain only the data you’ll need for that trip,” especially when visiting countries where government officials have the right (or inclination) to access your devices.
The solution? A light tech footprint
The best solution may be to pack light both digitally and physically. Dean stores as little info as possible on his devices, keeping only the apps he really needs and regularly revoking third-party permissions to Google and Facebook. He recommends minimizing apps’ access to your contacts and location. “I don’t authorize location (GPS) access for any app that doesn’t absolutely require it to function, and I keep location services turned off when I’m not actively using it for navigation.”
Scott Keyes, founder of bargain airfare site Scott’s Cheap Flights, recommends ensuring all your devices’ lock screens and accounts have secure and unique passwords and uninstalling or logging out of financial apps before you hit the road. Make sure to update your software with the latest security patches. Don’t be caught with too few adapters: having the right international plugs (or a rechargeable battery) means you won’t get juice jacked (hacked via a public USB port).
Paul Mayers, a retired Canadian government executive, says that when visiting some countries, “anything I didn’t absolutely need stayed at home.” Everything else—phone, tablet, meeting notes—“all went with me every time I left my hotel room.” In some countries, state operators can and will resort to espionage to gain a competitive edge, including breaking into the hotel safe to get your laptop for a quick download or to install monitoring malware.
It all sounds a little like a spy movie in which you, your data, and your attention span get turned into a highly profitable product. But simple steps can help you from playing a starring role.
Johanna Read is a Canadian writer specializing in responsible tourism and a former Canadian government policy executive. Follow her on