Essential Privacy Tips If You Travel

Travel Security

TechViews News …..

Travel is increasingly becoming an arduous task and is losing its sparkle as something “fun” to do. Remember the days when you could actually go to the gate to greet someone as they exited their plane? And even saw them off on their once a year vacation?

That’s all changed thanks to post-9/11 security measures enacted by the government for airline flight. On top of travel becoming more of a chore, we are now subjected to numerous attacks on our personal security.

American travelers took 2.25 billion domestic trips and 87.7 million international trips in 2017, according to statistics from the U.S. Travel Association and the U.S. National Travel and Tourism Office. If you were one of those travelers, you likely walked through a body scanner, had your photo taken to confirm your identity or gave up personal data without even realizing it.

You may have also encountered “smart” hotel rooms in which a tablet controlled the lights, curtains and temperature, and perhaps even saved your preferences for your next stay. When you drove off in your rental car, you may not have realized that the rental company was collecting data on your driving habits and the car’s location. And when you logged in to that hotel Wi-Fi network, you had no idea who else might be on the same network.

Of course, none of these practices are illegal. But they all raise the risks that your private personal data may be misused, misappropriated or stolen. Fortunately, there are ways you can try to minimize the data collection.

Creepy airport screening technology

Since 2016, the U.S. Customs and Border Protection’s (CBP) Biometric Air Exit program has put facial-recognition technology in several U.S. airports.

When you board an international flight, CBP or a partner airline takes a picture of you and compares it against your passport photo. Delta and JetBlue already participate in this program.

The Transportation Security Administration recently launched a similar pilot program for international flights at Los Angeles International Airport in which departing travelers can opt to have their photos used to verify that their boarding passes and passports match. They want you to think that it speeds along the boarding process and it’s all for your convenience.

If there is a discrepancy, travelers are not allowed through the security checkpoint — although TSA agents will still be able to manually verify their boarding documents.

CBP aims to use biometrics to confirm the identities of more than 97 percent of passengers in the next few years and to expand this initiative to every point of entry and exit in the United States. Facial recognition isn’t 100 percent accurate, however — it more frequently misidentifies ethnic minorities and people wearing certain accessories or makeup, Quartz reported.

Jeramie Scott, director of the Electronic Privacy Information Center’s Domestic Surveillance Project, said facial recognition as a primary means of identification heightens the capacity of the government to conduct surveillance beyond the scope of confirming travelers’ identities.

Scott worries that this data could be used in ways we haven’t consented to — although CBP says images are deleted and purged from its systems within 14 days. In other areas we’ve seen this argument to be totally false. Image data is actually stored to cross-identify persons in other areas of their day-to-day lives.

“There need to be protections around the collection and use of certain data,” Scott said. “If you agree to use your face as your boarding pass and confirm your identity that way, there should be rules in place that prevent that use from going beyond that stated purpose.”

Scott said that, if you don’t like the notion of facial-recognition software, you should be able to opt out of biometric screening to board flights by requesting an alternative review from a CBP official. To date, your face is secretly imaged and stored and there is no alternative for direct identification. It’s like a paranoid, dystopian society has descended upon us. Yes, Big Brother is watching – and recording.

The same goes for body scanners, which used to essentially render you naked on a TSA agent’s computer screen, but now display a generic body outline. If that still makes you uncomfortable, you have two choices as long as you’re at a U.S. security checkpoint.

The first option is to sign up for the TSA’s Precheck program. You’ll have to pay $85 (good for five years), submit your fingerprints and agree to a background check.

But if you’re accepted, then you’ll be walking through a regular metal detector instead of a body scanner at participating U.S. airports. You’ll frequently also encounter shorter security lines. (For frequent international travelers, there’s a similar program called Global Entry that costs $100 for five years.)

The other option is to “opt out” of the body scanner. Instead, you’ll get a regular pat-down, at the very least, from a TSA agent. But bear in mind that having to perform pat-downs can make TSA agents very cranky, and if they’re in a bad mood, you might be taken into a side room for an even more thorough examination. The main purpose of that harassment is to discourage you from ever – ever – doing that again.

Travel with disposable devices — and disposable accounts

You’ll likely want to bring some electronic devices with you, such as a smartphone and maybe a laptop, especially if you’re traveling on business. But you shouldn’t bring your regular smartphone and laptop, especially if you’re traveling internationally.

Many customs officials and border guards, including American ones, have the right to examine your electronic devices and your online accounts. They can ask you for the passwords to your phone, your computer, and even your Google, Facebook and Dropbox accounts.

You don’t have to give U.S. customs officials your passwords, but if you don’t, they can confiscate your devices. Border officials in other countries may be even less friendly.

So instead of traveling with an expensive laptop computer, buy a cheap Chromebook that’s used only for accessing the internet and online email. That way if your device is confiscated, or even just simply looked through, there won’t be any important personal or business information to access.

And if you have stuff in your online accounts that you’d rather not have border officials see, then set up “alternative” Google, Outlook, Facebook and Dropbox accounts, using your real name, before you travel. Put some stuff in each account — not much, but enough to look real — in each one, and then show border officials those accounts if they ask.

Log in to your fake accounts before you cross a border. If any nosy official wants to see what’s on the phone, gladly provide it. Since you will already be logged in it will appear to be real and unless they are suspicious, they will move you right along. Once you’re across the border, log out of the fake accounts and then log back in with your regular account. As long as you have internet access, all your data will still be accessible.

The same strategy goes for smartphones. Leave the iPhone and Galaxy behind, and get a cheap burner phone instead. These are available at most grocery and drug stores for $10-$20 USD, and many big box retailers like K-Mart. Remember, TSA gate agents can look in your phone and record your preprogrammed numbers and contacts. So make a list on paper of only the ones you know you will use and place that piece of paper in your luggage.

Always use a VPN while traveling

The biggest threat to privacy while traveling, however, comes from unsecured Wi-Fi networks in airports, hotels and restaurants. If any data you transmit from your laptop or phone is unencrypted, anyone else on the same network may be able to read it, even if the network has a password.

A VPN will encrypt all internet traffic between your laptop or smartphone, making sure that all your Wi-Fi data will be unreadable to snoopers on the same network.

If you’re traveling on business, ask your company’s IT department if there’s a company VPN service you can use. If not, there are many excellent free VPN services that will suffice for basic Internet connections. In many cases a VPN will slow down your connection some. But it is totally worth it to keep others from capturing passwords and identifying information when you access your accounts online.

Smart hotel rooms track you as well

Hotel rooms may soon collect and use your personal data to customize your experience. Both Marriott and Hilton are working to bring the smart-home concept to their properties.

Marriott’s IoT Guestroom Lab, which is currently in testing at the company’s headquarters, would let users interact with a virtual assistant to set alarms, request services and operate various features, including turning on the shower to a specific temperature based on stored preferences.

Hilton’s Connected Room is in the pilot phase in one hotel. The goal is for guests to use both voice commands and the Hilton Honors app, which already has check-in and digital-key capabilities, to control temperature, lights and streaming media and to save custom preferences in their profiles.

While guests may want, or even expect, their hotel rooms to operate like their smart homes, according to a recent University of Delaware study, smart technology isn’t risk-free.

For example, Marriott’s smart room is designed to go into sleep mode when guests aren’t present. This makes the hotel more energy-efficient, but it may also compromise your personal safety and security if it becomes obvious that you are not in your room, Scott said.

He also noted that if guests give up seemingly harmless personal data to a hotel, they make it easier both for malicious actors to link that data to more sensitive information, and for law enforcement to access the information without explicit consent.

Before you stay in a smart hotel room, ask to see the hotel company’s privacy policy to find out what kind of personal data will be collected, where and how it is stored, who has access to it, whether it is shared with any other entity, and how you can opt in or out of data collection.

“It goes beyond what is necessary to perform a service,” Scott said. “There should be clear options for guests, and the option should be to opt in if they so choose — not one where you have to actively opt out.”

Rental cars can keep track of your location

Airports and hotels may be the most obvious places in which traveler data might be collected and potentially compromised, but they aren’t the only ones.

If you rent a car, the vehicle likely has an event data recorder (EDR). Like an airplane’s black box, the EDR collects information about the vehicle’s systems, its location and operator behavior as you drive.

While EDR data is most often used to piece together crash reports, and a 2015 federal law states that collected EDR data belongs to a car’s owner or leaseholder, it’s unlikely that rental-car drivers would be entitled to privacy with regard to EDR data.

If you use a rented or built-in GPS navigation system while driving a rental car, or you connect your phone to your rental car’s Bluetooth system, you could be tracked by the car-rental company or hacked by a third party.

Try to delete any navigation history or personal profile you set up in a rented GPS device or in the in-vehicle computer before you return the rental car. Unfortunately, you won’t be able to do anything about the EDR data, and if the rental company was actively tracking your movements, then it already has the location data.

But also back home

This kind of surveillance isn’t limited to travelers. Scott said many retailers increasingly use security cameras with facial-recognition capabilities to identify known shoplifters in their brick-and-mortar stores, although only Lowe’s would confirm this. License-plate readers used by police are not uncommon in bigger cities.

All this means that your movements can be easily tracked, and that your information can be accessed by law enforcement or may be at risk of being compromised in a data breach. Unfortunately, stores are within their rights to surveil their customers, and you’re not allowed to cover up the license plate on a moving vehicle.

One way to avoid this, whether you’re traveling or not, is to turn off the Wi-Fi, GPS and Bluetooth functions on your smartphone when you’re not using them. Keeping them on just makes it easier for other people to track you and read your data. The same goes for your laptop when you’re out of the house or the office; if you’re not using it, fully shut it down instead of just letting it go to “sleep.”

These heightened privacy risks shouldn’t stop you from traveling, or from going about your daily routine when you’re at home. But you should be aware of how your data is collected and used, and you should look for opportunities to limit or opt out of providing personal information when you can.

Share this:

Like this: