a medic scans a traveler's smart phone inside an airport

A gloved security staffer scans a traveler’s smartphone inside of Greece’s Athens International Airport on September 17, 2020.

Photograph by Yorgos Karahalis, Bloomberg/Getty Images

Will new travel technology invade your privacy?

Digital facial recognition. COVID-tracing apps. Innovations that make trips safer during a pandemic might expose your personal data.

ByJohanna Read
September 29, 2020
10 min read

The tech revolution in the travel world, accelerated by the COVID-19 pandemic, is at once marvelous and invasive of your privacy. Apps, facial recognition, and smart products can make air transit and border crossings more convenient. Their touch-free and skip-the-line elements may help keep you safer from illness-causing viruses.

New tech may also speed up the return to normal travel, like the the World Economic Forum and The Commons Project collaboration CommonPass initiative, which aims to allow governments to validate individuals’ COVID testing and, eventually, vaccination credentials.

But such innovation comes with some risks. For a cautionary tale about travel technology and data security, look no further than a recent episode involving former Australian Prime Minister Tony Abbott, who posted a photo of his Qantas Airlines boarding pass on his Instagram account, only to see a hacker scan the coding and obtain the ex-PM’s passport number.

Paper tickets are old school. But they illustrate that cyber sneaks are eager to use their HTML-scanning, database-mining skills for good—or ill. In Abbott’s case, the hacker exposed security flaws in a ploy to discourage people from flaunting their boarding passes and other sensitive documents online. The airline responded by upgrading security protocols.

When you head back out into a world of new travel technology, how can you protect your personal information?

Facial recognition tech

Singapore, always ahead of the tech curve, announced it will be the first country in the world to use facial recognition on government-issued IDs, starting in September 2020. By 2023, the U.S. Department of Homeland Security expects to be using facial recognition on 97 percent of travelers.

(Related: Will facial recognition technology invade your privacy? The answer is complex.)

The COVID-19 pandemic has created new technology, too—and concerns about its ramifications. In some countries, visitors must download contact-tracing apps (Belize) or wear a GPS tracker (during quarantine in Hong Kong and for some travelers to Grenada). For the time being, tracking and tracing may be the price of traveling during a viral outbreak. The most secure contact-tracing apps use Bluetooth and don’t auto-upload info to a central database. But in June, Amnesty International called out Bahrain, Kuwait, and Norway for overly invasive apps and Qatar for a security flaw that made personal info vulnerable to hackers.

a screen with a thermal scan image of passengers at border patrol in Serbia

At Serbia’s Belgrade Nikola Tesla Airport, authorities used a thermal scanner to help monitor possible coronavirus cases entering the country on March 2, 2020.

 

Photograph by Oliver Bunic, Bloomberg/Getty Images

The ramifications of facial recognition programs for travelers are still blurry. If you have concerns about privacy, you might want to be wary of all that scanning and recording of your features. At U.S. airports, passengers can opt out of biometric identification at customs and other checkpoints, but you’ll have to ask. And it could flag you for further screening or make it look like you have something to hide, so it might be easier to just go with the flow.

While it may feel compromising that your mug—even COVID-masked—will become your passport, boarding pass, or entry to that free hotel breakfast, it’s fair to ask whether this is any more invasive than other ways technology uses photos to track our movements and interests. Google Images is already doing “a great job recognizing you from your online photos,” says Vinny Troia, an “ethical” hacker and CEO of risk-assessment firm Night Lion Security. Facebook automatically does a facial recognition search when you upload photos and suggests tagging the people it detects in each image.

Mostly harmless invasions of privacy?

Boarding a plane with just a flick of your phone screen is futuristic and easy. Reservation chatbots and hotel, airline, and car rental databases seem helpful. But there are ways that this technology could mine and use your data. Some of it is harmless: Your search for a house rental on the beaches of North Carolina might flood your social media feeds with ads for barbecue joints.

Using apps (Facebook, Tiktok, WeChat) does expose your data, which is “sold to third parties for advertising, data modeling, and future uses we have not even considered,” says privacy and data security lawyer Mark McCreary. Thanks to travelers’ data, “businesses are better able to model and predict travel demand, timing, and pricing tolerance. Big data is big business in the travel industry.”

a passenger shows a QR code on her mobile phone at the airport in Beijing

A passenger shows a health code on her mobile phone as she checks in for a flight at China’s Beijing Capital International Airport on July 4, 2020. Some countries are implementing health-tracking apps to try to make plane travel safer during the pandemic, but privacy advocates worry travelers risk exposing too much personal data.

Photograph by Hou Yu, China News Service/Getty Images

(Related: Nano needles, facial recognition, and robots: How tech is making air travel safer.)

If you have no qualms about posting a selfie the next time you camp at a national park or dine at a restaurant then your anxiety over travel innovations might be misplaced. Minimizing targeted travel ads is easy: Just delete your cookies and search history periodically, or browse for flights or rental cars in private mode.

The good news? “Most general-purpose travel apps (e.g. accommodation and transport booking, city guides, etc.) aren’t especially risky in terms of your privacy,” says Dave Dean, founder of Too Many Adapters, a site demystifying travel tech. He warns that social media apps (Facebook, Instagram) typically collect more sensitive data than booking ones, and use it in more invasive ways. “Yet most people happily use those every day.”

More serious security breaches

Bigger threats than unwanted ads or facial scans include someone using travel technology to hack into your bank accounts, credit cards, or to steal your identity.

Travelers are often in unfamiliar places, easily distracted and more likely to be victims of both physical theft or cyberattacks (for example your phone or computer hacked into via the wifi at a Moscow café). Digital invasions can result in less obvious invasions like sniffing (kind of like bugging a phone), malware, and phishing.

(Related: Robotics are changing our world. Should you be worried?)

Cybercriminals routinely create networks and legit-sounding websites to steal your usernames, passwords, and contacts. A good precaution is to limit your use of public wifi, which is “typically left unsecured and represents an attractive target for hackers,” says Attila Tomaschek, a researcher at privacy tool review site ProPrivacy.

Paul Lipman, CEO at cybersecurity company BullGuard, recommends using devices that “contain only the data you'll need for that trip,” especially when visiting countries where government officials have the right (or inclination) to access your devices.

The solution? A light tech footprint

The best solution may be to pack light both digitally and physically. Dean stores as little info as possible on his devices, keeping only the apps he really needs and regularly revoking third-party permissions to Google and Facebook. He recommends minimizing apps’ access to your contacts and location. “I don’t authorize location (GPS) access for any app that doesn’t absolutely require it to function, and I keep location services turned off when I’m not actively using it for navigation.”

Scott Keyes, founder of bargain airfare site Scott’s Cheap Flights, recommends ensuring all your devices’ lock screens and accounts have secure and unique passwords and uninstalling or logging out of financial apps before you hit the road. Make sure to update your software with the latest security patches. Don’t be caught with too few adapters: having the right international plugs (or a rechargeable battery) means you won’t get juice jacked (hacked via a public USB port).

Paul Mayers, a retired Canadian government executive, says that when visiting some countries, “anything I didn’t absolutely need stayed at home.” Everything else—phone, tablet, meeting notes—“all went with me every time I left my hotel room.” In some countries, state operators can and will resort to espionage to gain a competitive edge, including breaking into the hotel safe to get your laptop for a quick download or to install monitoring malware.

It all sounds a little like a spy movie in which you, your data, and your attention span get turned into a highly profitable product. But simple steps can help you from playing a starring role.

Johanna Read is a Canadian writer specializing in responsible tourism and a former Canadian government policy executive. Follow her on Twitter and Instagram.

Go Further