Recent revelations of the National Security Agency’s sweeping domestic surveillance programs may have angered many Americans, but for most travelers, it was nothing new.
Surrendering your right to privacy is the price you pay to travel anywhere in a post-9/11 world. You fork over your personal information to the airlines, hotels and the Transportation Security Administration with no expectation, much less a guarantee, that it will be kept confidential.
“There is no privacy,” says Tab Stone, a pediatrician from Los Angeles who’s a frequent traveler. “Reservation information is shared with the TSA if you’re on a flight. If you use a credit card to pay, it’s in a database. For years, many other countries have required hotels to hold or copy passports and give the information to the local authorities.”
Companies urged to protect travelers’ personal data
Privacy advocates largely agree that to travel is to leave your personal data scattered across the information highway for almost anyone to see.
Justin Brookman, the director of consumer privacy at the Center for Democracy & Technology, says that current laws don’t adequately protect your personal information when you’re on the road. “When you give information over to a company, it can do whatever it wants with it,” he says. “The information could just be used to advertise to you, or it could be used to change the prices you see the next time you search for or buy tickets.”
But it doesn’t have to be that way. Privacy advocates point to several possible plugs for the information leak.
First, they suggest that companies could voluntarily choose to protect your data as a matter of policy.
Consider what happened to Dori Egan, who told me that she gave her cellphone number to a hotel reservation service two years ago and has regretted the decision ever since. “This was my personal cellphone, and I’m very careful about giving the number to anyone,” says Egan, who owns a small business in San Francisco. Almost immediately after divulging her number, she began receiving text messages to the phone from businesses related to the hotel site, and try as hard as she did, she couldn’t stop them.
Advocates call for new laws to protect personal data
“I’m still getting text messages to this day,” she complains.
Had the reservation service voluntarily agreed to keep Egan’s information private, it wouldn’t have incurred her wrath. Travel companies often give themselves permission to share this kind of information with third parties by pre-checking a box on a Web form that customers are asked to complete. That automatically adds their guests to a marketing list that the company shares with corporate “partners” who often pay for the information.
Paul Stephens, the director of policy and advocacy for the San Diego-based Privacy Rights Clearinghouse, says that many travel companies handle customers’ personal data in a reckless way, and with no legal consequences. This becomes particularly problematic when the information is deeply personal, such as your pillow preference or your taste in movies, which your hotel collects during a stay. Although the Federal Trade Commission requires that companies abide by their published privacy policies, some don’t have adequate privacy rules to begin with, says Stephens.
Another fix: Pass new laws protecting consumer privacy. Edward Hasbrouck, a privacy rights advocate who specializes in travel, says that Congress should consider a comprehensive privacy bill that would protect your personal data when you’re on the road, modeled on Canadian and European Union privacy laws.
Travelers can maintain privacy by limiting information sharing
In the United States, a company can use any information it can obtain about you in any way not explicitly forbidden by law or by the terms of your contract. In Canada and the E.U., it’s the reverse: Businesses can use or share your data only for the specific purpose for which you provided it, or if you give them permission.
These protections should also apply to the government, Hasbrouck says. The U.S. Department of Homeland Security has direct access to the Global Distribution Systems used to make airline, hotel and cruise reservations. He says that information is mined by government intelligence agencies.
“Measures to address the surveillance scandal need to include government surveillance and logging of the movements of our bodies just as much as, if not more than, government surveillance and logging of the movements of our messages,” Hasbrouck notes.
But perhaps the most effective way to keep your information private is to simply refuse to give anyone your personal information unless required to do so. (Here’s how to handle the TSA when you travel.)
Practical precautions can safeguard personal data
“I’m forced to give my date of birth at times, like when I fly,” says Howard LaVine, a technology consultant from Clifton Park, N.Y. “But there are many other times when the business asks for information it doesn’t need.” When someone asks for my driver’s license number, Social Security number or similar personally identifiable information, I question why they need it and usually don’t provide it.”
Taking a few common-sense precautions can significantly reduce the possibility that your personal data will fall into the wrong hands, says Christopher Wolf, co-chairman of the Future of Privacy Forum and a partner in the Washington office of the law firm Hogan Lovells. For example, taking care not to reveal your password when using a laptop computer, a tablet or a smartphone in public can protect your privacy in a meaningful and immediate way. “Something as simple as a privacy screen on a device makes sense,” he says. (Related: Why travel companies should spy on you.)
The complexities of data privacy offers no easy solution
In the end, there are no easy solutions. Some advocates argue that the travel industry largely lacks motivation to regulate itself, and they believe authorities are unlikely to enact new privacy laws in the near future.
But probably not as unmotivated as travelers, most of whom simply fork over their personal information at every step without a second thought.
Lee Tien, a staff attorney at the San Francisco-based Electronic Frontier Foundation, admits that the current options are terrible. Paying cash avoids leaving a trail, although it can also raise suspicions.
Ensuring that you avoid revealing any personal details about your travel plans via social media might prevent burglars from targeting your home, but it’s no guarantee. Tien makes sure to carry a computer with only the data he needs, lest a customs agent at the border try to scan it and harvest the information.
The NSA scandal “raises the stakes” on the privacy discussion, he says. Maybe it will also raise our awareness of the information we’re about to give up when we travel this summer.