Privacy? There’s no such thing on the road

Alex KopjeShutterstock
Alex KopjeShutterstock
Recent revelations of the National Security Agency’s sweeping domestic surveillance programs may have angered many Americans, but for most travelers, it was nothing new.

Surrendering your right to privacy is the price you pay to travel anywhere in a post-9/11 world. You fork over your personal information to the airlines, hotels and the Transportation Security Administration with no expectation, much less a guarantee, that it will be kept confidential.

“There is no privacy,” says Tab Stone, a pediatrician from Los Angeles who’s a frequent traveler. “Reservation information is shared with the TSA if you’re on a flight. If you use a credit card to pay, it’s in a database. For years, many other countries have required hotels to hold or copy passports and give the information to the local authorities.”

Privacy advocates largely agree that to travel is to leave your personal data scattered across the information highway for almost anyone to see.

Justin Brookman, the director of consumer privacy at the Center for Democracy & Technology, says that current laws don’t adequately protect your personal information when you’re on the road. “When you give information over to a company, it can do whatever it wants with it,” he says. “The information could just be used to advertise to you, or it could be used to change the prices you see the next time you search for or buy tickets.”

But it doesn’t have to be that way. Privacy advocates point to several possible plugs for the information leak.

First, they suggest that companies could voluntarily choose to protect your data as a matter of policy.

Consider what happened to Dori Egan, who told me that she gave her cellphone number to a hotel reservation service two years ago and has regretted the decision ever since. “This was my personal cellphone, and I’m very careful about giving the number to anyone,” says Egan, who owns a small business in San Francisco. Almost immediately after divulging her number, she began receiving text messages to the phone from businesses related to the hotel site, and try as hard as she did, she couldn’t stop them.

“I’m still getting text messages to this day,” she complains.

Had the reservation service voluntarily agreed to keep Egan’s information private, it wouldn’t have incurred her wrath. Travel companies often give themselves permission to share this kind of information with third parties by pre-checking a box on a Web form that customers are asked to complete. That automatically adds their guests to a marketing list that the company shares with corporate “partners” who often pay for the information.

Paul Stephens, the director of policy and advocacy for the San Diego-based Privacy Rights Clearinghouse, says that many travel companies handle customers’ personal data in a reckless way, and with no legal consequences. This becomes particularly problematic when the information is deeply personal, such as your pillow preference or your taste in movies, which your hotel collects during a stay. Although the Federal Trade Commission requires that companies abide by their published privacy policies, some don’t have adequate privacy rules to begin with, says Stephens.

Another fix: Pass new laws protecting consumer privacy. Edward Hasbrouck, a privacy rights advocate who specializes in travel, says that Congress should consider a comprehensive privacy bill that would protect your personal data when you’re on the road, modeled on Canadian and European Union privacy laws.

In the United States, a company can use any information it can obtain about you in any way not explicitly forbidden by law or by the terms of your contract. In Canada and the E.U., it’s the reverse: Businesses can use or share your data only for the specific purpose for which you provided it, or if you give them permission.

These protections should also apply to the government, Hasbrouck says. The U.S. Department of Homeland Security has direct access to the Global Distribution Systems used to make airline, hotel and cruise reservations. That information is mined by government intelligence agencies, he adds.

“Measures to address the surveillance scandal need to include government surveillance and logging of the movements of our bodies just as much as, if not more than, government surveillance and logging of the movements of our messages,” Hasbrouck notes.

But perhaps the most effective way to keep your information private is to simply refuse to give your personal information to anyone unless you’re required to.

“There are times I’m forced to give my date of birth, like when I fly,” says Howard LaVine, a technology consultant from Clifton Park, N.Y. “But there are many others when I’m asked for information that the business doesn’t need. When someone asks for my driver’s license number, Social Security number or similar personally identifiable information, I question why they need it and usually don’t provide it.”

Taking a few common-sense precautions can significantly reduce the possibility that your personal data will fall into the wrong hands, says Christopher Wolf, co-chairman of the Future of Privacy Forum and a partner in the Washington office of the law firm Hogan Lovells. For example, taking care not to reveal your password when using a laptop computer, a tablet or a smartphone in public can protect your privacy in a meaningful and immediate way. “Something as simple as a privacy screen on a device makes sense,” he says.

In the end, there are no easy solutions. New privacy laws seem unlikely to be enacted in the near future, and the travel industry is largely unmotivated to regulate itself, some advocates say.

But probably not as unmotivated as travelers, most of whom simply fork over their personal information at every step without a second thought.

Lee Tien, a staff attorney at the San Francisco-based Electronic Frontier Foundation, admits that the current options are terrible. Paying cash avoids leaving a trail, although it can also raise suspicions. Making sure that you don’t reveal any personal details about your travel plans via social media might prevent your home from being burglarized, but it’s no guarantee. Tien makes sure to carry a computer with only the data he needs, lest a customs agent at the border try to scan it and harvest the information.

The NSA scandal “raises the stakes” on the privacy discussion, he says. Maybe it will also raise our awareness of the information we’re about to give up when we travel this summer.

Does the travel industry do enough to protect your privacy?

View Results

Loading ... Loading ...

Christopher Elliott

Christopher Elliott is an author, journalist and consumer advocate. You can read more about him on his personal website or contact him at Got a question or comment? You can post it on the new forum.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus

  • Carver Clark Farrow

    It would have been nice to have a response from the other side so we get both sides of the debate.

  • Cybrsk8r

    First off, never, EVER, give a company your personal cell phone number. When I travel, I buy a “burner”. A pre-paid phone that I can toss in the trash after the trip. I don’t care what they do with that phone number.

    Sounds like Dori Egan should file a lawsuit. If this company is taking steps to prevent her from blocking the texts, such as constantly changing the origin number of the texts to prevent the texts from being blocked, I think she’d have a basis for legal action.

  • PsyGuy

    Before tossing that burner phone use it to register a google voice or other online telephone number. Select the option to get a new number with google voice. Once you throw the phone or SIM card away you will never get texted or called on your mobile phone, but the googlenumber is still functional and they can leave you a voice mail or text that you can check or never check online through your gmail. I always use this number when dealing with businesses such as FF programs or when I need to give a phone number to make a return at a merchant.

  • KarlaKatz

    What a great idea :-) This is a “keeper”, and thank you!

  • Alan Gore

    Now that this issue is in the news, the whole world now knows what “metadata” is. Just be aware that mineable data is an asset that in many cases you can make companies pay for. That’s how loyalty cards work.

  • Christopher Elliott

    What “other” side? You mean the U.S. government?

  • Christopher Elliott

    Strange timing, that this story appears at virtually the same time the NSA leaker is on the move. Anyone else following this one?

  • TonyA_says

    Woke up with that news. Very interesting.

  • TonyA_says

    Remember you must use that number occassionaly or google voice will deregister it.

  • cjr001

    “Privacy? There’s no such thing”

    Fixed that for you.

    And nobody is doing enough to protect privacy anywhere.

  • Judy Serie Nagy

    There’s no privacy left today, no matter who says they’ll do what. This article has made me resolve to be even more careful with my personal information and question anyone as to the reason they want it. When you purchase a bottle of water at Heathrow, they want to scan your boarding pass!

  • Asiansm Dan
  • m11_9

    You mean the hotels and travel agents that are selling our data? I think they don’t deserve equal time, but should be given a chance to defend their practices.

  • Carver Clark Farrow

    The people who purport to collect the data. As M11 so rightly states, why not give them an opportunity to explain and defend their practices.

  • Carver Clark Farrow

    Why not equal time? Then we the readers can make an informed decision. Since when is more information a bad thing?

  • PsyGuy

    Use the google voice number, yes, but you never have to use the original burn phone number.

  • TonyA_says

    Ecuador would be interesting, He can spend his American money there.
    Wasn’t this guy a highly paid Booz Allen Hamilton contract employee to the US Gov’t in Hawaii?

  • TonyA_says

    If you never game them permission to (mis)use or sell your information then there is nothing else to discuss. They simply violated your privacy.

  • Helio

    Yes, he was.

  • m11_9

    Its probably in the fine print, like everything else.

  • Suzy blew

    They do this with everything in UK airports now and even if you know your flight number they still demand it!

  • BMG4ME

    I have nothing to hide. I gladly surrender my privacy to be able to zip through tolls at 65mph as I look sadly at those who will wait 20 minutes to get through the same toll because they never bothered to get EZPass. Regarding TSA, I agree with a commentator who said he would gladly hand over all his telephone call records to the TSA in exchange for not having to take off his belt at the airport.

  • Ali Jackson

    That plan assumes that Google can be trusted with your information.

  • Carver Clark Farrow

    Not even close to being true. It depends on 1) What information is obtained, 2) how it was obtained, 3) what is being disseminated and 4)the jurisdiction.

    Plenty to discuss.

  • James Parks

    Well, guess what? You get to hand over all your records to the government AND take your belt off for TSA. It’s not a negotiation.

  • Mel65

    He worked for Booz Allen for all of 10 weeks. He had been a Dell employee at NSA prior to “rebadging”. And his salary was $122K a year, not the reported $200K. Of course, after only 10 weeks he had only made a small portion of that.

  • Miami510

    Either directly stated, or inferred, a number of writers made the argument that no privacy problem exists if an individual has nothing to hide. When investigative agencies of the government engage in various types of surveillance, these writers believe there is no threat to their privacy unless the government discovers some illegal activity, in which case there would be no justification to claim the illegal activity should remain private. This “nothing to hide,” argument is frequently used when juxtaposed with the need for security. The value of privacy is much more than the uncovering of illegalities.

    How would you feel about the following:

    Can I see your last few bank and brokerage account statements?

    If there’s a shade on your bathroom window, tell me why, and would you remove it?

    Why are there curtains on your bedroom door?

    I suggest that everyone who makes the “nothing to hide” argument, will at some point in such questioning, begin to feel uncomfortable. Privacy is difficult to define, but we do know it’s very personal; it probably defines us as an individual. If our Founding Fathers, had Sigmund Freud preceded them, might have written it into our Constitution. They did make some approach with the 4th Amendment, but since their approach to the primacy of the individual (as opposed to the primacy of the State), privacy is the essence of individuality. Show me a person who really rejects privacy and I’ll show you someone that has no life.

    Privacy is not about hiding bad things. Omni data collection is a form of surveillance. People eventually act and speak differently when they know the telephone conversation or email may be stored. How many would alter their behavior while alone in a closed elevator and not adjust their tight undershorts if they knew it was being filmed… or not purchase a political book with their credit card?

    Of course our country is now debating privacy vs. security, and we’ve been told “dozens” of teroristic events were thwarted by the government being able to record our emails… and that might be the price of staying safe. There are laws that seemingly guarantee warrants to wiretap, although I personally doubt how protective they are looking at the statistics. Between 1979 and 2012, a total of 34 years, 33,964 requests for wiretapping warrants were made, and all were granted except 7. * This paltry number suggests the FICA court is a rubber stamp. One might wonder how many of the remaining 33,957 wiretaps resulted in an arrest, conviction, or terroristic plot prevented.

  • PsyGuy

    Sounds like you have something to hide

  • Miami510

    What might have been missed is the point I made (perhaps not
    articulately) that one of the differences between totalitarian governments and democracies, is the view of the primacy of individuals or the state as ensconced in laws.

    If one feels that concerns of the State come first, they by
    all means there are no limits on the disappearance of privacy. If one feels the individual is primary, they privacy becomes an issue.

    Cuba and East Germany had citizens in all neighborhoods listening
    and watching to report suspicious activity.

    The 21 Century version of this is Prism, Eschelon, Trailblazer and the other all-intrusive electronic methods. “Total Awareness,” when first proposed frightened Congress. It’s here today in fragmented form… but it’s here.

  • Susan Richart
  • Fisher1949

    And that would be your right since you had a choice in the matter and voluntarily chose to surrender your phone records.

    However, these invasions are not voluntary or involve coercion by denying you access to a service that you have as much right to use as anyone else.

    These agencies have all demonstrated that they cannot be trusted to protect your personal information so your records may wind up the hands of scammers. identity thieves or worse and you will have no legal recourse since the Government can avoid prosecution and civil damages. No one in Government has gone to jail over the NSA spying, the AP scandal, the IRS scandal or lying about Benghazi.

  • BMG4ME

    Not with TSA Pre I don’t.