Welcome to this week’s Tip of the Hat! Many of you will be traveling the next couple of weeks, which might involve flying to your destination. This week we bring you a guest post from Joe Reimers, Sales Engineer at III, about how to protect your privacy at the airport. Joe also writes about traveling tips and tricks at https://flyinfrequently.wordpress.com.
Holiday season is once again upon us, and for a number of us, that means air travel. For some, it’s another opportunity for grand adventure; for others, it’s an ordeal to be endured so we see family, friends and loved ones. For all of us, it’s another way for our personal data to be exposed to others.
Airports are public places where there is no reasonable expectation of privacy – you are always being observed and recorded. TSA and other law enforcement have the authority to search you and your bags. On domestic flights they may not search the contents of your phone or laptop (this is still unsettled law on inbound international flights), but they can require that you turn those devices on to prove that they are what they appear to be. Note that you don’t need to authenticate in, they just need to see the login screen. Air travel, like banking, is very, very closely tied to your legal identity – you can’t board unless the names on your ticket and ID match exactly, and the government can and does look at who is traveling where.
With this in mind, the privacy-minded traveler can prepare themselves accordingly. First and foremost, don’t bring anything you really don’t want other people to see or handle. Bringing some personal stuff is unavoidable, but I’ve found that when packing clothes in packing cubes or see-through bags, clothes that are obviously clothes are generally left alone. Another consideration is your ID – you’re going to need it at multiple times at the airport, typically when checking a bag and at the security checkpoint. You’ll want to keep your ID ready along with your boarding pass, but otherwise I try to keep it out of sight as much as possible. If you’re flying with a passport, it’s generally OK to keep out, but keep it closed and away from prying eyes.
A number of airports are now starting to use biometrics as a way to verify identification. I have very, very mixed feelings about this. The advantages are undeniable: things move quicker and you have less paperwork to keep track of (CLEAR + TSA Pre-Check at JFK or Atlanta is the difference between clearing security in 5 minutes vs. half an hour or more.) The disadvantages are also undeniable: the government gets regularly updated data about you and what you’re doing, and they don’t have to be transparent about how this data gets used. The same is true of third-party companies like CLEAR. And if there’s a data breach, well… What’s critical for you as a traveler is to understand that you cannot be compelled to submit to biometric identification. It can appear that there’s no choice but to use biometrics, but neither the airlines nor the government can legally compel its use.
Next, let’s talk boarding passes. To a skilled identity thief, boarding passes are treasure troves. They provide your full legal name as it appears on your ID. They provide hints about your frequent flyer information and status – frequent flyer miles are common targets for theft! They also contain your PNR (Passenger Name Record) and ticket number, which allow thieves to do fantastic damage. But the real danger is in the 3D barcodes (or QR codes on electronic boarding passes), which store a lot of this data in plain “text” rather than masked or by reference. If you have a paper boarding pass, protect it as you would an ID card, and destroy it the same way you’d destroy a credit card statement – not in an airport or hotel trash bin!
Now on to tech toys. Airports are public spaces where threat actors have lots of opportunity to get up to lots of mischief. It’s safe to assume that both airport WiFi and USB charging ports are compromised – even in airline clubs. Fortunately, these are easily countered with wall plug adapters and the use of VPN. Please also bear in mind that airports are public places with lots of people around. I’ve heard more than my share of “personal” phone calls. Headphones are a Very Good Thing but people tend to speak louder when wearing them. Calls aren’t always avoidable, but I strongly recommend keeping them short and light on private details until you’re someplace a bit further from prying ears.
Ultimately protecting yourself while at the airport boils down to two things: plan ahead, and stay alert. With a little bit of preparation and a little bit of awareness, it’s quite possible to keep your personal information and identity pretty safe while traveling. While you can’t control everything, controlling those things you CAN control can make all the difference.
Thanks again to Joe for the guest post! If you have an idea for a guest post, email us at firstname.lastname@example.org.