Using face recognition to unlock your phone could be putting your privacy in danger when you’re travelling overseas.
Avoiding opening your devices with your face is one data-safe travel tip shared by University of Melbourne cyber security lecturer, Dr Shaanan Cohney, in the wake of a worrying breach of travellers’ passport information at an Indonesian airport.
Three Australians who had recently separately travelled to Bali had similar experiences, with the full names, dates of birth, passport numbers, photos and other details of other travellers appearing when they scanned a QR code on a Indonesian visa document.
“Obviously having your data let out on the internet to other people is not something that gives us much peace at night,” Dr Cohney told ABC News Breakfast.
“However, there is not a tonne that one individual can do.
“This is true whether you are caught up in this particular data breach or another data breach.
“You can try to cancel your passport if you are particularly concerned, but for the most part, we just have to rely on the Australian government to advocate for us in this particular instance.”
If you are caught up in a passport data breach, the Australian Passport Office says the decision to get a new passport is up to you and may depend on your individual circumstances.
While your passport will still be safe to use for international travel and to prove your identity, it’s important to understand the risks of identity fraud and to be mindful when you provide your passport to third parties.
“You are not particularly at more risk when travelling than you are at home,” Dr Cohney said.
“Just because are you in Australia, doesn’t mean you are immune from these data breaches. Just because you go overseas does not mean things are substantially worse.”
Dr Cohney pointed to a similar incident that occurred in May this year when members of the Qantas Frequent Flyer program were able to see the names and booking information of other passengers.
Qantas later confirmed this was caused by a “technology issue” and not a cyber attack.
Dr Cohney says these tips can help you stay cyber-safe when travelling overseas:
“When you’re travelling, you should do the same things you do at home — be aware of your surroundings, and be aware of what you are doing with your digital device.”
“Merely having face recognition enabled won’t result in a data breach. However, not only is it easier for a thief to unlock a phone secured using facial recognition, the law in certain places, such as the USA, restricts border authorities from requiring you to divulge your PIN — no such restrictions exist around facial recognition.”
“When travelling, consider keeping a photocopy of key documents (such as passports, visas, and airline tickets) in both hard copy and in your email. If you use two-factor authentication (like entering a number of a text message to get into your accounts), you should also print out one of the backup codes that your service provider offers.”
“Think about getting an eSIM or enabling roaming to make sure you stay connected while overseas — you never know when having access to the internet can get you out of a sticky situation.”
DFAT’s passports.gov.au website lists more places you can go if you are worried that your travel data may have been compromised:
• the Office of the Australian Information Commissioner
• the Australian Cyber Security Centre (ACSC)
• the Australian Government’s Scamwatch website
• the Australian Government’s Moneysmart website
The not-for-profit national identity and cyber support service IDCARE also has an online learning centre that provides free resources to help people understand the risks of identity theft. You can contact IDCARE on its toll-free number, 1800 595 160 or via their website.