Mashable asked the question that many of you may have had when you learned one of the more recently reported details of the Marriott/Starwood hack. “Why do hotels collect and store passports?”
The answer they came up with turned out to be something that some of us started talking about a few years ago, but it might surprise some of you:
Moussouris explained that hotels collect identity information so they can run background checks, as well as to serve as a reference for the government should anything criminal happen. That law enforcement element means that hotels may need to store, not just check, identification.
“It’s the fact that it might need to be checked against a criminal database, and different countries vary in their regulations about that,” Moussouris said.
The European Union requires hotels in member states to collect passport information. However, what they do with that information varies. For example, in Italy, hotels automatically give this to the authorities. But that’s not the case throughout Europe. Policy on ID collection varies between cities and states in the US.
In the rash of post 9/11 rule changes, not to mention the Las Vegas mass shooting, there have been calls for both private companies and public entities to gather up information about anyone and everyone who passes through their area. Passport information, motor vehicle license plate data, driver’s license information, credit card receipts, internet browsing, etc. have all become part and parcel of what is being tracked, collected and stored in the name of law enforcement. We can argue about the legality of that, or even the effectiveness of that, but the one thing that was never in question was the need for that information to be kept secure and not misused.
In this case, we now have the possibility that people have had their passport information, and therefore their travel movements tracked, by foreign intelligence services. That’s not good at all. But this is hardly the only situation where this kind of thing is likely happening. This is just the one that impacted millions of people worldwide and made headlines. How many other instances are there of someone either hacking, or misusing their access to this kind of information to stalk, harass, or illegally track innocent civilians? All made possible by the laws meant to keep us safer, because once you start collecting and keeping that much data, you create a target. A very inviting, almost intoxicating target.
All that personal information is just sitting there, waiting for someone to search it. Why would we expect that would only ever happen when officially sanctioned?
Human nature tells us otherwise.