Another Marriott Breach, Ho Hum

By Robert McGarvey

In other news on March 31, Marriott disclosed what it called a “Property System Incident.”

We interrupt that to report a shoplifting at a dollar store, cutting now to the live police feed of this dramatic story.

You probably missed the Marriott news because it was an otherwise busy day with acres of – grim – Covid-19 reporting and with projected US death totals now reaching into six figures, shortages looming for ventilators, inexplicable mask shortages, and, well, who really had the bandwidth to process yet another report of a hotel data breach?

Not us.

Marriott doubtless hoped you would miss it because the company’s statement is calculatedly blah.  It says just about nothing and that’s tipped off by the word “incident” in the headline. Meaning absolutely nothing.

But the Marriott statement does note the personal info of about 5.2 million Marriott loyalty members apparently was compromised in the “incident.”  It elaborated:

“At this point, the company believes that the following information may have been involved for up to approximately 5.2 million guests, although not all of this information was present for every guest involved:

* contact details (e.g., name, mailing address, email address, and phone number)

* loyalty account information (e.g., account number and points balance, but not passwords)

* additional personal details (e.g., company, gender, and birthday day and month)

* partnerships and affiliations (e.g., linked airline loyalty programs and numbers)

* preferences (e.g., stay/room preferences and language preference).”

Marriott added: “Although Marriott’s investigation is ongoing, the company currently has no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.”

The real take away from this: the continuing indifference of the hotel sector to protection of guest data. How many breaches have to occur – from Trump hotels to Starwood and Hilton and just about everybody else? How many stories have to be written? Somebody needs to say, this is a problem.  It needs to be fixed.

Actually we’ve been saying all for that for some years now and nothing has changed.

We need a new campaign.  Complaining about hotelier incompetence is not enough.

Real change will start with us. 

We share culpability. We put up with it.  For some time I have suggested that probably the only safe way to stay in a hotel is with a bogus travel credential (a novelty Irish driver’s license for instance) and using a credit card paired to the bogus ID. Then annually burn that identity and create a new one.

Shop for ID online. Here for instance.  Note: I am not suggesting using any such ID to drive a car or any similar activity – many of which might be illegal.  Rather, I am suggesting we take a trick from the oldime restaurant critic’s playbook – from the era where they practiced anonymity – when every big newspaper and magazine handed out credit cards in bogus names to their critics so they could make anonymous reservations. As long as the bills got paid, no harm done.

We’d be a lot safer in hotels if we did something similar today.

A lot of work? Yeah. But so is the persistent credit monitoring we all do because we have been involved in so many data breaches, many involving hotels and restaurants.

In Marriott’s defense this breach was detected quickly by hotel standards – often years go by. In this case, just months.

But worrisome is that two employee accounts were apparently the tools.  And that they were used to perpetrate large amounts of data exfiltration that should have been detected and stopped quickly.  Screens against substantial data exfiltration just are good practice in well run organizations.

Not apparently in Marriott.

So what should you do now?  Paul Bischoff, privacy advocate with Comparitech, said: “The biggest threat Marriott guests might face as a result of this breach is targeted phishing. Guests should be on the lookout for targeted messages from scammers posing as Marriott or a related company. Don’t click on links or attachments in unsolicited emails. Check email addresses and don’t just trust display names. If you’re uncertain as to whether a message is legitimate or not, ask Marriott using contact information found through Google.”

Remember that. If you are among the 5.2 million you will begin getting targeted phishing emails as soon as the data sells on the dark web. And it will go on for years.

That novelty driver’s license is making ever more sense? 

It’s up to us to protect ourselves.  It’s become that obvious.

When Will Business Travel Resume?

by Robert McGarvey

The Global Business Travel Association had to know so it popped the question we have all been pondering: when will we be back in full business travel mode?

The organization conducted a poll and it found – no surprise – that coronavirus had wiped out lots of business travel. One metric makes the impact clear: asked what percentage of trips that had been slated for March were cancelled, the answer was 89%.

41% said all business trips had been canceled. 53% said “essential” travel was still allowed.

Exactly 0 percent said their organization had not canceled or suspended business trips.

We are in a no travel mode and the question becomes, when will something approaching ordinary business travel levels resume?

GBTA asked exactly that question: “When do you expect your business travelers to resume regular travel to the countries or regions that have been canceled or suspended due to the Coronavirus? Do you expect travel to resume within the next. . . “

Understand, 40% said they were unsure.

0% said more than 12 monhs.

1% said 12 months.

The eye popper of a number is that 40% said within three months.

17% said within six months.

That makes 57%, a solid majority, who believe something approaching normalcy in business travel will resume by September.

What do you think?

Color me skeptical.

Here’s a metric on the impact of 9-11: “In August 2001, the month just prior to the attacks, U.S. airlines boarded 56.3 million passengers for domestic service, a number that plummeted to just 30 million in September. And for two anxious days after the attacks, the passenger count was zero. It would take three years for carriers to once again reach the 56 million mark.”

Many factors came into play in the aftermath of 9-11: real fear of flying coupled with an economic downturn but, in many respects, we have the same issues at work now. Some people are afraid to fly because of fear of catching coronavirus and then there is the near economic malaise that the nation is slumping into.

Airlines again are taking it on the chin in the coronavirus age. Best guesses are that they have years of pain in front of them.

Then there is the hotel question. How many will be closed? How many will be enlisted into service as homeless shelters? Perhaps as makeshift hospitals?

Some guesses are that half of all hotels in the US will close for some period due to coronavirus.

It will take some time to re-open as a hotel. Staff needs to be recruited. Trained. The big brands probably will navigate these issues with some skill. Many independents won’t. Many independents – which comprise 40% of the US hotel stock – probably will not reopen soon.

Meantime, other, transformational changes that are reshaping business travel are afoot. For instance: many of us – perforce – are discovering the ease and effectiveness of meetings via Zoom and similar tools.

Do a few Zoom meetings and you may not see the need for oldfashioned face to face. Will Zoom replace the traditional face to face sales call? Probably not. But similar tools will eliminate the need for many face to face meetings.

And the hustle and bustle of traditional events seems ever more dated to me. I do not expect a quick rebound in events business, mainly because so much of how we come together just is oldfashioned and no longer appropriate.

One GBTA question hints at the possibility of broad impacts: Do you think the coronavirus will change the way your company conducts business
once there is no more threat from the disease?

54% said yes. That’s the number to watch. There are many reasons for business travel to undergo a transformation and one factor is the generational shift of the travel burden from Baby Boomers to Millennials and it just is not clear that Millennials want to travel the way Boomers have.

Add it up and I am profoundly skeptical that business travel will rebound in three months. My guess is that we will see an uptick in the fall and probably spring 2021 is when we can begin to think something akin to “normalcy” has returned. That’s about a year from now.

And as for event design, watch for huge changes. It’s overdue. And now it will flourish. Be very skeptical about signing up for distant events – many just won’t be happening.

The era of business travel change is upon us. And that’s a good thing imo.

What do you think?

Stop Complaining About Covid-19!

By Robert McGarvey

It’s become a gripe fest.  People complain that they have to work at home, that the supermarket shelves are stripped of toilet paper, and – above all in the circles in which I move – we complain that business travel is basically on hold and just about every meeting and event has been cancelled.

That might seem fodder for lots of ranting from me in these columns. But, personally, I am struggling to stifle it.

Yes, I am impacted. Yes, trips have been canceled. Events have been canceled. Even a milestone college reunion of mine has been postponed.

Yes, the ineptitude inside the White House has made a fraught situation wretched – and it is hard to explain why there are nowhere near enough test kits, why the White House communications are packed with lies, and why six to eight weeks were lost due to incompetence at the top.

But here’s the deal: complaining would do no good.

And the cancellations and isolation that are our norms today are apparently doing some good.

The Skift headline frames the issue: No, It’s Not Fine to Keep Hosting Live Events. 

People have gotten sick with the coronavirus due to meeting attendance.  Proceeding with a meeting or event is foolhardy. That’s why so many have been canceled

Ditto business trips.

Sure, I get it, if the White House had not been inept we probably would have made much greater progress in taming this disease. But it wasn’t and so we use primitive but probably effective techniques such as social distancing and self quarantines and the impacts on life as we knew it have been profound.

But many have it a lot worse than we do.  I groan when I think of my canceled college reunion – I am Reunion Chair! – but then I think of the millions of college kids across the country who have in effect been evicted and told they are doing tele courses, like it or not.  Yes, I can see big lectures working fine as tele courses but many of my classes were small philosophy seminars with maybe a dozen students and lots of discussion and argument. How does that work now? And what about the social learning that makes college such a useful and perhaps distinctly American institution?

Then there are the impacts on the neediest. Andre House in Phoenix, which nightly feeds 500 or so homeless, has put its sitdown dinner on hold. Sacks of food will be distributed instead – but wouldn’t you much prefer a sit in a convivial atmosphere where volunteers treat you like you matter (and I have volunteered a number of times).  The homeless won’t starve. But they will be deprived those human moments that for many made dinner at Andre House special.

Now think of the many whose employment has been cancelled, or at least hours and income have been sharply reduced. Tens of thousands of restaurants are closed, or trying to make it on delivery only, and literally millions of employees and thousands of owners are scrambling to make it another week.

Think of the tens of thousands of flight attendants whose hours have been sharply reduced.

Or the hotel housekeeping staff who don’t have rooms to clean because there are no guests. Innumerable hotel workers face unpaid furloughs.

In China, it is difficult to see any recovery of the hotel business this year and maybe not next year.

Italy has major recovery struggles ahead.

Big questions loom. Will business travel ever return to its previous levels? Will events and meetings? Will flygskam rule?  Maybe our old habits will never resume.  

Etc. etc. and before we even get to the recovery phase we have to get out of the sickness and death phases and we have to be ready to mourn perhaps millions.

Easy it is to complain – and trust me I was annoyed when I saw shoppers last Saturday had stripped a central Phoenix Whole Foods bare of frozen pizza, dry pasta, and of course toilet paper, dish soap, and hand soaps.

But who to complain to?  

So many of us, in a panic mode, have slipped into a comfort zone where hoarding produces a kind of comfort and cursing out people who cancel our events seems normal.  It may not be rational but it is how we seem to think.

Do I want to look in a mirror and shout at myself?

No, that’s why I keep telling myself to stay cool.  It’s not easy. Not these days. But what better strategy do we have?

Can Your Employer Stop Your Travel Today?

by Robert McGarvey

The questions are tumbling in: Can my boss force me to travel in the age of coronavirus? And I have much more often heard the flipside: My employer has cancelled all employee travel but I want to go, in some cases to a conference, in the other on sales calls to a potential whale of a new customer – and how hard is that opportunity to ignore?

And if you go, you just may ride in a private plane!

Whoa, who saw this coming – but who saw the head of the Port Authority diagnosed with coronavirus?

First off: as for my plans I still have travel on my to-do list and I have no plans to cancel. But I have made no firm commitments to air, that is, I am hanging loose. My advice to all travelers is similar. Make bookings that can be cancelled easily, certainly that can be changed without fees (and many air carriers are offering that flexibility). Right now we are deep in the age of the unknowns so operate accordingly.

I will not tell you what to do however.

But can your employer? Should your employer? Should you listen?

Let’s tackle the easy question first. Probably an employer can in fact force an employee to travel, even in an era of coronavirus, but it would be unwise to force employees to go to, say, China or South Korea. Noted employment lawyer and Forbes contributor Tom Spiggle, “Employers need to think about how it will look when they are forcing employees to travel to countries that the Centers for Disease Control and Prevention (CDC) and the U.S. Department of State warn people not to travel to.”

China is effectively a no per the US Dept of State, and South Korea isn’t much better.

In the New York Post, employment columnist Greg Giangrande tackles the question, can an employer force an employee to go to Italy which by the way is singled out for a CDC Travel Health Notice which says avoid all non essential travel. Giangrande’s advice: “Even if the chances of contracting the virus are remote, given the current travel restrictions and government advisories, you have every right to decline and not suffer any recrimination as a result. “

But here’s the deal: I am actually hearing more from employees who want to travel than from those who don’t – and yet a growing number of cautious employers are banning employee travel, from 21st century behemoths such as Amazon to legacy employers such as Ford. Part of the logic is that a traveling employee could pick up the virus – then infect the workpace when he/she returns.

But that employee could pick up the virus in the supermarket, at a movie theater, in a shopping mall, at a house of worship – the list goes on and it’s not only in travel that our chances of exposure rise. Yes, we have greater risks in many foreign countries (here’s the CDC data, here’s WHO’s). But coronavirus definitely is spreading in the US.

What do you do if your employer says stay at home?

Face reality: such policies usually aren’t hard and fast. If you have a chance for a face to face with a heavy hitter in Italy, say, or New York – and you are comfortable with the risks (and have researched the facts) – my advice is go to your boss, lay out the case for going, offer up a fallback if in fact you get infected (“I’ll self quarantine and will work at home for as long as it takes” – or whatever prescription will work in your company) and very probably you will get an okay to go.

My experience with companies, Fortune 25 and 15 person businesses alike, is that there are rules and then there are the exceptions. If you want to be the exception, come up with the argument, state it succinctly and you just may get the green light.

Don’t ask to go to conferences – they are on just about every company’s don’t lists. But a good sales call, an intimate meeting with a small group of heavy hitters, a potential merger or acquisition target – those remain reasons travel will be approved.

And maybe make a grab for approval of travel by private plane. Am I nuts? Know that many, many executives are fleeing common carriers in an age of coronavirus and flying private because it’s perceived as the healthier way to fly. Rates are up, but what price health?

They Are Still Stealing Your Loyalty Miles and Points

By Robert McGarvey

Call it deja vu all over again: A March 2, 2020 Travel Weekly headline screams: “Latest targets of fraudsters are hotel and airline loyalty points.”

I first recall writing about this in 2014: The Hilton HHonors Hack: Loyalty Programs Under Siege and How to Protect Yourself.   

Again in 2015: United’s MileagePlus, American’s AAdvantage Loyalty Programs Have Been Hacked.

I wrote about it most recently a year and a half ago in this space: Do You Know Who’s Stealing Your Airline Miles?

You might think the bad news is that nothing has changed. You’d be wrong.  The worse news is that, yes, nothing has changed and cyber thieves – knowing we now have so many ways to accumulate miles and points – are more energetically emptying out our accounts because, apparently, neither hotels nor airlines have done much to batten those hatches and secure their loyalty program against pickpockets.

What’s the allure for crooks? As I wrote in the Hilton story six and one-half years ago: “Huge buckets of Hilton points – sometimes in the hundreds of thousands – have shown up in hacker bazaars, where one vendor, for instance, offered 250,000 points for $3.50. At the Hilton shopping mall, an Apple iPad Air 64G is yours for 489,000 points – so at that criminal exchange rate, maybe $7 (payable in Bitcoin) will grab it. There are other, reported cases where around $10 in Bitcoin bought enough points to claim over $1,000 in hotel room nights.”

What a deal.

The Loyalty Security Association meanwhile estimates that 1% of airline mile redemptions are fraudulent.

But that number may be growing, oddly in part because of a consumer friendly gesture on the part of carriers. Reported Travel Weekly, “Jeff Wixted, vice president of product management and operations for Accertify, an American Express subsidiary that provides fraud-prevention services, said loyalty fraud has especially accelerated in the past 15 to 18 months, with fraudsters buoyed recently by the growing trend among airlines to do away with point expirations.”

That of course meant there are more miles to steal from more inattentive consumers.

Wixted added that the value of US loyalty accounts is around $100 billion.

US consumers belong to some 3.8 billion loyalty programs, according to Clarus.  54% are inactive and those dormant accounts of course are prime for thievery.  If you haven’t checked your Delta account in years, would you even notice if miles had been pilfered?  Of course not.

I know I wouldn’t and, yes, over the years I’ve left multiple airline and hotel loyalty accounts go fallow and I have no idea if the zero balances I see are because the vendor wiped the account after X months of inactivity or if an enterprising thief hoovered them out.

Amex’s Wixted, by the way, predicted to Travel Weekly that the value of loyalty fraud will eventually eclipse the value of credit card fraud.

As for how criminals get our loyalty program details, the surest answer is the many breaches suffered by travel companies.  From Starwood to BA, there have been massive breaches involving hundreds of millions of us, probably billions of us all accounted.  

Experts warn that many of us also fall victim to phishing schemes – where we get a tasty offer from what appears to be a known travel provider, we respond with our program details and they are off to the races, while not only don’t we get the proferred deal, our loyalty balances are emptied out.

Criminals also are known to erect sham great deal pages where they harvest credit card and loyalty program info from bargain hunters who stumble in and can’t resist a prime New York hotel room at $49, for instance.

Know this: smart crooks increasingly are determined to rob our loyalty points and miles and they are succeeding at this larceny.

That does not mean the situation is hopeless.

Here’s our best defense: check loyalty programs regularly. My habitual practice was to review an account only when I wanted to cash in miles or points.

No more. Now I check the few accounts I  have decided to maintain – three airline programs, two hotels, one credit card – monthly. I do not rely on the hotels and airlines; their track records don’t breed confidence. So I provide my own vigilance.

Nope, I have detected no fraud.  

You might want to check more often, or maybe quarterly.  A right answer varies with how many miles and points are at stake.  And what those balances mean to you.

But accept this: in 2020, protection of our loyalty balances is on us.  

Go Away: Advice to Foreign Business Travelers to USA

by Robert McGarvey

Here’s what the US government is telling foreign travelers to the US, business travelers very much included: Just stay home.

The numbers of foreign arrivals are plummeting, a reality that long predates the coronavirus scare. Here’s a Washington Post story from July: More people are traveling the world than ever. But the number coming to America is dropping.

Of course coronavirus is making matters worse but know this: even when the virus is tamed, foreign travelers will stay clear of the US. And this means business travelers – maybe business travelers in particular – who will stay away from trade shows, expos, conferences, even in person sales calls.

Why? “Crossing U.S. borders has never been easy, but today’s business travelers face an unprecedented range of issues amidst a constantly-shifting legal and regulatory landscape. Within the past month alone, the U.S. government has rolled out three new sets of travel restrictions: an expansion of the ‘Trump Travel Ban,’ a so-called ‘birth tourism’ ban, and a travel ban designed to contain the spread of the COVID-19 coronavirus from China,” said Rebecca Bernhard, a partner at the international law firm Dorsey & Whitney specializing in U.S. immigration and labor and employment law.

Bernhard continued: “Travelers must be ready for increasingly-hostile questioning from U.S. Customs and Border Protection (CBP) agents about the nature of their travel, itinerary while in the U.S., and whether their planned activities violate U.S. work authorization laws. Without fluency in facts, travelers can be refused entry and even permanently banned from the United States.”

You read right: she said hostile questioning. And if a traveler fails the quiz, or worse still, gets annoyed by the questioning, expect border delays to extend. That traveler may even be turned away.

Welcome to the US, baby.

How did we get this hostile? Here’s the big change, per Bernhard: “Travelers should be prepared to face ‘law enforcement’ culture at the border.” She added that we all need to expect this “enforcement-oriented environment due to President Trump’s administrative priorities.”

International travelers need to know you may be quizzed about your travels – and you need to know the details, warned Bernhard. I will confess that I have often traveled and not known where I was going to be the next day until I checked my itinerary. What did it matter? I was trying to be “Be Here Now” and in many cases, a “handler” simply told me where to go and so I went. But apparently it may no longer be good enough for foreign travelers at the border. Know your travel details.

Also know that your electronics are fair game, said Bernhard. The CBP personnel may want to search your devices – that means your phone and laptop – and your best bet is to carry little or no data cross border. Leave it in the cloud. Bring a burner phone.

This is sounding like a lot of hassle? You bet. And where there’s hassle we often just don’t go and that’s what smart foreign executives are deciding when a possible US trip looms on their schedule: “Send the junior person, boss. I’m too busy to go.”

How did we get to be a place to be avoided?

What’s this to you, you’re a US citizen? Listen up. First off, Bernhard warned that “4th amendment evaporates at the border – most normal rights are suspended, even for U.S. citizens.”

That also means your electronics too, which CBP may seek to search even if you are a US citizen. Yes, a judge has ruled that searches of a US citizen’s electronics without a “reasonable suspicion” are not Constitutional. But we are still discovering what amounts to a “reasonable” suspicion. Me, I am continuing to leave most data home which of course also is a good idea when traveling into most other countries (China, Israel, Russia may top the list of places to never bring data). My work is in the cloud, I travel with a cheap, old Chromebook and I now have a burner phone with little data on board.

But here’s my biggest worry about how our border policies will impact me: We are treated at the borders of other countries as we treat their citizens at our borders. Don’t be surprised when on your next trip to Singapore or Shanghai or Tokyo or Sydney you are subjected to the third degree. It’s noting personal. Just payback for how we have treated them.

This has always been true. As we treat others so shall we be treated and, right now, we are treating foreign nationals miserably at the border. It will be likewise for us. Instant karma.

Coronavirus and Your Next Conference: To Go or Not?

By Robert McGarvey

I am getting a question I never thought I’d be asked: Is it safe to go to a conference- from a public health perspective? Sure, we have heard concerns about terrorism and criminality that sometimes prompt attendees to question when they want to go to another conference, trade show, or similar.

Now I am hearing: Is a public conference suddenly an unsafe place because of health concerns? Note the cancellation of Mobile World…in Barcelona!

Start here: just cross off any conferences you are slotted into in China.  Very probably the organizer will cancel anyway. Panic about Chinese meetings and shows, even ones in Beijing (around 600 miles from Wuhan, the apparent epicenter of the coronavirus) and Shanghai (maybe 450 miles distant), is feverish.  Air carriers are cancelling all flights to China and the whole country – which is about the same size as the United States – is becoming a giant no-go zone.

People are also telling me they won’t go to Bangkok or Singapore for conferences.  

Asia events are easy to figure: the answer is do not go.

It’s the rest of the world where there are questions – even events at home in the US, where there have been exactly zero deaths attributed to coronavirus as of this writing.

Yet panic is rising, at a level I do not recall ever seeing in the US or Europe.  Sure, there was anxiety around SARS in 2003, an epidemic that hopscotched globally, infected perhaps 8000 and killed maybe 800.

But coronavirus – right now, today – is terrifying a lot more people.  Surgical masks are selling out globally, even though the CDC advises not wearing them and evidence is scant that they do much to prevent spread of a disease like coronavirus.  People are stampeding to try to cancel cruise bookings, an industry that has had horrific quarantines of vessels.  Airline flight crews are threatening not to fly. And entire countries are blocking entry of people arriving from China and/or Chinese passport holders.

We haven’t seen exactly that, ever, in our lifetimes (the 1918 flu pandemic is one that rivals the current disease in terms of panic but it killed maybe 50 million in a much less populous world, compared to low five figures for coronavirus deaths – and experts say flu is presently killing more than is coronavirus).  

Right now what we have is ignorance that fuels hysteria.  We just do not know that much about coronavirus, China is typically opaque and it’s not clear what to do to avoid the disease (other than – obviously – don’t go to China).  

But CDC, WHO, and other world health organizations are on this.  I am optimistic that we will soon – probably within days – know how the disease spreads, maybe even what caused it in the first place. And then the search for cures commences.

That brings us back to our central question: events and us, what to do?

The answer depends upon your optimism regarding science and coronavirus. If, like me, you think researchers will get a tentative handle on it within weeks, go ahead and commit to conferences certainly in the spring.  You may want to hold off on attending big meetings this winter – again, we know little about the disease and that dictates caution in attending large gatherings and spending time in places with recycling air such as planes.

What if we don’t know what we need to about coronavirus within, say, a month? Then you know what hit the fan – in this case, raging fear – and it will get worse, more events will be canceled, and probably we will all sit home for many, many weeks to come.  Meaning more decisions will get made for us.

My advice: make flexible reservations with the right to cancel without penalty and, no, not many actual shows will allow that – airlines and hotels do of course, for a premium price; pay it – but my guess is that events sign ups will lag for months to come and many will be welcoming walk ins through this year. It is going to be a very slow year for meetings – use it to your advantage.

Me, I am still planning – happily – on several spring meetings. Have I booked anything yet? Nope.  No need to.

Hang loose. Now is the time to do it.

Why Hoteliers Suck at Tech

by Robert McGarvey

Just one quotation in a Hotel Management “think” piece on hotels and tech (“HM roundtable takes look at transformative technology“) tells us all we need to know about why hotels so often fumble tech innovation and play catch up, perhaps for decades.

I give you in-room phones, in-room TVs with content to sell us, lame and unsafe hotel WiFi, unreliable room key cards, resistance to voice controls, and the list goes on and on.

Why is the question.

Mike Mueller, president of Wyndham’s Super 8 brand, pithily tells us exactly why: “Mike Mueller, president of franchised economy brand Super 8 by Wyndham, observed it’s often difficult to get buy-in from owners on new technology. ‘We have to prove out that the investment is going to have [a return on investment] before we ask somebody to make that investment. So, we spend a lot of time thinking about how do we introduce new opportunities at our hotels that guests are willing to pay more for? Because if they’re not willing to pay more for it than we shouldn’t really be doing it,’ said Mueller. “

That’s saying if we can’t monetize it we ain’t doing it.

I don’t mean to pick on Mueller. I’ve heard exactly the same from various senior hotel execs, generally off the record. Mueller is on the record so he gets the bullseye on his back. But know that he is just one of many singing the same sad song.

Here is how miserly hotels are regarding security: “Data from Statista presented to the Business Travel Association’s winter conference in London revealed food and hospitality companies had only invested an average £1,080 in internet security during 2019 – the least compared with 11 other sectors including construction and education.”

Dead last. How it did the industry get to this woeful state?

Because most hotel groups are “asset light” – meaning they manage but don’t own their properties – they must persuade the owners to spend on upgrades and owners, they say, don’t want to open their purses unless they are told the ROI. No ROI, no spend.

So it’s our fault hotel technology sucks because we won’t pony up for better. So they seem to say.

Let me ask you: are you willing to pay more for secure hotel computer technology so that your personal information is not feasted on by hackers – and hackers have been pillaging hotel data for years, including that of Wyndham’s guests?

Of course you aren’t willing to pay more because the safety and security of your data that is entrusted to a third party such as a hotel should be accepted as obligation on the part of that third party (a bank, a retailer, and of course a hotel).

Even giant Starwood suffered a breach of its guest reservations system that apparently began in 2014 and lasted at least into 2018.

And little operations too have been breached – the Trump hotels for instance suffered three breaches in as many years.

Let me ask you this: do you feel your data is safer today at a hotel than it was a half decade ago? I do not. Hotels simply do not have the appetite to aggressively spend on combating hackers – and we are the victims.

The hacks keep happening.

That’s not the only for instance. A few years ago I bluntly asked a very senior hotel executive – this was a personal conversation, not on the record – why his hotels’ wifi sucked. It was so bad I couldn’t imagine anyone using it. He agreed. But he added there was nothing that could be done because the owners were not willing to spend on upgrades.

I hear the same about the key cards that fail – not our fault, owners won’t pay for mobile door locks.

I have to wonder if part of the popularity of Airbnb with many consumers is that some of those owners are investing in 21st century technology.

The reality is that most of the tech investments I personally make don’t have a significant ROI. But they do make my life a bit easier. Do I need an Alexa or Google device in every room in my home? Nope. But they are there because I like the convenience of asking for a light to be turned on or for a weather report.

I’d like same in my hotel rooms but, no, I’m not willing to pay extra for it.

I invested in Google mesh to upgrade my home/office WiFi because I wanted the speed. Is there an ROI? Maybe, maybe not. But I sure do like the speed.

The bottomline for hoteliers is that technology nowadays is a necessity. In 1970 would a guest pay more for a room with AC? I doubt it. In 1950 maybe. In 1970, nope. He/she just wouldn’t book a room in a hot place that didn’t have it.

That’s the real message for hoteliers to smack owners with: spend on technology or lose guests. Deliver fast WiFi, strong cellular signals, mobile door locks, voice controlled lights and drapes, and all the rest of the cool stuff I have in my home.

Or I will go elsewhere for it.

I won’t pay more for it. I just won’t pay anything when it’s absent. I’ll stay elsewhere – and I believe so will increasing numbers of guests.

Upgrade or perish.

The Future of Airport Rides May Be Decided In Phoenix

By Robert McGarvey

The Phoenix City Council just blinked – which means that Uber and Lyft which had threatened to pull out of Sky Harbor Airport, the 13th busiest airport in the US, will continue to drive passengers to the airport and away from it. They had said January 31st was there last day at PHX. But they are staying. For now.

Trust me, this is just the beginning of the story. We are nowhere near the end and there’s no reason to rush because the ending is likely to be unhappy.  And what happens in Phoenix may well shape what happens in airports around the country as cities desperately seek new ways to balance their airport budgets. Historically, cities have dinged taxi companies with airport fees and that worked well – until suddenly the taxi businesses collapsed as Uber and Lyft rose.

Which has cities like Phoenix scrambling for new ideas.

Like a hefty fee on Uber and Lyft rides.

Which did not sit well with the ridesharing companies because, remember, they have their eyes on lots of towns. Not just Phoenix.

So when the city came up with its big new fee — $4 on ever trip, in or out of the airport, by a ridesharing company – the ridesharing companies vowed to pull out. 

Those new Phoenix fees seemed a quick way for Phoenix to secure its airport transportation cashflow which, right now, teeters on the edge of collapse. Per Phoenix New Times, “Currently, airport officials say, taxis and ride-share companies are only covering about $9 million of the $26 million needed to maintain and operate Sky Harbor’s ground transportation system.”

What stopped those new fees is that the Arizona Attorney General Mark Brnovich filed suit and, after the city talked with the Arizona Supreme Court, it opted to delay implementation of the fees pending the court’s ruling on the constitutionality of the fees.

Brnovich claims the fees are unconstitutional.  “I think it maybe dawned on the mayor and other Council folks that this is really serious, and it was not only an unconstitutional tax, it was dumb,” Brnovich told KTAR FM’s Arizona’s Morning News.

He pointed to Proposition 126, passed by Arizona voters in 2018, that banned new taxes on services as prohibiting the ridesharing fees which he said amounted to a new tax.  

The back story is that taxi traffic at the airport plummeted 42% between 2015 and 2018.  Taxi companies, by the way, would pay $1.75 per fare under the new rules. Why so much less? Because they contribute less to traffic congestion at the airport, per the city, they can’t pass those fees onto consumers, and they operate under extensive regulation, says the city.

Uber and Lyft account for 80% of the commercial traffic at Sky Harbor – which put a bullseye on the services.  The city did offer a discounted, $2.80 fee for rides that begin and end at the Sky Train depot rather than at the terminals. But most rides would incur the $4 fee.

Is that anti-consumer? Maybe, maybe not. That’s because taxi fares generally are higher for consumers – although the Uber and Lyft surge pricing can raise those prices higher.  But much of the time taxi fares are dearer than fares with Uber or Lyft.

Nonetheless, Uber and Lyft said no way to to the proposed fees. Uber explained why it would exit Phonix before paying them: “Our riders and drivers should not be treated as a piggybank to fill the Airport’s budget holes. This fee unfairly penalizes those who rely on ridesharing to get to or from PHX by asking them to bear a disproportionate share of costs associated with the Sky Train. On behalf of the riders and drivers who rely on Uber, we cannot accept a partnership that unfairly burdens our shared passengers.”

Basically, Uber and Lyft decided to play chicken with Phoenix and Phoenix – because of Prop 126 – blinked.

For now.

What happens next? My guess is that the Brnovich position will prevail, that the AZ Supreme Court will tell the city it cannot impose the fees on ridesharing companies as it had proposed.

But the City Council will come up with a different way to extract money from passengers of ridesharing companies. Probably they will make it stick because the airport needs the money and ridesharing ventures are a well heeled target.

Very probably, if Phoenix prevails airports around the country will hungrily explore ways to grab more income out of every rideshare. Pretty much all of them have seen taxi revenues shrinking and – in their minds – the logical place to make up the difference is whacking the rideshare companies and their passengers.

Where do I stand? Personally I don’t take Uber to the airport. I ride the light rail which stops in front of my apartment and costs $1. It’s about as fast and it lets me off at the Sky Train station.

Family members however often use Uber to Sky Harbor and sometimes I pay, using a $15/month credit for Uber that Amex gives to Platinum Card holders. The fare ranges from $8 to $12, plus tip (generally $2).  

Add a $4 fee to those fares and it’s a 50% or 33% increase.  

Presently there are no fees on drop offs. The fee on a pick up is $2.66.

Sure losers in this brawl, no matter how it shakes out, are the drivers. I don’t see a brightening future for taxi drivers – many of whom already have shifted to driving for Uber or Lyft.  Why? Driving a taxi is hard, low paying work, a reality documented in a Boston Globe three-part Spotlight report from 2013.  I drove a taxi in Boston and Cambridge in 1970-73 and it was just as bad then. Nothing has changed apparently, and that is why some drivers who have access to a vehicle that would be acceptable to Uber or Lyft prefer that route.  The pay maybe is no better for an Uber driver but very probably the working conditions are a bit better.

Make no mistake, rideshare drivers earn low wages and drivers have very little ability to pressure the companies who listen to investors, not workers. It is a grim outlook.

But the other losers in the deal will be the passengers who use rideshare or taxis to get to the airport. Fares and fees will go up.  That seems inevitable. If there’s a single, loud, unavoidable message in this it’s that the cost of getting to the airport in a car is going up. Maybe by a lot.

That will be true in Phoenix and probably in many other cities around the country as anti car sentiments rise, anger at congestion increases, and politicians decide to stick it to people who ride in cars, maybe especially to airports.

That’s my guess about the ending to this story.

We can hope I am wrong.

Cybersecurity in 2020, Roadwarrior Edition

By Robert McGarvey

Now is the time to take stock of our defenses and I’m not talking about pickpockets and hotel safe thieves. What I mean is guarding against cybercriminals who, unfortunately, prey on business travelers particularly – everywhere from coffee shops to airports to hotels, even whole foreign countries.

A few steps will keep your data safe on the road and it is vastly more valuable than the devices themselves. At least in my case where I usually travel with a five yearold Chromebook, somtimes an iPad Air 2 , neither having much value. The Pixel 3 XL phone has a little value but not much. A suggestion: always travel with disposable tech gear that you won’t miss.

It’s the data that I am concerned about because a criminal could feast on my financial accounts and maybe find a way to monetize data gleaned from emails and documents, many thousands of both on my devices.

Here are my steps towards safe travels.

Countries That Spy on You

Whole countries? You bet.  Visit China and you will hear that the “Great Firewall” means you cannot access Gmail and lots of other websites. You will also hear that, psst, use a VPN – only certain vendors pass muster and the list is a changing target – and you will be able to surf to Gmail, Facebook, you name it.

But you have to wonder: is the Chinese government monitoring that VPN traffic and do they have keys that decode it?

Know too that high level security consultants – with clients inside the Beltway and on the highest floors of Fortune 100 office towers – urge their clients to bring a clean computer and a clean phone, no business data on either, and to never access sensitive information while in China because your devices will be copied on your travels.

Not might be. Will be.

Maybe not the gear of Bob Schub, average citizen, but if there is a reason to think you might have interesting info on your computer or phone know it will be copied.

Do not bring your every day business computers or phones to China. Don’t.

China is not alone. Here’s a map of the world with nations that heavily monitor Internet traffic highlighted. There are places you might not go – Saudi Arabia – and there are places you might go that monitor at least some traffic (Russia, Turkey).  Know before you go and, when in doubt, use clean devices when traveling overseas.

Password Protect Your Phone

At least once a month a friend or neighbor asks me, what do I do, I was traveling and I lost my phone?

Sometimes they say it was stolen.

It doesn’t matter.  You probably will never see it again.

Know this happens, take steps now to protect yourself.

Set up Find My Device (Android) or Find My iPhone in Settings.  Now. When you lose a device it may help you find it and – crucially – it may let you wipe the device which means erasing all personal data.

Also, lock the phone, with a PIN or biometric, in Security (Android) or TouchID and Passcode (Apple).  That simple step will keep most criminals away from your data and, in most cases, they only want the phone hardware anyway.

The data is more valuable than the hardware but most criminals are grab and run small change crooks and that’s the good news.

Just take the two simple steps above and, yes, you can cry about losing a $1000 piece of hardware but at least your data and bank accounts will stay safe and that is what matters.

Never Use a Public Phone Recharging Station

You see them in airports, also at meeting venues. Don’t use them.  They are a fast track to getting hacked. It’s tempting. Your phone is beeping for juice.  Just let it die. Or always carry a plug when on the road, as I do. Often there are two in my bag.  They do get forgotten in hotels, a spare is a good idea.

Don’t Use Public WiFi

Never, don’t.  That means no public WiFi at airports, coffee shops, and definitely not hotels.

You say you are protected because you use a VPN.  Good luck with that (read about China above). Know that there are known vulnerabilities in consumer facing VPNs and there also are vulnerabilities with enterprise grade VPNs.

Personally I sometimes use Google’s VPN on a Google Fi phone when accessing the Internet but generally I am reading the news or checking a website and if that traffic is hijacked, so be it.

My preference is to create a cellphone hotspot and access the Internet via cellular data networks. A few clicks in setting and you are in business.

You really think public WiFi is faster and of course it usually is cheaper? There is one safe way to use public WiFi – read the next step.

Use a Secure Cloud Based Browser

When on the road and accessing sensitive data via public WiFi, I use Silo, a remote browser that processes all data remotely, in the cloud. (Here’s a paper on the technicalities.) It then transmits an encrypted display of the data to you so you “see” the web page but any computing functions have occurred in the cloud, at a remove from your computer.

There are other remote browsers.

Whichever you use, know that when you look at a page with toxic code, no prob, the bad stuff happens in the cloud. Not on your computer.

And eavesdroppers – who often listen in on public WiFi sessions – will only see an encrypted data steam that won’t mean a thing to them.

That’s five steps. Take them and there’s no guarantee of data security on the road. But you can know you are taking steps to secure your phone, your computer, your Internet traffic. And that puts you in a safer place than 99% of travelers