NYC Tracking E-ZPass Tags All Over The City, Without Telling Drivers

from the big-brother-is-watching dept

New York, and many states in the northeast and midwest, use an RFID toll-paying solution called E-ZPass (the system works in multiple states -- but not all, which is why, for example, you can't use the E-ZPass on California's Fastrak system). Ever since E-ZPass came into existence, some have expressed concerns that the tags would be used for tracking, rather than just for more convenient and efficient toll-paying. And, in fact, the toll-paying records have been used in a variety of legal cases, from catching an official who falsified time sheets to being used as evidence in divorce cases. But all of those still involved using the records at the actual tolls, where everyone knows the tags are being read.

However, it turns out that New York City has had an ongoing program to surreptitiously scan the tags in a variety of places supposedly for monitoring traffic. Indeed, you could see how that sort of traffic information might be useful, though these days with many other forms of traffic monitoring systems out there, it's probably a lot less necessary than before. But this was only discovered because a hacker going by the name Puking Monkey (one assumes this was not his given name) got suspicious and hacked up an E-ZPass to light up and make a sound whenever it was read. Then he drove around Manhattan, and voila, the tag kept going off:
As Kash Hill's article at Forbes notes, this has been going on for years, though, the various agencies involved have been rather quiet about it, and (perhaps most importantly) this type of usage does not appear to be disclosed in the terms and conditions for the E-ZPass. Oops.

The technology company that makes the devices insists that it's not being used for any surveillance:
“The tag ID is scrambled to make it anonymous. The scrambled ID is held in dynamic memory for several minutes to compare with other sightings from other readers strategically placed for the purpose of measuring travel times which are then averaged to develop an understanding of traffic conditions,” says TransCore spokesperson Barbara Catlin by email. “Travel times are used to estimate average speeds for general traveler information and performance metrics. Tag sightings (reads) age off the system after several minutes or after they are paired and are not stored because they are of no value. Hence the system cannot identify the tag user and does not keep any record of the tag sightings.”
Of course, even if that is true today, that doesn't mean it will always be true. We're already well aware of how the NYPD is known for the extreme lengths it will go in terms of surveillance, including the fact that it's set up its own intelligence division that many say rivals the intelligence operations of entire nations. Since the folks behind E-ZPass didn't seem to think it was necessary to tell people that their devices would be used for traffic monitoring, how likely is it that anyone would be told if it was used for surveillance as well?


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Ninja (profile), Sep 13th, 2013 @ 7:37am

    Much like inventions that ended being used as weapons were not intended to be used this way by their original inventors the technology that makes everyday life practical and easier is being used for nefarious things.

    A good way to stop such random readings would be to envelop the device in aluminum or materials that block radio waves and take it off when you want to use it. It's less of a problem then the mobile phones issues.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    ethorad (profile), Sep 13th, 2013 @ 7:55am

    Re:

    Even easier - turn it off.

    It seems the device is battery powered (source: wikipedia), so presumably it would be a fairly easy hack to fit a switch to the device. If I recall correctly from the last time I was in the US they're often stuck on the inside of windscreens so drivers should be able to operate a switch without taking their eyes off the road.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    arkiel (profile), Sep 13th, 2013 @ 7:58am

    Build faraday cage. Break circuit when you need to pay. Easy.

     

    reply to this | link to this | view in thread ]

  4. This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Sep 13th, 2013 @ 8:03am

    Now apply your last sentence to the information super-highway.

    Where a typical site "may" (that means definitely does)
    automatically record certain information from your system by using different types of tracking technology. This "automatically collected" information may include Internet Protocol address ("IP Address"), a unique device or user ID, version of software installed, system type, the content and pages that you access ... and the dates and times that you visit
    and mega-corporations do all that and more, actually track you offline too.

    Who the hell wants to live in a totally survelled world? Is that freedom? -- No, it's a world where you're a mere economic unit at best, to be molded into a passive consumer.

    Even Mike sez: "Any system that involves spying on the activities of users is going to be a non-starter. Creeping the hell out of people isn't a way of encouraging them to buy. It's a way of encouraging them to want nothing to do with you." -- But that doesn't apply to him monetizing you! -- And that's the inherent contradiction of teh internets.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Ninja (profile), Sep 13th, 2013 @ 8:04am

    Re: Re:

    I'm not familiar with those so I wouldn't know. I do have one installed in my car for 3 years now and never had to change it. If it's batteries then they are very durable! Still not a bad idea if it's possible.

    Here it would be tricky since the device is sort of "rented" to you (ie: not yours) so if you trample with it you may end up having to pay for it. I'm not sure how much it costs heh.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Oblate (profile), Sep 13th, 2013 @ 8:10am

    Don't go overboard...

    E-ZSolution for E-ZPass problem:

    1. Remove E-ZPass from windshield.
    2a. Place E-ZPass on head under tin foil hat (on seat or dash but under hat would work as well, but would leave your brain vulnerable to whatever you were wearing the hat for).

    Or have some fun with it, mess with their readings:
    - take it on the subway
    - run through Central Park with it
    - put one on slow-moving vendor cart
    - tie one to a pigeon
    - make fake transmitters, be everywhere at once or time them so it looks like you're moving down Broadway at Mach 3.
    - use fake transmitters to generate thousands of fake signals, all moving with you. Laugh as they report the biggest traffic jam ever.

    The possibilities for fun are almost limitless.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    arkiel (profile), Sep 13th, 2013 @ 8:21am

    I'm liking the fake transmitter idea a lot. There's no way those things have any proprietary tech that would make them hard to make.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Sep 13th, 2013 @ 8:23am

    EZ Spy.
    They are already tracking our cell phones so why bother messing with EZ pass. It would be as useful as tracking portable CD players.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Sep 13th, 2013 @ 8:26am

    Re:

    Traffic shaping.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    TimK (profile), Sep 13th, 2013 @ 8:26am

    Here in PA they also utilize EZ Pass readers for traffic monitoring, and have for quite some time. Its quite useful to know the average travel time and often the LED info boards over the highway help me to avoid backups.

    As long as the data is truly scrambled and wiped after a few hours and not stored or shared with the government, I'm ok with its use.

    Not sure if its in the EZ Pass terms.

    All that being said, "the government" could track vehicles just as easily with roadside license plate scanning cameras. And they could do that for nefarious purposes or just to get average travel times.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Jeffrey Nonken (profile), Sep 13th, 2013 @ 8:36am

    He's using a pseudonym because hacking an EZ-Pass is probably a felony punishable by 13 consecutive life sentences, whereas police gang-beating a helpless old man to death gets a wrist slap.

    Not that I am bitter.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    MikeC (profile), Sep 13th, 2013 @ 8:45am

    In a conrete/technology world you have to be Stainless Steel Rat

    Slippery Jim Digriz knew this -- you can't be any kind of rat today.. in this world you have be a stainless steel rat. More technology - easier to track just seems obvious.

    How 'bout conspiracy theory here? (got to put on my new tin foil hat)

    It's obvious - the next step is you can track and fake locations, simple to frame anyone. The holders of this technological data are king makers. They can make it appear you are somewhere your not, link you to things you couldn't have done, everyone believes in technology.

    Think how this could affect political ambitions, elections, etc. Everyone is only worried about collecting data, but when you take it to some logical conclusions, based on how we already have secret interpretations of laws, etc.. No ethics, no morals, it's a small step to manipulating events. You know what they say about absolute power!

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    David Woodhead (profile), Sep 13th, 2013 @ 9:35am

    @arkiel:

    Build faraday cage. Break circuit when you need to pay. Easy.

    This must be some new usage of the word 'easy' with which I'm not familiar.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Sep 13th, 2013 @ 9:44am

    I know when I got my FastTrack tag, they came with a Nice Bag you can keep it in when not is use. While in the bag it blocks the signal preventing reading of the tag.

    Also their are a few sites that show how to modify the tag with a Nice little On/Off switch.

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    Ninja (profile), Sep 13th, 2013 @ 10:04am

    Re: Don't go overboard...

    You, sir, are doing it right. *hats off*

    I personally like the "make fake transmitters, be everywhere at once or time them so it looks like you're moving down Broadway at Mach 3" but the engineer in me keeps telling me the reading sensors wouldn't be able to read the transmitter at Mach 3. However the other part says the cops are not that smart to notice this detail.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    Ninja (profile), Sep 13th, 2013 @ 10:04am

    Re: Re:

    I see what you did there!

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Ninja (profile), Sep 13th, 2013 @ 10:07am

    Re: In a conrete/technology world you have to be Stainless Steel Rat

    You can "set up" an alibi. This absurd surveillance will backfire at some point. Just use it against itself.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    Sarah Black (profile), Sep 13th, 2013 @ 10:58am

    Re:

    A Faraday Cage can be as simple as wrapping the device in a few layers of tinfoil or tossing it inside a thermal grocery bag: http://www.amazon.com/4Rplanetbag-Penguin-Reusable-Insulated-improved/dp/B002KQKXKY

    Easy.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    PRMan, Sep 13th, 2013 @ 11:35am

    Re: Re: Don't go overboard...

    You'll go to prison for driving through Manhattan at Mach 3. After all, they have indisputable proof.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    Ninja (profile), Sep 13th, 2013 @ 12:12pm

    Re: Re:

    It's amusing how people think it's hard just because you've used fancy words ;)

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    aldestrawk (profile), Sep 13th, 2013 @ 12:34pm

    Re:

    The reason for the Faraday bag is because FastTrak also has reading stations used only for traffic monitoring. They do tell you about this but I am having trouble locating where that is on their website.
    They also allow you to use the system anonymously, though they don't make it all that convenient.

    "In order to open an anonymous FasTrak account, you must visit the FasTrak Customer Service Center in person. You can open your account with cash, money order, or cashier's check. A Representative will be able to open your account without requiring customer name, address or vehicle information. (If you try to open an account online, your name, address and vehicle information will be required.)"

    "All account management for anonymous accounts must be conducted in person at the FasTrak Customer Service Center, including checking your account balance, ordering additional toll tags or closing your account."

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    aldestrawk (profile), Sep 13th, 2013 @ 12:48pm

    Re:

    Ah, here it is:

    "The Metropolitan Transportation Commission/511 operates a data collection system based on FasTrak toll tags to provide better information about the transportation network to Bay Area travelers, transportation managers, and transportation planners through its 511 Driving TimesSM service. To ensure that FasTrak users remain anonymous, encryption software is used to scramble each FasTrak toll tag ID number before any other processing happens. In addition, the encrypted toll tag ID numbers are retained for no longer than 24 hours and are then discarded. If you do not want your toll tag read for these purposes, place the toll tag in the special Mylar bag provided to you when you are not using it for payment of tolls at a toll plaza. The Mylar bags can be requested from the Customer Service Center. If you would like additional information about 511 Driving TimesSM and how toll tag data is protected, please visit www.511.org/copyright_items/privacy.asp."

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Sep 13th, 2013 @ 1:30pm

    and yet another surveillance method is exposed, after happening for years without anyone knowing! how many more are there? it's making me wonder if there isn't something sewn into my underwear that will give away my position! (dressing to the left?)

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    John Fenderson (profile), Sep 13th, 2013 @ 2:34pm

    Re:

    Or, I dunno, just pay cash and get rid of the transponder completely.

    Or even better, do what I do -- live in a part of the country that doesn't have these crazy toll roads or bridges.

     

    reply to this | link to this | view in thread ]

  25.  
    icon
    Derek Kerton (profile), Sep 13th, 2013 @ 3:30pm

    Re:

    "A good way to stop such random readings would be to envelop the device in aluminum or materials that block radio waves"

    ...but I'm already wearing that on my head.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Sep 13th, 2013 @ 4:42pm

    The new surveillance state - USA.

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    Jeremy Lyman (profile), Sep 16th, 2013 @ 5:42am

    Re: Re: Re: Don't go overboard...

    It says here that you were doing 670,000,000 in a 55?

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anon-Y-Mouse, Oct 8th, 2013 @ 9:18am

    Re:

    and yet another surveillance method is exposed, after happening for years without anyone knowing! how many more are there? it's making me wonder if there isn't something sewn into my underwear that will give away my position! (dressing to the left?)
    Googgle RFID tag clothing...

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Oct 8th, 2013 @ 9:20am

    Re:

    and yet another surveillance method is exposed, after happening for years without anyone knowing! how many more are there? it's making me wonder if there isn't something sewn into my underwear that will give away my position! (dressing to the left?)
    Google RFID tag clothing...

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Avelimo, Nov 12th, 2013 @ 11:03pm

    Limo service

    Hi! Everyone....
    I just post this ad. It is about the Limousine Service in around New York city which offers affordable payments.
    For more inquiry click this page:
    http://www.avelimo.com

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This