NYC Tracking E-ZPass Tags All Over The City, Without Telling Drivers

from the big-brother-is-watching dept

New York, and many states in the northeast and midwest, use an RFID toll-paying solution called E-ZPass (the system works in multiple states — but not all, which is why, for example, you can’t use the E-ZPass on California’s Fastrak system). Ever since E-ZPass came into existence, some have expressed concerns that the tags would be used for tracking, rather than just for more convenient and efficient toll-paying. And, in fact, the toll-paying records have been used in a variety of legal cases, from catching an official who falsified time sheets to being used as evidence in divorce cases. But all of those still involved using the records at the actual tolls, where everyone knows the tags are being read.

However, it turns out that New York City has had an ongoing program to surreptitiously scan the tags in a variety of places supposedly for monitoring traffic. Indeed, you could see how that sort of traffic information might be useful, though these days with many other forms of traffic monitoring systems out there, it’s probably a lot less necessary than before. But this was only discovered because a hacker going by the name Puking Monkey (one assumes this was not his given name) got suspicious and hacked up an E-ZPass to light up and make a sound whenever it was read. Then he drove around Manhattan, and voila, the tag kept going off:

As Kash Hill’s article at Forbes notes, this has been going on for years, though, the various agencies involved have been rather quiet about it, and (perhaps most importantly) this type of usage does not appear to be disclosed in the terms and conditions for the E-ZPass. Oops.

The technology company that makes the devices insists that it’s not being used for any surveillance:

“The tag ID is scrambled to make it anonymous. The scrambled ID is held in dynamic memory for several minutes to compare with other sightings from other readers strategically placed for the purpose of measuring travel times which are then averaged to develop an understanding of traffic conditions,” says TransCore spokesperson Barbara Catlin by email. “Travel times are used to estimate average speeds for general traveler information and performance metrics. Tag sightings (reads) age off the system after several minutes or after they are paired and are not stored because they are of no value. Hence the system cannot identify the tag user and does not keep any record of the tag sightings.”

Of course, even if that is true today, that doesn’t mean it will always be true. We’re already well aware of how the NYPD is known for the extreme lengths it will go in terms of surveillance, including the fact that it’s set up its own intelligence division that many say rivals the intelligence operations of entire nations. Since the folks behind E-ZPass didn’t seem to think it was necessary to tell people that their devices would be used for traffic monitoring, how likely is it that anyone would be told if it was used for surveillance as well?

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NYC Tracking E-ZPass Tags All Over The City, Without Telling Drivers”

Subscribe: RSS Leave a comment
Ninja (profile) says:

Much like inventions that ended being used as weapons were not intended to be used this way by their original inventors the technology that makes everyday life practical and easier is being used for nefarious things.

A good way to stop such random readings would be to envelop the device in aluminum or materials that block radio waves and take it off when you want to use it. It’s less of a problem then the mobile phones issues.

ethorad (profile) says:

Re: Re:

Even easier – turn it off.

It seems the device is battery powered (source: wikipedia), so presumably it would be a fairly easy hack to fit a switch to the device. If I recall correctly from the last time I was in the US they’re often stuck on the inside of windscreens so drivers should be able to operate a switch without taking their eyes off the road.

Ninja (profile) says:

Re: Re: Re:

I’m not familiar with those so I wouldn’t know. I do have one installed in my car for 3 years now and never had to change it. If it’s batteries then they are very durable! Still not a bad idea if it’s possible.

Here it would be tricky since the device is sort of “rented” to you (ie: not yours) so if you trample with it you may end up having to pay for it. I’m not sure how much it costs heh.

out_of_the_blue says:

Now apply your last sentence to the information super-highway.

Where a typical site “may” (that means definitely does)

automatically record certain information from your system by using different types of tracking technology. This “automatically collected” information may include Internet Protocol address (“IP Address”), a unique device or user ID, version of software installed, system type, the content and pages that you access … and the dates and times that you visit

and mega-corporations do all that and more, actually track you offline too.

Who the hell wants to live in a totally survelled world? Is that freedom? — No, it’s a world where you’re a mere economic unit at best, to be molded into a passive consumer.

Even Mike sez: “Any system that involves spying on the activities of users is going to be a non-starter. Creeping the hell out of people isn’t a way of encouraging them to buy. It’s a way of encouraging them to want nothing to do with you.” — But that doesn’t apply to him monetizing you! — And that’s the inherent contradiction of teh internets.

Oblate (profile) says:

Don't go overboard...

E-ZSolution for E-ZPass problem:

1. Remove E-ZPass from windshield.
2a. Place E-ZPass on head under tin foil hat (on seat or dash but under hat would work as well, but would leave your brain vulnerable to whatever you were wearing the hat for).

Or have some fun with it, mess with their readings:
– take it on the subway
– run through Central Park with it
– put one on slow-moving vendor cart
– tie one to a pigeon
– make fake transmitters, be everywhere at once or time them so it looks like you’re moving down Broadway at Mach 3.
– use fake transmitters to generate thousands of fake signals, all moving with you. Laugh as they report the biggest traffic jam ever.

The possibilities for fun are almost limitless.

Ninja (profile) says:

Re: Don't go overboard...

You, sir, are doing it right. hats off

I personally like the “make fake transmitters, be everywhere at once or time them so it looks like you’re moving down Broadway at Mach 3” but the engineer in me keeps telling me the reading sensors wouldn’t be able to read the transmitter at Mach 3. However the other part says the cops are not that smart to notice this detail.

TimK (profile) says:

Here in PA they also utilize EZ Pass readers for traffic monitoring, and have for quite some time. Its quite useful to know the average travel time and often the LED info boards over the highway help me to avoid backups.

As long as the data is truly scrambled and wiped after a few hours and not stored or shared with the government, I’m ok with its use.

Not sure if its in the EZ Pass terms.

All that being said, “the government” could track vehicles just as easily with roadside license plate scanning cameras. And they could do that for nefarious purposes or just to get average travel times.

MikeC (profile) says:

In a conrete/technology world you have to be Stainless Steel Rat

Slippery Jim Digriz knew this — you can’t be any kind of rat today.. in this world you have be a stainless steel rat. More technology – easier to track just seems obvious.

How ’bout conspiracy theory here? (got to put on my new tin foil hat)

It’s obvious – the next step is you can track and fake locations, simple to frame anyone. The holders of this technological data are king makers. They can make it appear you are somewhere your not, link you to things you couldn’t have done, everyone believes in technology.

Think how this could affect political ambitions, elections, etc. Everyone is only worried about collecting data, but when you take it to some logical conclusions, based on how we already have secret interpretations of laws, etc.. No ethics, no morals, it’s a small step to manipulating events. You know what they say about absolute power!

aldestrawk says:

Re: Re:

The reason for the Faraday bag is because FastTrak also has reading stations used only for traffic monitoring. They do tell you about this but I am having trouble locating where that is on their website.
They also allow you to use the system anonymously, though they don’t make it all that convenient.

“In order to open an anonymous FasTrak account, you must visit the FasTrak Customer Service Center in person. You can open your account with cash, money order, or cashier’s check. A Representative will be able to open your account without requiring customer name, address or vehicle information. (If you try to open an account online, your name, address and vehicle information will be required.)”

“All account management for anonymous accounts must be conducted in person at the FasTrak Customer Service Center, including checking your account balance, ordering additional toll tags or closing your account.”

aldestrawk says:

Re: Re:

Ah, here it is:

“The Metropolitan Transportation Commission/511 operates a data collection system based on FasTrak toll tags to provide better information about the transportation network to Bay Area travelers, transportation managers, and transportation planners through its 511 Driving TimesSM service. To ensure that FasTrak users remain anonymous, encryption software is used to scramble each FasTrak toll tag ID number before any other processing happens. In addition, the encrypted toll tag ID numbers are retained for no longer than 24 hours and are then discarded. If you do not want your toll tag read for these purposes, place the toll tag in the special Mylar bag provided to you when you are not using it for payment of tolls at a toll plaza. The Mylar bags can be requested from the Customer Service Center. If you would like additional information about 511 Driving TimesSM and how toll tag data is protected, please visit”

JustMe (profile) says:

I would not visit that link

Because it is obviously spam.

Because the domain registration has expired:
lookup failed
Could not find an IP address for this domain name.
Creation Date: 17-nov-2011
Expiration Date: 17-nov-2014
Registrant Name: oscar castelblanco
Registrant Organization: oec media group
Registrant Street: 3 flower lane
Registrant City: new york
Registrant State/Province: New York
Registrant Postal Code: 11542
Registrant Phone: +1.6467173352

Next, wtf is that URL? Probably malicious, certain to cause instant Cholera and arthritis in small children.
Google results “About 4,690 results (0.52 seconds)” (first result)
Avenue Limousine – About Our Company
(516) 674-6111 Member Login | Request a Quote | Create an Account | Site Map. Avenue Limousine. On Time, Every Time. We Guarantee It.

Finally, have they driven in NY NY? There is NO WAY you can guarantee drive times, so this man is clearly unstable.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...