NYC Tracking E-ZPass Tags All Over The City, Without Telling Drivers

from the big-brother-is-watching dept

New York, and many states in the northeast and midwest, use an RFID toll-paying solution called E-ZPass (the system works in multiple states -- but not all, which is why, for example, you can't use the E-ZPass on California's Fastrak system). Ever since E-ZPass came into existence, some have expressed concerns that the tags would be used for tracking, rather than just for more convenient and efficient toll-paying. And, in fact, the toll-paying records have been used in a variety of legal cases, from catching an official who falsified time sheets to being used as evidence in divorce cases. But all of those still involved using the records at the actual tolls, where everyone knows the tags are being read.

However, it turns out that New York City has had an ongoing program to surreptitiously scan the tags in a variety of places supposedly for monitoring traffic. Indeed, you could see how that sort of traffic information might be useful, though these days with many other forms of traffic monitoring systems out there, it's probably a lot less necessary than before. But this was only discovered because a hacker going by the name Puking Monkey (one assumes this was not his given name) got suspicious and hacked up an E-ZPass to light up and make a sound whenever it was read. Then he drove around Manhattan, and voila, the tag kept going off:
As Kash Hill's article at Forbes notes, this has been going on for years, though, the various agencies involved have been rather quiet about it, and (perhaps most importantly) this type of usage does not appear to be disclosed in the terms and conditions for the E-ZPass. Oops.

The technology company that makes the devices insists that it's not being used for any surveillance:
“The tag ID is scrambled to make it anonymous. The scrambled ID is held in dynamic memory for several minutes to compare with other sightings from other readers strategically placed for the purpose of measuring travel times which are then averaged to develop an understanding of traffic conditions,” says TransCore spokesperson Barbara Catlin by email. “Travel times are used to estimate average speeds for general traveler information and performance metrics. Tag sightings (reads) age off the system after several minutes or after they are paired and are not stored because they are of no value. Hence the system cannot identify the tag user and does not keep any record of the tag sightings.”
Of course, even if that is true today, that doesn't mean it will always be true. We're already well aware of how the NYPD is known for the extreme lengths it will go in terms of surveillance, including the fact that it's set up its own intelligence division that many say rivals the intelligence operations of entire nations. Since the folks behind E-ZPass didn't seem to think it was necessary to tell people that their devices would be used for traffic monitoring, how likely is it that anyone would be told if it was used for surveillance as well?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: e-zpass, nyc, rfid, tolls, tracking, traffic


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 13 Sep 2013 @ 7:37am

    Much like inventions that ended being used as weapons were not intended to be used this way by their original inventors the technology that makes everyday life practical and easier is being used for nefarious things.

    A good way to stop such random readings would be to envelop the device in aluminum or materials that block radio waves and take it off when you want to use it. It's less of a problem then the mobile phones issues.

    link to this | view in chronology ]

    • icon
      ethorad (profile), 13 Sep 2013 @ 7:55am

      Re:

      Even easier - turn it off.

      It seems the device is battery powered (source: wikipedia), so presumably it would be a fairly easy hack to fit a switch to the device. If I recall correctly from the last time I was in the US they're often stuck on the inside of windscreens so drivers should be able to operate a switch without taking their eyes off the road.

      link to this | view in chronology ]

      • icon
        Ninja (profile), 13 Sep 2013 @ 8:04am

        Re: Re:

        I'm not familiar with those so I wouldn't know. I do have one installed in my car for 3 years now and never had to change it. If it's batteries then they are very durable! Still not a bad idea if it's possible.

        Here it would be tricky since the device is sort of "rented" to you (ie: not yours) so if you trample with it you may end up having to pay for it. I'm not sure how much it costs heh.

        link to this | view in chronology ]

    • icon
      Derek Kerton (profile), 13 Sep 2013 @ 3:30pm

      Re:

      "A good way to stop such random readings would be to envelop the device in aluminum or materials that block radio waves"

      ...but I'm already wearing that on my head.

      link to this | view in chronology ]

  • icon
    arkiel (profile), 13 Sep 2013 @ 7:58am

    Build faraday cage. Break circuit when you need to pay. Easy.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 13 Sep 2013 @ 2:34pm

      Re:

      Or, I dunno, just pay cash and get rid of the transponder completely.

      Or even better, do what I do -- live in a part of the country that doesn't have these crazy toll roads or bridges.

      link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    out_of_the_blue, 13 Sep 2013 @ 8:03am

    Now apply your last sentence to the information super-highway.

    Where a typical site "may" (that means definitely does)
    automatically record certain information from your system by using different types of tracking technology. This "automatically collected" information may include Internet Protocol address ("IP Address"), a unique device or user ID, version of software installed, system type, the content and pages that you access ... and the dates and times that you visit
    and mega-corporations do all that and more, actually track you offline too.

    Who the hell wants to live in a totally survelled world? Is that freedom? -- No, it's a world where you're a mere economic unit at best, to be molded into a passive consumer.

    Even Mike sez: "Any system that involves spying on the activities of users is going to be a non-starter. Creeping the hell out of people isn't a way of encouraging them to buy. It's a way of encouraging them to want nothing to do with you." -- But that doesn't apply to him monetizing you! -- And that's the inherent contradiction of teh internets.

    link to this | view in chronology ]

  • icon
    Oblate (profile), 13 Sep 2013 @ 8:10am

    Don't go overboard...

    E-ZSolution for E-ZPass problem:

    1. Remove E-ZPass from windshield.
    2a. Place E-ZPass on head under tin foil hat (on seat or dash but under hat would work as well, but would leave your brain vulnerable to whatever you were wearing the hat for).

    Or have some fun with it, mess with their readings:
    - take it on the subway
    - run through Central Park with it
    - put one on slow-moving vendor cart
    - tie one to a pigeon
    - make fake transmitters, be everywhere at once or time them so it looks like you're moving down Broadway at Mach 3.
    - use fake transmitters to generate thousands of fake signals, all moving with you. Laugh as they report the biggest traffic jam ever.

    The possibilities for fun are almost limitless.

    link to this | view in chronology ]

    • icon
      Ninja (profile), 13 Sep 2013 @ 10:04am

      Re: Don't go overboard...

      You, sir, are doing it right. *hats off*

      I personally like the "make fake transmitters, be everywhere at once or time them so it looks like you're moving down Broadway at Mach 3" but the engineer in me keeps telling me the reading sensors wouldn't be able to read the transmitter at Mach 3. However the other part says the cops are not that smart to notice this detail.

      link to this | view in chronology ]

      • identicon
        PRMan, 13 Sep 2013 @ 11:35am

        Re: Re: Don't go overboard...

        You'll go to prison for driving through Manhattan at Mach 3. After all, they have indisputable proof.

        link to this | view in chronology ]

  • icon
    arkiel (profile), 13 Sep 2013 @ 8:21am

    I'm liking the fake transmitter idea a lot. There's no way those things have any proprietary tech that would make them hard to make.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Sep 2013 @ 8:23am

    EZ Spy.
    They are already tracking our cell phones so why bother messing with EZ pass. It would be as useful as tracking portable CD players.

    link to this | view in chronology ]

  • icon
    TimK (profile), 13 Sep 2013 @ 8:26am

    Here in PA they also utilize EZ Pass readers for traffic monitoring, and have for quite some time. Its quite useful to know the average travel time and often the LED info boards over the highway help me to avoid backups.

    As long as the data is truly scrambled and wiped after a few hours and not stored or shared with the government, I'm ok with its use.

    Not sure if its in the EZ Pass terms.

    All that being said, "the government" could track vehicles just as easily with roadside license plate scanning cameras. And they could do that for nefarious purposes or just to get average travel times.

    link to this | view in chronology ]

  • icon
    Jeffrey Nonken (profile), 13 Sep 2013 @ 8:36am

    He's using a pseudonym because hacking an EZ-Pass is probably a felony punishable by 13 consecutive life sentences, whereas police gang-beating a helpless old man to death gets a wrist slap.

    Not that I am bitter.

    link to this | view in chronology ]

  • icon
    MikeC (profile), 13 Sep 2013 @ 8:45am

    In a conrete/technology world you have to be Stainless Steel Rat

    Slippery Jim Digriz knew this -- you can't be any kind of rat today.. in this world you have be a stainless steel rat. More technology - easier to track just seems obvious.

    How 'bout conspiracy theory here? (got to put on my new tin foil hat)

    It's obvious - the next step is you can track and fake locations, simple to frame anyone. The holders of this technological data are king makers. They can make it appear you are somewhere your not, link you to things you couldn't have done, everyone believes in technology.

    Think how this could affect political ambitions, elections, etc. Everyone is only worried about collecting data, but when you take it to some logical conclusions, based on how we already have secret interpretations of laws, etc.. No ethics, no morals, it's a small step to manipulating events. You know what they say about absolute power!

    link to this | view in chronology ]

    • icon
      Ninja (profile), 13 Sep 2013 @ 10:07am

      Re: In a conrete/technology world you have to be Stainless Steel Rat

      You can "set up" an alibi. This absurd surveillance will backfire at some point. Just use it against itself.

      link to this | view in chronology ]

  • icon
    David Woodhead (profile), 13 Sep 2013 @ 9:35am

    @arkiel:

    Build faraday cage. Break circuit when you need to pay. Easy.

    This must be some new usage of the word 'easy' with which I'm not familiar.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Sep 2013 @ 9:44am

    I know when I got my FastTrack tag, they came with a Nice Bag you can keep it in when not is use. While in the bag it blocks the signal preventing reading of the tag.

    Also their are a few sites that show how to modify the tag with a Nice little On/Off switch.

    link to this | view in chronology ]

    • icon
      aldestrawk (profile), 13 Sep 2013 @ 12:34pm

      Re:

      The reason for the Faraday bag is because FastTrak also has reading stations used only for traffic monitoring. They do tell you about this but I am having trouble locating where that is on their website.
      They also allow you to use the system anonymously, though they don't make it all that convenient.

      "In order to open an anonymous FasTrak account, you must visit the FasTrak Customer Service Center in person. You can open your account with cash, money order, or cashier's check. A Representative will be able to open your account without requiring customer name, address or vehicle information. (If you try to open an account online, your name, address and vehicle information will be required.)"

      "All account management for anonymous accounts must be conducted in person at the FasTrak Customer Service Center, including checking your account balance, ordering additional toll tags or closing your account."

      link to this | view in chronology ]

    • icon
      aldestrawk (profile), 13 Sep 2013 @ 12:48pm

      Re:

      Ah, here it is:

      "The Metropolitan Transportation Commission/511 operates a data collection system based on FasTrak toll tags to provide better information about the transportation network to Bay Area travelers, transportation managers, and transportation planners through its 511 Driving TimesSM service. To ensure that FasTrak users remain anonymous, encryption software is used to scramble each FasTrak toll tag ID number before any other processing happens. In addition, the encrypted toll tag ID numbers are retained for no longer than 24 hours and are then discarded. If you do not want your toll tag read for these purposes, place the toll tag in the special Mylar bag provided to you when you are not using it for payment of tolls at a toll plaza. The Mylar bags can be requested from the Customer Service Center. If you would like additional information about 511 Driving TimesSM and how toll tag data is protected, please visit www.511.org/copyright_items/privacy.asp."

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Sep 2013 @ 1:30pm

    and yet another surveillance method is exposed, after happening for years without anyone knowing! how many more are there? it's making me wonder if there isn't something sewn into my underwear that will give away my position! (dressing to the left?)

    link to this | view in chronology ]

    • identicon
      Anon-Y-Mouse, 8 Oct 2013 @ 9:18am

      Re:

      and yet another surveillance method is exposed, after happening for years without anyone knowing! how many more are there? it's making me wonder if there isn't something sewn into my underwear that will give away my position! (dressing to the left?)
      Googgle RFID tag clothing...

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Oct 2013 @ 9:20am

      Re:

      and yet another surveillance method is exposed, after happening for years without anyone knowing! how many more are there? it's making me wonder if there isn't something sewn into my underwear that will give away my position! (dressing to the left?)
      Google RFID tag clothing...

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Sep 2013 @ 4:42pm

    The new surveillance state - USA.

    link to this | view in chronology ]

  • identicon
    Avelimo, 12 Nov 2013 @ 11:03pm

    Limo service

    Hi! Everyone....
    I just post this ad. It is about the Limousine Service in around New York city which offers affordable payments.
    For more inquiry click this page:
    http://www.avelimo.com

    link to this | view in chronology ]

  • icon
    JustMe (profile), 22 Jan 2015 @ 4:28am

    I would not visit that link

    Because it is obviously spam.

    Because the domain registration has expired:
    lookup failed avelimo.com
    Could not find an IP address for this domain name.
    Creation Date: 17-nov-2011
    Expiration Date: 17-nov-2014
    Registrant Name: oscar castelblanco
    Registrant Organization: oec media group
    Registrant Street: 3 flower lane
    Registrant City: new york
    Registrant State/Province: New York
    Registrant Postal Code: 11542
    Registrant Phone: +1.6467173352

    Next, wtf is that URL? Probably malicious, certain to cause instant Cholera and arthritis in small children.
    Google results "About 4,690 results (0.52 seconds)" (first result)
    Avenue Limousine - About Our Company
    www.avelimo.com.php53-6.dfw1-1.websitetestlink.com/about.html
    (516) 674-6111 Member Login | Request a Quote | Create an Account | Site Map. Avenue Limousine. On Time, Every Time. We Guarantee It.

    Finally, have they driven in NY NY? There is NO WAY you can guarantee drive times, so this man is clearly unstable.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.