Forgot your password?
typodupeerror
Privacy Transportation Technology

NYC Is Tracking RFID Toll Collection Tags All Over the City 314

Posted by Soulskill
from the oversight-planned-for-2018 dept.
In the northeast U.S., most of the tolls people encounter when driving make use of a system called E-ZPass to let them pay the tolls electronically. Drivers are given small RFID transponders that are scanned in tollbooths, at which point the toll is automatically deducted from a pre-paid account. One hacker got curious whether the RFID tags were being scanned elsewhere, so he tweaked his E-ZPass to blink a light and make a noise every time it was read. He tested the streets of New York City, and wasn't surprised to see it light up in plenty of places where there were no tollbooths to be found. From the article: "It’s part of Midtown in Motion, an initiative to feed information from lots of sensors into New York’s traffic management center. A spokesperson for the New York Department of Transportation, Scott Gastel, says the E-Z Pass readers are on highways across the city, and on streets in Manhattan, Brooklyn and Staten Island, and have been in use for years. The city uses the data from the readers to provide real-time traffic information, as for this tool. The DoT was not forthcoming about what exactly was read from the passes or how long geolocation information from the passes was kept. Notably, the fact that E-ZPasses will be used as a tracking device outside of toll payment, is not disclosed anywhere that I could see in the terms and conditions. When I talked to the E-ZPass Inter-agency Group — the umbrella association that oversees the use of the pay-toll-paying tags in 15 different states — it said New York is the only state that is employing this inventive re-use of the tags. ... 'If NYDOT can put up readers, says [the hacker], 'other agencies could as well.'"
This discussion has been archived. No new comments can be posted.

NYC Is Tracking RFID Toll Collection Tags All Over the City

Comments Filter:
  • by killfixx (148785) * on Friday September 13, 2013 @12:40PM (#44841633) Journal

    Do a lot of tracking of everything a person does and only come clean when someone calls 'em out...

    I hope this "hacker" is anonymous... Otherwise he's headed for a jail cell...

    It used to be okay to point out when your government was being shady...

    Not anymore!!

    Yay!

    Welcome to 1984!

    • by cayenne8 (626475)
      I've rarely lived anywhere that had toll roads or toll bridges, but when I have and had to use them (like when moving all over creation after Katrina), I just paid cash.

      To me, it was worth the little extra they charged to keep from being tracked every time I crossed the bridge, etc.

      • by Maxo-Texas (864189) on Friday September 13, 2013 @01:07PM (#44841927)

        You could actually use this the other way.

        Remove the tag before you go do something naughty but keep it in your car other times.

      • Re: (Score:3, Interesting)

        by fizzer06 (1500649)
        In the Dallas-FortWorth area, you can't pay cash, no toll booths. You get a bill in the mail if you don't have EZ Pass. The bill includes extra fees for examining the photograph and mailing the bill.
        • That is increasingly the case in my area as well. Basically the older toll roads have booths but the newer ones do not. I also notice that increasingly the booths on the older ones are only manned at peak travel times. So realistically if you use those roads much at all you pretty much have to have an EZ Pass. Fortunately my current job doesn't take me through the areas with the tolls very much so I haven't had one for years. The rest of the time I just detour around the toll roads whenever possible.
          • by bluefoxlucid (723572) on Friday September 13, 2013 @01:36PM (#44842239) Journal
            eventually it will be illegal to drive without EZPass, and you will be billed for driving all over the place. All roads will be toll roads.
            • eventually it will be illegal to drive without EZPass, and you will be billed for driving all over the place. All roads will be toll roads.

              We already are billed for driving all over the place. It's called taxes and it requires no special equipment for your car.

              • Yes and I pay money in taxes that covers city services, and when I call to have those services performed they close the ticket and say "alleyway cleaned, debris removed" and I go back and see they have removed zero of the trash bags, tires, or abandoned building materials. Call again, they remove... most of it, leave some building materials and concrete around. I pay for this shit in taxes you know. And people tell me, "Do it yourself and pay a junk company to remove it, you freeloader!"

                Do you really

            • by zuvembi (30889)

              Well, I don't know about you, but I'm already paying sales tax, gas tax, property tax and other taxes to pay for roads. Personally I'm fine with that. Nothing wrong with using taxes to maintain infrastructure.

              I'm more worried about what other uses the data is being used for. I find the idea of faceless individuals continually knowing everywhere I'm going sort of creepy and worrying from a civil liberty standpoint.

              Of course the obvious solution is to put your EZPass in a Faraday cage of some sort when you

          • And so you take your EZ-Pass, iPass, or whatever, and put it into its metal box after you're past the toll-whatever.

            Some of the tollbooths now take RFID-based credit cards. Same answer. These are radiological tokens. Kill the radio by putting it into a metal can, box, or even most ashtrays.

            That it's tracked isn't surprising. I'm looking at your cam right now. Stop picking your nose.

        • by cayenne8 (626475)

          In the Dallas-FortWorth area, you can't pay cash, no toll booths. You get a bill in the mail if you don't have EZ Pass. The bill includes extra fees for examining the photograph and mailing the bill.

          So, how exactly does this work for people from out of town/state? Don't they have to take cash for situations like that?

          • Seattle has something similar on the 520 bridge. People with out of state license plates don't get billed. Last I checked, occasionally locals would get bills in the mail (in unmarked white envelopes, of course) if they had the same license plates as the out-of-state ones.
      • by alen (225700)

        the last time i drove to the Bronx Zoo i bet some government worker had an alert flash when i paid my toll via ez-pass
        he jumped up and screamed, we got him. we got him. he's driving to the bronx

      • by sfm (195458)

        The problem with cash is the number of places that accept this form of payment is shrinking rapidly. I see a day in the near future where your only 2 options for Highway/Bridge tolls are Tolltag and Pay-By-Mail (They photograph your plates and mail you the bill).

        But no matter how you pay, you are still being photographed, not only as you approach and depart, but also while you pass the toll booth. Check out those vertical cameras at ALL of the SF Bay toll plazas.

      • by mlts (1038732) *

        Here in my neck of the woods, there are plenty of toll roads, and none will accept cash. One uses a TXTag transponder, or it will snap a pic of the license plate and mail a bill. No cash booths since January.

      • by icebike (68054)

        I've rarely lived anywhere that had toll roads or toll bridges, but when I have and had to use them (like when moving all over creation after Katrina), I just paid cash.

        To me, it was worth the little extra they charged to keep from being tracked every time I crossed the bridge, etc.

        Next time you pull up to the toll plaza, pay attention to the license plate readers.

  • Cup holder (Score:5, Funny)

    by A10Mechanic (1056868) on Friday September 13, 2013 @12:47PM (#44841703)
    Does it also chart the size of the soda in your cup holder?
    • by AmiMoJo (196126) *

      Maybe. It's RFID based, could be capable of activating all RFID tags in the vehicle, including ones used by shops to track stock.

  • Not completely news (Score:5, Informative)

    by RedShoeRider (658314) on Friday September 13, 2013 @12:52PM (#44841745)
    "Notably, the fact that E-ZPasses will be used as a tracking device outside of toll payment, is not disclosed anywhere that I could see in the terms and conditions. "

    In NJ, buried in the fine print, is a line that reads something like "other information may be obtained by the the Consortium at their discretion", which easily translates to: "We're going to use this to monitor traffic flow, and by doing that, we're monitoring you".

    If you're driving on the Parkway (a New Jersey toll highway), there are plenty of places where you can see EZPass pickups buried in the road surface that are nowhere near the toll sites.

    • I remember this being discussed several years ago (I think here on Slashdot, in fact), but for Houston. The toll tags were being read by sensors mounted on nearly every overpass sign and used to create the traffic speed maps that we've all come to know and love. The controversy was primarily that they were not anonymizing the data and had no defined retention period. It surprised a lot of people at the time. Now, not so much. I'm actually surprised that anyone is actually surprised by this story. I now jus
    • by Animats (122034)

      If you're driving on the Parkway (a New Jersey toll highway), there are plenty of places where you can see EZPass pickups buried in the road surface that are nowhere near the toll sites.

      Loops in the road surface are a different kind of sensor. Those just count vehicles, and if installed in pairs, measure speed. At least in California, that's where the CALTRANS road data [511.org] comes from. That's been around since at least the 1980s; LA used to have a cable channel which just showed the freeway status map.

      Interestingly, the LA area and the SF area have quite different privacy policies. Compare Bay Area Fastrak [bayareafastrak.org], which is quite reasonable, to LA Metro [metroexpresslanes.net], which asks "customers for demographic inform

    • by lewiscr (3314)

      The CA fine print has the same info.

      If you don't agree, you can can ask the provider for a RF shielding bag. This comes with a warning that you're liable for fines if you forget to take the pass out of the bag before using a toll.

  • Quick hardware hack (Score:4, Interesting)

    by Freshly Exhumed (105597) on Friday September 13, 2013 @12:55PM (#44841775) Homepage

    Time to put your transponder into a flip-lid Faraday Cage [wikipedia.org] that springs open only when you require it, then closes by default.

    • by Andy Dodd (701) <atd7@nOspaM.cornell.edu> on Friday September 13, 2013 @01:02PM (#44841855) Homepage

      Interestingly enough, EZ-Pass devices installed in rental vehicles do EXACTLY this to allow the renter choice of whether to use EZ-Pass or normal tolls.

    • by swb (14022)

      I don't know how other transponders work, but my Minnesota EZ-Pass turns off when I remove it from the windshield-mounted holder -- there's a pin in the holder that hits a recessed switch.

      I remove it when I am using an HOV lane as an actual carpool so I don't pay the toll for using it.

      I would assume that this would keep it "off" for all other uses of it, unless the apparent off setting is only valid for HOV lane readers, same with the "beep" it generates when the HOV readers scan it.

  • by _Ludwig (86077) on Friday September 13, 2013 @01:00PM (#44841827) Journal

    I have never kept my FasTrak (our version of EZPass) stuck to the windshield. It lives in its mylar foil bag in the center console until I’m approaching a toll. Besides, people will break a window and steal it. It can’t be linked to a different vehicle, at least not without me setting that up, so it’s pretty much worthless to anyone else, but crackheads don’t know that.

    • I do the same, but I tend to keep it attached to my car if we're going on a road trip. Otherwise, during normal car use, the EZPass is in a bag in my glove compartment.

    • It can’t be linked to a different vehicle, at least not without me setting that up, so it’s pretty much worthless to anyone else, but crackheads don’t know that. . . .

      Why not? Does the system cross-check against license plate photos or something like that? I've seen friends move turnpike transponders (not called FasTrak, so not in your area) and I didn't know they'd done anything special to use it with a rental or company car, etc. But I never thought to ask, either.

      • by _Ludwig (86077)

        You could probably use it until it’s reported stolen, but you would be taking a risk every time you went through a toll, not knowing if it had been flagged yet. Toll evasion tickets go to the owner of the plate, not the pass. The only way to legitimately associate the pass with a different plate is to log in to the account on line. Likewise refilling it.

  • by ravenscar (1662985) on Friday September 13, 2013 @01:00PM (#44841833)

    It's called a license plate. With technology that allows license plates to be read by cameras, any government organization could track the movements of every vehicle everywhere in their jurisdiction. Don't think you can't be tracked because you don't have an RFID tag in your vehicle.

    • Yeah, and a sample license plate tracker comes with openCV these days. Takes about 20 minutes to put together a tracker that observes all visitors to the adult movie booth place down the street, and another hour or two in front of the government offices to associate license plates with bureaucrats. You know what they say, "information is power."
      • Have fun associating those licence plates with bureaucrats, they figured out this ploy and used "terrorism" as a rational to shield them from discovery. After all we have to protect our bureaucrats from terrorists don't ya know.

    • by flogger (524072)

      government organizations do track the movements of every vehicle everywhere in and out of their jurisdiction

      Fixed that for you.

  • Hubris (Score:5, Insightful)

    by WOOFYGOOFY (1334993) on Friday September 13, 2013 @01:04PM (#44841875)

    It's a tactical mistake borne of hubris. When the RFID chips came out, people were paranoid they'd be use to track instead of ease on off congestion in toll roads as advertised. Officialdom trotted out the usual assurances. Now they're using them to track cars.. (as if they can't already do that through other means).

    The long term effect is to breed distrust of government and technology. To induce a cynical turn of mind .

    Seeing as 99% of security relies on public buy in , cooperation, the feeling of a shared purpose and identity and absent those things or if those things are greatly degraded, we have no effective security, this has to be seen as a big security blunder.

    Tricking, coercing, forcing, sneaking by people what's needed for security is a bad idea. It was a bad idea when the NSA started doing it whether they were getting away with it or not. It's a bad idea wherever it goes. It works against security in a million ways none of which anyone can control.

    The way to security buy in is through more openness, more sharing of the problems and threats we face and above all the verifiable protection of our civil liberties against the abuses which inevitably occur when identity and details of people's private lives are exposed for examination by the state.

    You have to firewall international (or national) terrorism from all other concerns. You cannot use this information to, say catch drug dealers or common murders. Neither can you over-define what terrorism IS. Copyright violations aren't terrorism and neither are the activities of organized crime. Mainstream , even violent political protestors aren't terrorists and neither are the Tea Party or anarchists. That's called- regular life, normal criminal deviance that is NOT terroristic; the goal is not to undo Western civilization.

    Deniers are of course not terrorists, despite my hyperbolic moniker.

    Because that IS a slippery slope and what will happen is there will grow widespread, covert, person to person rebellion ande non-cooperation, subversion and ultimate undermining of security.

    People don't want to live in Stasiland, whatever benefits there are to living in Stasiland and it' takes not very much to get people to thinking that they are living in Stasiland.

    I am to the right of most people on this forum, (yesterday's rating drubbing) which is to say in the middle of the political spectrum. Even I am creeped out by some of the things that have been going on. It's human nature to abuse power in ways that lead to undue influence by the power wielders and then on to a kind of defacto fascism. That's not a political perspective, that's a historical and psychological fact and moreover instinctive knowledge. It is not possible to talk your way around instinctive knowledge.

    • If I hadn't commented already, I would throw some Karma your way on this one, Woofy. It's amazing how difficult it is to explain to otherwise very intelligent people the difference between "perfect" security and "effective" security.
    • by houghi (78078)

      The long term effect is to breed distrust of government and technology

      There are people who still trust their government?

  • everyone complains how government is so dumb in how they build out the wrong infrastructure in the wrong place
    and when they try to study things for future build outs its suddenly a huge violation of privacy

  • ...Not sure if this was just Science Fiction, but how hard would it be to clone an EZ pass off a random stranger and then reprogram a second random stranger's pass with said data?
  • by mark-t (151149) <`markt' `at' `lynx.bc.ca'> on Friday September 13, 2013 @01:16PM (#44842029) Journal
    I mean, if you have an RFID chip, wouldn't it be detecting that it's being read whenever it passes near *ANY* scanner, whether or not the people who operate the scanner are actually even interested in that RFID? All someone else would know, in general, is that the RFID isn't one that they are trying to track, and I'd imagine at *MOST* they may be able to know which company was tracking that RFID (although I'm not even sure they could do that). And even then, without access to the other company's database of users they would have no way to know who it was who had that RFID or any other personal information.
  • by nblender (741424) on Friday September 13, 2013 @01:16PM (#44842037)

    As others have mentioned, if gubmint wanted to track you, they'd use your license plate because everybody has to have one of those whereas these toll passes are optional... In my city (Calgary, Alberta) the municipal government uses bluetooth ID's to track phones/cars as they travel down the roads to generate traffic information. We have handy signs that report the expected time to various exits. I've found it handy because I know about how long it should usually take to a specific exit and if the reported time is wildly different, I can choose to exit sooner and take an alternate route...

    I suppose I could surmise that the municipal government has some way to tie my cellphone to my name and is tracking me... But I think it largely improbable and I can always turn off my bluetooth if I'm doing something nefarious just as NYCers can put their tags in a metal box.

  • by Applekid (993327) on Friday September 13, 2013 @01:30PM (#44842171)

    In Florida, we have a toll transponder system too. Recently waves of notices have been going out that the older style transponders are being deprecated for newer ones. I always thought that was kind of silly because the new style transponders are currently compatible with the existing system just like old ones are, so it's not really a "protocol" type change (I'm a software guy, not an EE, so there is likely some RFID stuff I don't know about).

    The biggest change? The older transponders would beep when scanned, the newer ones no longer have that functionality. Sounds like perpetual tracking is coming to my state.

  • by Quila (201335) on Friday September 13, 2013 @01:46PM (#44842337)

    In the conditions of your contract you gave up a specified amount of privacy (your time/location information at toll booths) in exchange for the consideration of the convenience the service provides. They have now taken more privacy than you willingly gave up, providing more value for themselves than the contract gave them, and have provided no further consideration to you.

    Classic example of "Give government a tool, and it will be abused."

  • Makes putting my passport in some sort of signal-baffling enclosure feel a bit less paranoid.
  • There are EZ Tag readers on all the freeways in Houston, and have been for years, to track traffic congestion. Compaq Computer (remember them?) used readers to scan EZ Tags to track who came and went from their headquarters, well before they merged with HP. The Houston airport system, for a while, allowed EZ Tag customers to pay for parking using their EZ Tag.

    It could be worse! They COULD use the GPS on your phone to track your every move, to find out who you are with and where you go, even when you aren

  • ...I keep my device in a part of the car that can't be read. and I take it out only when I get onto the toll road.

  • by mi (197448) <slashdot-2012@virtual-estates.net> on Friday September 13, 2013 @02:39PM (#44842827) Homepage
    If the government cared for privacy, they would've made these tags anonymous — to be purchased and/or re-charged at gas-stations and convenience stored. Instead they must be registered to both your name and your license-plate and even using your own transponder in a rental car while yours is in a shop, is a violation of the terms (though people normally get away with it).

    It was obvious from day one, data-collection was at least a secondary objective. Nominally the system is owned by a private company(ies), but with the government-enforced monopoly we get the worst of both worlds — a business' normal desire for profit, with government-style absence of competition.

  • It's a good thing this "hacker" kept his name out of it. The NYPD would be arresting him on a trumped up "hacking" or "terrorism" charge.

  • by catfood (40112) on Friday September 13, 2013 @04:10PM (#44843545) Homepage
    It's unauthorized access to my computing device.

Whoever dies with the most toys wins.

Working...