Slashdot Mirror

← Back to Stories (view on slashdot.org)

NYC Is Tracking RFID Toll Collection Tags All Over the City

Posted by Soulskill on from the oversight-planned-for-2018 dept.

In the northeast U.S., most of the tolls people encounter when driving make use of a system called E-ZPass to let them pay the tolls electronically. Drivers are given small RFID transponders that are scanned in tollbooths, at which point the toll is automatically deducted from a pre-paid account. One hacker got curious whether the RFID tags were being scanned elsewhere, so he tweaked his E-ZPass to blink a light and make a noise every time it was read. He tested the streets of New York City, and wasn't surprised to see it light up in plenty of places where there were no tollbooths to be found. From the article: "It’s part of Midtown in Motion, an initiative to feed information from lots of sensors into New York’s traffic management center. A spokesperson for the New York Department of Transportation, Scott Gastel, says the E-Z Pass readers are on highways across the city, and on streets in Manhattan, Brooklyn and Staten Island, and have been in use for years. The city uses the data from the readers to provide real-time traffic information, as for this tool. The DoT was not forthcoming about what exactly was read from the passes or how long geolocation information from the passes was kept. Notably, the fact that E-ZPasses will be used as a tracking device outside of toll payment, is not disclosed anywhere that I could see in the terms and conditions. When I talked to the E-ZPass Inter-agency Group — the umbrella association that oversees the use of the pay-toll-paying tags in 15 different states — it said New York is the only state that is employing this inventive re-use of the tags. ... 'If NYDOT can put up readers, says [the hacker], 'other agencies could as well.'"

6 of 314 comments (clear)

  1. Not completely news by RedShoeRider · · Score: 5, Informative
    "Notably, the fact that E-ZPasses will be used as a tracking device outside of toll payment, is not disclosed anywhere that I could see in the terms and conditions. "

    In NJ, buried in the fine print, is a line that reads something like "other information may be obtained by the the Consortium at their discretion", which easily translates to: "We're going to use this to monitor traffic flow, and by doing that, we're monitoring you".

    If you're driving on the Parkway (a New Jersey toll highway), there are plenty of places where you can see EZPass pickups buried in the road surface that are nowhere near the toll sites.

    --

    Chris Knight is my hero.

  2. Re:Still pissed by CanHasDIY · · Score: 5, Informative

    I'm still pissed I was labeled a troll when I mentioned that there was no privacy in the US.

    Yea, I'm sure it was because you "mentioned" it; surely you weren't labeled a troll for gems such as:

    So give up on the privacy whining.

    Or

    The only dumbasses who care about privacy are the ones doing something they know to be illegal

    Or maybe even

    I bet Castro was a privacy advocate.

    Now GTF my lawn, you fucking troll you.

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
  3. Time to put a shoe box sized faraday cage in car by rolfwind · · Score: 4, Informative

    http://www.thesurvivalistblog.net/build-your-own-faraday-cage-heres-how/

  4. Wouldn't that be true for *ANY* type of RFID? by mark-t · · Score: 3, Informative

    I mean, if you have an RFID chip, wouldn't it be detecting that it's being read whenever it passes near *ANY* scanner, whether or not the people who operate the scanner are actually even interested in that RFID? All someone else would know, in general, is that the RFID isn't one that they are trying to track, and I'd imagine at *MOST* they may be able to know which company was tracking that RFID (although I'm not even sure they could do that). And even then, without access to the other company's database of users they would have no way to know who it was who had that RFID or any other personal information.

    --
    File under 'M' for 'Manic ranting'
  5. Re:Still pissed by newcastlejon · · Score: 2, Informative

    Have you not been paying attention to Russia lately? Gay sex recently became illegal again.

    No, it didn't. Talking about it, however, is a different story.

    Have you not been paying attention?

    --
    If God forks the Universe every time you roll a die, he'd better have a damned good memory.
  6. Re:Tin Foil Hat for your car? by Ronin+Developer · · Score: 5, Informative

    When I received my EZ-Pass, I also received a bag (like those used to protect electronic chips) that I could put my EZ-Pass in when I don't want it to be read. It's my choice.

    People were so up and arms of the UUID in iPhones and iPads being used to track their activity...but, the ability to collect this type of UUID in EZ-Pass has been available for years and nobody gave a rat's ass. The difference over license plate numbers (readable via OCR) is that these are easier to read....AEI tags, the tags used on railcars (EZ-Pass on steroids) were designed to be read as trains passed at over 90 MPH.

    If you run a GPS such as Waze or another with real-time traffic analysis....it's, likely, reporting your position, speed, direction and...an identifier (maybe just your Waze account ID). All modern cell phones are E911 capable - they know where you are ... if they care. Do you turn your phone off when you drive your the car or go about your daily business? Unlikely.

    There are far bigger things to worry about.

    That being said, it would be interesting to know how this data was actually being used, stored and shared.