Slashdot Mirror
NYC Is Tracking RFID Toll Collection Tags All Over the City
In the northeast U.S., most of the tolls people encounter when driving make use of a system called E-ZPass to let them pay the tolls electronically. Drivers are given small RFID transponders that are scanned in tollbooths, at which point the toll is automatically deducted from a pre-paid account. One hacker got curious whether the RFID tags were being scanned elsewhere, so he tweaked his E-ZPass to blink a light and make a noise every time it was read. He tested the streets of New York City, and wasn't surprised to see it light up in plenty of places where there were no tollbooths to be found. From the article:
"It’s part of Midtown in Motion, an initiative to feed information from lots of sensors into New York’s traffic management center. A spokesperson for the New York Department of Transportation, Scott Gastel, says the E-Z Pass readers are on highways across the city, and on streets in Manhattan, Brooklyn and Staten Island, and have been in use for years. The city uses the data from the readers to provide real-time traffic information, as for this tool. The DoT was not forthcoming about what exactly was read from the passes or how long geolocation information from the passes was kept. Notably, the fact that E-ZPasses will be used as a tracking device outside of toll payment, is not disclosed anywhere that I could see in the terms and conditions. When I talked to the E-ZPass Inter-agency Group — the umbrella association that oversees the use of the pay-toll-paying tags in 15 different states — it said New York is the only state that is employing this inventive re-use of the tags. ... 'If NYDOT can put up readers, says [the hacker], 'other agencies could as well.'"
Do a lot of tracking of everything a person does and only come clean when someone calls 'em out...
I hope this "hacker" is anonymous... Otherwise he's headed for a jail cell...
It used to be okay to point out when your government was being shady...
Not anymore!!
Yay!
Welcome to 1984!
"Helping to keep you two steps ahead of the Thought Police!"
Does it also chart the size of the soda in your cup holder?
In NJ, buried in the fine print, is a line that reads something like "other information may be obtained by the the Consortium at their discretion", which easily translates to: "We're going to use this to monitor traffic flow, and by doing that, we're monitoring you".
If you're driving on the Parkway (a New Jersey toll highway), there are plenty of places where you can see EZPass pickups buried in the road surface that are nowhere near the toll sites.
Chris Knight is my hero.
Funny you mention gay sex and then go on to list the only ones that care about privacy are those doing something "illegal, immoral or otherwise dangerous." Have you not been paying attention to Russia lately? Gay sex recently became illegal again. Just because society and politicians don't care NOW doesn't mean they will continue not caring.
I'm still pissed I was labeled a troll when I mentioned that there was no privacy in the US.
Yea, I'm sure it was because you "mentioned" it; surely you weren't labeled a troll for gems such as:
So give up on the privacy whining.
Or
The only dumbasses who care about privacy are the ones doing something they know to be illegal
Or maybe even
I bet Castro was a privacy advocate.
Now GTF my lawn, you fucking troll you.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
It's called a license plate. With technology that allows license plates to be read by cameras, any government organization could track the movements of every vehicle everywhere in their jurisdiction. Don't think you can't be tracked because you don't have an RFID tag in your vehicle.
Interestingly enough, EZ-Pass devices installed in rental vehicles do EXACTLY this to allow the renter choice of whether to use EZ-Pass or normal tolls.
retrorocket.o not found, launch anyway?
It's a tactical mistake borne of hubris. When the RFID chips came out, people were paranoid they'd be use to track instead of ease on off congestion in toll roads as advertised. Officialdom trotted out the usual assurances. Now they're using them to track cars.. (as if they can't already do that through other means).
The long term effect is to breed distrust of government and technology. To induce a cynical turn of mind .
Seeing as 99% of security relies on public buy in , cooperation, the feeling of a shared purpose and identity and absent those things or if those things are greatly degraded, we have no effective security, this has to be seen as a big security blunder.
Tricking, coercing, forcing, sneaking by people what's needed for security is a bad idea. It was a bad idea when the NSA started doing it whether they were getting away with it or not. It's a bad idea wherever it goes. It works against security in a million ways none of which anyone can control.
The way to security buy in is through more openness, more sharing of the problems and threats we face and above all the verifiable protection of our civil liberties against the abuses which inevitably occur when identity and details of people's private lives are exposed for examination by the state.
You have to firewall international (or national) terrorism from all other concerns. You cannot use this information to, say catch drug dealers or common murders. Neither can you over-define what terrorism IS. Copyright violations aren't terrorism and neither are the activities of organized crime. Mainstream , even violent political protestors aren't terrorists and neither are the Tea Party or anarchists. That's called- regular life, normal criminal deviance that is NOT terroristic; the goal is not to undo Western civilization.
Deniers are of course not terrorists, despite my hyperbolic moniker.
Because that IS a slippery slope and what will happen is there will grow widespread, covert, person to person rebellion ande non-cooperation, subversion and ultimate undermining of security.
People don't want to live in Stasiland, whatever benefits there are to living in Stasiland and it' takes not very much to get people to thinking that they are living in Stasiland.
I am to the right of most people on this forum, (yesterday's rating drubbing) which is to say in the middle of the political spectrum. Even I am creeped out by some of the things that have been going on. It's human nature to abuse power in ways that lead to undue influence by the power wielders and then on to a kind of defacto fascism. That's not a political perspective, that's a historical and psychological fact and moreover instinctive knowledge. It is not possible to talk your way around instinctive knowledge.
http://www.thesurvivalistblog.net/build-your-own-faraday-cage-heres-how/
Actually it probably has no identifying details at all... it's almost certainly just a serial number, and that's it. It may also have a checksum on the device that might be derivable via a one-way hash from personal information that the company has about you, but in general this would not be practical to try to reverse, Such a checksum id could potentially be used to verify at their end that the device was not a forgery.
The company that collects the data on the device has your identifying details and has recorded which device, by serial number, they assigned to you. Whenever they are scanning the device, all they need to do is look up its serial number in their database to get all of your identifying information that they have... unless somebody else had suitable access to that same database, they would not generally be able to identify who you were or anything else about you for that matter.
A third party could, however, potentially use the information even without access to said database to track where it was you were going... although as far as they are concerned, they'd be tracking some anonymous device, with no idea in general who actually has it... only knowing where it was detected by scanners.
File under 'M' for 'Manic ranting'
In Florida, we have a toll transponder system too. Recently waves of notices have been going out that the older style transponders are being deprecated for newer ones. I always thought that was kind of silly because the new style transponders are currently compatible with the existing system just like old ones are, so it's not really a "protocol" type change (I'm a software guy, not an EE, so there is likely some RFID stuff I don't know about).
The biggest change? The older transponders would beep when scanned, the newer ones no longer have that functionality. Sounds like perpetual tracking is coming to my state.
More Twoson than Cupertino
When I received my EZ-Pass, I also received a bag (like those used to protect electronic chips) that I could put my EZ-Pass in when I don't want it to be read. It's my choice.
People were so up and arms of the UUID in iPhones and iPads being used to track their activity...but, the ability to collect this type of UUID in EZ-Pass has been available for years and nobody gave a rat's ass. The difference over license plate numbers (readable via OCR) is that these are easier to read....AEI tags, the tags used on railcars (EZ-Pass on steroids) were designed to be read as trains passed at over 90 MPH.
If you run a GPS such as Waze or another with real-time traffic analysis....it's, likely, reporting your position, speed, direction and...an identifier (maybe just your Waze account ID). All modern cell phones are E911 capable - they know where you are ... if they care. Do you turn your phone off when you drive your the car or go about your daily business? Unlikely.
There are far bigger things to worry about.
That being said, it would be interesting to know how this data was actually being used, stored and shared.
My rule #46:
The number of skeletons in [most famous person]'s closet is usually directly proportional to how sanctimonious or pious they act in public.
-- You are in a maze of little, twisty passages, all different... --