
E-ZPasses Get Read All Over New York (Not Just At Toll Booths) - jmcintyre
http://www.forbes.com/sites/kashmirhill/2013/09/12/e-zpasses-get-read-all-over-new-york-not-just-at-toll-booths/
======
forgotAgain
I have to disagree with those who say this isn't news. It was news to me and
will, I believe, be news to most others as well. The only time before this
that I heard about using EZ pass for anything other than tolls was a few years
ago when I read about some feasibility work on the concept of traffic flow
optimization being done around Ithaca, NY.

I do wonder why they haven't been used yet to track speeding violations. Speed
cameras are being installed in Manhattan. EZ passes are supposed to be used in
one car only so it can't be lack of ability to isolate the user that's
stopping it.

For years I've been keeping my EZ pass in a static electricity bag when I'm
not anticipating going through tolls. I'll definitely continue to do so. At
least until it becomes illegal.

~~~
diminoten
Why are you against having your car tracked? You're in public, aren't you? Why
do you think you have a right to privacy in public?

~~~
fnordfnordfnord
What kind of stuff do you buy at stores? Mind if I have a look? I mean, you're
in public when you buy the stuff. Please post your checking account and credit
card statements in the reply. Thanks.

~~~
jlgreco
He uses ATMs in public too right? I also want to know his debit card PIN. What
right does he have to privacy?

~~~
fnordfnordfnord
Even if he had that right, why would he want to _use_ it?

~~~
jlgreco
He's probably hiding something nefarious from us. I can think of no possible
other reason to desire privacy.

------
joezydeco
Wait until people discover your FM car radio also leaks information. Besides
the leaky iPod/SatRadio transmitters, the unit itself gives away the station
frequency from the internal oscillator.

There's a company already sniffing radios on the road to determine listener
demographics among other things.

[http://masscommandme.wordpress.com/2010/12/02/mobiltraks-
lis...](http://masscommandme.wordpress.com/2010/12/02/mobiltraks-listening-to-
what-youre-listening-to-sort-of/)

~~~
drjesusphd
Just to clarify, this is not an intentional design feature. Any reciever is
necessarily a transmitter due to the physics itself.

The UK has been using this for a while to crack down on TV liscences.

~~~
joezydeco
I'm skeptical about the License Van thing...

 _" BBC admits that TV detector vans only work because Britons believe they
do"_

[http://gadgets.boingboing.net/2008/10/31/bbc-admits-that-
tv-...](http://gadgets.boingboing.net/2008/10/31/bbc-admits-that-tv-d.html)

~~~
drjesusphd
Interesting, I didn't know that. So they're more like polygraphs.

------
addflip
Oddly enough I just received an email from SunPass(Florida tolls) encouraging
me to trade in my old battery operated transmitter that beeps when it's read
for one that doesn't. They're even offering to foot the bill. Weird... maybe
I'm just being a conspiracy theorist :)

------
fnordfnordfnord
As many have stated, this isn't news. There are all sorts of good and proper
uses of toll-tags that aren't collecting tolls. There has never been any
effort to hide that, nor should there be. The thing I have always been
disturbed by WRT toll-tags is that toll-collecting entities flatly refuse to
sell one that isn't attached to a person or a vehicle. There are opportunities
for profit that have been ignored[1], and I expect that is probably because
gov't entities want a high degree of certainty as to who is with the tag.

[1] - Prepaid toll-tags could be sold at vending machines for cash (business
travelers, philanderers, etc.), but are not.

~~~
refurb
The reason they link a tag to a car is because fees vary by vehicle type
(number of axles). If the tags weren't linked to a vehicle, a commercial truck
driver could simply buy a tag for a car and pay a whole lot less in tolls.

~~~
fnordfnordfnord
No, they couldn't because it would be immediately obvious from the camera
footage. Photos are always taken, even when a tag is registered.

~~~
Retric
But nobody looks at that footage 99% of the time. Reolistically the only way
to do prepaid tags it to bill the maximum amount as truckers would happily say
use a car the first time and then use the rest of the cash on the semi unless
they checked every time.

~~~
fnordfnordfnord
They could sell you a prepaid tag, and you could get change back or reconcile
its unpaid balance when you returned it. This could all be accomplished at a
vending machine, or at a car-rental counter, or any number of other places.

>But nobody looks at that footage 99% of the time.

A truck can be trivially detected and distinguished from a car. The S/N of the
tag detected can then have the proper amount deducted.

Or just put a sign on the vending machine, "Not for Trucks"

~~~
Retric
Any form of trivially detected is going to cost millions. For what they assume
is a tiny market, it's really an edge case that has little benifit to them.
Don't forget they avoided ticketing most people who simply went through the EZ
pass lanes without paying for years. Why, cost benifit analysis, they did not
want to drive away users over what amounted to be a fairly small revenue
stream.

Edit: Also, all it takes is a picture of your license plate as you go through
a toll an any anonymity is gone which makes anon EZ passes somewhat silly.

~~~
fnordfnordfnord
>Also, all it takes is a picture of your license plate as you go through a
toll an any anonymity is gone

No, because a prepaid eztag wouldn't mail a statement of your whereabouts to
your home/office.

~~~
refurb
What? If they have a picture of your plate they have the address the vehicle
registration is sent to. If it's a rental, they can get renter info pretty
easily.

------
PaulHoule
You'll pull my E-Z pass out of my cold dead hands.

This is the first piece of vehicle telematics I added when I got a new car.
When I was stuck in a traffic jam at an off-ramp near Albany, I realized how
I'd make it better for myself and other drivers if I got one.

It's particularly good that E-Z Pass uses the same technology as most other
states in the Northeast so you can drive the Mass Pike and out to Maine or the
other way to Ohio.

~~~
gonnakillme
It even works in the midwest! I drove to upstate New York from Chicago without
paying a single old-fashioned toll a few years ago.

~~~
jlgreco
Do they work through Illinois? I recall them having their own system for some
unknown reason, but I don't know if it is compatible.

~~~
gonnakillme
Illinois has IPass. IPass definitely works at tolls taking EZPass; I don't
know if the reverse is true.

~~~
mkopinsky
The reverse is true.

------
ethomson
I had thought it was common knowledge that E-ZPasses were used to collect
real-time traffic estimates; certainly I've known for years that i-Pass (the
Illinois equivalent) was used for this purpose. Unfortunately, some quick
googling does not appear to locate any information on this, so now I don't
remember where I heard / read this in the first place.

~~~
ChrisAntaki
FastTrak (used in the SF Bay Area) have a warning, laying this out when you
buy the devices. You don't actually need the device though, as each bridge
using it also uses cameras to read license plates. It's more convenient this
way, as you just need to register your vehicle on their website.

~~~
dsl
I don't keep plates on my car because of the abundance of plate tracking
applications in use by the government and private companies.

~~~
pbreit
Isn't that illegal pretty much everywhere?

~~~
coin
Steve Jobs constantly drove a new car so that he'd have temporary
registration.

~~~
pbreit
But what he basically did was legal, right?

------
seiji
His presentation also featured pictures he took of many NY police's personal
cars with deliberately obscured license plates so they can't be automatically
read (and other features like illegally too-tinted windows, etc).

*edit: found the presentation at [https://www.defcon.org/html/links/dc-archives/dc-21-archive....](https://www.defcon.org/html/links/dc-archives/dc-21-archive.html#pukingmonkey)

~~~
HPLovecraft
dumb question maybe -- what does he mean by when he says the license is
"salted" is this referring to road salt?

~~~
joezydeco
Yes. it seems to refer to a plate heavily corroded with road deicing salt. A
Florida plate would almost never have this problem... =)

------
ChrisAntaki
Your license plate is always visible, it's probably a nicer target for people
interested in tracking you.

Search for "license plate" on [http://www.zdnet.com/wikileaks-uncovers-
trapwire-surveillanc...](http://www.zdnet.com/wikileaks-uncovers-trapwire-
surveillance-faq-7000002513/)

------
koopajah
This reminds of Little Brother by Cory Doctorow that I just read two weeks
ago:
[http://www.goodreads.com/book/show/954674.Little_Brother](http://www.goodreads.com/book/show/954674.Little_Brother)

~~~
masmullin
I had the same thought. Doctorow provides interesting solutions in the same
book IIRC.

------
kazagistar
> The DoT was not forthcoming about what exactly was read from the passes or
> how long geolocation information from the passes was kept.

Listen up kids. Even if your goals are entirely pure and innocent, this sort
of BS just makes you look shady. If you wanna do traffic analysis, sanitize
your data ASAP, and purge it as soon as you can, and then when people ask, you
can answer questions like this with a clear conscience.

------
mrb
In California, our toll transponders (FasTrak) are spuriously read at the LAX
airport, merely for tracking reasons, not for billing.

Interesting reverse-engineering of FasTrak transponders in 2008:
[http://rdist.root.org/2008/08/07/fastrak-talk-summary-and-
sl...](http://rdist.root.org/2008/08/07/fastrak-talk-summary-and-slides/)

~~~
dbloom
It's worth surfacing the fact that California's FasTrak transponders beep when
they are being read (although it certainly might be possible for the beep to
be suppressed).

By the way, in addition to LAX, this also happens when you're looping around
San Jose Mineta airport (SJC). The airport says that it's to track taxis,
limos, and shuttles:
[http://www.mercurynews.com/search/ci_14885277](http://www.mercurynews.com/search/ci_14885277)

~~~
mrb
FasTrak CAN be read without the transponder beeping (the beep is software-
controlled by the reader): the Transportation Corridor Agency themselves
explain they are being read at many highway exits to calculate traffic stats.
And I have never heard my transponder beep when exiting the highway.

------
Spooky23
This isn't news, and hasn't been hidden. EZ pass readers are plainly visible
all over the place, including on the BQE in NYC and other places in NY. They
give you an ESD bag to put your transmitter in.

As part of 511, state DOTs also purchase cell tower data to estimate speed on
highways. My understanding is that is where the Google Maps traffic indicators
come from.

~~~
fps
> As part of 511, state DOTs also purchase cell tower data to estimate speed
> on highways. My understanding is that is where the Google Maps traffic
> indicators come from.

Close, but actually Google gets that data from Android devices that phone home
directly to them, not from the cell companies.

~~~
Spooky23
Didn't realize that. States and regional transportation centers make their
data (from carriers and road sensors) available as well.

------
loganfrederick
Little-known, but publicly available, information: The EZ-Pass was originally
developed by JPMorgan Chase (my employer) for use with a different client.

Just last month, JPMC announced that its patent collection had reached 500,
with our patent on EZ-Pass being one of our most successful, and something we
still receive licensing fees on.

[https://www.jpmorgan.com/cm/cs?pagename=JPM_redesign/JPM_Con...](https://www.jpmorgan.com/cm/cs?pagename=JPM_redesign/JPM_Content_C/Generic_Detail_Page_Template&cid=1320519245545&c=JPM_Content_C)

------
ISL
Is there a publicly available standard for interrogating EZ-Pass chips? Does
the state have an exclusive license for the band?

~~~
timdellinger
I'd also be interested in seeing a write-up of the various legal aspects of
this: Are private third parties allowed to interact wirelessly with the EZ-
Pass? Are people allowed to broadcast signals similar to those that an EZ-Pass
unit broadcasts, as long as the intent isn't to fraudulently drive on a toll
road without paying toll?

------
shitlord
IMO, this is actually pretty awesome. Maybe in the future, we can produce new
EZPasses that do the same thing, except more privacy-oriented: a pass that
reports different Tag IDs to traffic monitoring equipment, but keeps reporting
the same Tag ID for 1 hour. Or maybe a piece of hardware that can intercept
the EZPass signal on its way to the traffic monitoring equipment.

Everyone hates traffic and loves complaining about it, but I personally
haven't seen a lot of work being done to _solve_ it. And yeah, having people
take public transportation helps with congestion, but you're not actually
solving anything by doing that, only working around the problem. Maybe it's
because I've never worked with any DOTs.

------
Phargo
Is there any way to install a switch to kill the tag when you don't plan on
using it? If that's possible, how difficult would it be to control this on/off
switch with a spare smart phone based on approved GPS location?

~~~
ChrisAntaki
Yes, you can put it in a special bag that blocks its signals. If you buy a
FastTrak device for the SF Bay Area, it actually comes in the bag. Still, you
have a license plate. (Unless you are like Steve Jobs, and lease a new car
every 6 months)

~~~
joezydeco
The "special bag" is just an ESD bag, isn't it? You can find these pretty
cheap anywhere if you don't have any on hand.

[http://www.amazon.com/Antistatic-Bags-
Resealable-6X10-Pack/d...](http://www.amazon.com/Antistatic-Bags-
Resealable-6X10-Pack/dp/B000BSN274)

~~~
tjohns
Yup, it's just an ordinary mylar antistatic bag. Pretty much any computer
repair store will give them to you for free if you ask, too.

------
Stwerp
I can't find details of his hack, but I am curious if his detector detects
actual read events (when his device responds with its ID) or if it is just an
RF power detector. Is there a link to a technical description?

~~~
seiji
Check out
[http://www.youtube.com/user/defconpukingmonkey/videos](http://www.youtube.com/user/defconpukingmonkey/videos)
for live demos.

His presentation is at [https://www.defcon.org/html/links/dc-
archives/dc-21-archive....](https://www.defcon.org/html/links/dc-
archives/dc-21-archive.html#pukingmonkey) (The first section is on license
plate readers. ezpass details start on slide 84. He starts with modifying his
own ezpass to detect when it's being read then makes his own detector (slide
97) and runs it side by side with the pass. The new detector is much more
sensitive and picks up being read basically everywhere.)

------
codex
Your location in a public place is not a secret. It is not legally protected.
This is well established by multiple precedents.

Heck, FBI agents can legally place a tracking device on your car, _without a
warrant_ if they do so while your car is in a public place
([http://www.rawstory.com/rs/2012/01/03/federal-judge-rules-
fb...](http://www.rawstory.com/rs/2012/01/03/federal-judge-rules-fbi-didnt-
need-warrant-to-plant-gps-tracking-device/)).

~~~
newman314
No, it is not.

[http://arstechnica.com/tech-policy/2012/01/supreme-court-
hol...](http://arstechnica.com/tech-policy/2012/01/supreme-court-holds-
warrantless-gps-tracking-unconstitutional/)

~~~
codex
That ruling did not consider whether a warrant is required, only that the
attachment of the device constituted a "search" because the government was
trespassing when they installed it
([http://lippmannwouldroll.com/2012/01/28/what-the-supreme-
cou...](http://lippmannwouldroll.com/2012/01/28/what-the-supreme-courts-gps-
case-actually-says/)).

------
shiven
This looks like a potential solution:

[http://www.tollroadsnews.com/node/112](http://www.tollroadsnews.com/node/112)

Don't know where to buy just the shield though...

------
benguild
At one point the ones in California beeped, not sure if the new ones still do
but they definitely used to.

------
diminoten
Yet again, we arrive at a, "could" story, and not a "does" story.

The NSA "could" have you arrested for a crime you didn't commit by sharing
intel it's collected about you! The NYPD "could" use your E-ZPass to track
your movements through NYC! Google "could" access your Wi-Fi password as it's
synced from your Android device!

I think people forget sometimes that 1984 was a work of fiction, and never
actually happened.

~~~
Zikes
The FBI "could" track your movements via cell phone data. The FBI "could" then
provide that data to the DEA to help make an arrest. The NSA "could" keep a
log of everyone you ever call or who calls you.

Not that we should have ever cared about those possibilities until they came
to light, leaving us scrambling to cope with the consequences and attempt to
repair the damage after the fact.

~~~
diminoten
Arrests are allowed to happen to innocent people. Arrests aren't convictions,
convictions are.

People still get trials. They still get due process. If the DEA/FBI can't
provide evidence to the state/federal prosecutor such that a person is found
guilty of a crime by a jury of his peers, then a person does not get
convicted.

You're saying the government is committing thought-crime. Just because a
person owns a gun doesn't mean they're going to kill their neighbor, and just
because the FBI/CIA/NSA/Local PD "could" abuse its power, does not mean they
"do".

~~~
RHSeeger
Of course, the recent revelations that they "do" does mean they "do".

~~~
diminoten
What revelations that they do? So far all revelations have been surveillance
related, and not arrest and conviction related.

No one's been provably put to jail because of the NSA's programs.

~~~
jlgreco
I guess you were asleep during the "parallel construction" revelations.

------
rayiner
Scumbag Puking Monkey: puts wireless tracking/identification device on his
car; surprised when he is wirelessly tracked/identified.

