Government agencies can track your every move by using the E-ZPass electronic toll collection devices that make driving on toll roads so much easier, the ACLU is alleging. To make matters worse, some cybersecurity experts say the devices could be easily hacked by thieves because the data is not encrypted.
Although E-ZPass has been around for a while, drivers always have had the option of using coins or bills to pay the toll. That is changing in Massachusetts, which is replacing all human toll connectors on the Massachusetts Turnpike with E-ZPass.
“The government is going to be able to track private citizens,” Massachusetts State Senator Robert Hedlund, a Republican, told the Boston Herald. “This is absolutely going to be a privacy issue for my constituents.”
E-ZPass readers are already being used to track vehicle movements in New York, the ACLU says. It discovered that dozens of E-ZPass readers had been set up all over New York City, far from toll booths, in order to track movement through the city.
“New documents obtained by the New York Civil Liberties Union reveal that wireless E-ZPass tollbooth transponders are being read routinely throughout New York City to systematically collect location data about drivers,” an ACLU report said.
A privacy expert designed a device that “mooed” every time “it detected signals on the same frequency that E-ZPass readers use,” the ACLU report said.” It “mooed” throughout Manhattan, even though no toll booths were around.
An E-ZPass unit is a wireless device mounted inside a vehicle that an electronic toll reader “reads.” The signal tells a computer system that a car is driving on a toll road or in a toll lane. The system then bills the driver or owner of the car for driving on the turnpike or in the fast lanes. Most systems have monthly plans.
The ACLU used a Freedom of Information Act request to obtain more data on the readers in New York. The organization learned that New York City and the New York State Department of Transportation had set up 149 E-ZPass readers around the city in an attempt to determine traffic volumes. The ACLU also discovered that similar programs are in place in other parts of New York State.
The ACLU found that government officials tried to keep the readers secret and did not have privacy protections. There are no rules in place for how long the data can be stored or even what can be done with it, the ACLU said.
Privacy experts in Massachusetts are concerned that the same thing could happen in their state.
“They’re not using encryption, so unbeknownst to most E-ZPass users, the tag can be read from almost anywhere,” cybersecurity expert Gary Miliefsky told the Boston Herald. “Hackers could easily read your number from your car and make their own pass using your account number.”
Miliefsky says hackers could steal financial information or make fake E-Z passes that would enable crooks to drive free on the toll road by using someone else’s number. The unsuspecting motorist would then get the bill.
E-ZPass and similar systems are being used all over the country in an attempt to raise money by state highway departments. A similar system recently was installed on special lanes on Interstate 70 through Colorado’s mountains.
The best way not to be monitored through E-ZPass is to simply put the device in the glove compartment when you are not driving on the toll road, Miliefsky advised. The device can only be read when it is within sight of a reader.
What are your thoughts on using E-ZPass? Do you believe states are tracking drivers? Share your thoughts in the section below: