E-ZPass is probably the best thing that’s ever happened to paying tolls. Those plastic funnels you toss coins into are a close second. But E-ZPass has a bonus feature. It can be used to track you everywhere you go.
E-ZPass uses RFID. It’s cool tech, but hackable and trackable in ways that the companies who use it don’t really want anyone to talk about. E-ZPass RFID tags, for instance, can be scanned in plenty of places that aren’t tollbooths. A hacker known only as “Puking Monkey” has shown that it happens all the time around the streets of NYC, and talked about his findings at DEFCON.
To test how often his E-ZPass RFID tag was getting polled, Puking Monkey wired a little mooing cow toy into the circuit so it would warn him whenever something happened. And in a short drive around Manhattan, PM found his cow mooing an awful lot for no immediately discernible reason.
Turns out though, that this was the result of a project called Midtown in Motion, a New York City traffic management system that is using E-ZPass RFIDs to track cars through the city centre. It’s not exactly clear what kind of information the Department of Transportation is scraping, but it’s something. And all you have to do to be involved is have an E-ZPass hanging around.
Forbes reached out to the E-ZPass Inter-agency Group — the folks who oversee E-ZPass in the 15 states where it operates — and apparently NYC is the only place that uses them for any sort of tracking. Officially. So far. Real-time traffic monitoring isn’t particularly nefarious on its own, but post-PRISM it’s easy to get paranoid metadata-harvesting and it can be a little unnerving to know your car is a big fat target for tracking.