Cyber experts warn of driver risk for E-ZPass hack, track

Bay State drivers are risking the double jeopardy of government spying and identity theft by hackers as toll takers are replaced entirely by electronic tolling on the Massachusetts Turnpike, cybersecurity advocates are warning.

“The government is going to be able to track private citizens. This is absolutely going to be a privacy issue for my constituents,” said Sen. Robert Hedlund (R-Weymouth), who sits on the Legislature’s Transportation Committee.

Universal electronic tolling on the Pike is due by the end of next year. It is seen as a way to eliminate the state’s costly, patronage-laden brigade of toll takers and let Pike drivers whiz through tolls without stopping. But it could force tens of thousands of drivers who now use pocket change to switch to E-ZPasses. But experts say the electronic transponders are susceptible to hacking and already have triggered Big Brother concerns in New York.

“They’re not using encryption, so unbeknownst to most E-ZPass users, the tag can be read from almost anywhere,” cybersecurity expert Gary Miliefsky said, adding that crooks could travel free of charge on your dime. “Hackers could easily read your number from your car and make their own pass using your account number.”

While most drivers stick them to their windshields and forget about them, Miliefsky advises drivers to store their E-ZPasses in the glove compartment or a secure spot to prevent hackers from accessing information.

Meanwhile, in New York, city and state officials have been tracking E-ZPass users all over the city — even in locations that were nowhere near a toll — according to a recent report by the New York Civil Liberties Union.

Michael Versekes, spokesman for the state Department of Transportation, said the state has worked to protect Bay State drivers’ cybersecurity. He noted that state law prohibits drivers’ information from being used for anything beyond the collection of tolls.

“The Tobin Bridge’s all-electronic system has been in place for more than a year and has not had any incursions,” said Versekes in an email, adding the software, “incorporates the most up-to-date measures for keeping that information safe.”

State officials “always have to be on guard and prepared for any sort of attempt to unlawfully access the tolling system’s database and we’ll continue to do so,” said Versekes.

But the potential for abuse has triggered local concerns about transparency for the roughly 2.5 million E-ZPass users in Massachusetts.

“The real issue is what is the government doing with that information, and are they collecting more surreptitious information that they haven’t told us about,” said Kade Crockford, director of the Technology for Liberty project at the ACLU of Massachusetts.

Crockford said state officials need to be transparent about who the information will be shared with, such as law enforcement or even insurance agencies. “We need to make sure that when people travel down the Turnpike they have a sense of who is getting their information, where their information is being collected, for what purpose and for how long their information stays on file,” she said.

Source: http://www.bostonherald.com/news_opinion/local_coverage/2015/09/cyber_experts_warn_of_driver_risk_for_e_zpass_hack_track

. . . . . . . .

Leave a Reply