Forbes reports that a man has found that E-ZPasses, which are used to pay tolls on highways and bridges, can be read far from toll booths and used to track individuals’ locations. Privacy questions surrounding the use of E-ZPasses and other RFID-enabled toll-payment technology have been raised before, including the question of retention and sale of the data. In 2010, California Gov. Arnold Schwarzenegger signed SB1268 (pdf), which affects consumer privacy. The bill’s digest explains, “This bill would prohibit a transportation agency, as defined, from selling or providing personally identifiable information of a person obtained” through that person’s use of an electronic toll payment system. The law, which went into effect on Jan. 1, 2011, also requires agencies to purge the data when it is no longer needed for billing or law enforcement purposes.
Forbes reports that a man going by the name “Puking Monkey” decided to ”hack his RFID-enabled E-ZPass to set off a light and a ‘moo cow’ every time it was being read. Then he drove around New York. His tag got milked multiple times on the short drive from Times Square to Madison Square Garden in mid-town Manhattan … and also on his way out of New York through Lincoln Tunnel, again in a place with no toll plaza.” Read more »