NH E-ZPass Privacy Problems
New Hampshire E-ZPass stores user's private information with no privacy protections.
E-ZPass is a system that lets motorists go through tolls easily. By establishing an account and purchasing a transponder, users can pass quickly and conveniently without stopping to pay. Many states use the EZ Pass system, and New Hampshire has just implemented it.
The problem is that EZ Pass stores personal data on every user, and New Hampshire apparently has no privacy policy, unlike other states.
What is NH doing with this data? Who has access to it? What safeguards are there? Can your employer access it? How about the state of Maine or Massachusetts? Your wife or husband? Internet hackers? Credit card companies?
Did you go to work last Friday? Did you come straight home afterwards? Why do you drive to Manchester several times a week? The answer, in every case, is "none of your business!"
Privacy of personal information, especially when stored electronically, is an issue. The vast amounts of personal data that is stored help enable Identity Theft and other crimes.
Other states have privacy policies for their E-Z Pass systems, but apparently not NH. It's not mentioned anywhere, and I've asked three times and have gotten no reply! Their Contact Us Page, apparently the only way to contact them, states:
"Please submit your questions or comments using the form below - We're more than happy to respond!"
Obviously incorrect - they've had WEEKS to answer my polite questions and have not responded.
UPDATE AVAILABLE HERE
E-ZPass is a system that lets motorists go through tolls easily. By establishing an account and purchasing a transponder, users can pass quickly and conveniently without stopping to pay. Many states use the EZ Pass system, and New Hampshire has just implemented it.
The problem is that EZ Pass stores personal data on every user, and New Hampshire apparently has no privacy policy, unlike other states.
What is NH doing with this data? Who has access to it? What safeguards are there? Can your employer access it? How about the state of Maine or Massachusetts? Your wife or husband? Internet hackers? Credit card companies?
Did you go to work last Friday? Did you come straight home afterwards? Why do you drive to Manchester several times a week? The answer, in every case, is "none of your business!"
Privacy of personal information, especially when stored electronically, is an issue. The vast amounts of personal data that is stored help enable Identity Theft and other crimes.
Other states have privacy policies for their E-Z Pass systems, but apparently not NH. It's not mentioned anywhere, and I've asked three times and have gotten no reply! Their Contact Us Page, apparently the only way to contact them, states:
"Please submit your questions or comments using the form below - We're more than happy to respond!"
Obviously incorrect - they've had WEEKS to answer my polite questions and have not responded.
UPDATE AVAILABLE HERE
posted by Ted Demopoulos at 9:03 PM
Comments on "NH E-ZPass Privacy Problems"
-
Alfred Thompson said ... (Friday, August 19, 2005 10:02:00 PM) :
-
Ted Demopoulos said ... (Sunday, August 21, 2005 10:54:00 PM) :
-
Dick Green said ... (Monday, August 22, 2005 1:49:00 PM) :
-
Ted Demopoulos said ... (Tuesday, August 23, 2005 9:08:00 AM) :
-
Ted Demopoulos said ... (Wednesday, August 24, 2005 11:27:00 AM) :
post a commentDo they get and keep information on EZpass holders from other states? For example if someone has a transponder they got through NYS does NH have personally identifing information about them? I am wondering (probably I should check) what the privacy policy about NYS says about what they share with other states.
Excellent question Alfred!
I'll try to get some answers. Cryptographically speaking, as a former mathematican, it is possible to NOT even have the type of information they are gathering. I.e., it's possible to have a system where you pay, and they know you paid, but don't know who you are (sounds like cash - man I LOVE cash!!!!)
This is not the case here - they know it's you. There may be legal reasons, for example patents, why they haven't implemented such a system.
There are two issues here, one political and one technical.
Political:
NH should have a privacy policy to cover the personal information gathered by EZpass and other state programs.
Technical:
Cryptographic technology exists to allow anonymous payment. About 10 years ago, David Chaum, one of the bright lights of the academic crypto set, launched a company called DigiCash to commercialize his patented methods for anonymous cash payments. The underlying technology was called Blind Signatures, which Chaum invented about 20 years ago. You can read about it in Bruce Schneier's Applied Cryptography. Basically, blind signatures allow you to determine if an individual belongs to a set of authenticated persons without knowing who the person is. This technology can be used for anonymous payment systems or for primitive online voting systems (much better methods exist for the latter – see www.votehere.com, a company with which I’m affiliated.)
Unfortunately, DigiCash failed. There was simply not enough passion for the concept of anonymous cash payments, except among people doing illegal or unsavory things like gambling, buying drugs, buying porn, etc. Back before the public became aware of identity theft, the average person was comfortable with credit card companies having his/her personal information and a record of purchases. Anonymous cash didn’t seem necessary. As awareness of identity theft has soared, demand for solutions has increased and companies are coming up with solutions. For example, American Express is touting a traveler’s check card that is not linked to your bank account.
My recollection is that DigiCash had one successful implementation: anonymous payment of roadway tolls in the Netherlands (or maybe it was Denmark.) People there were concerned that their equivalent of EZpass would give the government too much information about a driver’s whereabouts and would allow police to set up a system of transponders to catch speeders (and we must have the liberty to break the law and endanger other motorists.)
However, most of these concerns still exist whether or not a high-tech toll payment system is used. After all, the government could set up a network of video cameras to capture license plate numbers and accomplish the same things. In fact, the UK uses such a system to impose a tax on automobile commuters in the Greater London area. They take a digital photo of the license plate, run it through a computer system with text recognition software, and automatically bill the owner of the car. The idea is to encourage people to take mass transit to work. London also has more hidden surveillance cameras than any other city in the world. If you don't think this could happen here in the USA, then check out how many hidden cameras have popped up in New York City since 9/11.
While it's possible that fear of identity theft may put pressure on governments to use cryptographic techniques to protect anonymity, privacy isn’t a technical issue. Technology won't solve the problem unless the political will is there to protect privacy.
Dick,
Thanks for your insightful comments.
I remember DigiCash well. I could be a conspiracy theorist and say the Government made it fail, and I'm sure they wanted it to, but I believe it failed due to ignorance of the public.
In general, the public doesn't care about privacy. People seem to make little or no connection between privacy and various crimes, such as credit card fraud, identity theft, etc.
I thought DigiCash was fantastic! And as I've said before, cash is great, although the US Government is seriously cracking down on the use of cash. Ever try to withdraw a large sum of cash from a US Bank? It's time consuming, requires filling out lots of forms, and you are treated essentially like a criminal. We are NOT talking US$50K or so, but much much less.
Spoke with Bill Boynton at the NH DOT Public Information Office. While he admits he is no expert, he says there are safeguards built in, although probably no Privacy Policy.
He has refered me to Al Almasy, the Turnpikes Operations Manager who is overseeing the EZ-Pass implementation.
More later - off to NY to film a RSS Video with WatchIT.com