EZ Pass and the fast lane ....

Ian Grigg iang at systemics.com
Fri Jul 9 19:14:45 EDT 2004 

John Gilmore wrote:
> [By the way, die at dieconsulting is being left out of this conversation,
>  by his own configuration, because his site censors all emails from me.  --gnu]

Sourceforge was doing that to me today!

>>Well, I am presuming that ... the EZ Pass does have an account
>>number, right?  And then, the car does have a licence place?  So,
>>just correlate the account numbers with the licence plates as they
>>go through the gates.
> 
> 
> If they could read the license plates reliably, then they wouldn't
> need the EZ Pass at all.  They can't.  It takes human effort, which is
> in short supply.

No, that is to confuse the collecting of tolls
with the catching of defrauders.  Consider one
to be the automatic turnstile and the other to
be the ticket inspector.  One records the tolls,
the other looks for error conditions.

>>The thing about phones is that they have no licence plates and no
>>toll gates.  Oh, and no cars.
> 
> 
> Actually, cellphones DO have other identifying information in them,
> akin to license plates.  And their "toll gates" are cell sites.

Yes, but so ineffective.  I can pass "through" the
toll gate - the cell site - and nobody can see
where I am.  I can make a call, and nobody can read
my location without doing complicated tracking stuff
with many cells.  The day that the cops get their
dream of cell phones being able to signal location,
that might change, but in the meantime, a cell phone
is for most purposes unlocatable.

Another factor is that the reward is very different,
one can save a lot more on a cellphone than a toll
way trip.

> It's not clear what your remark about phones having no cars has to do
> with the issue of whether EZ Pass is likely to be widely spoofed.

Sorry, yes:  if I catch a fraudster with a cell
phone, I can haul him down the station and seize
his phone.  BFD, it was probably stolen anyway.

If I catch a EZ Passter I can seize his car.

>>What incentive does a miscreant have to reprogram hundreds or
>>thousands of other cars???
> 
> 
> (1) Same one they have for releasing viruses or breaking into
> thousands of networked systems.  Because they can; it's a fun way to
> learn.  Like John Draper calling the adjacent phone booth via
> operators in seven countries.  (2) The miscreant gets a cheap toll
> along with hundreds of other people who get altered tolls.

OK, so run this past me again.  I get to send a
virus or whatever that causes EZ Pass to go down
or mis-bill thousands of their customers, and I
also have to drive down the free way and drive
through their toll gates, in order to collect my
prize of ... a free ride on the toll way?

> [Cory Doctorow's latest novel (Eastern Standard Tribe, available free
> online, or in bookstores) hypothesizes MP3-trading networks among
> moving cars, swapping automatically with whoever they pass near enough
> for a short range WiFi connection.  Sounds plausible to me; there are
> already MP3 players with built-in short range FM transmitters, so
> nearby cars can hear your current selection.  Extending that to faster
> WiFi transfers based on listening preferences would just require "a
> simple matter of software".  An iPod built by a non-DRM company might
> well offer such a firmware option -- at least in countries where
> networking is not a crime.  Much of the music I have is freely
> tradeable.]

All of which is irrelevant.  The MP3s you are trading
do not generate a transaction request, being fraudulent
or otherwise, do not hit a server that has details on
who you are, and are probably encrypted so nobody can
tell what it is you are doing, thus forcing the cops
(IP terrorists being your #3 priority) to pull the car
to a halt and search for contraband music.

The only questions here are:  do the EZ Pass people have
your licence plate and your EZ Pass account number?  Do
they have the budget to employ some students with cameras?
Do they have the ability to target people who should be
travelling A -> D but keep getting billed from B -> C?
And, do the drivers who decide to defraud the EZ Pass
system have the ability to avoid 2 points, being any 2
of A, B, C, D?

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list