The Road Less Surreptitiously Traveled

Views:
 
Category: Education
     
 

Presentation Description

loss of locational privacy vai ALPR, E-Zpass

Comments

Presentation Transcript

THE ROAD LESS SURREPTITIOUSLY TRAVELED:

THE ROAD LESS SURREPTITIOUSLY TRAVELED @ pukingmonkey DEF CON 21

THE LOSS OF LOCATIONAL PRIVACY WHILE TRAVELING IN YOUR AUTOMOBILE:

THE LOSS OF LOCATIONAL PRIVACY WHILE TRAVELING IN YOUR AUTOMOBILE Automatic License P late Readers (ALPRs) Snitch devices in your car Transponder based Electronic Toll Collection (ETC ) GPS Smart phones traffic apps Dumb phones Automatic tire pressure monitors

:

DO YOU HAVE THE RIGHT TO TRAVEL? Interstate: YES . Saenz v. Roe (1999) the right to travel that is guaranteed by the Privileges or Immunities Clause of the Fourteenth Amendment. Intrastate : YES . But not as clear, it's usually derived from First Amendment freedom of association and Fifth Amendment due process protection . International : YES . Kent v. Dulles (1958) The right to travel is a part of the "liberty" of which a citizen cannot be deprived without due process of law under the Fifth Amendment.

DO YOU HAVE THE RIGHT TO DRIVE?:

DO YOU HAVE THE RIGHT TO DRIVE? NO It is a privilege , not a right, that is regulated, must be granted (licensed) and can be revoked, according to the prevailing laws of every jurisdiction of the United States.

DO YOU HAVE THE RIGHT TO ANONYMOUS TRAVEL?:

DO YOU HAVE THE RIGHT TO ANONYMOUS TRAVEL? Mostly YES but it depends on your mode of travel, in the U.S. you are not required to carry ID except: when driving, it requires licensing NO taking a commercial flight NO crossing a national border NO

AUTOMATIC LICENSE PLATE READERS:

AUTOMATIC LICENSE PLATE READERS A system of cameras, computers and GPS that reads the license plates (OCR), and notes coordinates and time, they can be mobile or fixed locations . Can do about 3,000 plates/hour, on moving vehicles up to 130MPH. All data is saved and downloaded to a central repository.

WHAT’S THE BIG DEAL?:

WHAT’S THE BIG DEAL? Police have been “running” plates forever Captures all plates in its field of vision retained in databases along with pictures from 21 days to 5 years (depends on jurisdiction) Enough APLRs and data points = tracked NYC: 108 fixed and 130 mobile APLRs as of 2009 Impossible to opt-out

IS IT LEGAL TO DO THIS WARRENTLESS TRACKING?:

IS IT LEGAL TO DO THIS WARRENTLESS TRACKING? YES Hester v. United States ( 1924) An observation made by a police officer without a physical intrusion into a constitutionally protected area does not implicate the Fourth Amendment nor require a search warrant. United States v. Martin ( 1986) A police officer who is lawfully present in an area may look into the windows of a parked car. No reasonable expectation of privacy on your license plate in public Police do not need a warrant to "run" your plate

WAIT A MINUTE THE SUPREME COURT RULED A WARRENT IS NEEDED FOR GPS TRACKING:

WAIT A MINUTE THE SUPREME COURT RULED A WARRENT IS NEEDED FOR GPS TRACKING YES BUT THIS IS DIFFERENT United States v. Jones (2012 ) what the court said is that a warrant is needed to place the tracking device on the vehicle, not the act of tracking it.

I THOUGHT THE POLICE CANNOT USE ADVANCED SPY TECHNOLOGY WITHOUT A WARRENT:

I THOUGHT THE POLICE CANNOT USE ADVANCED SPY TECHNOLOGY WITHOUT A WARRENT YES AND NO Kyllo v. United States ( 2001) infrared cannot be used to look inside a constitutionally protected area Florida v. Riley ( 1989) aerial surveillance can be used United States v. Lee (1927) artificial illumination can be used to aid observations binoculars can be used (no Supreme Court case but Scalia has said it is OK )

ALPR DATA RETENTION:

ALPR DATA RETENTION NH: general ban ME: 21 day maximum for non-hit non-criminal investigations NJ: must retain for a full 5 years, and then must destroy after 5 years NYC: retained for 5 years. Even though general surveillance video is deleted after 21 days if no active investigation

IS THE DATA PUBLIC OR OPEN TO LEGAL DISCOVERY?:

IS THE DATA PUBLIC OR OPEN TO LEGAL DISCOVERY? Public? Maybe . Minneapolis released then recanted. GPS coordinates for their fixed readers was redacted. Discovery? NY has what is known as Rosario material, “Any written or recorded statement…made by such witness…which relates to the subject matter of the witness’s testimony .” However NY claims that ALPR data is not a "statement" so therefore it is not Rosario, and not subject to discovery.

IT MAY NOT MATTER WHAT RETENTION LAWS ARE, AS THERE IS A COMMERCIAL MARKET:

IT MAY NOT MATTER WHAT RETENTION LAWS ARE, AS THERE IS A COMMERCIAL MARKET Vigilant Solutions. it’s only customers are Law Enforcement. Its in 28 Metro areas, >35 million reads/month, collected by non-law enforcement scout cars Tow operators driving and scanning everything, looking for repo hits, but then sell the data . Law Enforcement will just purchase the data You can buy it for $10 a pop from tlo.com

BUILD A LICENCE PLATE READER DETECTOR:

BUILD A LICENCE PLATE READER DETECTOR It uses infrared LEDs to illuminate the plate Its always on, and it is always pulsating to try to get the best exposure So we should be able to detect, by just using IR photodiodes right? Had a few failures to work Standard IR is 850nm. ELSAGs unit uses 735nm LEDS which near-IR (or far-red)

Video: proof of concept ALPR detector:

Video: proof of concept ALPR detector Also available at http:// youtu.be/1YTl36N1HHM

Video: monkey screams when plate is read:

Video: monkey screams when plate is read a lso available at http://youtu.be/FjBTYEVVpdQ

WHAT DO COPS DO?:

WHAT DO COPS DO? No front plate, even if required Heavily mask the back plate with dark plastic or alternating Fresnel lenses Drive with the tail gate down Also tint you windows and windshield…. You CANNOT do any of this legally Don’t want any extra interaction with law enforcement

PowerPoint Presentation:

CA you can drive a new car with no tags for 90 days (was 6 months while Jobs was alive) and cannot drive outside of CA Most temp tags are only good 20 to 90 days Registering you vehicle to a company hides you in a thin veil, but still plates are recorded But do NOT get commercial tags

WHAT IS HARDEST FOR ALPR:

WHAT IS HARDEST FOR ALPR Non reflective plates C rime to remove reflectivity in CA Failed inspection in MA if you plate looses reflectivity Low contrast plates Light red characters With 3 or more stacked letters Registration s tickers that need to be placed close to the letters 8 digit plates, smaller and narrower letters Also no front plate, means half the chance of being read

ELECTRONIC TOLL COLLECTION TAGS:

ELECTRONIC TOLL COLLECTION TAGS Always on All ETC is 915Mhz in the US Multiple non-compatible protocols Interagency Group (IAG) (E- Zpass ) California Title 21 Allegro eGo It’s RFID, some with battery asssit some without

Video: proof radio is good as and more sensitive than the original tag:

Video: proof radio is good as and more sensitive than the original tag Also available at http://youtu.be/UwBK_SpYJdo

Video: shows E-Zpass detector working at Holland Tunnel:

V ideo: shows E- Zpass detector working at Holland Tunnel Also available at http ://youtu.be/IgjFz-rWQnY

Video: Time Square to Madison Square Garden in 90 secs:

Video: Time Square to Madison Square Garden in 90 secs Also available at http://youtu.be/JCwWVxGtYgE

Video: exiting Manhattan (no toll), but E-Zpass still is read:

Video: exiting Manhattan (no toll), but E- Zpass still is read Also available at http://youtu.be/eZUtHJVonL8

PowerPoint Presentation:

NYSDOT admits they use it for "travel time" signs W ho else gets and what happens to this data? How long is it retained?

PowerPoint Presentation:

NYSDOT stated in 2007 that tag info for travel time is “scrambled by the system” and “deleted after the vehicle has left the highway” C ould not verify this via their customer representatives. Security letter? No way to know if a read is by NYSDOT, NYPD, DHS or some other agency NY Times reports that the NSA does get E- Zpass data: “How the U.S. Uses Technology to Mine More Data More Quickly” by Risen and Lichtblau , June 8 th 2013

WHAT TO DO?:

WHAT TO DO? Bag the tag, and only bring it out when you want to pay a toll. If you have a sticker build a faraday cage box that you can swing open and shut Remember the toll is tracking you too It will become obvious to “watchers” you are doing this as you will be seen at tolls but no where else

YOUR TIRES:

YOUR TIRES Federal US TREAD (Transportation Recall Enhancement, Accountability and Documentation) law Two different things happing here T ire P ressure Monitoring System (TPMS) 315MHz transmitter at the valve stem, not the tire, this is part of the rim. H as a battery and a unique ID RFID in the tires themselves, unique per tire Michelin uses 915MHz Goodyear uses 125kHz Auto manufactures place the VIN in these RFIDs as well

OTHER RFID:

OTHER RFID Parking passes, it might be an hang tag or a sticker you had to put on the glass Usually private, but found one municipally that put them in for residents to cut down on parking permit counterfeiting. It’s 915Mhz too. Need to bag them too, if not in use, but a permit for public on street parking is a problem

INRIX:

INRIX collects position data from 100 million devices across 1.8 million miles of road Google maps uses them for traffic 6 of the 8 auto companies with built-in navigations systems (like Ford, BMW and Audi ) 8 of the 12 top navigation apps in Apple’s App Store (like MapQuest, Garmin, Microsoft and Telenav ) dumb phones, without GPS and internet connections are sharing location data with them through cell towers Commercial truck fleets

CONCLUSION:

CONCLUSION Salt the plate Bag the tag Zap and jam the tires Turn ‘ em off

authorStream Live Help