The discoveries began earlier this month when a Metuchen, N.J., resident found two people installing boxes near a Conrail Shared Assets Operation right-of-way. Unsatisfied with those persons’ answers and the local police response, the person called Norfolk Southern railroad police who investigated and found an automatic equipment identification or AEI reader, used to track freight cars by monitoring their built-in radio beacons.
On Sept. 15, the Association of American Railroads’ Railway Alert Network issued a security warning to members to keep an eye out for the unauthorized devices. Trains NewsWire obtained a copy of the security alert earlier this week.
According to the eight-page report, railroad police investigated further and found that a company called ClipperData had installed the reader. ClipperData was formed about two years ago and sells comprehensive data regarding the energy industry, including the movement of crude oil and other commodities. According to the report, Norfolk Southern police say they have a copy of a “lease agreement” between a homeowner near the right-of-way and ClipperData which gave the homeowner $500 to use a nearby electrical outlet to power the equipment reader.
In an interview with Trains News Wire on Wednesday, ClipperData CEO Sterling Lapinski confirmed that his company installed the first AEI reader discovered in New Jersey. He says his company’s work is legal and that ClipperData is currently looking at trying to sell data to and about the railroad industry, which is why it installed the AEI reader. Lapinski says his company sells data and information to government agencies, trading groups, and energy companies.
“We do have devices installed but the network isn’t operational yet,” Lapinski tells Trains News Wire. “We’re not currently selling data, we’re just trying to see if it’s feasible.”
Railroads around the world use similar equipment reader technology that uses radio waves to automatically identify freight cars at speed. Railroads typically gather the information to update their own records before sharing it with other shippers, such as trucking companies, railroads, or steamship lines, and customers.
Sources close to Class I railroad corporate offices say executives are upset and are ready to take a “scorched earth” approach to dealing with ClipperData and other companies that may have installed readers throughout the country. A second security alert dated Sept. 22, says railroaders have uncovered at least one other equipment reader in New Jersey and one in Sheridan, Wyo. The one in Wyoming reportedly interfered with BNSF Railway track equipment.
The Railway Alert Network report raised concerns that the people who installed the equipment readers trespassed on railroad property to do so. It also raises concerns about selling data on the movement of specific types of rail cars, arguing that the information could be used to “disrupt rail operations through intentional, and potentially destructive, acts.” The security alert asks railroads that find similar AEI readers to inform the alert network immediately so that it can consolidate all of the reports.
In a statement to Trains News Wire, AAR spokesperson Ed Greenberg says the organization is keeping a close eye on the developing situation.
“The AAR was aware of this situation and pleased that local law enforcement and railroad police took steps to address the situation as quickly as possibly,” Greenberg says.
Norfolk Southern declined to comment on this topic. Trains is waiting for a response from BNSF.
UPDATE: Sept. 24, 2015, 2:58 p.m. Central time. Corrected spelling of AAR spokesman’s name.
Gee, its okay for big corporations to raid an individual's privacy for profit when using a smartphone, Windows 10, executing a google search, or logging into facebook, but here you have a big corporation whose privacy is being raided by other smaller corporations, and all of a sudden its bad? The only thing wrong here is big corporations are now the ensnared victims of the same movement. And it scares the hell out of them.
David Streeter – "…bomb train fearmongers…" ?
I'm sure the Canadians in LacMegantic would love to hear your theories about Ed Burkhardt's heroic experiment in oil train safety.
Oh this is way worse than inter-railroad competition. This is about the movement of crude oil and these oil people are capable of anything. The railroads need to stumble into the 21st century if they are going to be in this business.
I worked in trucking for a dozen years, both as a driver and in dispatch. When my company first went on line in the 90's, one of the things they did on their website was to set up a feature where, if you had the load number, you could look up the shipment and see where it was. Anyone could do this if they knew the load number. You didn't have to be a customer or employee. After 9/11, they discontinued this feature, though customers and others who had established ID's could sign in and track their freight, saving the account reps a lot of phone work. Some of our larger customers-Ford, P&G, some of the paper mills, had access to our system and follow their freight. They did a lot of business with us, and did most of their freight tendering and load booking via electronic data interface. I would imagine railroads have systems much like this-therefore there would be no need for a customer to set up something like this, except maybe at their own locations to verify arrival and departure. This might be useful for a large refinery or chemical plant.
I'm not so confident that the limited information obtained this way by a third party will be a dead end. As others have noted, it isn't much of a stretch to figure out what's in a particular car, or where it might be going if you have car numbers and access to UMLER. The way so much data is mined today, and with the technology available, I would think it would be relatively easy for someone who knew what he was doing to connect the dots pretty quickly about commodities and routes. With third party "piracy" of this info-yes, I get all that about someone sitting on his porch that overlooks the NS Pittsburgh Line taking notes and video- there is no way of knowing where something will end up. But it's likely not going to be good for the railroad.
The public dissemination of information gained from a private transmission may be a criminal act. It's like having a scanner: you can listen, but if you rebroadcast what you hear, it may be a crime. If you interfere with the transmission, or transmit unauthorized, it may be a crime. It's an issue for the lawyers to work out, but there may be some legal ground there.
It's important in this discussion to distinguish between: (a) observations of items and data in plain sight or open view; (b) electronic transmission/communication issues; and (c) transfer or sale of observed information.
I'm not aware of any law that prohibits observation of items/including data that's in plain sight from legally-permissible vantage point. Thus, as long as I'm on public property or private property upon which I have permission or a right to be present, I can watch the trains go by, and I can on my notebook (paper or digital) make a record of everything I see, e.g., car owner, car number, visible cargo, appearance of loaded vs. empty (by looking at the truck springs), etc. I can also visually record these observations by taking photographs. Now the cost of doing this "by hand", i.e., through individuals seated all around the country making and recording these observations is undoubtedly so onerous that those who want the information will want to use remote, automated, digital equipment, but I'm not aware of any law prohibiting doing it the old-fashioned way.
Now, as soon as electronic devices and/or electronic transmission become involved, there are all sorts of FCC statutes and regulations. A lot of these involve "process", i.e., what wave lengths, what transmission power, possibly even commercial use, etc., etc., but I'm under the impression that some of these regulations can also regulate the substantive content. I can't comment further on this, but it is an obvious leverage point for regulating what may be done by those using electronic equipment..
Finally, if someone else has an interest in my record of what I saw and is willing to pay me for it, I'm not aware of current law that prohibits that sale. (Remember, rail hobbyists quite often sell their photographs of trains and/or locomotives or even of infrastructure such as signal bridges at sunset.) Someone raised the question of copyright – I'm certainly no expert there but I'm dubious that copyright law prohibits me from selling a record that says that on "X" date at 4:00 pm, I saw CSX hopper car go by point "Y" loaded with coal. I'm not aware that TRAINS Magazine violates copyright by publishing – for profit – photographs of a UP locomotive boldly displaying the UP logo as it runs down the track past the photographer's location. I suspect that the AEI readers also obtain data that's not in plain view and this may well invovle issues of proprietary information but, again, that's beyond my knowledge.
Bill Hoerger
This could go in many bad directions: one RR spying on another. Terrorists tracking oil and hazardous materials. This could be no different than one company trying to steal a customer list from a competitor.
I recall that telephone directory data was copyrighted. At the time, only the phone company could publish the directories. Of course the phone monopoly was broken up and that was no doubt one of the things to change.
Seems to me, there is a case that the data – reporting marks and numbers – are copyrighted. Although they are publicly viewable, so were phone numbers.
More interesting is the question why? Who will pay for this data? Not shippers – they already have access. Competitors of shippers? That is most likely the answer. Or perhaps pipeline companies. This is why the information is proprietary. As for fear-mongers, they'd have to be backed up with big money . . . which gets back to either pipeline companies or competitors (ie, oversees oil interests like the Saudis).
Mr. Lang is correct. All you get is the car identifier from AEI. You can subsequently look up the car type on UMLER. But without authorized access to the RR site, commodity, shipper and consignee information would not be available. From car type and location you can reasonably infer commodity sometimes though.
My initial thought was that the data was being collected by "bomb train" fearmongers. Or it could get into the hands of foreign military or terrorists to plan a massive simultaneous attack on oil trains, not only to scare the public but also to disrupt the economy.
Mr. Norton, Concerning " Trespassing ? " Could you PLEASE enlighten us as to how " The industry encourages it " and what they could do differently to stop it ?
Mr. Larson, " Many informed comments " YES ! " Many legal issues " YES ! " A lotta haha " ? NO, I don't believe so !
I agree with Lawrence Haws comment : " Common sense tells me " that in this high-tech. computer age, the information collected with these AEI readers, in the wrong hands, could enable not only thef, " or something worse ", possibly a terrorist attack ? NO sir, I don't believe it's " collective paranoia "
Satelite companies trespass every day. They beam a signal across your property, but make you pay for capturing it. Since they won't let me have it for free, I want them to route the signal around my property. Got it? The most I see the railroads winning in this case is, if caught, is trespassing.
Interesting situation, indeed. An FCC license is absolutely necessary as these devices do transmit in order to activate the circuitry in the tags. The reader in the photo appears to be a Transcore unit, which is pretty standard out there. Transcore also holds the licenses for the tags themselves, I believe. As far as the data, just from the tag you get the equipment identification, that's it. If you're paying for access to UMLER, the database maintained by Railinc (AAR) of equipment information, you can correlate to determine what type of car it is. But you would not obtain waybill information (origin, destination, commodity carried) without access to the railroad's system.
By looking at the picture, it would not take a lot for a person just walking by to un-plug or cut a couple of wires or cables and steal the devise. Maybe another reason it is camouflaged. Don't know what they would do with it after they took it except for pure meanest or electronic parts. But we all know some folks will steal just because its there.
Several misconceptions about the information AEI readers provide, though not on the technical side or as knowledgeable as Mr. Sproul, I did work in logistics for 17 years and know a little. Any shipper can obtain the location of his merchandise in any railcar at any time, not only do the Class 1's have shipper accessible websites that will provide the tracking data on a daily basis(which, believe it or not, uses the information from those same AEI readers), there are also non-railroad owned sites that include many of the regional railroads. As for being a security issue, it definitely is one, and you can find out exactly what type of commodity most cars are carrying from this information…with not a significant amount of investigation…it's a lot easier than you think.
If you could do it without trespassing, without interfering with communications, and have them installed by folks with proper FCC licensing (none of which might be the case here), I wonder what legal recourse, if any, the railroads would have? For example, a camera setup off railroad property, setup with text recognition software, which read reporting marks optically would be completely kosher, I think; is doing the same thing via radio any different? Interesting stuff.
"The one in Wyoming reportedly interfered with BNSF Railway track equipment."
This is where the RR's may have a good case against ClipperData – as Paula said, these units need to transmit in order to interrogate the AEI tags, which is going beyond using a pen and pad to record the passing of the cars.
It'd be an interesting legal challenge I think. I'm sure the railroads will argue it's proprietary data, but it's not a lot different than having your toll tag read by anyone who wants to read it (and if you think it's just the tollgates reading them, guess again). Clipper I would expect to argue that the car identifier returned by the AEI scan has been released into the public view. It's not encrypted. And it could be obtained through machine vision techniques installed on private property close to trackside as well.
It was pointed out that you can't do much in terms of gleaning proprietary railroad operating strategies with equipment ids only. But "not much" doesn't mean zero in the world of big data. Get enough strategically located readers and you can get theoretically car cycle times and route segments those cars travel on. Also whether line segments are approaching capacity. Etc. Etc. You'd need more than a couple dozen readers though.
I agree the camo coloring indicates that they realize it's marginal, and they wanted to keep it stealth for as long as possible.
Many informed comments, many legal issues, a lotta haha. Just think of VW transposed to the ROW. Now the collective paranoia factor gets a boost.
Mr. Coburn, I have licensed and installed / maintained these for my RR. They are transmitters in the 900 Mhz band. They work by sending a signal that returns modulated with the digital code of the tag on the equipment.
Dennis
Mr. Sproul I would think the FCC license would only be needed if they emit RF and from what I've read here they only receive.
As I read the article, the lease with the homeowner whose property in near the RR right-of-way, was for the use of electricity, not placement of the reader. The photo clearly shows a wire coming from above the reader.
FWIW. There is a law on the books about interception of coded radio signals(ie data transmission). I don't know how this would apply to simply sending out a signal and waiting for replies. In the case of the "lease" it sounds like like they sought and received permission from the property owner. I am kind of surprised that the company did not have a confidentiality clause in the lease.
Also did they paint or specify the subdued colour or was it just random chance.
Do I think it's a good idea or not. Not sure. If the railroads were a little more open about their data might not be an issue. IE where's my cargo?
If you crank them up to full power and don't care about cross reads from adjacent tracks they will work 20-25 feet away.
Dennis Sproul
AEI readers are used by many companies other than railroads. Shippers use them to read pertinent information on cars prior to loading, so the idea of controlling access to them would be rather tough. There are even hand-held versions available. I think its very suspicious that they are painted or molded in a color that makes them blend in. This leads me to believe that ClipperData knows they shouldn't be placing these. Usually an AEI reader must be within 8 feet of the equipment tag, so there really is no way to install these without trespassing…
You need an FCC license to use the radio frequency and power these readers emit. At the very least if they do not posses one for each location they are violating a Federal law. I am a retired RR Comm. Engineer.
Dennis Sproul