Holding electronic logging devices accountable.
Fraudulent and non-compliant ELDs are a documented, growing problem. This project applies open methods to public FMCSA data — the device registry, the revoked list, and the carrier census — to surface the devices and patterns that warrant scrutiny, and to verify whether an ELD's output file actually meets the federal tamper-evidence standard.
| Risk | Tier | Vendor | Device | Registrant email | Signals |
|---|
| Date revoked | Status | Device | Company | ELD ID |
|---|
Current ELD & FMCSA enforcement news. Aggregated from public news sources; headlines link to the original publisher. FMCSA's newsroom is the authoritative source.
loading…
How this determines a file is fraudulent — and why it's valid
1. The output file is a deterministic federal artifact, not free-form telematics
An ELD output file is fully specified by 49 CFR Part 395, Appendix A. Every duty-status event is a fixed-field record — sequence ID, record status, record origin, event type/code, UTC timestamp, accumulated odometer, engine hours, position. Because the structure is fixed, the file can be parsed and audited mechanically: there is a single correct interpretation of every field.
2. Tamper-evidence is built in by a cumulative check-value chain
The spec makes the file self-verifying through three layers of check values:
- Event check value — derived from the event's own fields:
Σ(ASCII of fields) → low 8 bits → rotate-left 3 → XOR 0xC3. Change any field and the stored value no longer matches the recomputed one. - Line check value — each output line XOR-folded, then
XOR 0x96. - File check value — the whole file reduced to one 16-bit value,
XOR 0x969C.
The chain is cumulative: you cannot alter one record without re-deriving every value downstream of it. A compliant ELD recomputes the chain on every write; a backdoor that edits a record in place does not — which leaves a mathematically detectable break.
3. The edit model is constrained, so fraud has a structural signature
The regulation forbids overwriting records. A legitimate correction must (a) retain the original, flipping it to status 2 (inactive-changed), and (b) append a new record with origin 2 (driver) or 3 (carrier-proposed). Automatically-recorded driving (origin 1) is immutable except via two narrow sanctioned paths: an unidentified-driver claim or a confirmed co-driver reassignment.
The consequence is the core result: any attempt to remove or shorten drive time must leave at least one of these five fingerprints —
- a missing status-2 original (in-place overwrite, §4.4.4.2(a))
- a gap in the monotonic event-sequence counter (deletion, §4.4.4.2.1)
- an event check-value mismatch (post-hoc edit, §4.4.5.1)
- an odometer / engine-hour discontinuity (fabricated or GPS-only driving, §4.3.1.4–5)
- an origin-1 driving event illegally converted to a non-driving status (§4.3.2.8.2)
There is no way to satisfy all five invariants and hide tampering — doing so would require behaving exactly like a compliant device.
4. Why this is valid, not a guess
These are deterministic checks against a published federal specification, not statistical or machine-learning heuristics. Each finding is a provable violation of a cited CFR section, reproducible by anyone holding the same file. The distinction from FMCSA's own tool is precise: the File Validator confirms a file is well-formed; this confirms it is internally consistent and tamper-evident. A fraudulent device must fail one or the other — to pass both while concealing edits it would have to forge a self-consistent check-value chain across the entire file, keep engine telemetry physically plausible, and preserve sequence continuity, i.e. reproduce the behavior of a lawful ELD.
Reliability was validated against a labeled corpus — one spec-compliant file plus systematically tampered variants (in-place overwrite, record deletion, driving reassignment, stale check values, frozen ECM, odometer rollback): 100% of tampering detected, zero false positives on the compliant file. Because the rules encode what the regulation literally requires, a clean file has nothing to trip them.
Submit a tip
Seen a carrier running a suspicious ELD, or an ELD that lets drivers rewrite logs? Send it here. Goes directly to the operator of this site. Optional and anonymous — leave contact info only if you want a reply.
Submitting reports information you believe to be true. This site is not a government agency; a tip here is not a legal filing. To file officially, use the FMCSA channels at right.
Report to FMCSA
FMCSA is the authority. To report a non-compliant or fraudulent ELD, or HOS coercion, use the official channels below. We help you assemble a clean, fact-based report — we don't submit it for you.
- National Consumer Complaint Database
nccdb.fmcsa.dot.gov · 1-888-DOT-SAFT (1-888-368-7238) — choose "non-compliant ELD". - FMCSA ELD Team
ELD@dot.gov · 800-832-5660 — they manage the registry & revocations. - DOT Office of Inspector General (deliberate fraud)
oig.dot.gov/hotline
The draft pulls this tool's public-data signals (and any carrier safety record) into a neutral, review-not-accusation summary you can paste into NCCDB or email to ELD@dot.gov.
What this is — and what it is not
This is an independent research tool. It is not affiliated with, endorsed by, or operated by FMCSA, the U.S. DOT, or any law enforcement or government agency.
It does one thing: it gathers publicly available data published by FMCSA and organizes it into risk signals. A "HIGH" or "ELEVATED" tier means a record matches patterns that warrant review — it is not a finding, accusation, or determination of fraud, non-compliance, or any wrongdoing by any named company or individual. Many flagged characteristics (a small vendor, a free email address, an owner who also drives) are entirely lawful.
Only the File Forensics module makes a factual call, and only about a specific output file: whether that file conforms to the tamper-evidence required by 49 CFR Part 395 Appendix A. A finding there describes the file, not the intent of any person.
Read the technical brief → How FMCSA could catch non-compliant ELDs using data it already collects (printable).
Where the data comes from
How a record gets scored (Registry Forensics)
Each signal below is an automatable join over the public sources above. Weights are additive; tiers are HIGH ≥70, ELEVATED ≥40, WATCH ≥20, otherwise LOW.
How a file gets judged (File Forensics)
An ELD output file (the FMCSA Data Transfer export) is parsed and checked against the integrity rules the FMCSA format validator does not enforce: retained originals on edits, immutability of automatically-recorded driving, event-sequence continuity, check-value integrity, and engine-data (ECM) plausibility. Each finding carries its CFR citation. A PASS/SUSPECT/FAIL verdict describes that file's conformance — nothing more.
Reporting
This tool does not report anything to anyone. If a user chooses to act on a lead, the appropriate public channels are FMCSA's National Consumer Complaint Database (nccdb.fmcsa.dot.gov), the FMCSA ELD team (ELD@dot.gov), or the DOT Office of Inspector General. Any report should be framed as information warranting review, supported by the file-integrity findings and their CFR citations.
Privacy
This site records basic request information (IP address, browser type, referring link, and page requested) for security and abuse-prevention purposes, and to identify automated attempts to locate log-tampering tools. Tips you submit are stored only so the site operator can review them; contact details are optional. We do not sell data or use third-party advertising trackers.
Data reflects the FMCSA lists as downloaded; FMCSA is the authoritative, current source. If you believe a record is inaccurate, FMCSA's published data governs.