FreightProof: A Provable-Process Layer for the Post-Montgomery Freight Industry

Rootz Corp — June 2026 (v2)

"The whole industry was solving for fraud. The Supreme Court created a liability problem. They are not the same thing — and the answer to both is the same: make the record provable."

Abstract

On May 14, 2026, the United States Supreme Court ruled unanimously in Montgomery v. Caribe Transport II, LLC (608 U.S. ___, Docket 24-1238) that state negligent-selection claims against freight brokers are not preempted by the Federal Aviation Administration Authorization Act. Every entity in America that selects a motor carrier to move goods — from the largest freight broker to a gravel yard dispatching dump trucks — is now exposed to state tort liability for failing to exercise "ordinary care" in carrier selection.

The existing carrier-vetting industry sells dashboards, alerts, and scores. None of it is proof. Every platform stores records in a mutable database controlled by the vendor or the broker; none produces a record a third party can independently verify.

FreightProof is a provable-process layer. It creates signed, tamper-evident, independently verifiable records about the carrier, the driver, and the truck — and turns a driver's check-in at the dock into a GREEN / YELLOW / RED clearance the broker can trust and the carrier can prove. The carrier owns the data; the broker gets the color and the carrier/driver/truck identity, never the raw files; a RED blocks the load.

A working carrier-vetting product is live today at freight.rootz.global/app (look up any carrier, get a risk and clearance assessment, generate a signed record, backed by 12.8 million government safety records). The truck data wallet and ELD clearance are the next layer built on top of it.

One principle governs everything we say in this paper: we claim a provable process, not perfection. We do not claim a document is true, that a sensor cannot be fooled, or that any record is admissible by our say-so. We claim — and prove — what was observed, when, by whom, that it has not changed since, and that independent parties corroborate it. That is what the law actually asks for.

1. The Montgomery Decision: What Changed

1.1 The facts

Shawn Montgomery, a tractor-trailer driver, was struck by a truck operated for Caribe Transport II, LLC, in a shipment arranged by C.H. Robinson Worldwide, Inc. — one of the largest U.S. freight brokers. Montgomery suffered severe injuries including the amputation of his leg.

Caribe Transport carried a conditional FMCSA safety rating with documented deficiencies in driver qualification, hours-of-service compliance, inspection and maintenance, and recordable crash rate. That information was publicly available, free of charge, on the FMCSA SAFER system. The question: does failing to check it — or checking it and booking anyway — create legal liability?

1.2 The holding

Justice Amy Coney Barrett, for a unanimous Court:

> "A claim that one company negligently hired another to transport goods is not preempted by the FAAAA because States retain authority to regulate safety 'with respect to motor vehicles.'"

The preemption shield brokers had relied on since Ye v. GlobalTranz (7th Cir. 2023) is gone. Roughly 28,000 registered U.S. freight brokers — and a far larger universe of asset-rich dispatchers — are now exposed to state tort liability. Justice Kavanaugh, joined by Justice Alito, concurred that Congress pursued "economic deregulation, not safety deregulation," and noted roughly 5,000 deaths and 114,000 injuries in truck-related accidents in 2022.

1.3 The question every case now turns on

Barrett deliberately did not define "ordinary care" — that is for juries, case by case. But the structure is clear. A plaintiff shows duty, breach, constructive knowledge ("knew or should have known," because the data is public), foreseeability, and proximate cause. The defense is the mirror image: the selecting entity did check, the data did not indicate elevated risk, and the decision was reasonable on what the data showed.

So the question in every post-Montgomery case is a process question: "Can you prove what you checked, when you checked it, and what it showed?" Montgomery does not require the carrier to have been safe. It requires the selector to have a documented, reasonable, provable process. That is precisely the gap FreightProof fills.

2. The Evidence Gap

2.1 What exists today

The carrier-vetting industry — roughly $500 million in annual revenue across RMIS (Truckstop), Highway, Carrier411, CarrierAssure, DAT, and others — produces dashboards, real-time signals, scores, and compliance flags. Every record lives in the vendor's or the broker's own database. Every record is mutable. None produces a record a third party can independently verify; none uses cryptographic hashing or anchoring of the result.

2.2 Fraud and safety are different liabilities

The industry was built to solve freight fraud — double-brokering, cargo theft, identity spoofing, phantom carriers. That is real and serious. But fraud and safety point in opposite directions:

	Fraud	Safety (Montgomery)
Question	Is this carrier who they say they are?	Is this carrier's record one you can defend selecting?
Victim	The broker (stolen cargo)	The public (killed or injured)
Defendant	The fake carrier	The broker who selected the carrier
Typical damages	$50K–$500K (cargo)	$5M–$50M (wrongful death/injury)

The fraud tools armor the broker from carriers. Montgomery creates liability of the broker to the public. The industry built armor for a different battle — and neither battle is won by storing a screenshot in a database nobody can verify.

2.3 The data-model mismatch

The FMCSA publishes carrier-level data; Barrett's opinion identifies driver-level and vehicle-level factors. A fleet with 100,000 drivers hides one dangerous driver in the aggregate; a three-truck operation with the best driver in the state gets the same "small fleet" flag as a shell company. The data model is wrong for the liability model. Closing that gap means binding evidence at the level the standard actually cares about — the specific truck and the specific driver on the specific load — which is exactly what the truck data wallet and the dock clearance do.

3. The Thesis: Provable Process, Not Perfection

Most "proof" in freight is a PDF that looks fine. We do the opposite, and we are explicit about the boundary because the honesty is the product — an overclaiming record is the first thing opposing counsel attacks.

What a FreightProof record proves: what the data showed and when; that it has not changed since (tamper-evident — any edit breaks the fingerprint, detectable by anyone); where it came from; who signed it; and that anyone can verify all of the above without trusting us.

What it does not prove: that the underlying government or third-party data is correct (garbage in is signed garbage); that a sensor or feed was not spoofed (we make tampering and divergence detectable, not impossible); that the carrier will behave after the check; or, by itself, legal admissibility (that is a court's call under its own rules — we build the record to meet those rules).

The honest spine, usable verbatim: "We don't prove the sensor told the truth. We prove what was observed, when, by whom, that it was sealed and unbroken, and that independent parties corroborate it — a record that gets more expensive to fake every day it grows."

A full, plain-language account for legal and compliance teams lives at freight.rootz.global/proof.

4. The Architecture

4.1 The signed record

Every record is built from proven, decades-old primitives, described plainly:

A cryptographic fingerprint (SHA-256 — the federal standard, FIPS 180-4). A short, unique fingerprint of the exact data. Change one character and the fingerprint changes, so tampering is detectable by anyone holding the original.

A trusted timestamp. The record is bound to a precise moment — so "when did you know it" has a defensible answer.

Digital signatures. Each record carries the signature of whoever produced it.

Independent verification. Recompute the fingerprint and compare. No FreightProof account, no special software, no trust in our scoring required. That independence is what makes it credible.

Optional blockchain anchoring. A third-party timestamp even FreightProof cannot move or backdate, for records where the extra independence is worth it.

4.2 Binding the provenance that already exists — no issuer adoption required

A great deal of freight fraud is forged documents: an insurance certificate forged in minutes, a PDF forwarded broker to broker that nobody checks. The strongest answer is the issuer signing at the source — but we do not have to wait for that, because the proof often already travels with the document.

When an insurer emails a certificate, their mail server signs the message with a domain key (the DKIM mechanism that authenticates email), tying the certificate to the insurer's domain and proving it was not altered in transit. FreightProof binds that signature at the moment of receipt. The same applies to documents executed through DocuSign and similar services. The fastest path is binding the signature that is already there; the strongest is the issuer signing directly. Both are honest; the limit (the email proves sent and unaltered, not still in force) is stated beside the claim.

4.3 The truck data wallet — a ledger per truck

The center of the architecture is a data wallet that is a ledger per truck. It is built on Rootz V6 — a sovereign secret on the Polygon blockchain that functions as a per-entity, append-only, encrypted, multi-writer ledger with team roles (owner, admin, member, viewer) and owner-held keys rooted in a hardware security module (TPM). We wire to V6; we do not rebuild it.

Key properties:

Bound to the iron, not the paperwork. The wallet's history follows the truck across operating-authority-number changes, new leases, and new operators — the chameleon-carrier defense. A repainted door does not reset the record.

The VIN is private. The wallet has its own identifier; the VIN→wallet mapping is not public. The wallet lives with the truck and reveals the VIN only to an authorized party.

Many systems write; each signs its own entry. The ELD feed, the maintenance shop, the lessor, the fuel card, the toll network, and a government safety snapshot each contribute signed records. The cross-reference between independent signers — who have no reason to collude — is what makes the record hard to fake.

The carrier owns it. The keys, and therefore the data, belong to the carrier.

4.4 The driver and the check-in at the dock

The dock has always asked the wrong question: it checks the number on the door against the dispatch, which a $12 magnetic sign and a phone call defeat. FreightProof asks a better one, and makes it a simple check-in.

The driver's phone shows a code that is their identity. The ELD already binds driver → truck → location for the day, so verifying the driver verifies the truck and that it is here. At the yard the driver checks in, and a zero-trust policy resolves: is the dispatched driver active on the dispatched truck; is that truck physically local (live location); and does the truck meet this job's minimums — safety record, insurance, maintenance current, a passing pre-trip walk-around today?

Steal the driver's code and present it three states away and it fails — the live telematics do not place the genuine truck at the yard. We do not claim location cannot be faked; we claim the bar moved from forging a $12 sign to spoofing the real truck's live feed in real time without breaking a continuous, cross-referenced track — far harder, and detectable after the fact.

4.5 The clearance: a color for the broker, the data for the carrier

The output is the part that resolves the privacy objection that has dogged every prior approach. The carrier owns the record detail. The broker gets a clearance — GREEN, YELLOW, or RED — plus the carrier/driver/truck identity and a reason code. Never the raw data. A RED is blocking: the truck cannot accept the load. The broker also keeps its own signed copy of the clearance — a receipt it holds, not a color it rents.

This is the answer to "you hold sensitive data any AI can read": we don't. The carrier holds it. The broker gets a decision, not a dossier. The broker sets the policy ("I need a truck that meets X, including live verification at loading"); the carrier's capability satisfies it. We provide the provable data; the broker and the shipper make the decision.

4.6 Confidential compute and owner-held keys

For carriers who demand it, the strongest privacy posture is structural. The zero-trust policy can run inside a confidential-compute enclave: the data key is held in a hardware security module to the operator's identity and released to the enclave only under remote attestation, so plaintext exists only transiently inside attested hardware that the operator — including us — cannot read into. At rest we hold ciphertext and commitments, not readable records. We cannot be compelled to produce data we are cryptographically incapable of reading. And "the right to be forgotten" is delivered not by deletion (which would break provenance) but by encryption and time-locks — data can be sealed for years and opened later, on the owner's terms, by the power of the smart contract.

5. How It Works — A Truck's Signed Life

The whole architecture comes together as a lifecycle. (See it in motion at freight.rootz.global/clearance.)

Registration. When the ELD is installed the truck gets its wallet — a ledger keyed to the iron. Genesis records: vehicle identity, the carrier that operates it, the lease (signed by the lessor), the FMCSA safety record, the maintenance baseline. The carrier holds the keys.

Daily operations. Each day the ELD signs hours-of-service, location, odometer, engine hours, the pre-trip inspection, the driver assignment; the fuel card, the toll network, and the maintenance shop add their own signed entries. Over months the record becomes un-backfillable — tenure stops being a claim and becomes a record with receipts.

Dispatch. The broker sets the policy; the driver checks in; the clearance resolves GREEN / YELLOW / RED. That signed clearance is the record the Montgomery question points to: what did you know about this carrier, driver, and truck when you committed to the load?

Maintenance. The wallet warns the carrier before a load is blocked — green today, but the preventive-maintenance interval is due in three days. The shop's signature is bound to the truck and sealed, so no one can quietly back-date a "serviced" record after a crash. (It proves the record was not altered after, not that the work was adequate — only the shop can vouch for that.)

Back to dispatch. Serviced, the truck clears green again; the maintenance event is now a permanent, provable part of the record that followed the iron.

The proof only the carrier can assemble. Every vetting tool can check a record. The carrier — holding the keys — can assemble and present the whole of it: signed, sealed, continuous, cross-referenced, tamper-evident, and anchored so even the keyholder cannot quietly rewrite history. Its credibility comes from the independent signers the carrier cannot forge. When a broker, insurer, court, or regulator asks "prove what was true," the carrier answers on short notice with provable details — the same model the food industry is moving to under FSMA 204.

6. Reducing the Top Fraud Classes

The carrier and the dock get the data to reduce — and in some cases eliminate — whole classes of fraud. Each is honest about its limit. (Full detail at freight.rootz.global/fraud.)

Fraud class	How FreightProof reduces it	Honest limit
Strategic / fictitious-pickup theft	The live truck location must place the dispatched truck at the yard, with the dispatched driver signed in. A forged credential is not on the real truck.	Defeats the remote/forged-credential case; bringing the real truck or spoofing its live feed is harder and detectable.
Identity theft / chameleon carriers	The record is bound to the iron, so history follows the truck across number, lease, and operator changes.	The truck must have been enrolled; a brand-new truck has a thin record (itself a signal).
Double-brokering	The truck that arrives must be the one cleared, with the right driver; the real hauler is verifiable.	Identity is not intent; a verified carrier can still re-broker — but every actor is tied to a verifiable identity.
Forged insurance certificates	Bind the domain signature already on the insurer's email, and the DocuSign envelope; verify the signature, not the logo.	The email proves sent-and-unaltered, not still-in-force; pair with a live coverage-status check.
ELD tampering (swap, spoof, clone)	The device records the engine's identity each entry; a swap shows as a change; the trip is cross-referenced against fuel, tolls, weigh stations.	A continuity check, not hardware attestation; the strength is the cross-reference.
Maintenance paper fraud	The shop's signature is bound to the truck and sealed; a record cannot be quietly back-dated.	Proves the record was not altered after, not that the work was adequate.

7. What We Can Prove — The Evidentiary Basis

FreightProof records are designed to stand up under the rules of evidence — without overstating.

Authentication. SHA-256 is a deterministic mathematical function; the same input always yields the same fingerprint, and an anchored fingerprint is independently checkable. Little or no expert testimony is needed to authenticate — the math is the authentication.

Hearsay. A vetting or clearance record is a business record made in the regular course of business at or near the time of the event by a person or system with knowledge — within the Federal Rule of Evidence 803(6) exception.

Tamper-evidence. Altering any field changes the fingerprint; the original is anchored where even the record-holder cannot silently rewrite it. A change is detectable by any party — which is a different and more honest claim than "immutable."

Best evidence. The wallet record is the original; it is not a copy of something stored elsewhere.

What it is not: a guarantee of admissibility (a court decides that), a guarantee the underlying data is correct, or a claim that the record cannot be challenged. It is a record built to survive the challenge.

8. What's Live Today vs. the Roadmap

Live today. The carrier-vetting product at freight.rootz.global/app: look up any USDOT carrier → a risk and clearance assessment against the factors Montgomery flagged → a signed vetting record you can verify independently, backed by ~12.8 million FMCSA records and a REST + Model Context Protocol (MCP) API. Proof-of-Good-Care hash-chained custody documents are live. This is a working product, not a concept.

Built and demonstrable. A v1 of the truck data wallet and the dock clearance runs end to end on real ELD-shaped data — the signed record chain, the truck identity, and the GREEN / YELLOW / RED policy — with a broker / dispatch / carrier three-view. The one thing between it and a live fleet is a single read-only authorization from a carrier.

Roadmap (in priority order).

Tender-time clearance — clear the truck at carrier selection (where liability attaches), confirm presence at pickup.

Cold-database fallback for un-enrolled carriers, so a broker has one record across the whole book; enrolled carriers simply score higher. Coverage is the product.

Completeness proofs and counterparty-held receipts so the record survives the carrier being the adverse party in court — a withheld record shows as a gap, not a clean story.

A self-managed app for the small operator — no integration; grows into the full solution.

We mark roadmap as roadmap and live as live. Nothing in this paper that is described in the present tense as shipped is vaporware.

9. Integration: ELDs, Authorization, and the MCP Moat

FreightProof reads a fleet's data under the carrier's own authorization — the legitimate path, not scraping. The major ELD platforms split into two tiers:

Self-serve (build first): Samsara, Motive, Geotab. Open developer platforms, granular read-only scopes (a carrier can grant "read hours-of-service and vehicle, nothing else"), real webhooks and feeds. A design-partner carrier can grant access in hours.

Gated (fast-follow): Verizon Connect, Omnitracs (Solera), PeopleNet (Platform Science). Customer-provisioned or partner-gated; reached demand-pulled or via an aggregator.

The strategic point: in 2026 Geotab and Motive both shipped MCP connectors that expose live fleet data to AI tools — but they are access and permissions only, with no signing, provenance, or attestation. They give an AI a number; they cannot give a broker, an insurer, or a court a number they can prove and carry across providers. That is exactly the white space FreightProof occupies — the signed-provenance layer above the feeds — and the incumbents' own launches have now named it.

A note on retention: some ELD platforms purge data on a configurable schedule, so the source history is not guaranteed. A wallet that captures continuously becomes the durable record the source cannot promise — volatile storage below, a permanent attested ledger above.

10. Market Impact

10.1 Who Montgomery affects

The reach extends far beyond registered brokers — any entity that selects a motor carrier faces the same "ordinary care" standard:

Segment	Est. entities	Dispatches/yr	Awareness today
Registered freight brokers	28,000	~50M	High
Gravel / aggregate operations	~50,000	~20M	Low ("I'm not a broker")
General contractors (hauling)	~100,000	~15M	Low
Snow removal (property mgmt, HOA)	~500,000	~25M	None
Waste and recycling haulers	~20,000	~30M	Low
Farm and agricultural transport	~100,000	~10M	None
Towing and recovery dispatch	~30,000	~15M	None
Last-mile delivery (retailers, 3PLs)	~50,000	~100M+	Medium

Total: 250M+ U.S. dispatches per year. At $10 per record the addressable market exceeds $2 billion annually; freight brokers alone at ~75M dispatches is $750M.

10.2 The asset-rich dispatcher

The most exposed are not brokers — they are asset-rich companies that dispatch motor carriers as a side function. A gravel yard with 20 dump-truck drivers makes 200 dispatch decisions a day; the pit, the equipment, the real property are all attachable. A national property manager contracts hundreds of plow and waste haulers across thousands of sites; a plow truck hits a pedestrian at 3 a.m. and the property manager selected the company. Hospitals, universities, and retailers all dispatch contracted DOT-numbered carriers. Each has counsel and a contractor-compliance program (usually just collecting a certificate of insurance) and now has a new, unmet requirement: documented verification of the carrier's safety record.

10.3 The insurance accelerant

The most efficient channel is not direct-to-broker; it is through the commercial liability insurers who are about to face a wave of Montgomery claims. An insurer that requires its insureds to use FreightProof gets lower defense costs (the record is pre-built, not reconstructed), stronger summary-judgment motions, risk-segmented pricing, and claims data at the dispatch level. The insurer does not sell FreightProof — it requires it as a condition of coverage, the way property insurers require fire suppression. This mirrors how state breach-notification laws drove enterprise disk-encryption adoption in 2005–2015: legal and compliance required it, and the management console — proof the control was active at the time of loss — became the product. A careful note for underwriters: today this is a claims and evidence tool (it lowers loss-adjustment expense and improves defense outcomes); a filed premium credit requires years of matched loss data — so it earns its first insurer dollars at the claims desk, not the rate filing.

10.4 SEC disclosure

Public companies that operate or extensively contract with motor carriers face a new disclosure question under Regulation S-K Items 105 and 303. Montgomery creates a quantifiable litigation risk for any company that runs trucks under a DOT number, brokers freight, or contracts carriers for facility operations. Companies that do not disclose the risk and then face material litigation invite derivative suits; companies that do disclose it must describe mitigation — which brings carrier-vetting documentation directly into the 10-K. Any company filing a 10-K with a DOT number should be reviewing its risk factors now.

11. The Business Case

For a mid-size broker handling 500 loads a day, FreightProof at volume is roughly $1,000,000/year — set against a single undefended wrongful-death settlement of $5M–$20M, a 20–50% post-claim premium increase, and the discovery cost of reconstructing a vetting process from memory and screenshots. For a gravel yard with 20 drivers, it is roughly $400,000/year against a pit and equipment worth millions and a dump-truck fatality judgment in the same range.

The asymmetry is the whole argument:

Without a provable process	With FreightProof
"I believe we checked" (no record)	"Verified at 14:32 UTC; the record showed X; fingerprint Y; here is the clearance"
Discovery: "we don't have formal records" = evidence of no process	A timestamped, verifiable record for every dispatch
Plaintiff's expert defines the standard after the fact	Your documented, Barrett-mapped checklist is the standard you followed
Settlement leverage: weak	Settlement leverage: a verifiable record of reasonable diligence

And the carrier benefits too: a truck with a thick, continuous, signed record is more bookable than one without. Over a thousand verified dispatches, the wallet becomes the carrier's portable reputation — earned, owned, and carried across brokers, where today it evaporates when you switch platforms.

12. For Each Stakeholder

Brokers. A signed clearance at the moment you commit the truck answers the Montgomery question. You keep your own copy; you don't warehouse the carrier's files. Solve the long tail with the cold-database fallback so you have one record across your whole book.

Insurers. Start at the claims desk: the presence and identity checks attack the loss-relevant fraud (fictitious pickup, double-brokering). Lower your loss-adjustment expense and improve defense outcomes now; earn a rating credit later with loss data.

Carriers and owner-operators. You own your data and hold the keys. Present a clearance when you choose; it is never a load-board gate someone else pulls. Your record is your portable reputation, and the right to forget is delivered by encryption and time-locks, not erasure.

Legal and compliance. This is the page for you: a provable process is the defense, not a claim of perfection. Ask for the sealed record and the verification steps; verify it without us. Full detail at freight.rootz.global/proof.

13. Standards and Honest Limits

FreightProof is built on open, established standards: SHA-256 (FIPS 180-4) for fingerprints; Ed25519 and ECDSA P-256 and, for post-quantum readiness, ML-DSA-65 (FIPS 204) for signatures; RFC 8785 for canonical signing; W3C Verifiable Credentials and Decentralized Identifiers for portable, verifiable records; Polygon for optional anchoring; and the Model Context Protocol for AI-native access. The cryptography is not novel — and that is the point. The innovation is applying proven, federal-standard tools to a liability and fraud gap, honestly, at the level the standard actually cares about. Where a claim has a limit, we state the limit beside the claim. That discipline is not a disclaimer; it is the reason the record survives a challenge.

14. About Rootz

Rootz Corp builds the trusted layer for data. Its leadership built the trusted-computing foundations of the modern computer industry: the Trusted Platform Module (TPM) standard now embedded in billions of devices, and two decades of deploying hardware-rooted security in banking, defense, and government systems. FreightProof applies that same lineage — hardware-rooted keys, attested compute, signed and verifiable records — to freight, where fraud has gone machine-scale and the law has just made proof mandatory.

15. Conclusion

The freight industry spent a decade building sophisticated tools for fraud. They do not solve Montgomery, because Montgomery does not ask whether a carrier is safe — it asks whether you can prove what you knew, and when. That proof does not exist anywhere in the industry today.

FreightProof provides it — not as a guarantee of perfection, but as a provable process: a signed, tamper-evident, independently verifiable record of the carrier, the driver, and the truck, culminating in a clearance the broker can trust and the carrier can prove, with the carrier owning the data and the broker getting a decision rather than a dossier. The carrier-vetting product is live today; the truck wallet and the dock clearance extend it; and the whole of it rests on cryptography that has been trustworthy for thirty years.

The gap will close. The question is whether it closes with verifiable records or with plaintiffs' verdicts. Every load dispatched without a provable process is a bet that the truck arrives safely. Most bets win. The ones that lose cost millions.

A verifiable record per dispatch. A clearance the carrier can prove. Proof you can check yourself.

Rootz Corp — freight.rootz.global — Verification, not promises.

This paper is for informational purposes only and is not legal advice. Entities should consult qualified counsel regarding their specific obligations under Montgomery v. Caribe Transport II.