In a story datelined 24-Oct-2000, and headlined: New Jersey shuts down E-ZPass statement site after security breached The Associated Press reported on a problem with privacy and security on the New Jersey EZPASS website where people can review their usage. (EZPass is a radio transponder placed in your motor vehicle which is "read" at toll booths, enabling you to zip through without having to stop and hand over cash. Naturally it keeps records of when and where you were for billing purposes... Which is another RISK all together) Per the story: TRENTON, N.J. (AP) -- A security breach has forced New Jersey officials to temporarily shut down a service that allows E-ZPass users to get monthly statements via e-mail. The story contains claims and counter-claims, some of which are mutually exclusive, but then has the following paragraph: Reagoso said Monday that it wasn't hard to break into the system. He discovered that the electronic statements aren't sent directly to drivers via e-mail, but rather drivers are provided with a link to access their accounts. Presumably the link for, say, October would have been something like www.[the number of your account].200010.[somelocation] and all you'd have to do is replace your own account number with the person's you were looking for. Quoting one more paragraph from the story: "It's something that an eighth-grader who designs his own Web page at home is capable of doing," Reagoso said. "It took four accidental keystrokes to display anybody's account." I just checked the EZPass website (www.ezpass.com) and they don't have any comments posted... [It turns out Mr. Reagoso has his own website: http://www.reagoso.com in which he says a bit more. DB]