security-minded arguments, then dismiss them as not feasible, imagining we don’t know the real situation or the true nature of an attacker’s motivation.

They think they simply don’t need a stronger identification scheme. In Mexico, banks are required to have such a scheme, though when money is not directly involved, users have been known to throw tantrums so they can keep using their everyday passwords.

Seeking to access a certain user’s data, an attacker might try to find vulnerabilities in the host system, revealing data about every user in the system, rather than guess probable passwords based on a particular user’s public profile.

GUNNAR WOLF

Mexico City, Mexico

Author’s Response:

User resistance to doing more to secure a computer system is common. Ways to overcome it and enforce the organization’s security policies depend on support from top management, including the CEO.

Malicious hacking takes multiple forms, each involving its own level of technical skill and preferences for attack methods. However, none can ever be ignored. A single security breach might be fatal to an organization, as I described in my article.

ALFRED LOO

Hong Kong

CLARIFY OBJECT IDENTITY IN
OBJECT SCHIZOPHRENIA
The article “Patterns, Symmetry,
and Symmetry Breaking” by Lip-
ing Zhao (Mar. 2008) led me to

explore the relationship between the object schizophrenia problem (OSP) and the symmetry-breaking concept it described. OSP in classical object-oriented modeling can be understood as broken semantics for method execution, contracts, and other concerns. (For more on OSP, especially in the context of subject-oriented programming, see www.research.ibm.com/sop/sopcp ats.htm.)

The notion of object identity is central to OSP, as the semantics become clearer only when we consider object identity. An object has a set of operations and a state that remembers the state. OSP emerges mainly as a result of message-for-warding mechanisms (such as consultation and delegation), leading to “memory loss,” or broken semantics. In delegation, the inability to associate “self” with the appropriate object (method holder or originator) results in broken delegation and ( consequently) in OSP.

In the context of the article, OSP can also be understood as symmetry breaking, especially in terms of object identity. Moreover, the notion of object identity— crucial to OSP—might lead to a clearer understanding (and possibly a formal approach) when applied to design patterns and symmetry breaking.

AGNEESWARAN VIJAY SRINIVAS

Lausanne, Switzerland

KEEP FAITH IN AMBIENT INTELLIGENCE Ambient intelligence (AmI) is often promoted as a breakthrough despite its potential drawbacks. The article “The Illusion of Security” by David Wright et al. (Mar.

2008) analyzed ways to prevent the fictional threat scenario it presented and if indeed the scenario did occur ways its consequences might be addressed. That scenario—three fraudulent insider data administrators working in concert and senior executives trying to conceal their attack—is not AmI-related. Real-world scenarios with more disastrous consequences could occur on any given day in any given bank or critical-infra-structure-related governmental office.

A malicious insider group operating inside such an organization is highly improbable, as its conspirators would be expected to be well-screened, highly paid, and backed up by trusted endorsers.

Meanwhile, the type of attack described in the article is a force majeure for any organization— practically impossible to prevent once the conspirators have agreed to cooperate.

The three administrators and the company president described in the article fled to an undevel-oped country with no AmI infrastructure. Our hope for a secure society with less of a chance of AmI-related disasters shouldn’t depend on downgrading our interest in developing vibrant AmI technology wherever we are.

JAAK TEPANDI

Tallinn, Estonia

Please address all Forum correspondence to the Editor, Communications of the ACM, 2 Penn Plaza, Suite 701, New York, NY 10121-0701; email: crawfordd@acm.org.