The Voting Integrity and Verification Act (VIVA) introduced by Sen. John Ensign (R-Nev.) on Feb. 9 calls for voter-verifiable paper trails that will allow people who use touch-screen systems to confirm their choices as well as permit accurate recounts, which critics say are impossible with paperless systems. The state of Nevada required paper trails for e-voting systems employed in the 2004 presidential election. Ensign argued that the measure raised voters' confidence in the legitimacy of their votes, and that this confidence should be extended to all Americans. Observers registered hundreds of problems with e-voting machines throughout the country during the general election, including the loss of roughly 44,000 votes in Carteret Country, N.C. Ensign said some states have misread the Help America Vote Act and assumed that printouts are only needed after the polls close, and VIVA is designed to correct this way of thinking. The Information Technology Association of America opposes VIVA, agreeing with e-voting machine vendors that equipping systems with printers will make the machines more expensive and raise the risk of long lines at polling places because of paper jams or malfunctions. Three Republicans and four Democrats have signed on with Ensign's legislation.
Click Here to View Full Article

For information regarding ACM's e-voting activities, visit http://www.acm.org/usacm.

Computer viruses are likely to appear in people's home appliances, media gadgets, cars, phones, and PDAs as those devices increase their electronic sophistication and are wirelessly enabled. Wireless connectivity is relatively cheap nowadays, and protocols such as Bluetooth make it easy for different devices to talk to one another. Security software firms are already considering how to protect mobile and previously standalone devices from virus infections even though there has not been a major attack on non-PC devices yet. The Cabir and Skulls viruses have shown the feasibility of such attacks on mobile phones, and a recent IBM report warns against impending mobile viruses based on mutations of the Cabir source code; the report also warns of new attack vectors, including Bluetooth and VoIP networks. Consultant David Emm says Cabir and Skulls are very basic virus programs and that hackers will come up with subtle attacks that are not easily recognized by end users; moreover, the Cabir worm shows that replicable malicious code needs devices with only a small amount of processing and memory capacity, along with connectivity. With that thought, it is conceivable that malware such as Cabir could infect vehicle navigation systems, or the slew of connected home appliances that were unveiled at the Consumer Electronics Show in January. Home-automation products might not be a direct target for viruses, but could become infected by way of a home computer acting as a networking hub. Smarthome's Dan Cregg says home-automation devices are not tempting targets for hackers because there is little of value in attacking them, but he notes that terrorists could conceivably launch malware that shuts down furnaces during a cold snap. Home entertainment networks could be pilfered for media stored on connected devices, such as personal video recorders, especially since Microsoft's Media Center operating system is built on the familiar Windows platform.
Click Here to View Full Article

The computer age has given the modern workplace a wealth of technologies that drive workers to distraction, and computer scientists and psychologists are examining this trend in the hope of counteracting it. "We're trying to come up with simple ideas of how computer interfaces get in the way of being able to concentrate," reports Ben Bederson of the University of Maryland's Human-Computer Interaction Lab, where he is focusing on the design of non-distracting interfaces. Bederson notes that an interface permitting smooth scrolling of documents, as opposed to sudden jumps, is less intrusive. Meanwhile, University of Washington computer science professor Alon Halevy says intelligent email that knows when to interrupt the user is far less of a distraction than normal email, and his semantic email project is attempting to structure originating messages so that software on the recipient's system can better understand and prioritize email. Bederson and Microsoft researcher and cognitive psychologist Mary Czerwinski are studying how interruptions affect cognitive flow, the deep level of mental engagement people reach when performing an activity that requires a certain degree of concentration; Czerwinski says people in such a state are less tolerant of distractions from an incoming alert. Czerwinski's research group is trying to recognize signs indicating the end of "key cognitive flow moments" that could be applied to predictive interfaces that use such signals to ascertain the best time for interruption. However, Bederson doubts that such interfaces can meet this challenge, noting that they can become distractions themselves. Other Microsoft scientists are working on software that can learn to determine where and how a computer user is focusing his attention, with one component designed to gauge the user's level of engagement and assign an appropriate level of urgency to incoming email.
Click Here to View Full Article
(Articles published within 7 days can be accessed free of charge on this site. After 7 days, a pay-per-article option is available. First-time visitors will need to register.)

Radical Islamic Web sites are urging readers to launch a cyber-jihad against their enemies; this calls attention to the potential for cyberterrorism, which national-security experts have identified as a major threat that could damage the United States far more seriously than the general public believes. Experts warn that critical, digitally-controlled U.S. infrastructure such as broadcasting networks, public utilities, and transportation systems are ripe for cyberattack--as is the FBI, which admitted as much after intruders broke into one of the bureau's commercial servers last week. One of the more notorious examples of well-coordinated cyberattacks was highlighted at a recent conference for federal computer-security experts hosted by the Defense Department's Computer Crime Center. The attack took place in the fall of 2000 when the capture of three Israeli soldiers by Lebanese Shiite fighters prompted angry hackers to deface the Shiite Hizbulla movement's Web site, which in turn triggered a cascade of Israeli-Palestinian cyber-warfare that eventually extended to U.S.-based targets. Israeli officials believe the online conflict was directly responsible for economic and governmental disruptions. The incident shows that nation-states, not just private citizens, are capable of cyberterrorism, according to Kenneth Geer with the Navy Criminal Investigation Service. Cybersecurity experts also point to a case in Australia in which a disgruntled former public utility contractor released raw sewage into public areas by breaking into the computer system that controlled a local sewer network, thus illustrating the potential damage that could be caused by crafty or well-informed hackers. SITE Institute director Rita Katz notes that almost all extremist Islamic Web sites calling for a holy war have how-to sections on cyberterrorism.
Click Here to View Full Article

Hugo De Man of Belgium's Interuniversity Microelectronics Center (IMEC) announced at the International Solid State Circuits Conference that the next IT wave will be ambient intelligence, driven by software and both facilitated and restricted by nanoscale physics. The advent of ambient intelligence will raise the profile of 3D packaging, microelectromechanical systems (MEMS), polymer displays, and other technologies emerging around CMOS. The IMEC researcher noted that IPv6 could be used by biosensors to forge a link between electronics and biotechnology, and he urged developers to adopt a strategy that transcends Moore's Law and cost-effectively integrates CMOS with MEMS, optical and passive elements, biosilicon interfaces, new materials, minuscule 3D packaging, and autonomous energy sources. The overall objective is to commercialize ambient intelligence, which is designed to nonintrusively enclose the environment with enabling technologies by using its "intelligence" to conceal the technology. De Man mentioned a joint venture between IMEC, Philips, and Bosch to develop a manufacturing method for poly-SiGe gyroscopes, while Harvard University's medical school has devised a hybrid IC/microfluidic system that could enable the use of programmable magnetic fields to precisely control the spacing of individual biological cells. Also cited at the conference was Max Planck Institute for Biochemistry scientist Peter Fromherz's neuroelectronics research, which involves the development of interfaces that do not corrode chips or interfere with cells.
Click Here to View Full Article

A team of researchers led by Dr. Monica Schraefel at the University of Southampton's School of Electronics and Computer Science (ECS) this week launched the mSpace software framework, a semantic Web interface designed to enhance Web searches and pull related sources of information into a single usable window. In this way, an information space can be tailored to a person's interests, while the presented categories can be manipulated and perused. The team demonstrated mSpace's potential in regards to classical music categorization, noting that neither Google searches (which generate lengthy lists of interchangeable links) nor Apple's iTunes (which allows users to scroll through and hear music tracks in its store), taken alone, can enhance access for an individual unfamiliar with classical music. The mSpace Classical Music Browser, however, packages audio, text, links, and images into one reconfigurable default view split into columns that differentiate between composers, eras, and pieces. "In the demo on the site, we have displayed just three categories of classical music, but users can add in new dimensions or take some away or rearrange them," notes Schraefel. She also points out that mSpace users receive a considerable amount of associated information in a single window. "No more clicking through opening and closing a menagerie of links and windows, trying to remember what goes with what," Schraefel explains. The mSpace framework, which was released to SourceForge, is potentially domain-universal in its application, and Schraefel remarks that the interface has thus far been applied to classical music, films, and U.K.-based scientific research.
Click Here to View Full Article

Michigan State University (MSU) is leading development of the "evolutionary computation" field with little replicating programs called Avidians, named for the application in which they are birthed and live for many hundreds of thousands of generations. MSU's Digital Evolution Laboratory has published the work in the scientific journal Nature and in Discover magazine. The replicating software code is special because it evolves to solve particular problems in ways that humans might not have considered; users of the Avida program craft experiments, such as seeing how few steps it would take to compute a particular logic operation. Even though the program's author and the lab director believed the operation could not be completed in less than 19 steps, the Avidian programs evolved to compute the operation in just 11 steps. MSU philosophy professor Robert Pennock says Avida is significant because the final solutions are created entirely by the software without human intervention. The dozen or so graduate students working in the lab are testing all sorts of theories, such as the benefits of altruism, evolutionary advantages of sex, and the role of parasites, while doctoral computer science student Matt Rupp is working on something slightly different: He is attempting to create the correct conditions for accidental replication, a discovery that Rupp says would help validate scientists' hypotheses about the origin of life. Pennock says evolutionary computation has many practical uses as well, such as the ability to quickly solve complex engineering problems, such as where to build roads, how to schedule university classes, or timing stoplights. Automakers are already developing the technology to help them design vehicles, he notes.
Click Here to View Full Article

The LC-STAR project has developed linguistic databases comprised of vocabularies and writings from 13 languages that will be used to train systems for automated language translation. Information Society Technologies is funding the initiative, which finished developing the large vocabulary on Jan. 31, 2005. "First we created large lexica for several language databases," says Ute Ziegenhain, the project coordinator who is with Siemens in Germany. "Secondly, we developed a demonstrator that could automatically translate speech to speech for output to another interface." Gaia, the working demonstrator, is a telephone server that is able to translate partners' languages of English, Spanish, and Catalan within a single register. Automated speech-to-speech components such as flexible speech recognition, high-quality text-to-speech synthesis, and speech-centered translation eventually could be added to speech-driven interfaces embedded in mobile appliances and network servers. Siemens already has implemented the results of the project into its speech recognition and speech synthesis systems, and the vocabularies are being used with the TC-STAR research into technologies for speech-to-speech translation.
Click Here to View Full Article

MIT and New York State Department of Health researchers have demonstrated a technique to control the movement of a cursor on a 2D computer screen by brainwaves monitored through the scalp by electrodes, using funding from the National Institutes of Health and the James S. McDonnell Foundation. The breakthrough, which was detailed in the Dec. 6, 2004 edition of the Proceedings of the National Academy of Sciences, could allow severely disabled people to use a cursor as well as make hands-free computer operation practical. Users of the Noninvasive Brain-Computer Interface can learn to control the electrical field rhythms that take place near the brain's left and right sensory motor cortices, which Jonathan Wolpaw of the News York State Department of Health's Wadsworth Center likens to "the noise a car engine makes when a car is operating." Critical to the success of this approach are recent signal processing enhancements and an online algorithm with built-in adaptability that continuously adjusts to the way a person controls their brainwave oscillations. Wolpaw explains that training sessions allow the user to adapt to the interface, and vice-versa. He notes that users learn the best way to control the direction of the onscreen cursor by envisioning movements, such as walking or moving a hand. The person first masters moving the cursor up and down before proceeding to 2D control, and as users become more skilled they can employ the interface to answer questions, according to Wolpaw. The researchers are developing a grasp function that would enable users to move a cursor over an object without choosing it, as well as facilitate the technique's integration with robot arms; 3D cursor control is also an area of research.
Click Here to View Full Article

The Linux Standard Base (LSB) is meant to protect against the type of standard forking that happened with Unix, and which Microsoft officials have ominously predicted for the competing open-source software. LSB provides Linux vendors and ISVs with a set of core standards that will ensure portability for Linux applications between different Linux systems, and also offers a way for ISVs to dramatically reduce their testing and certification costs. The Free Standards Group (FSG), which backs LSB, recently released LSB 2.0 with the additions of runtime environments, cryptography, XML, PERL, PHP, and Java; FSG executive director Jim Zemlin says standards are open source software's key to success because true freedom only exists if companies are certain technologies can be moved. But though LSB has gained the backing of all major Linux vendors, relatively few ISVs have signed up, despite surveys showing their support for the effort. Part of the reason for ISVs' hesitancy is because they fear the cost and complexity of LSB certification and also because processes need to be improved, says Intel Linux director and FSG board member Dirk Hohndel. For large ISVs, the most important benefit of LSB is knowing there is a reliable Linux standard available for the future, while small ISVs will benefit most from the reduced cost for application certification. The Linux Core Consortium (LCC), meanwhile, seeks to create a standard Linux implementation based on LSB standards, similar to the failed UnitedLinux effort but without the reliance on a single vendor; so far Conectiva, Mandrakesoft, Progeny, and Turbolinux have signed onto the LCC. The FSG is also looking to engage new opportunities with the creation of a LSB certification lab in China run by the Chinese government, the release of LSB 3.0, and ISO certification.
Click Here to View Full Article

Open-source developers have made incremental gains with the Organization for the Advancement of Structured Information Standards' (OASIS) amended patent policy, which was issued on Feb. 7. The update accommodates royalty-free (RF) licenses without making them a requirement, but open-source advocates complain that the revision does not go far enough, and permits working groups to shut open source out of a standard if they are so inclined. "I'm pleased that royalty-free is at least an option, but would be more comfortable if it was the default," says open-source proponent Bruce Perens. The Web services standards group's new patent policy outlines three patenting modes for working groups--Reasonable and Non-Discriminatory (RAND), RF on RAND Terms, or RF on Limited Terms. University of California adjunct professor and OASIS member Robert Glushko notes that OASIS' decision to revise the policy was influenced by the World Wide Web Consortium's own patent policy update; however, he admits that from a practical point of view, "there are some standards that would be hard to develop if RF were the only option." The new disclosure rules are perhaps even more critical, given OASIS' foundation of corporate, academic, and individual members. Developers have criticized the Web services stack for being complicated, vague, and bloated, but OASIS Board Chairman Jim Hughes with Hewlett-Packard says the complexity is effectively managed by members, and the new patent policy will make that management even more effective. Perens advises open-source groups to use the revised policy to monitor the organization of new OASIS working groups and the patent modes they favor, and urge them to select the RF option.
Click Here to View Full Article

Xerox Research Center Europe scientists are expected to roll out a commercial version of their mobile document imaging software later this year, enabling camera-equipped cell phones to function as document scanners. The software allows digital images captured by cameras with at least one megapixel of resolution to be transmitted to PCs, fax machines, or other phones, correcting for shadows, reflections, and blurriness. Xerox Research Center Europe image processing manager Christopher Dance says, "You could even handwrite a message and send it to someone's phone." An average paper document must be photographed from a distance of approximately one foot; once distortions are corrected, the image is compressed using the Fax Group 4 format, which Dance says could permit the storage of about 10 page images in a space that normally accommodates a single digital photo. IDC manager Paul Withington thinks the technology will support both personal and business applications: For instance, an architect could scan an annotated blueprint with the camera phone while in the field, and send the image to colleagues via fax or email. "To my mind, any mobile professional who spends a lot of time on the road would have an application," Withington notes. Dance believes most users will wish to view the digital images on a computer, using optical character recognition software to render them as editable text. Cataloging images scanned by camera phones using histograms is another technology Xerox researchers are developing, and one potential application could aid field researchers trying to identify images of objects or creatures on the spot. IDC analyst Alex Slawsby concludes that "The Xerox technology will actually be important in coming up with solutions that really utilize camera phones."
Click Here to View Full Article
(Articles published within 7 days can be accessed free of charge on this site. After 7 days, a pay-per-article option is available. First-time visitors will need to register.)

Experts warn it is only a matter of time before voice over Internet Protocol (VoIP) is faced with spam messages, denial-of-service attacks, phishing, and other security threats. The VOIP Security Alliance is a new industry group formed of 22 security research organizations, service providers, and vendors that aims to strengthen VoIP technology and protocols before the situation becomes dire. VoIP users are still a small group at just about 5 million, according to a December poll by Point Topic, and present little opportunity to hackers at present; but as adoption increases, experts worry vulnerabilities in enabling protocols such as SIP and H.323 could lead to serious security and usability threats. Spammers have already taken on instant messaging with so-called spim messages making up about 10 percent of instant-messaging traffic, according to CipherTrust. Experts have dubbed spam for VoIP as "spit," and say a flood of 100 KB voice mail messages could mean serious problems for network resources. Distributed denial-of-service attacks are another danger, and could not only disable services but degrade quality of voice conversations as well; in addition, VoIP offers additional nodes for hackers to attack, such as IP phones, broadband modems, and network equipment. VOIP Security Alliance Chairman and TippingPoint director David Endler warns that sophisticated attackers could eavesdrop on conversations or hijack phone lines at corporate call centers or even 911 call centers. Vonage chief technology officer Louis Mamakos, whose group has not yet joined the alliance, says the company has many levels of protection, including authentication for signaling traffic, greater infrastructure distribution than most Web sites, and physical configurations that would make eavesdropping difficult.
Click Here to View Full Article

Dr. Osman Ratib and Dr. Antoine Rosset of UCLA Medical Center have developed OsiriX, software that enables radiologists to use Apple iPods as portable storage devices for medical images, thus sparing them the frustration of not always being within easy reach of more expensive customized workstations to retrieve those records. OsiriX is an open-source application that runs version 10.3 of Mac OS X or higher, and that automatically identifies and lists iPod-stored images. Radiologists can scroll through a list of patients or raise their medical records via iPod's iPhoto application in a manner similar to the way people scroll through a playlist. A FireWire connection allows those images to be uploaded back to a Mac, where doctors can view them from multiple angles. Ratib and Rosset posted the OsiriX application on their Web site last April, and accumulated several thousand visits in less than two months. Ratib thinks OsiriX is being used by approximately 6,000 doctors worldwide, according to a 2004 Web survey he conducted. The 2,000-user poll estimates that radiologists account for 26 percent of the application's user base, while researchers, surgeons, and cardiologists comprise 18 percent, 14 percent, and 12 percent, respectively. In addition, 37 percent of the survey respondents claim to use OsiriX each day, and 24 percent expect to devise plug-ins or other upgrades to better fulfill their requirements.
Click Here to View Full Article

Security professionals must constantly be on the lookout for new attack vectors because the most dangerous threats are often overlooked until it is too late. Recently, security researchers discovered some viruses had been slipping past anti-virus software packages because they were hidden inside RAR compression files; nearly all anti-virus software will scan the more common ZIP files, but other lesser-known but still valid compression formats should be included as well, such as RAR, GZ, SIT, and a host of other file types. Another recently uncovered security threat having to do with the International Domain Name (IDN) feature has been demonstrated by security groups Shmoo and Secunia. Browsers equipped with IDN capabilities--virtually every popular browser except Microsoft's Explorer--are vulnerable to the exploit, which allows hackers to use specially configured domain names to appear as legitimate in the user's address bar because of IDN translation. For instance, www.pàypal.com will appear as www.paypal.com in Firefox, Mozilla, Opera, and Safari. Firefox and Mozilla have released patches to solve the problem, but Opera developers believe their IDN implementation is correct even though the vulnerability is easily demonstrated on that browser. The vulnerability should not have been a surprise given that it was featured in the February 2002 issue of Communications of the ACM, where authors Evgeniy Gabrilovich and Alex Gontmakher detailed the problem in an article titled "The Homograph Attack." IDNs have only recently become a popular issue, however, and there were no browser IDN implementations at the time of the article's publication.
Click Here to View Full Article

National Institute of Standards and Technology physicist Alipasha Vaziri and colleagues have carried out an experiment that uses the quantum-mechanical property of entanglement to facilitate a fair electronic coin flip in which two parties that do not trust each other attempt to ensure that the other is not cheating. Classical computing cannot guarantee a fair coin flip, as no provably secure way exists for one party to flip the coin and the other party to call the toss while ensuring that neither party can cheat when determining the winner. Vaziri's experiment employs a pair of entangled photons in which the measurement of one instantaneously affects the other. In this scenario, a coin toss is executed by forcing one photon's angular momentum into one of four potential states, two of which stand for "heads" and two of which stand for "tails." The state of the other entangled photon is changed, and this photon is measured by the party who calls the coin toss; but this party cannot determine whether the one who flipped the coin called heads or tails because quantum ambiguity makes different pairs of the four states appear identical. Nor can the person who flips the coin cheat because the flip's signature is inscribed in the other person's photon, so any attempt at deception will likely manifest itself as nonsensical data or "noise." University of Waterloo physicist Andris Ambainis calls Vaziri's experiment significant "because coin tossing is a task in bigger protocols, such as multiparty communications." The security of communications is multiplied regardless of the level of trust between parties, he explains.
Click Here to View Full Article
(Access to this article is available to paid subscribers only.)

Nanotechnology has finally begun its migration from the laboratory to consumer markets, with big and small companies rolling out a slew of nano-based products this year. These products, which include rugged trims for Hummer vehicles, peel-resistant paint, and enhanced sporting goods, may not sound very revolutionary, but far more advanced technologies are on the horizon. Expected to emerge in the next five years are energy products that include super-electric batteries and hydrogen fuel cells that use carbon nanotubes, while health care products such as implantable monitors powered by body heat and pint-sized, noninvasive diagnosis tools are anticipated within the next eight years. Nanoelectronics such as nanotube-lighted flat-panel displays and powerful nanowire-equipped handhelds could be common by 2020, if manufacturing issues are resolved. But manufacturing is just one of many technical, legal, and philosophical challenges that governments, companies, and regulators must tackle: Nano-based materials and therapies must be intelligently regulated by government, while nanotech industries must develop solid standards and enforcement practices in order to grow, as well as ensure that their products are environmentally and biologically friendly. Nanotech investors are devoting most of their attention to companies with actual products, clients, and profits instead of far-out visions fueled by hype, and most nano success stories will likely be companies that cross-fertilize various disciplines--biology, physics, electronics, and chemistry--to create and market unique hybrid products. Approximately 1,200 nanotech startups have been launched worldwide, and 50 percent of them are based in the United States. Accumulated nano company venture capital totals $1 billion, while worldwide government nanotech funding has stayed level at $4.7 billion a year.
Click Here to View Full Article

Business-activity monitoring (BAM) can contextually interpret real-time business operations data and help speed up response times and improve decision making, if companies determine at the outset the most critical events to monitor, the factors to be considered, the best people to be alerted to problems, and how best to notify them to ensure timely receipt and response. Other variables that should be weighed prior to BAM implementation include integration requirements, assurance of data quality, whether events justify real-time monitoring and response, and the ability to capture context. BAM systems provide three critical functions--event monitoring, filtering/analysis, and alerting and triggering. The event monitors watch business processes for anomalous events or conditions, and then receive event input from other systems; the filtering and analysis engines condense and rate this enormous volume of data, separating the important information from inessential "noise" and evaluating and inserting context; finally, the notification/alert systems flag atypical events, conditions, and situations by alerting individuals, displaying advisories on a Web-based interface or dashboard, printing reports, or automatically activating other responsive processes. Application-specific BAM deployments that emphasize discrete business processes or technical operations have been the rule so far, and a generic BAM product that can monitor any technical or business event is currently lacking. Financial-services firms and traders employ BAM products to make spot-investment decisions. Telecommunications companies use the systems to watch service levels and enhance their responsiveness, and logistics providers track shipments, deliveries, and routing data with BAM applications.
Click Here to View Full Article

Though the precision of search engines has improved significantly, a great portion of online content--the so-called "Hidden Web"--remains inaccessible. New search engines are under development to address this discrepancy in myriad ways by mining online materials deeper, better classifying and visualizing the results, and monitoring users' interests and activities to personalize future queries. Google, Amazon, and Ask Jeeves recently announced programs to facilitate search personalization: Ask Jeeves' search engine tracks queries and retrieved pages and lets users "bookmark" them, and a personally configured subset of the Web can be built through the review and re-execution of saved searches; Amazon's search engine features similar functions and can also suggest additional pages using personal search histories; and Google's enhancement sets up a pregenerated topic hierarchy from which users can specify subjects of interest as well as their degree of interest, so that the engine retrieves and ranks query results based on those selections. However, user-profile-based search would be vastly improved if search engines considered the broader task context of user queries, and formidable technical and privacy hurdles must be overcome before this capability can be realized. The effective search of 3D images is the goal of the Princeton Shape Retrieval and Analysis Group's 3D Model Search Engine, which matches a desired shape with multiple images of similar-looking configurations on the Internet using several techniques. Meanwhile, location-aware search engines add another dimension to queries, and the University of Maryland's Rover system enables a wireless handheld to constantly know its position on a map, so that customized data about the local surroundings can be provided to on-the-go users. Future Web searching technologies are expected to become more visible as tools that integrate search functions and data-mining, as well as less visible as intelligent search operations developed as back-end services for various platforms and applications.
Click Here to View Full Article