Intel chip ID has 'no rules, no privacy'

Intel chip ID has 'no rules, no privacy'

Summary: The CDT says Intel's chip ID invites privacy invasion, and its FTC complaint is designed to foster debate on privacy and the Net.

SHARE:
PC chip giant Intel Corp. could find its shipment of Pentium III processors halted by the Federal Trade Commission, if a complaint scheduled to be filed on Friday is successful.

At issue: A controversial processor serial number that could be used to unique identify users.

"We feel that the PSN has the potential to become the personal identifier for everyone on the Internet.," said Deirdre Mulligan, staff counsel for the Internet civil-rights group Center for Democracy and Technology.

The CDT - along with consumer privacy advocacy group Privacy Rights Clearinghouse -- is requesting the FTC to prevent Intel (Nasdaq:INTC) from shipping the Pentium III with any kind of identifier, to convene an investigation of the privacy issues posed by the PSN, and to halt PC makers' shipments of Pentium III computers until a secure way of turning off the ID can be found.

Intel misleading users?
The complaint is based on the assertion that Intel has been misleading consumers by not explaining the privacy implications of the processor ID and by claiming it can be turned off securely, said Mulligan.

"Consumers do not have clear knowledge of what this identifier does, which is an unfair information practice," she said. "We know that Intel has absolutely no control over how the PSN is used in the market - it can easily be abused."

Intel said it would not consider stopping shipments. In fact, the Pentium III officially launches today.

"We don't believe we have engaged in any unfair practices," said George Alfs, an Intel spokesman. "Intel has worked with privacy groups and has discussed the issues. There is a balance between security and privacy -- we are doing everything we can to ensure that consumers that want to remain anonymous can."

So they know it's me
The concerns about unique identifiers stem from experience. First distributed in 1936, the social security number, which Congress had stated should not be used for other purposes, has long been used as a unique identifier for tax purposes, on credit cards, and even on some driver's licenses.

"We have had a social history and a whole experience with unique identifiers which suggest that when you release an identifier without technical or legal limitations, it is a danger," said Mulligan. She pointed to the history of identity theft which has occurred due to the lack of security surrounding the SSN.

Similarly, Intel's processor ID has few protections. Despite Intel's attempts to protect the number from being switched on and off by a third party, the security community has highlighted the lack of actual security in the scheme.

Already, computer giant IBM Corp. has broken ranks and declared that it would turn off the identifier using the basic system instructions - the most secure way of switching the ID.

"Although there are constructive ways to use the processor ID feature to validate user identification, there are also legitimate privacy concerns raised by the potential misuse of this feature," IBM stated in a letter to the CDT.

Yet, even a secure processor ID is a threat to privacy, said the CDT's Mulligan. E-commerce companies wanting to prevent fraud may require users to use the feature. Later, enterprising marketers could collect a database of transactional data on users, each identified by their processor ID.

"The bits (of information) collected by a direct marketer, you do not own in this country," said David Aucsmith, a security architect at Intel, speaking at the Intel Developers Forum in Palm Springs, Calif. on Thursday. "We have to decide as a society what the best model for protecting privacy is."

In the FTC's court
That's why, even if the organization doesn't prevent the Pentium III from shipping, just creating a forum for the privacy issues could spell success.

"The FTC has been the agency that has been the forum to resolve Internet privacy issues for the past two years," said Jerry Berman, executive director of the CDT, who expects that it will take up the mantle again.

Topics: Intel, Hardware, IBM, Processors, Privacy, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion