Exclusive: Intel to electronically ID chips
Intel Corp. will unveil plans to embed identification numbers in its PC processors today according to industry insiders and cryptographers familiar with the company's efforts.
In doing so, the chip maker could be sounding the death knell for anonymity on the Internet. "The application is a double-edged sword. On the one hand it offers more security -- for e-commerce and information security," said Barry Steinhardt, associate director and privacy expert at the American Civil Liberties Union. "As a pure privacy issue, it allows for a means of tracking individuals on the Net."
Intel briefed the ACLU and others on the details of its new identification scheme in hopes of heading off any protest by privacy advocates about its new initiative. The plan calls for Intel to put a machine-specific ID and a random number generator in every processor, said sources familiar with the plans. The random-number generator will aid e-commerce by allowing PCs to encrypt data more securely, while the ID numbers will allow merchants to verify a user's identity and prevent stolen PCs from getting on the Internet.
In fact, the plan is a cross between vehicle identification numbers and caller ID. Users who buy a PC will have the ID number feature turned on automatically. Merchants and other "trusted" parties will be able to verify a user's identity. For those users who want to remain private, Intel will provide a software patch to turn off the function. This sort of scheme -- which is referred to as "opt out" because consumers have to opt out of participating -- mimics the current state of the industry.
That bodes ill for privacy, though. "We would rather that Intel have the patch installed as the default," said the ACLU's Steinhardt, who stated that such a policy would let consumers choose whether they wanted to e-commerce-enhance their PC. But more significantly, if the technology is seen as enabling e-commerce, then users may (effectively) not have a choice of opting in or out -- the feature may be required of users by companies before any transactions are made.
Such worries also extend to the collecting of identification information. "Intel says they're not keeping a database matching users to their ID numbers," said Steinhardt, "but the temptation down the road for someone to keep a database will, most likely, be too great. It will happen."
Even with such concerns, there is no denying the benefits of the scheme. "It's a matter of pros and cons," said Michael Slater, principal analyst for chip watcher Micro Design Resources Inc. "There is a lot of benefit for e-commerce with [Intel's] method." The identification numbers could act like their vehicular counterparts -- essentially blacklisting stolen PCs from the Internet. "This kills theft," said one cryptographer at this week's RSA Data Security Conference, who had been briefed by Intel on its plans. "As soon as you go on the Internet, you will be detected."
For merchants on the Internet, having proof-positive of their customers will end consumer fraud and cut the cost of doing business with customers you can't see. And for Intel, the ID scheme takes care of a problem that has been plaguing them for years: Illegal overclocking.
Overclocking is the act of running the processor at higher speeds, usually an act of the hardware hacker. But Intel has repeatedly run into companies that buy, say, a 300MHz Celeron processor, overclock it to 400MHz, and then sell it as a 400MHz processor.
Not only does this result in lost profits for Intel, but if the processor has problems running at the higher speed, Intel is the one blamed -- not the PC maker. But with an electronic ID attached to each processor, consumers will be able to check their processor against Intel's database of products and find out at what speed the processor was sold.
This still allows hobbyists who want to overclock their PCs to do so, while cracking down on the frauds.
Intel refused to comment on this article.