Intel to Drop PSN in New Chips! Intel has decided not to include the PSN in its forthcoming 1.5 GHz Willamette chip. Wired quotes an anonymous Intel engineer as saying "The gains that it could give us for the proposed line of security features were not sufficient to overcome the bad rep it would give us."
Chinese Government Restricts Sale of Pentium III because of Security Concerns. Chinese government officials have restricted the sale and distribution of Pentium III microprocessors out of concern for national security. The Chinese government has ordered domestic manufacturers to turn off the PSN, and has ordered government agencies not to connect Pentium IIIs to the Internet.
Zero-Knowledge Systems Finds Another Hole in Intel PSN Patch. After Intel asked Symantec to create software that dealt with the ZKS hack, ZKS claims that the PSN can still be exposed without resetting the computer.
Some of Intel's Pentium II and Celeron processors have Processor Serial Number switched on. Intel admitted March 10 that some Pentium II chips contain the Pentium Serial Number, not just Pentium IIIs as previously announced. Certain mobile Pentium IIs with on-board cache are also badged under Intel's Celeron label.
Zero-Knowledge Systems Finds Intel Fix Lacking. Even after Intel declared that it fixed the security hole pointed out by C'T magazine, ZKS proved that the PSN can still be accessed remotely without a user's knowledge. Intel admits that there is no way to make the PSN secure, but has said that the possibility of unauthorized accessing the PSN is only theoretical. ZKS's program shows that possibility is more than theoretical.
Privacy Groups Call on PC Manufacturers to Suspend Shipment of Pentium III Systems. Following the C'T Magazine PIII hack, privacy groups wrote to PC manufacturers asking them "to order an immediate suspension of all your company's products that contain the Intel Pentium III. We believe that OEMs have a duty to properly inform their customers about the privacy risks of a PC containing a PSN. Shipping the Pentium with an assurance that the end user can control the functionality of the PSN would seem premature in light of recent reports to the contrary, such as the article published by the German computer magazine C'T on February 22. We believe that such a claim made under current circumstances could constitute a material misrepresentation of the sort prohibited by federal consumer protection laws and regulations."
PIII Security Cracked. C'T Magazine is reporting that their technical experts were able to bypass the Pentium III security mechanism and turn on the PSN without needing to reboot after it was turned off with the Intel control program. This would undermine the Intel privacy patch and make it possible to secretly obtain users PSNs.
Groups Ask FTC to Investigate. Privacy and consumer groups have asked the Federal Trade Commission to investigate the Pentium III and Intel's claims that it had resolved the privacy problems with the software program it is now offering.
Groups Ask Manufacturers for Plans on Pentium III. Privacy and consumer groups have written to all the major PC manufacturers asking for the plans on putting the Pentium III in their machines.
EPIC Asks US Government Agencies For Information on Their Role in PSN. The Electronic Privacy Information Center has submitted Freedom of Information Act requests to 15 federal agencies including the National Security Agency and the FBI asking for information on their role in the creation of the PSN.
Intel Begins Announcements, Consumers ask FTC to Investigate. As Intel begins its $300 million advertising campaign to promote the PIII chip, consumer groups have drafted a letter to the Federal Trade Commission asking the FTC to investigate Intel and the PSN.
38 Percent of CIOs Oppose Intel PSN. A poll conducted by IDG's CIO magazine found that 38 percent of Chief Information Officers side with privacy advocates on the problems of the Intel PSN. 12 percent support the boycott.
Intel announced on January 20 that it was planning to include a unique Processor Serial Number (PSN) in every one of its new Pentium III chips. According to Intel, the PSN will be used to identify users in electronic commerce and other net-based applications.
We believe that providing a unique PSN which can be read remotely by web sites and other programs in mass-market computers would significantly damage consumer privacy. This number is designed to be used to link users' activities on the Internet for marketing and other purposes.
According to Intel VP Patrick Gelsinger, the PSN will be used to identify users who access Internet web sites or chat rooms. He told the RSA conference, "unless you're able to deliver the processor serial number, you're not able to enter that protected chat room." According to Intel, the technology will also be used for authentication in e-commerce, which will attach the PSN to a person's real-world identity.
The PSN would likely be collected by many sites, indexed and accumulated in databases. Unlike cookies, which are usually different for each web site, the PSN will remain the same and cannot be deleted or easily changed. The advertising and marketing industries have been strongly advancing technical means of synchronizing cookies so that information about individual consumer behavior in cyberspace can be shared between companies. We believe that a hardware PSN used in the majority of computers would quickly be put to this purpose. The records of many different companies could be merged without the user's knowledge or consent to provide an intrusive profile of activity on the computer. The only solution would be to change the processor or computer. Because the US has few legal protections for online privacy, there are no practical limits on what can be collected or used. According to the San Jose Mercury News, Intel will rely on "the high-tech industry policing itself, upholding a voluntary code that restricts the amount of information computer companies, Internet service providers, Web sites and telecommunications companies can collect, and how they use it" to protect privacy.
With PSNs, any software running on a person's PC can obtain the PSN, and if the application is Internet-enabled, can transmit it anywhere. The user may be unaware this has happened. Given the widespread practice of downloading shareware, and the lack of legal protection over personal data and the economic incentives to collect and sell it, widespread abuse seems more than likely. Gelsinger also told the RSA conference that over 30 companies had already committed to Intel that they were planning to use the PSN.
We conclude that it is contrary to the public interest in
privacy for chips with a PSN to proliferate widely into the
consumer computer market. Given Intel's dominance of the
processor market, this would happen within a few months
unless sufficient pressure were applied to Intel to disable
the feature in the Pentium III. Intel stated that it plans
to start shipping the chips within a matter of weeks, so it
was essential to begin a campaign as early as possible after
assessing the risk based on Intel's own statements.
According to Internet security experts, the PSN will not provide real security because it is poorly designed. Hackers will be able to forge PSNs, thus undercutting potential authentication uses. Noted cryptographer Bruce Schneier, author of Applied Cryptography, recently wrote in his ZDNet column:
The software that queries the processor is not trusted. If a remote Web site queries a processor ID, it has no way of knowing whether the number it gets back is a real ID or a forged ID. Likewise, if a piece of software queries its processor's ID, it has no way of knowing whether the number it gets back is the real ID or whether a patch in the operating system trapped the call and responded with a fake ID. Because Intel didn't bother creating a secure way to query the ID, it will be easy to break the security.
Comments from other security experts:
From Kim Schmitz, CEO, Data Protect GmbH [source]
From Tom Pabst, Hardware Guru [source]
From Austin Hill, President, Zero-Knowledge Systems [Red Herring]
I hear claims that it will wipe out computer theft. But if someone turns that identifier off because they want privacy, are all of our customers going to be assumed to be criminals?
Chip theft is an important issue and thefts cost the industry and Intel millions of dollars each year. However, Intel states that the PSN is not designed to be used for either preventing chip theft or limiting overclocking.
The Intel PSN is a unique identifier that will be placed in nearly every consumer's computer. Intel currently dominates the microprocessor market with over 75 percent of the market. Intel has stated that it plans for the PSN to be widely adopted for electronic commerce and authentication purposes on the Internet. Because of the possible wide adoption and Intel's plans for broad uses for the PSN, it raises privacy concerns may not arise with other identifiers.
Some expensive business computers, such as workstations sold by Sun Microsystems, do include a form of a PSN but they are not widely used by consumers. This small market share has prevented the adoption of their PSN as an identifier, except for limited software registration.
Internet Protocol (IP) addresses are not as permanent as the PSN. When users of the Internet visit a web page, their IP address may be revealed to the web page machine. Many users do not have a permanent (static) IP address that can be used to trace their movements. Users of America Online and many corporate networks use proxy servers which mask the identity of the users. Most Internet Service Providers (ISPs) provide a different IP number for each user session. Users can also change their IP addresses by asking their system administrators or changing ISPs. In addition, there are web-based services such as The Anonymizer that prevent the disclosure of their IP address.
Ethernet IDs are not widely available and are not intended for identification. Ethernet identities are used for routing computers connected to networks via Ethernet and are not collected or used for identification purposes. Currently, most users connect to the Internet via modems and serial ports so Ethernet IDs are not used or disclosed. Many computers simply do not include Ethernet cards. For those that do, users can also buy inexpensive new Ethernet cards without changing the processor or buying a new computer.
Other identifiers are not widespread. Other identifiers available include other hardware items, and software registration codes. But none of the hardware items are likely to be available on a majority of consumers' computers, and browser manufacturers are unlikely to transmit license numbers with every web page request, so these are not likely candidates to become the "social security number'' of a PC. The PSN was designed to be widely used as an identifier.
Intel announced on January 25 that they were planning to release a software program that would turn the PSN function "off". This program will run automatically each time a computer is booted and turn the PSN off for that session. However, the PSN function will remain in the Pentium III chip and will be available if the program is disabled for any reason. Some of the problems are as follows:
Several companies such as Rainbow Technologies (the
manufacturers of the origional Clipper
Chip) have suggested that there are no privacy problems
with the PSN because a software program can be written that
would scramble the PSN, creating a unique ID for each web
site visited. However, these approaches have the same
problem as the proposed Intel patch (see above) because the
PSN will still be physically located in hardware and can
still be accessed by other programs. Additionally, the
access software is not protected, and can be surreptitiously
Other major companies such as National Semiconductor and
Advanced Micro Devices have
called the plan "inflexible" and said that they do not
plan to put serial numbers in their chips.
Privacy advocates met with staff members of the Federal Trade Commission on January 28, 1999 to discuss the privacy problems of the PSN. We are currently working on a formal request to the FTC asking them to investigate. We are also discussing the problem with state Attorney General's offices.
Vice President Gore was asked about the Intel controversy spoke to the San Jose Mercury News on January 25, 1999. He said:
We need to do more to protect privacy. When you have individuals filling a prescription at the drugstore, and the information is immediately downloaded into a computer network, and then sold to the marketers of other medicines, that patient's privacy has been ravaged. And it's not fair and it's not right.
Congressman Edward Markey (D-Mass) wrote a letter to Intel CEO Craig Barrett on January 22 saying
In my opinion, Intel's new product improves technology for online commerce in a way that compromises personal privacy. I believe that technology should be able to improve authentication and security functions without simultaneously undermining personal privacy. I hope that Intel will seek to design its products to improve the security of electronic commerce transactions without putting consumer privacy at risk. I encourage you to examine the privacy implications of the Pentium III and ascertain whether further improvements can be made to better balance both commercial and privacy objectives.
Arizona State Legislator Steve May is proposing
a new law that would ban the production of the Pentium III
Intel's proposal to put a unique ID code inside of every computer it sells will significantly reduce the level of privacy available to computer users around the world. The unique code will make possible far more extensive tracking and profiling of individual activity, without either the knowledge or consent of the user. Intel's proposal to allow users to turn off the code each time they start their computers is unreasonable and impractical.
We see no other plausible means of stopping the
irreparable harm to Internet privacy that would be caused by
Intel's inclusion of a PSN in its next major chip.
We plan to announce the boycott is over after Intel announces that it will disable the feature in the Pentium III hardware and other chips that it plans to ship. This can be done several ways:
How is the boycott organized?
We and other interested parties are working with
organizations, individuals and the media to raise awareness
of the risks of the feature, and why it is worth persuading
Intel to disable it. More details will be posted as this
At the moment the boycott is directed toward Intel
because Intel is the only company that has announced plans
to release a chip for mass-market computers with a Processor
Serial Number. If any other companies that sell mass market
systems announce a similar plan, we will expand the boycott
to include those companies.
There are many ways.
organization (and even some individuals) can post statements
detailing their own positions on the boycott, and tell
us the URL. It might also help to submit it to search
engines or include it in newsletters and communications you
normally send to people. Copy this small
logo and use it to link to this page.
Please send us your unanswered questions.
USA Today " Anti-privacy virus", January 29, 1999.
Consumers crave the convenience technology offers, but compromising their privacy without their knowledge is a practice few would accept. Somehow, that message never penetrates, despite the occasional public relations snafu. Until these technological wizards are made to pay for their indifference, privacy will play second fiddle to their profits.
San Jose Mercury News - Intel: Big Brother's keeper?, January 27, 1999.
The furor over Intel's new chip shows why the interests of privacy and security on the Internet must be treated as one, not pitted against each other. Otherwise, privacy will lose.
Pittsburgh Post-Gazette - Intel Inside - Too Inside, January 28, 1999.
The issue, which won't just melt away, is one of many confronting and perplexing policy-makers in the brave, new, high-tech world in which we have come to live. Unlike most other questions legislators deal with, past experience is little guide on these. Caution is advisable, as is erring on the side of respect for individual liberty
The Seattle Times - Intel's Snooper Chip, January 28, 1999.
There was something creepy about the chip, which, when enabled, sent out a unique electronic "fingerprint" over the Internet based on a serial number embedded in the chip."
Sacramento Bee - Cyberspace Fingerprints, January 27, 1999.
The rules of the road in cyberspace are still being sorted out. It's not surprising that controversies such as the Intel chip identification are arising. Users will need to be vigilant in making their wishes known as the technology matures.
San Jose Mercury News - Dan Gillmor, Pentium III Threatens Privacy, January 27, 1999.
Intel's action doesn't end the debate. The Federal Trade Commission, which has been looking into online consumer privacy, should sink its teeth into what looks like a juicy new issue. If the tech industry insists on building Big Brother into its products, people with regulatory power need to keep looking over the industry's shoulder.