On February 28th, two days after the next generation Intel processor chip, the Pentium III, goes on sale, Intel will open a blue door on its website where users can access software and get additional information about the new chip. However, one of the features of the new chip, a unique processor ID which can be read over the Internet, means the Pentium III has already opened a door Intel would have preferred remained shut: a door onto the hot topic of privacy.
Privacy advocates are calling for the recall of the new chip, even as it is being shipped to computer manufacturers.
Intel has said the 96-bit processor ID, coupled with another feature whereby the chip can generate truly random numbers, will provide greater security and authenticity, thus assisting e-commerce development. The unique ID, which can be read by websites as a user visits them, would allow banks, for example, to verify users during online banking sessions. In a business environment it could facilitate network administration, giving network managers more tools to remotely identify machines. It could also help prevent theft, since each computer could be identified as soon as it accessed the Web.
But while Intel naturally praises the chip's new features, privacy groups are making the most noise in the run up to the launch. As recently as last Friday Intel met a number of groups which felt the chip should not be shipped. Mr Barry Steinhardt, associate director of the New York-based American Civil Liberties Union (ACLU), was at that meeting, and told The Irish Times the two sides failed to agree as Intel said the chip enhanced privacy through increased security.
Mr Steinhardt has been one of the chip's severest critics, calling for its withdrawal. Other computer parts, such as network cards and hard drives, have unique IDs, he said, but these cannot be read from websites. "If they succeed they will have created the social security number of the Web," he added.
Privacy advocates have already wrought one concession from the world's largest chipmaker: Intel has agreed to change the original status of the new chips so that the ability to read the processor ID is switched off, and has to be switched on by either computer manufacturers putting the chips into their machines, or by users. There are to be two ways a user can switch on or off the feature: via special control software provided by Intel, or via set-up instructions entered when a machine is switched on, known as BIOS.
But Mr Steinhardt is still not satisfied. Firstly, he said, not all manufacturers would implement either technique, and secondly, most users will find it too much trouble to change the read status. "If websites demand the number, consumers would be coerced into turning it on," he said.
Of course, that would only become a problem if computers with processor IDs become pervasive, otherwise websites would be shutting out too many users. But Intel has said it intends the new technology to go into all its PC chips over time. Mr Steinhardt said ACLU would be talking to computer manufacturers next.
Intel said the new features were part of a programme to add "security building blocks" to its products, as computers are the primary means of connecting to the Internet. While the processor ID is controversial, the second new feature, the random number generator, will undoubtedly enhance Internet security and has been widely welcomed.
Until now, computers usually generate random numbers according to complex algorithms, which skilled hackers can intercept. But the new chips will generate random numbers from thermal noise, the electrical interference generated by the electricity flowing around the computer itself. Encryption algorithms using these numbers will therefore be even more secure.
But privacy is too big an issue to hide behind security improvements. While the EU has opted to protect privacy rights by law, via the privacy directive which may yet lead to problems with EU/US Internet trade, the US administration favours self-regulation by the Internet industry. The crux of the issue is concerns that marketers will gather and share information on peoples' Internet preferences, such as favourite websites, spending habits, and so on.
Mr Steinhardt said the Intel case showed that self-regulation wasn't working, and called for legal privacy protection in the US.
But the San Francisco-based Electronic Freedom Frontier, a prominent Internet watchdog group, is less concerned than ACLU. Its programme director, Mr Stanton McCandish, said the group was dissatisfied, but had not sought the recall of the chips. He didn't think it likely that websites would discourage business by "irritating or enraging" visitors.
But, he said, the transmission of the unique chip ID needed to be "done away with", not just switched off. If it could be switched off, he said, it could also be switched on, perhaps by a virus or a hacker.
He said he favoured self-regulation of Internet industries, but said "they need to come up with real solutions, and quickly, or they are liable to find themselves saddled with all kinds of regulations just like their forebears".
He said regulatory bodies were getting impatient, and could undermine self-regulation before it got off the ground. Already one Arizona legislator has proposed banning the new Intel chip.
Intel, sensing the growing importance of privacy, pledges on its website: "Intel will not track or correlate which processor serial numbers go to which consumers, nor will Intel entertain any offers to develop such a list." But that does not prevent website owners compiling lists of their own, thanks to Intel's readable processor IDs. With Pentium III chips already shipping to manufacturers, it looks like Internet surfing behind closed doors will become that bit more difficult.
Eoin Licken is at elicken@irish-times.ie
