Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Politics : Formerly About Advanced Micro Devices -- Ignore unavailable to you. Want to Upgrade?

To: Bruce A. Thompson who wrote (47778)	1/29/1999 12:37:00 PM
From: Paul Engel	Read Replies (1) \| Respond to of 1570940

Bruce - Re: "I find it ironic that you would identify with the only person in the world that agrees with INTEL about the ID chip" You are a goof - lots of people agree with Intel. Here's another one: upside.com In Defense of Intel January 26, 1999 I don't want personal privacy to become an endangered species. Yet I'm afraid I have to differ from fellow cyberlibertarians who are alarmed about Intel's decision to embed an electronic serial number in the upcoming Pentium III. The chips, which Intel expects to be put in mainstream computers later this year, contain unique ID numbers that will make it possible for the computer to identify itself to software applications and Web sites. It's easy to see why privacy advocates are concerned. With this feature turned on, Web surfers could leave fingerprints everywhere they go. Web sites can collect this information to see who its visitors are, and government agencies could use the serial numbers for all sorts of nefarious purposes. The Electronic Privacy Information Center (EPIC) has called for a boycott of Intel and has posted a parody version of the famous "Intel Inside" sticker with the words "Big Brother Inside." I usually find myself siding with EPIC, but on this issue I think Intel could be taking the high road by providing for increased accountability and security, without necessarily jeopardizing privacy. Of course, I can think of lots of reasons why it's good to be able to surf the Web anonymously. People want to be free to explore controversial sites and delve into topics that could cause embarrassment, economic hardship or strains in personal relationships if their identities were revealed. I believe that Web surfers should have this liberty, which is one reason I testified last week at the ACLU v. Reno trial. But as much as I value anonymity, I also value voluntary accountability. There are situations where personal or financial security can only be assured if all parties are clearly identified. Having the option of positive identification of all parties, in a way, increases privacy by assuring chat participants that everyone in the room is who they say they are. I'm not suggesting that most chat rooms should require positive identification. Anonymity is sometimes a very good thing. But I think it's an option that ought to be available for parents who want to be sure that their kids are in a safe chat room, or for adults who are more comfortable knowing the identities of their fellow chatters. Sometimes you want to be able to establish a confidential discussion between known participants. In Defense of Intel page 2: ... Or Important Step Identity verification is also an important business tool. Web sites that provide general information would be making a mistake to require positive identification. But an embedded serial number could be a useful tool for determining who can get into areas with proprietary information or to positively identify someone during a financial transaction. Banks and financial institutions already issue passwords to ensure that only the appropriate parties have access to customer accounts, but it's not a bad idea to have the option of an additional level of security. Frankly, I wouldn't mind getting a report on the CPUs that I've used to access my banking records, just as I can now get information on what ATM machines I've used to withdraw cash or check balances. If I ever have to question a transaction, it would be nice to know exactly where it came from. That said, an ironclad control mechanism is key to making this chip both useful and acceptable. Computer users must have the option of turning off the ID in the same way telephone users can block caller ID. Intel, in response to widespread concern, has changed the default status of the chip. Previously it was designed to be in the "on" position, but on Monday Intel announced that, by default, the chip will not transmit the serial number unless the user turns on that function. If a user wishes to have the serial number transmitted, he or she will have to run a utility program to turn it on and, as an added precaution, reboot the machine. According to Intel spokesperson Howard High, that will prevent Web sites from surreptitiously sucking up ID numbers. Site operators who want significant traffic will have an incentive not to arbitrarily and unnecessarily require IDs, just as they now have an incentive to refrain from unnecessarily requiring visitors to register. Those that need a positive ID for secure transactions can require it, and the user can make the decision whether or not to let the CPU pass on the information. A built-in serial number can also be used as a weapon against spam. I'm opposed to bills that severely restrict commercial e-mail, but I'm all for legislation and technology that prohibit commercial mailers from forging headers and faking their identities. I have no qualms about someone sending me anonymous mail, as long as I know it's anonymous. But being anonymous is different from claiming to be someone else. Future e-mail programs could give the sender the option of including embedded serial numbers, and the recipient the option of filtering mail based on the sender's serial number. Previous Page \| Invasion Larry Magid is a syndicated computer columnist for the Los Angeles Times. To find out all of his radio, print and a

To: Bruce A. Thompson who wrote (47778)	1/29/1999 12:45:00 PM
From: Paul Engel	Respond to of 1570940

Bruce - Re: " I find it ironic that you would identify with the only person in the world that agrees with INTEL about the ID chip" And here's another that agrees with Intel. You're all bent out of shape because Intel's Security Feature innovations brings home the truth about how badly AMD is slipping in the CPU innovation area - and their lack of a presence in the systems arena. Read the following and try to understand it. It is a clear description of the use of Intel's CPU ID and how IT IS NO THREAT TO Privacy - but is a MAJOR ADVANCEMENT in Data Transmission Security. Paul {==========================} Pentium ID concerns were unfounded, expert says By Craig Matsumoto, EE Times Jan 27, 1999 (8:05 AM) URL: eetimes.com SANTA CLARA, Calif. — Concerns that the indentification number Intel Corp. had planned to put on Pentium III processors could have been used to track Web activity might have been overstated, as the ID mechanism masks the ID number from any Web site requesting it, according to a security expert who has worked with Intel. In fact, any two Web sites verifying the number will get different results, making it almost impossible to correlate their visitor lists. The ID mechanism also would have operated outside of Windows by using a proprietary software agent that was intended to prevent "spoofing" of the ID number. This approach makes the ID number far more complex than a car's license plate or vehicle ID number. "The processor number says if you write down my license plate number and someone else does, they'll be different numbers," said Shawn Abbott, chief technology officer at Rainbow Technologies Inc. (Irvine, Calif.). These factors might mitigate the concerns of privacy groups such as the Electronic Privacy Information Center (Epic; Washington), which declared a boycott of Intel products over the ID numbers in Pentium IIIs. Intel subsequently withdrew plans to include the ID number in response to those concerns. Epic and others feared that the ID number could have been used for surveillance of consumer Web surfing; another common concern was that the ID number could be easily faked in software, rendering the concept useless. Technology to keep the ID number blinded was developed by Rainbow for its own hardware "dongles," which for years have been sold to corporations for PC security. Intel approached Rainbow last year to develop the security setup for the ID number. "Very early on, when Intel described it, they were very, very careful to address certain concerns," Abbott said. The final scheme was defined after deep scrutiny by Intel and Rainbow, addressing problems such as traceability on the Web, he said. Under Intel's scheme, every Web server has a unique, randomized ID number that's transmitted along with a request to verify a PC's ID number. At this point, a trusted agent intercepts the request and submits it to the microprocessor. The agent then takes the Web and Pentium numbers, runs a complex set of calculations, and returns a third number, which is uploaded to the server. It's this third number that is used to identify that particular Pentium. The process will return the same number every time that particular machine accesses the server in question, verifying the machine's identity. But because every Web server has a different ID, the hashed number uploaded from the PC will differ from one site to the next. No site will know the Pentium's actual ID number, nor will any two servers use the same hashed number to represent a particular Pentium. The setup also prevents "spoofing" of the serial number, another fear among privacy advocates. The agent that intercepts the ID request is an example of "tamper-resistant software," which is difficult to replicate or alter and manages to tap the processor ID number without divulging the number to the outside. Tamper-resistant software is a "black art," Abbott said, and several companies in the security industry have tried their hand at it. "Think of them [tamper-resistant agents] as armor around something. They can always be taken apart and defeated, but the effort becomes too much," he said. Intel was unavailable for comment late Tuesday.