News February 2, 00:16 Eastern Time
Feb. 01, 1999 (ELECTRONIC COMMERCE NEWS, Vol. 4, No. 5 via COMTEX) -- The retreat by Intel [INTC] in the face of uproar last week over plans to activate an identifying serial number on its next-generation Pentium III processor chip highlights a continuing problem in the development of the online world - the fractured dialogue on privacy.
No laws or industrywide guidelines are in place to address everything from the use of biometrics and other identifiers, to corporate and governmental access to personal data in cyberspace.
No help appears forthcoming from the Clinton administration, either. It continues to advocate the e-commerce industry policing itself, while supporting such privacy-questionable
initiatives as the Federal Deposit Insurance Corp.'s "Know Your Customer" program, which creates a national database for collecting information on "irregular" account activity, and the Federal Communications Commission's goal of monitoring the source location of wireless phone calls.
As the Intel incident shows, e-commerce related privacy decisions are made on a case-by-case basis. Even the front-line privacy defenders aren't sure what should be the next step. "In fairness, I don't think we have all the solutions," says Marc Rotenberg, executive director of the Washington-based Electronic Privacy Information Center (EPIC). "We favor the promotion of electronic commerce and good security, but I don't think people should sacrifice privacy to get those things."
The Intel Case
When Intel announced the serial number feature at a security conference two weeks ago, the Santa Clara, Calif.-based maker of 85 percent of the world's microprocessor chips, with $26.2 billion in sales last year, trumpeted it as an important step in securing electronic commerce. A Web merchant would be able to read the ID number and, theoretically, use that to help confirm customer identity in e-commerce transactions.
Intel officials said computer users could deactivate the number if so desired, but public reports began to circulate that it would reactivate every time the computer was turned back on. Intel officials say this is false.
The American Civil Liberties Union asked Intel to sell the processor with the serial number starting in the "off" position, but the company decided to stick with its plans.
That turned out to be a bad idea. EPIC and Green Brook, N.J.- based anti-marketing firm Junkbusters quickly organized and publicized a boycott of Intel. U.S. Rep. Edward Markey, D-Mass., a member of the House Consumer Protection Subcommittee, warned Intel in a letter that the new chip "compromises personal privacy."
"And it was not just the media," says Intel Public Relations Manager Chuck Mulloy. "It was at-large: Internet chat groups, commentaries. Woe be to the company that has not learned to listen to the market."
But it can't be very good business for a company such as Intel to bring a product out without already knowing the market's mood. Despite its good-citizen response, Mulloy says Intel was somewhat blind-sided by the boycott.
"Several weeks ago, when we were briefing privacy groups ... we had scheduled a meeting for this week in Washington," Mulloy says. "I'm not going to speculate why they [announced the boycott], but we're still going to have that meeting with them. We understand fundamentally that privacy is the opposite side of the coin of security," Mulloy says. "That's why [the Pentium III has] been designed with the end-user capability of turning it off."
Intel relented and now the chip will be sold with the identifying serial number in the "off" position. Yet after Intel met for two hours last Thursday with the privacy groups, the boycott was still on, Rotenberg says. Then EPIC asked the Federal Trade Commission to block the release of the Pentium IIIs.
What's The Big Deal?
The ID number on the chip is a "big benefit" to companies looking to conduct secure transactions on the Web, says analyst Ted Julian of Forrester Research [FORR] in Cambridge, Mass. "But the benefits are some time out. It will take some time for people to roll over their installed base and adopt these new chips."
Julian believes the industry is unprepared to take advantage of the benefits of the chip numbers, and also that from a privacy standpoint "the whole thing was getting blown out of proportion."
With cookies and easy access to published Internet Protocol addresses already prevalent, the serial number isn't a great new blow against privacy, he says. To be against the number is to deny the need for passwords, digital certificates and other e-commerce enabling identifiers.
"The ultimate security," Julian says, "is to unplug everything." So what should be done?
"It's a dilemma," says Frank Taylor, vice president of strategic planning for Interpath Communications, an Internet consulting and service providing firm in Research Triangle Park, N.C. "The fact is that Intel is trying to institute something that in my mind makes sense for them. They're having a problem that people are cloning or reselling their chips. So it's a security measure to cut down on that. Also, inevitably, technology is trying to do everything it can to understand the demographics of the market.
"The whole game of convenience vs. security or privacy is the dilemma. Maybe this is a legal thing. It's a matter of making sure people don't abuse information, and if they get caught doing it, they get punished." (Ted Julian, Forrester, 617/497-7090; Chuck Mulloy, Intel, 408/765-3484; Marc Rotenberg, EPIC, 202/544-9240; Frank Taylor, Interpath, 919/388-6010.)
Privacy Worries
The following is an excerpt from the Green Brook, N.J.-based Junkbusters Corp. Web site, "Big Brother Inside," concerning potential abuses that could result from the use of a processor serial number inside Intel Pentium III chips. Junkbusters is a non-profit company dedicated to reducing intrusive marketing:
"The [processor serial number] would likely be collected by many sites, indexed and accumulated in databases. Unlike cookies, which are different for each Web site, the PSN will remain the same and can not be deleted or easily changed. The advertising and marketing industry have been strongly advancing technical means of synchronizing cookies so that information about individual consumer behavior in cyberspace can be shared between companies, we believe that a hardware PSN used in the majority of computers would quickly be put to this purpose. The records of many different companies could be joined without the user's knowledge or consent to provide an intrusive profile of activity on the computer. The only solution would be to change the processor or computer. Because the U.S. lacks few legal protections for online privacy, there are no practical limits on what can be collected or used. (Junkbusters, www.privacy.org/bigbrotherinside.)
|
