Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel Hit With Three Class-Action Lawsuits Over Meltdown and Spectre Bugs (theguardian.com)

Posted by BeauHD on from the when-it-rains-it-pours dept.

An anonymous reader quotes a report from The Guardian: Intel has been hit with at least three class-action lawsuits over the major processor vulnerabilities revealed this week. Three separate class-action lawsuits have been filed by plaintiffs in California, Oregon and Indiana seeking compensation, with more expected. All three cite the security vulnerability and Intel's delay in public disclosure from when it was first notified by researchers of the flaws in June. Intel said in a statement it "can confirm it is aware of the class actions but as these proceedings are ongoing, it would be inappropriate to comment." The plaintiffs also cite the alleged computer slowdown that will be caused by the fixes needed to address the security concerns, which Intel disputes is a major factor. "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," Intel said in an earlier statement.

9 of 220 comments (clear)

  1. Naturally.. by Junta · · Score: 4, Insightful

    This is an obvious outcome. It's worth keeping in mind that filing a suit does not vindicate or disprove anyone, as there's no way to ascertain whether there will be merit in the suit at this point. All it means is there's enough lawyers willing to make a wager when faced with such a *huge* potential payout.

    --
    XML is like violence. If it doesn't solve the problem, use more.
  2. This Will Go Nowhere by alternative_right · · Score: 5, Insightful

    Court: "OK, so your chip turned out to have a flaw, the company took extra time to investigate, and now your computer is slower sometimes. How is that different than the average Microsoft or Apple update?"

    Intel's lawyers will delay this until the hype is forgotten, and either kill it in court or settle for some absurdly low sum, so that all of the plaintiffs get checks for $0.64 if they remember to sign up at IntelProcessorSlowdownLawsuit.com before December 31, 2019.

    --
    Alternative Right.
    1. Re:This Will Go Nowhere by Wrath0fb0b · · Score: 4, Insightful

      It's not sloppy cheating, it's following the machine model. The way we all understood this 3 weeks ago is that speculative execution can have no visible side effects on the program-observable state of registers/memory. Now we've changed the model to extend the idea that speculative execution across privilege boundaries must also not have any observable side-channels.

      This really is a change to the x86 machine model.

  3. Bloody idiots by gnasher719 · · Score: 4, Insightful

    If Intel had disclosed that as soon as they knew, with no fix known or available, _that's_ when you would have a reason to sue them. My Mac got mostly protected some time in December. If Intel had disclosed this, there would have been 5 months open to hackers to attack me.

    1. Re:Bloody idiots by hcs_$reboot · · Score: 3, Insightful

      This is not how it worked. Intel has been aware for quite a long time, a year or more probably. Google found the problem in June, and vendors were made aware around that time. If it wasn't for Google, the issues would probably still be kept secret by Intel (until a hacker or another country find and take advantage of the vulnerability). Intel should have informed vendors a long time ago, like Google did, without of course making the issue a public story until a fix is installed. But Intel admitting the flaw would have triggered many compensation requests. This is one reason why the class action makes sense.

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    2. Re:Bloody idiots by GuB-42 · · Score: 3, Insightful

      What makes you think Intel knew that a year ago?
      All Intel CPUs with speculative execution are affected by Meltdown, and all CPUs with speculative execution, including those by AMD and ARM are vulnerable to Spectre. Intel discovering that a year before Google would be a coincidence. It is not just a bug, it is a fundamental issue in the way all modern CPUs are designed.

  4. Suits may be dismissed by Kohath · · Score: 4, Insightful

    Since there are zero cases where the flaw has been exploited to cause any problems, no one has suffered any economic harm. You need to have been harmed in some way to have standing to sue.

    And Intel will also argue that they never promised any different chip behavior. They are not issuing any errata. The chips work correctly as designers intended, just like other vendors’ chips.

    I expect at least a couple of these lawsuits to be thrown out by judges. Maybe all of them will be dismissed.

    1. Re:Suits may be dismissed by Nkwe · · Score: 2, Insightful

      Since there are zero cases where the flaw has been exploited to cause any problems, no one has suffered any economic harm. You need to have been harmed in some way to have standing to sue.

      If your processor performs even 1% slower because of a bug in the hardware itself, you can easily call that being harmed, especially if you're a business that relies on that performance in any way.

      Intel is not making your existing processor run 1% (or any percentage) slower. Your processor runs the same speed as the day you purchased it. If you or on your behalf Microsoft or some other operating system vendor plan on changing / patching your operating system with a version that runs slower than a previous version, how is this Intel's fault? Machines will only run slower if you change the software that runs on them.

      The computing industry makes security vs. performance and usability design decisions all the time. Intel made such a decision when they designed the cache behavior during speculative execution. Operating system vendors are making such a decision with the patches that are being / have been written. With respect to case of this specific patch that decreases performance in favor of security, if you want to sue someone sue your operating system vendor for forcing a patch on you that you don't want. That is if you actually don't want the patch. My guess is that you do want the patch and if you do want the patch it means you would rather have security over performance. If you do want security over performance, you don't really have a law suit. Just because you want both security and performance doesn't mean that you can have both.

  5. Re: God bless America!! by Archtech · · Score: 5, Insightful

    You seem to have a design fault: an extra inverter somewhere.

    Socialism is concerned with other people and how a community can be run in the interests of all its members. In practice, there is no other way for humans to live decently. Among others, it was warmly recommended by Jesus Christ.

    The people who cry "Me me me!!! It's all about ME!" are rabid ultra-capitalists - as represented, I take it, by the Republican Party. Unfortunately, the Democratic Party has chosen to be a carbon copy of the Republicans rather than an alternative.

    --
    I am sure that there are many other solipsists out there.