Slashdot Mirror
Boycott Against Pentium III Expanded
Absolutely Nobody writes "The Intel boycott is still on, even though they've backed off enabling identifier IDs by default, and has now been expanded to include any computer manufacturer that ships the PIII with the IDs, enabled OR disabled. "
Still a bad Idea.
Well there IS always the AMD k6-2, k6-3 and the long awaited k7
And I don't wanna hear shit from all you "Oh, but all these workstation manufacturers embed serial numbers on their mainboards, too you weenie."
I know, and I don't like that either.
I'll buy my home-built AMD-based machines and be perfectly happy.
"In addition, hackers could write programs that transmit a fake ID number..."
Hey, that sounds like a great idea. Then start browsing the sites that require that PID number and use it to identify frequent shoppers and try to come up with a valid number that you can spoof. Some bonehead out there is bound to "trust" that Intel/Microsoft/Whoever knows what they're doing and just let their system send their PID as a "secure" ID.
I predict that within six months after Intel starts shipping these chips, you'll be able to find websites with lists of valid PID numbers for people to spoof.
Now you have a $10k piece of garbage.
What about MY right to have company asset?
The idea that serial number will improve copy
protection is ludicrous. People routinely crack
programs which test a typed in serial number. You
simply bypass the check, or fool it into thinking it got a serial number that it likes, or use some
other such trick. Whether the SN is typed in or
requested from the CPU, the package is still quite
vulnerable to being cracked.
One thing nobody seems to have mentioned in this discussion is the fact that most computers already have a unique serial #... Every Ethernet card made has one....
I'm not too familiar with this processor ID thing, from what I've read an argument can be made for both ways--but what I've seen here has me leaning towards it being a bad idea. However, what if I am doing online banking or stock trading, wouldn't these processor IDs provide me with some sort of security? The only draw back would be that I couldn't do any trading or banking from a machine other than my own, right?
Dennis
The fact that Intel isn't complying with the
demands of the end-user/consumer and that they're
dismissing and downplaying the blatant destruction
of privacy alone annoys me.
I'll boycott Intel and anyone that resells Intel.
Just try it, assholes.
I agree that it may be useful for almost unique
or small run software. However, I don't think
SN locking will be useful for mass production
software, and certainly not games, as I'm sure
some companies will eventually attempt. It's just
too easy to propagate a binary patch to a
program... that small percent with the know-how to
do it will be a large number of people for a wide
spread product. They'll crack the program, and
propage the crack.
(However, again I do concede that it could be
useful for the big programs. I suspect there are
other good ways of locking an expensive program,
though, than burning a number into a CPU.)
Why bother with this whole issue? Make your next box a PowerPC machine. That processor family is on a faster performance curve anyway.
If Intel puts unique IDs in their chips nothing will change unless software actually retrieves the number and does stuff with it. Software can do good and bad things with the info. There's nothing to stop ie. Netscape from transferring all the files on your HD to some other site. It doesn't, because that'd be dumb.
A unique ID has advantages (like for crypto use) so why on earth should we block it? It's not like it'll automatically cause all your personal info to be known to Big Brother. Only if the software does that. Go bitch at those people. Intel isn't doing anything wrong here as far as I can tell.
ecnasiun@cmu.edu
(reverse username)
The PIII has an ID on chip. Big deal. Sun boxes have
accessible hostid's. Suns have shipped this way
for YEARS and nobody whined. Every ethernet card
has a unique ID. Your ISP knows your phone number
Given a source and co-operative ISP/telco - eg in
a police matter you can be traced back. Therefor
the powers that be (NSA etc) can already trace
you easily.
Get a life
HAH. Intel is no longer placing an add during that "game". According to the SF Chronicle, they placed ads in 97 and 98. Could it be the public hates them for the PIII already? HAH.
I don't know if it's been mentioned, but the software to turn the 'feature' on and off is Windows only. So if you don't have Windows installed, you won't be turning it off.
I must say that I am somewhat dismayed that there have been few comparisons to Intel acting like MS in that they are forcing unwanted features onto product. MS did it with MSIE. Now Intel is doing it with the PSN. The difference is that I could delete MSIE, so this plan is far more insidious in that I cannot remove the PSN. I could, just as with cookies, be required to turn the feature on by specific news or large consumer sites, no matter what the default setting is. They will have tutorials telling site visitors how to do this, and it will be required. That is a certainty.
My questions would be, are AMD, Cyrix, MIPS, or PowerPC going to commit to NEVER including this feature, relying on software based solutions?
What is the percentage of other processors on the market? If Intel is 85% of the processor market, and in 2 years, they sold enough P3 w/PSN to comprise 20% of the existing Intel processors on the market, that assuming the marketshare remained flat, that the P3PSN would have a 17% of the market.
If those numbers make an accurate forecast, then I think it hardly reasonable that website operators would exclude 83% of the market cause they could not be tracked w/PSN. However, if everyone else was going to follow the Intel lead, then we would all be screwed as to anonymity, but due to legacy systems the PSN could not be fully implemented unless it was truly Big Brothered(feds) in as a requirement.
This provides a good incentive for me to never buy Intel again. If the public was assured by the other manufacturers that Intel would be the only manufacturer going that way, and others committed to never having PSN, then that would remove any incentive for Intel to continue with the PSN plan. In the end, good solutions as to verifying IDs for commerce already exist and are processor platform independent software solutions such as certificates and Public Keys. My keyset is not tied to a single machine either, it is transportable.
and how long before AMD is labled "non ecommerce enabled" or something like that and has to add their own chip ID?
I don't think I'll buy or recommend ANY Pentium III based PC. Just on principle. With chip competition, I have the ability to do this.
This is just a silly thing that can/will be mis-used. ANY online transaction involves risk - hell, ANY credit card transaction involves risk - you don't think a waiter/waitress can glean your credit card number / expiration date?
Bulletproof perfection is not gonna happen - as long as people are the ones doing the engineering.
Because the new CPU has a new serial number. Software that binds itself to a particular CPU will think it's being pirated now and will wrongfully require the user to buy a new license.
If as Intel states, the CPU id is to prevent resellers from selling overclocked systems, then they should put real CPU info (speed, amount of cache, etc.) into whatever field they planned to put the CPU ID into. No one is pirating actual CPUs hence there is no need to serialize them except for big-brother tracking purposes.
I didn't realize this until yesterday regarding the random number generator in the Pentium III.
Everyone is paying a lot of attention to the fact that the Pentium III has an ID that could be used to track processors. Intel very quickly "caved" and said that they would ship the processors with the feature turned off.
Ever thought about how easy it would be to hide the ID in a stream of random numbers? Good encryption looks random, and if you know that encryption is present, you can easily begin a process of figuring out which processor generated the random numbers. Is that ID really turned off if all you need to do is generate a couple thousand bits of "random numbers" from the generator and decrypt the ID out of the subliminal channel?
Now, Intel isn't talking about disabling the random number generator along with the ID system, are they?
Why should we trust Intel?
Build your own random number generators. Do not trust Intel with your random numbers. Intel's secret slogan may very well be "Random numbers are too important to be left up to chance." :-)
Maybe I'm missing something, but why aren't people
asking the question how the 'bits' in the PIII are
getting on the internet to begin with.
I'm sure this wasn't done in a vacuum, but that
the os and application vendors have a big hand
in this. What W3 standards, or protocol is documented that can make used of these numbers?
My guess is that Intel (and others) are not publishing the real reasons for this.
Intel probably wants to identify relabelers (this could protect the consumer from fraud), and
the OS and application vendors are looking for copy protection and identifying users.
Why isn't anyone blasting the OS vendors?
I've heard of some license daemons that use the MAC on ethernet cards as a "hostid" like the hex # stored in NVRAM on Sun SPARC machines.
Why isn't anyone in an uproar over having hostids on Suns? They've been around for years.
Why cry about the PIII having a serial number?
Most Intel or compatible mother boards already have a serial number accesible by software.
Hint check out the Dallas Semiconductor Real Time Clock chips for one example.
We have been tracking you guys for years...
Actually, it would be the application itself which is responsible for gathering the ID from the chip. It's not some sort of automatic feature which broadcasts to every site you visit.
If Intel gets away with this, the Ecommerce community will bring tremendous pressure to bear on others to follow suit. IBM is a major ecommerce player. Apple wants to be. Once Intel establishes it as a "standard", the powers-that-be will proclaim it already too late (the Scott McNealy "get over it": argument). Hence, each step justifies the next.
Since both a software and a hardware component are needed to make this work, opposing either is equally legitimate. However, opposing the hardware is much more practical and is the question before us now. If this battle fails, we go after the software, but that will be a harder fight.
Only way i'd go PPC is if I could get a non-Apple
brand box or motherboard.
Looked at the Motorola Yellowknife, and that seems
promising. But things in the PPC world arent as
commoditized as they are w/ PC's.
everyone should be using open source operating systems and web browsers so that they control exactly what is sent. i'd be happy to have a serial number in my cpu incase my computer is stolen from my dorm room. (at least i could prove the cpu was mine, if not the whole computer). all this stuff only matters to people who use closed-source operating systems.
/dev/random would be really cool.
i really hope they keep the thermal rng. another source of randomness for
You've let Them(tm) define for you what your privacy concerns should be. The credit card companies are usually liable for stolen credit card number charges beyond 50 dollars. Hence *they* are very concerned about this. This is why CCN security is pushed as the be-all and end-all of privacy (Oh yes, we care about privacy. We use SSL to encrypt your credit card number) - it's not for your protection any more than all those cameras are. Maybe people should find an anonymous way to sell their CCN's for 60 bucks.
Again, the VAST majority of HOME systems don't have ethernet cards, and thus, no ethernet card ID in their system. This issue is primarily a privacy issue for the masses. Pretty much most of the people on this board are capable of producing ECM spoof/chaff programs to either eliminate the ID, or provide a fake one. But most people in the world are helpless against the Intel Big Brother Inside ID, and it will be used to track their every move. This is something best avoided.
If Intel gets their way, in six months it will be a Federal offense to author and/or use spoof programs to disrupt the ID.
f you are using OSS applications you can verify 100% that the ID is not being transfered. The processor has
a unique ID and a random number generator, NOT a tcp/ip stack.
If the hardware is used to encrypt a message, anything the hardware can access can be hidden in that message. It presumably would be encrypted with the public key of the *website you visit*. Therefore, you will not be able to decrypt to see what is there. I don't know think Intel would risk something like this for ecommerce - they'd have to tell a lot of people and it could leak - but I could well see them putting in back doors for the NSA, FBI, Chinese Security forces, etc. The government won't bust them for doing its own bidding and only a few people would have to know.
Also I find it difficult to belive the PID is freely available from the processor. They probably have some type
of challange/response, which would require the use of a good random number generator.
If this were the case, they would be saying so. They're obviously out to defend their position here anyway they can.
having serial numbers are ok, but not if everything has access to it. You should be able to go into your bios and check the number and that is it. No one/thing else can check.
Firstly, the MAC address is not relevant on a dial-up connection.
Secondly, it's more common to switch NIC's than CPU's.
Thirdly, it is on many cards possible to change the Mac address of a NIC. See "man ifconfig", search for "hw class address". Try it yourself on your own NIC if you're skeptical.
Intel has 76% of the market not 85%. AMD rose to 15% for the end of 1998. 1/2 of the PCs sold last month had AMD chips in them. AMD makes a cheaper and equally good product and everyone is starting to jump on the AMD bandwagon.
- Sun boxes aren't used by nearly as many millions of clueless home users to access the Internet and purchase things over the Internet.
- Ethernet cards are less commonly used to access the Internet than dial-up boxes.
- Even when ethernet cards are used to access the Internet, MAC addresses are not forwarded by the gateways/routers to outside TCP/IP networks.
- Ethernet cards are also more commonly moved around than CPU's.
- Even so, the "unique" MAC ID can be changed. "man ifconfig" "/" "hw class address". Try it.
- My ISP does *not* know my phone number. That is not supported by the telecomms infrastructure in my country. (They know who I am from my login authentication though - duh - they still don't sell that info to thousands of people who want to use it to sell stuff to me.)
- Privacy wrt tracing as a police matter is not the issue here. The issue here is privacy with regard to corporations that want to collect data about consumers habits,interests etc on the Internet.
Get a clue.
Is it possible to, say, build into the kernel that the ID request feature is trapped by the OS and dud information returned, effectively "permanently disabling" this feature for those who run OS's for which they can see the source?
Just wondering.
OK, I can understand the privacy issues, but speaking as someone who has had an entire office stripped of processors and memory, I'd appreciate the ability to track them down, in just the same way that I have a tracker on my car. True, big brother could track everywhere I go, but it's not something that bothers me because I'm not excessively paranoid...
Who does the money belong to?
DEFINITELY no thanks to that idea.
Ben
Besides, even once I'm static ip, I'll run
ipchains -P forward MASQ
so my ip address is meaningless to, except on privileged ports.
- RF (dfelker@cnu.edu)
It depends on which cpu the code executing the instruction requesting the ID is running. On any secure system, this would be a/the cpu on which the kernel code is running...but of course, secure systems would not provide any means of accessing the ID. :)
- RF (dfelker@cnu.edu)
Yep newb, you're not the first to bring up that completely irrelevant issue. Go back to playing your d0ze games and quit whining.
- RF (dfelker@cnu.edu)
If you could just understand this point...
Linux users may or may not be affected in their
own little worlds, but in the big, very real
world, this will shrink the pool of creative
energy available by increasing the advantages
of economies-of-scale enjoyed by companies
like Microsoft, Disney, and Sony. Real people
will make real decisions based on the fact that
now they can do reasonably reliable (meaning good
enough) user authentication with the 90 percent
of the users who are not crackers. These
decisions, such as what software to write, how to
sell it, what business model to use, who to
target, etc. will very definitely impact Linux
users because of the opportunity cost (look it up)
associated with huge resources being poured into
non-Linux platforms.
It's not that it's bad for Linux; it is bad for
creativity and free content in general, because
it will increase the rewards for paid content
and decrease the pool of good people doing free
content and free software. Software includes
programs, music, and web content in my definition.
Then there's the privacy aspect, but that is
a very teeny weeny red herring compared to the
societal impact of the pay-per-view micropayments
that this will enable.
There IS something to keep netscape from transferring all the files on my HD to someone: it's called ``chmod go-rwx''.
.Xauthority before execing netscape... :)
If I decide to put up with this bloated trashy non-free version of netscape much longer, I just might write a wrapper to setreuid(nobody,nobody) and chroot() to a dir under a protected dir containing a world readable copy of the user's
- RF (dfelker@cnu.edu)
If you could just understand this point...
Linux and other OSS users may or may not be
affected in their own little worlds, but in the
big, very real world, this will shrink the pool
of creative energy available by increasing the
advantages of economies-of-scale enjoyed by
companies like Microsoft, Disney, and Sony. Real
people and companies will make real decisions
based on the fact that now they can do reasonably
reliable (meaning good enough) user authentication
with the 90 percent of the users who are not
crackers. These decisions, such as what software
to write, how to sell it, what business model to
use, who to target, etc. will very definitely
impact Linux and other OSS users because of the
opportunity cost (look it up) associated with huge
resources being poured into non-OSS platforms.
It's not that it's bad for OSS. It is bad for
creativity and free content in general, because
it will increase the rewards for paid content
and decrease the pool of good people doing free
content and free software. Software includes
programs, music, and web content in my definition.
Then there's the privacy aspect, but that is
a very teeny weeny red herring compared to the
societal impact of the pay-per-view micropayments
that this will enable.
Many people can use my box, and I could set it up so anyone can. Moreover, I try to keep as few logs as possible; eventually I'll work on setting up my syslogd even better so stuff that shouldn't be saved goes to /dev/null. Hmm...somehow I doubt tracing something to me means much then...
- RF (dfelker@cnu.edu)
Just trapping the instruction(s) is much more secure, and easier to do.
- RF (dfelker@cnu.edu)
ok ok so lets see....I buy software...Microslop gets sued by the supreme court...MS removes software or disables it via my New Improved CPU id#...I have zero.
I have a better idea lets have MS refund everyone the retail price for any piece of software that has gpf'd on a windoze box...or simply pay everyone for beta testing...yup linux is the future....god bless linus
a-guy on effnet
It seems your stats are quite out of date...Most computers are bought these days by Home users...many run companies from their home so that may fall into your stats.
...I think Germany did that in WW2
Tying a piece of software to a system is just plain wrong. I personaly upgrade my cpu 2-3 times a year, this means I get to call all the software vendors I have software for and ask them to re-register my cpu#?
Owning a small business, I don't have time in my 18 hour day to make 50 long distance phone calls (at my expense no doubt...) to beg someone who could care less to add my number again.
Lastly, If this CPU# is to prevent software piracy, and vendors need this as a tool to prevent piracy then all persons must be software pirates.
Guilty until proven innocent eh?
a-guy on effnet
I'll go with K6-2, K6-3 or G3 and the future G4 and K7, as long as they DON'T have this stupid feature
I have seean and read many rants now that say " i run linux and open source sfotware, and I could hack a solution on closed software, so I dont care."
Correct, if at this time you know about the PIDs, you probably will not be affected by them. However, there are huge numbers of users that do not and likely will not hear anything about these serial numbers. These users will have information compiled about them without their knowledge.
Debate can be had about whether the data gathering is good or bad, but it is our responsibility, as people who DO know about this issue, and DO understand it, to let others know. Others that might otherwise not know.
Part of the open source communitiy is to remove the fear and powerlessness from computing. Among other things, that includes translating important issues into language and concepts understandable to the people who will be affected.
Enough of this "I know how to deal with this, the rest of the world can go to crap because its irrelevant to me" bs.
A closed ranks tech elite is EXACTLY what FSF/GNU was founded in resistance to!!
chrisd@sfu.ca
hmm... that's an interesting one... I suppose with the advent of the G4s, G5s and G6s, mac venders may decide to have SoftPC emulating a P3. When they claim 100% compatibility, would that include the ID#? What about the retrieval instructions? and if it did, how would it come up with the ID#? perhaps it would be something like a reserved #, like PPPs EA of 44-45-53-54-00-00. If it does work something like this, we now have a pool of legal, valid but nonsensical ID numbers to spoof!
(i'm not putting my regular @syr.edu email address here for fear of spammers , but you can email me at dan642@hotmail.com.)
I work at a *bigger* ISP.
I have access to at least 60,000 credit card
numbers, along with their exp. dates, names
and addresses.
hehe =]
fortunately we also offer a pre-paid access
method which is available nationwide at major
retailers.. this allow people who don't _have_
a creditcard OR don't _want_ to use it access
to the internet.. this practise is becoming
increasingly rare unfortunately.
just turn caller id off and as long as whatever
you do has no reason for federal police to get
involved you have anonymity of a sort.
Your Network Interface Card... Probably Newer Modems too.
You wrote:
If those numbers make an accurate forecast, then I think it hardly reasonable that website operators would exclude 83% of the market cause they could not be tracked w/PSN. However, if everyone else was going to follow the Intel lead, then we would all be screwed as to anonymity, but due to legacy systems the PSN could not be fully implemented unless it was truly Big Brothered(feds) in as a requirement.
I think your analysis here is based on a mistaken assumption about how this is probably going to work. Website operators who want to use this won't be using the PSN by itself. That would foolishly exclude anyone having an older machine from their website. Instead, they will use the CPUID to determine if your system can supply a PSN, and if so, insist that you (re)configure your system to provide it before granting access. Obviously anyone with a P3 system who disables a vital "security" feature on their CPU is a dangerous subversive who you wouldn't want to do business with anyway (rather than someone who's merely unfortunate enough to not be using the latest technology).
As you said, the only way around this is if enough people refuse to buy CPUs with PSN support. If a large enough fraction of new CPUs don't include the feature, the e-commerce market will be forever stuck in a transitional phase where they cannot require a PSN without giving away too much business to their competitors who don't require it. In this environment, the PSN will eventually be seen as a disadvantage by users -- rather than allowing access to more sites than systems without a PSN, it will give the same degree of access at the cost of personal privacy and configuration hassles. Consumers will begin rejecting systems with the PSN and the feature will be dropped.
Of course, if a high enough percentage of new CPUs sold contain a PSN, then eventually some sites will decide to ignore potential buyers without PSN-enabled CPUs, and it will be an advantage to have the feature. Other CPU makers will then feel compelled to include it.
Which way things will go depends on us. I'll be doing what I can to move things in the right direction by buying PSN-free CPUs for all our new systems, as long as we have a choice. Since AMD has said they won't be using PSNs in their CPUs, and their K6/K7 technology looks to be better and cheaper than comparable Intel stuff, the choice has suddenly become very easy!
Maybe we should try to convince AMD and the other non-Intel suppliers to create a "PSN-Free" logo campaign to raise public awareness about the issue?
This is precisely why competition is good. For a long time there was really only Intel. But if Intel decides to stay with serial numbers then I can purchase AMD, Cyrix or PowerPC.
Honestly, I think the uproar is a little paranoid, but here's a chance to vote with your wallets.
Didn't someone say that Microsoft's domination is a good thing for consumers? Imagine if they decided to use their software to track consumers... Oh wait, they do.
KL
Wow, that really is paranoid!
Obviously, the reason this is impossible is that even if Intel had created the random number generator as a backdoor into the PSN, software and/or the specs to write it would be needed to retrieve it that way, and the secret wouldn't last a day.
Although I despise the PSN, I think adding a true-random number generator based on thermal noise to the CPU is a great idea, which I hope all chip suppliers decide to emulate. It's a shame that this cool new feature of the P3 is being overlooked due to the (very justified) brouhaha over the PSN.
Sorry I'm an AC. I made a login but lost/forgot it
;) would be the one to actually cause the tracking to be a reality. The ID number could come from anywhere. Say an OS/Browser verndor wanted to add this to their product line: They could just as easily put an ID on the motherboard (in the BIOS?) instead of the processor.
and don't have time to deak with it. I am jhohertz@nospam.golden.net (lose the nospam of course)
My position is simply this. In order to tack ANYONE the OS has to a provide an interface to
get the number. Not only that, but then the browser would need to provide an interface to this too. Maybe a new javascript var. Or whatever.
If a large tracking effort were to occur, I'm not sure that Intel should be accountable at all. The OS vendor (IE but not necessarily Microsoft?
In short: the tracking is in software. If you want
to scrutinize the industry for supporting such behaviors, look there.
Joe
================================================== ====================
- ---------------
. html
g /index.html
7 624.html
3 507.html
= ====================== ====================== =====================- ---------------------= =====================
SCAN THIS NEWS
1/31/99
Global Electronic Commerce Plan Hits Public Acceptance Snag
Who instructed Intel to program digital IDs into their new Pentium III
computer CPUs? Was this something they came up with independently, or was it
done in furtherance of a larger agenda?
Who instructed all four of this nation's banking regulatory agencies to
simultaneously propose "Know Your Customer" identification regulations
coincidentally at the very same time that lawmakers in other countries were
also instituting KYC policies? Did all of these entities propose nearly
identical laws and regulations at the same time just by chance, or did
someone plan and orchestrate the event?
Whatever you believe, you should not dismiss the fact that plans are
presently being made and implemented on the global scale which will
ultimately determine how you conduct business - possibly all business - in
the future. The fact that plans are underway is no secret; however, the
precise details are very secret. The overall plan has been made public; but
the intricacies will not become public until the necessary national laws and
regulations are securely established, and the agreed upon technologies have
been incorporated.
The establishment of a global framework under which all business will
eventually be conducted is every bit as profound as the establishment of the
Federal Reserve Banking system here in the U.S. in 1913, which placed total
control of this nations economy solely in the hands of a few, un-elected
individuals. Although the Federal Reserve system has been the focus of much
talk of "conspiracies" and secretive planning, few people today are even
aware that the establishment of a vastly more ominous global financial
system is being instituted right under their collective noses. Global
planners are now spreading their tentacles of economic control over the
entire globe which will eventually afford them complete and total power over
the world's economies.
Before all commerce can be conducted electronically however, a number of
foundational provisions must first be put into place. Perhaps chief among
these is the ability to positively identify all parties who engage in
electronic business - particularly over the Internet. This will require a
combination of technologies to identify both the user and the equipment from
which a transaction originates.
Contracting parties will be identified through the use of either "digital
signatures" that will be assigned to each individual by the government, (see
linked article below), or by using digitized fingerprints captured and
transmitted at the time of a transaction. Digital fingerprint readers are
now available for use with PCs, and Windows 98 already includes an
Application Programming Interface (API) which allows for easy hook-up of
personal fingerscanner devices. Recently, Compaq computer company announced
that it had begun marketing a PC-based fingerscan reader for under $100
each.
Another prerequisite to the global transactions system will be the
establishment of Electronic Commerce Taxation agreements so that local,
state, and national taxes can be collected at the "point of sale." As more
and more purchases are made over the Internet, various government agencies
are beginning to clamor about lost revenue due to electronic sales that are
not taxed. Tax revenues diminish in direct proportion to the increase in
un-taxed electronic sales. This issue will have to be addressed very soon,
one way or another.
Computer chips with electronic IDs and personal digital signatures (or
electronic fingerprints) will satisfy both the taxing and the contractual
requirements by associating every electronic sale with originating locations
and participant individuals. Legally, the "identified person" and the owner
of the "identified terminal" will be liable for whatever tax is imposed at
the time of the transaction. The tax will be levied and collect when the
sale is conducted.
Law enforcement interests will be central to whatever electronic commerce
technologies are eventually established. Therefore, assurances will be
provided for the ability to trace all transactions back to an individual,
identify the originating address, and verify the computer terminal used.
These system's inherent traits will provide the ability to track all
transactions so that illegal activity can be monitored.
Because of the tax component of the electronic commerce equation, and
because of law enforcement interests, "anonymous" electronic activity may be
outlawed under the system currently being planned. A gossamer form of
anonymity may be permitted to the extent that the veil of privacy can be
lifted in the event unacceptable activity is detected.
The planners may allow "pseudo-encrypted transactions," but only if
designated governmental entities (probably international in nature) have the
"keys" to all approved encryption algorithms. Only approved encryption
schemes will be permitted in the global electronic commerce system.
Un-approved technologies and encryption schemes simply will not be allowed
over the international transactions system.
Not only will the system provide a means to monitor suspicious transactions,
but the technologies that are being developed will also certainly
incorporate methods for identifying all other un-approved, un-authorized, or
otherwise illegal online activity. Therefore, the same identification
standards that are finally agreed upon for electronic commerce will most
likely also be required for all other electronic correspondence transmitted
over the Internet.
On July 1, 1997, President Clinton released his Presidential Directive on
Electronic Commerce which sets out the agenda for accomplishing the above
objectives. On that date, he also announced the release of "A Framework For
Global Electronic Commerce;" the official administrative plan for the
development of a global electronic commerce system.
The President's Directive delineates the fundamental areas in which
government agencies are to work with law enforcement and private sector
businesses, both nationally and internationally, to develop new technologies
which will assure that electronic transactions can be conducted "securely."
Clinton's Directive states:
"According to several estimates, commerce on the Internet will total tens
of billions of dollars by the turn of the century and could expand rapidly
after that, helping fuel economic growth well into the 21st century.
"For this potential to be realized, governments must adopt a
market-oriented approach to electronic commerce, one that facilitates the
emergence of a global, transparent, and predictable environment to support
business and commerce."
"In promoting robust security needed for electronic commerce, the
Administration has already taken steps that will enable trust in encryption
and provide the safeguards that users and society will need. The
Administration, in partnership with industry, is taking steps to promote the
development of market-driven standards, public-key management infrastructure
services and key recoverable encryption products."
"Many businesses and consumers are still wary of conducting extensive
business over the Internet because of the lack of a predictable legal
environment governing transactions. This is particularly true for
international commercial activity where concerns about enforcement of
contracts, liability, intellectual property protection, privacy, security,
and other matters have caused businesses and consumers to be cautious."
"Today I have approved and released a report -- "A Framework For Global
Electronic Commerce" -- outlining the principles that will guide my
Administration's actions as we move forward into the new electronic age of
commerce. This report articulates my Administration's vision for the
emerging digital marketplace by declaring a set of principles, presenting a
series of policies, and establishing an agenda for international discussions
and agreements to facilitate the growth of electronic commerce."
"Accordingly, I am hereby directing that executive department and agency
heads should be guided in any future actions they take related to electronic
commerce by the following principles:"
"7. I direct the Secretary of Commerce to work with the private sector,
State and local governments, and foreign governments to support the
development, both domestically and internationally, of a uniform commercial
legal framework that recognizes, facilitates, and enforces electronic
transactions worldwide. I further direct the Secretary of Commerce within
the next 12 months to seek to gain agreement with the private sector, State
and local governments, and foreign governments, both domestically and
internationally, on common approaches for authentication of electronic
transactions through technologies such as digital signatures."
The Framework itself states:
"The United States, through the Department of the Treasury, is working
with other governments in international fora to study the global
implications of emerging electronic payment systems. A number of
organizations are already working on important aspects of electronic banking
and payments. Their analyses will contribute to a better understanding of
how electronic payment systems will affect global commerce and banking.
"The Economic Communiqué issued at the Lyon Summit by the G-7 Heads of
State called for a cooperative study of the implications of new,
sophisticated retail electronic payment systems. In response, the G-10
deputies formed a Working Party, with representation from finance ministries
and central banks (in consultation with law enforcement authorities). The
Working Party is chaired by a representative from the U.S. Treasury
Department, and tasked to produce a report that identifies common policy
objectives among the G-10 countries and analyzes the national approaches to
electronic commerce taken to date.
"As electronic payment systems develop, governments should work closely
with the private sector to inform policy development, and ensure that
governmental activities flexibly accommodate the needs of the emerging
marketplace."
"Of particular importance is the development of trusted certification
services that support the digital signatures that will permit users to know
whom they are communicating with on the Internet.
[The Framework on Electronic Taxation]
"The taxation of commerce conducted over the Internet should be consistent
with the established principles of international taxation, should avoid
inconsistent national tax jurisdictions and double taxation, and should be
simple to administer and easy to understand.
"Any taxation of Internet sales should follow these principles:
"* It should neither distort nor hinder commerce. No tax system should
discriminate among types of commerce, nor should it create incentives that
will change the nature or location of transactions.
"* The system should be simple and transparent. It should be capable of
capturing the overwhelming majority of appropriate revenues, be easy to
implement, and minimize burdensome record keeping and costs for all parties.
"* The system should be able to accommodate tax systems used by the
United States and our international partners today.
"Wherever feasible, we should look to existing taxation concepts and
principles to achieve these goals.
"Any such taxation system will have to accomplish these goals in the
context of the Internet's special characteristics -- the potential anonymity
of buyer and seller, the capacity for multiple small transactions, and the
difficulty of associating online activities with physically defined
locations.
"To achieve global consensus on this approach, the United States, through
the Treasury Department, is participating in discussions on the taxation of
electronic commerce through the Organization for Economic Cooperation and
Development (OECD), the primary forum for cooperation in international
taxation.
[End of excerpts]
-------------------------
THE FATF AND KYC
The individual pieces of the Global Electronic Commerce plan are being put
into place currently worldwide. One element of the plan is the banking
industry's "Know Your Customer" program which establishes standards banks
must use in identifying individuals for all banking-related activities. The
Financial Actions Task Force (FATF) - established by the same Global-7
organization mentioned in the "Framework" - is the international
organization charged with developing and globally implementing the KYC
standards. The FATF's plan, called the "40 Recommendations," established the
KYC requirements that all member countries are now working to implement.
Although the KYC proposal has recently suffered a setback in the U.S. due to
public rejection of the identification and monitoring provisions, the
international FATF organization has not - and will not - abandon the
concept. The FATF identification measures must be put into place before the
electronic commerce system can go forward. Don't expect KYC identification
requirements to go away. In fact, federal regulators have stated that nearly
all of the KYC provisions are already in place at all major, and most
smaller, U.S. banks.
Related to this is the bank policy - which most banks have adopted -
requiring all non-member customers to submit a fingerprint in order to cash
checks. As electronic fingerscanners become cheaper and more readily
available it can be expected that banks will soon begin requiring digitized
fingerprints in order to open accounts and even for established customers to
transact regular banking business. Digitized fingerprints will also likely
be required for conducting conventional business whenever chargecards and
checks are used. The justification will be to "protect the customer and to
prevent fraud;" the now familiar chorus sung by all data-collecting
entities - public and private.
INTEL AND THE ID CHIP
The Framework for Global Electronic Commerce additionally proposes the
development and incorporation of new technologies that will assure that
"secure transactions" can be conducted over the Internet. The "Framework"
states that government will work with private sector industry to develop the
necessary technology and to assure that the requisite standards are put into
place by commercial concerns.
Intel spokesman Tom Waldrop was quoted in Wired Magazine (1/31/99) as saying
the purpose of the digital ID that has been programmed into Pentium chips
was to develop a method for "the consumer to have a secure transaction over
the Internet." This is essentially the same wording as used in President
Clinton's Directive and Framework for Global Electronic Commerce. Intel's
plan to assign a digital ID to all of its new Pentium III computer chips is
consistent with the Framework's objective for global electronic commerce.
Due to strongly vocal objections from the public - particularly those
concerned with privacy issues - Intel has agreed to alter their chip design
so that the ID feature will be turned off by default. The ID feature can,
however, be turned on using Intel-provided software.
If the emerging global electronic commerce system ultimately requires that
all CPUs have an ID feature, and that all users "identify" themselves when
logged on to the Internet - as is currently being planned - there may be no
option but to either acquiesce to the privacy-invading stipulations or
simply stop using the Internet altogether.
Scott McDonald
-------------------------------------------------
REMARKS BY THE PRESIDENT
IN ANNOUNCEMENT OF ELECTRONIC COMMERCE INITIATIVE
http://www.whitehouse.gov/WH/New/Commerce/remarks
PRESIDENT CLINTON'S FRAMEWORK FOR GLOBAL ELECTRONIC GOVERNMENT
http://www.whitehouse.gov/WH/New/Commerce/
See also:
"Feds want a digital certificate in every pot,
July 16, 1998" - CNN News
http://cnn.com/TECH/computing/9807/16/digicert.id
"Firm Sidesteps Intel on Chip ID" - Wired Magazine
http://www.wired.com/news/news/technology/story/1
"...the purpose of the digital ID is so that "the consumer
to have a secure transaction over the Internet."
"Let Your Fingers Do the Login" - Wired Magazine
http://www.wired.com/news/news/technology/story/1
=================================================
Don't believe anything you read on the Net unless:
1) you can confirm it with another source, and/or
2) it is consistent with what you already know to be true.
=================================================
Reply to:
=================================================
To subscribe to the free Scan This News newsletter, send a message to
and type "subscribe scan" in the BODY.
Or, to be removed type "unsubscribe scan" in the message BODY.
For additional instructions see www.efga.org/about/maillist.html
-------------------------------------------------
"Scan This News" is Sponsored by S.C.A.N.
Host of the "FIGHT THE FINGERPRINT!" web page:
www.networkusa.org/fingerprint.shtml
=================================================
I wouldnt touch a pentium anyways. Everyone should just get an Ultraspac instead and stop whineing about how much Intel sucks
Why do I keep hearing the media say that the chip transmits its ID to the net? The only way for the chip to do that would be if it implemented a TCP/IP stack in hardware. Otherwise, it's just the software running on the chip that's doing the transmitting.
That said, my next machine still won't be an x86 box.
This is about setting things up so E-commerce, programs and information can be made PIII-only. It has very little to do with privacy, and everything to do with monopoly. The serial number is Intel Only, and even PIII only. Intel are desperate to sell more highend Pentiums, and they're setting up to bribe vendors heavily to do this. You surely don't think that, for instance, the Dilbert Comic Explorer is just something Scott Adams thought would be cool and set up one day? That bit of web tech brought the site payoffs from Intel. The only problem is, you can't _require_ people to use it, and I'm not sure it's really PII only like it strongly implies. So the next attempt is a CPU dongle, so that only PIIIs can even pretend to work with the new sites and programs and content- and then Intel busily sets about paying off other vendors to help the lock-in. Who says people have to _want_ to cooperate with Intel? They can be bribed.
It's exasperating to see how few people are recognizing this. The problem is, people are assuming content providers care most about their visitors. If it's possible to get paid off by Intel for putting closed content up, some people will choose to do so. Even when it's a CPU dongle that very few people currently have.
I'm assuming that Linux programmers will be ethical enough not to have their programs transmit the PID everywhere, so whether it's on or off isn't really an issue. The only advantage to turning it off would be to prevent a program from broadcasting your PID somewhere, but if your programs don't broadcast it int he first place, it's irrelevant.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Posted by SmashPHASE:
;-)
Intel is just awaiting another mediahype about
their xth bugged processor release.
This is just to solve their logistic problems
at that time.
Posted by Shawn Bayern:
Just some food for thought... Did you realize that web sites can theoretically already track the (unique) Ethernet hardware addresses of Windows users? Windows exports the MAC address over the NBT (NetBIOS-over-TCP/IP) protocol, letting others on the Internet (not just the local network) figure it out.
Granted, this doesn't affect dialup users, but in principle, it doesn't seem all that different (in at least the network-related senses) from a unique processor-based serial number. (This isn't to say I support Intel here; I'm just providing info.)
Gateway has already announced that they will be using AMD chips instead of Intel. I believe that cost was the determining factor but the whole PSN fiasco with Intel makes their decision appear to be very timely.
And in the end, the love you take is equal to the love you make
Buy an Alpha.
...and it's been used on SUN machines forever. It's actually tied to the BIOS of the system, not the CPU, so it doesn't change. And the copy protection based on it works very well, since licence keys are generated off of the hostname, the HostID, and a random string that the company generates.
This space for rent. Call 1-800-STEAK4U
OK -
so Intel embeds an ID into their chip. BFD. There are a whole bunch of other IDs in your system that software can get at in various ways. I merely see this as a way to help restrict the deployment of software. Example:
You call up some vendor and ask them to send you a copy of their software (or via the web) - and they ask for your CPU ID, they then ship you a copy, or email it, and only you can run it.
It's sort of like a PGP key.
Now - if you think that this ID could then somehow be tied to you, and your personal information, that's silly. More PCs are bought by businesses than homes. So - at a business, they'll get a lot of systems based on PIIIs. The system is not yours (even if you're sitting there using it) - it could be moved to someone elses desk tomorrow. Or, someone else could be sitting at your desk tomorrow. This thing in no way ties you to a machine and vis-versa.
I guess it was a bad idea to ever encode your bank acct on that plastic card?
When they were talking about on-line commerce - I really don't think they were talking about something as trivial as you making credit card purchases from some porn site!
What we're talking about is yet another ID that physically allows the decryption, or enables the running of something on that system and that system only.
- Porter
PS: I use an AMD chip because I support the underdog, and I wanted to save some $$. I won't be getting a PIII anytime soon, because I'd have to get a whole new MB, etc.
Yeah, serial number seem spooky.
And Scott says, "get used to no privacy."
But I'm not gonna give up the fight that easy.
Time to fire up your mail programs again..
and prepare to share your thoughts with
andy_grove@intel.com
Founder of Intel, a man who I would hope reads his e-mail. If your decision to purchase Intel has been swayed by this less than informed PSN mistake, please inform him.
I've already sent him a quick note expressing my concerns. (hint "Can't see myself buying a buggy chip like this.." seems to be effective)
If you do choose to write, please keep it professional, a well written letter is a lot more effective than a poorly written rant.
~Grell
"Never doubt that a small group of thoughtful, committed people can change the world.
Indeed, it is the only thing that ever has."
- Margaret Mead
...when it gets down to fundamentals, do what you have to do and shed no tears. Dr. Matson in Tunnel in the Sky
-hmm ok ya got me there.. ^_^
...when it gets down to fundamentals, do what you have to do and shed no tears. Dr. Matson in Tunnel in the Sky
It seems to me that Intel's ID number scheme would be a great way to sell Linux. "We disable the Intel PID automatically!"
The idea is to write a kernel module that you can compile to disable the PID at boot. Or, perhaps with compile option -D__PIDSPOOF__, have it substitute a random PID for the original PID. If even a small fraction of users do this, it would make collecting PID data absolutely useless.
Finding God in a Dog
Personally I feel this boycott is getting a bit out of hand. I can see reason for not purchesing a Pentium III which has the identifier enabled by default, but on the *new* Pentium IIIs where you have to enable it by hand, let it be. There's nothing wrong with a serialized processor any more than there is somthing wrong with a VIN (Vehicle Identification Number) on your car. As you all (hopefully) know, TCP/IP has no provisions in it for transmitting the CPU identifier. Therefore it always will require external software to transmit it. And because of all the people who run older or non-Intel processors, I don't see vendors requiring a CPU identifier except in the most extreme cases, probebly those which currently require dongles (or hardware keys). I guess this could potentially be bad for the dongle vendors, though.
What the hell is wrong with these people! Give it up! This will in no way hinder the Linux way of life, period. End of story.
"Your heart is free. Have the courage to follow 'er."
-- Grow up and use mutt.
One critic who was appeased by Intel's new plan to ship the PSNs in the off position was Steve May, a Republican member of the Arizona House of Representatives. He said that he won't submit a bill banning the production or sale of Pentium IIIs, which are manufactured in his state, because Intel is taking steps to address the security and privacy concerns.
I hope Rep. May is just as vocal about the government's habit of abusing the privacy of unsuspecting citizens, lest he be a complete hypocrite. Oh wait...politician...hypocrite...is it possible???
If MS embeds that shit in Windows 95 or Office, who's gonna boycott THEM (exept for the few who know better than to use MS in the first place). Of course i'm set, 'cause i only use OSS, so if someone puts ID shit in thier software i'll just take it back out.
My browsers asks me before accepting cookies, and I can count on one hand the number of sights I have allowed it to store cookies for.
My IP number is shared with 50 (at work) and 2000 (at home) other people. They can't track who *I* am throught the IP number.
The idea of selling software per machine is brain dead anyway. Suppose I want to upgrade my processor, does than mean I need to buy a new license?
If each Pentium III will have its own PSN which one would be transmitted to as a security check?
What if the order that the processors are installed on the motherboard are changed?
I think INTeL didn't do their homework too well (not that they ever did). Either that or they had something other than "security" on their mind when they came up with this idea.
sidster--
Big brother watching? Well, poke his eye out!
--sidster
Play lotto? Try http://www.alottofun.com/
Folks must not remember the read-only VAX CPUID register which was used to track software usage. The concept is not new.
Gleepy the Hen. More intelligent than the average hen.
I fear this may lead to more sites where you've to download ActiveX components that transfer the ID. Because most web publishers would ignore other OS, this would be a real pain for me.
And some computers have two or more. And ethernet cards are much more likely to move from one machine to another. They would not be an effective way to identify a given machine, or user.
I realize some people think that having an embedded serial number would be good, But would you realy want to trust everything you own on a number that you have NO control over?
What if someone did find out your serial number?
You couldn't just change it like your logon password. You would have to buy a NEW processor to be able to get a new serial number.
But then no-one will recognize you because they will be looking for your old serial number.
Boy wouldn't that be fun.
I build computers for a living. Not only do I think it is a bad Idea from the End-Users stand point, But the Government would also be able to track everything the computer manufacturers are doing also.
I don't beleive that embedded serial numbers would benefit anyone but those that would use the information for their own gain.
I will not use any processor that has an embedded number, code, etc..
Thank You Very Much.
If the Government wants it, It CAN't be very good for the rest of us!!!! p.s. All spammers will be DELT with...
You say "The average user won't need to know or worry about what the ID is for."
Does that mean that you support manufacturers who enable the ID so they can track customers and collect info that they want without telling the Customer about it?
If the Government wants it, It CAN't be very good for the rest of us!!!! p.s. All spammers will be DELT with...
If software vendors put IDs in their programs, You can choose not to use their software.
If Chip Makers do it, How do you even know unless they tell you.
Just because Intel says the chips will ship Disabled doesn't mean that is what you get when you buy the computers.
Intel said themselves, they will ship them disabled and give you the software to Enable the ID yourself.
What's keeping the computer companies that want it enabled from doing it when they build the systems?
If the Government wants it, It CAN't be very good for the rest of us!!!! p.s. All spammers will be DELT with...
I know I routinely avoid all software that use copy protection schemes. I also know that I more than once have seen software because it pirated copies of it were widely available, and bought it as a result. It's been a few years, though, since I don't have a single commercial program on my Linux box :-)