Slashdot Mirror
IBM stamping ID's into new PC's
IBM may not have grasped Intel's failure here. Attention IBM: I have been a religious Intel owner. Just the other day I bought several computers with AMD chips instead of Intel P-III's, because I don't want to be tracked - so as long as Intel wants to track me and there's anybody else in the chip-making business, Intel won't be getting my business. You just don't realize that people take their computers seriously - they don't want it ratting on them to every website they visit, they don't want it informing on them behind their back, they don't want Clipper chips performing insecure e-commerce "encryption" for them. It sounds (and of course IBM is releasing this tomorrow, so this is preliminary) like IBM has created a proprietary, closed system, which very probably includes a back-door in it for U.S. law-enforcement access, because otherwise IBM would have trouble exporting it worldwide. Only pointy-haired bosses are going to want to purchase such things. -- michael
I can't believe that the original poster is talking about back doors and close systems based on nothing but wild-eyed speculation.
I realize it's a radical thought for some people around here, but let's get our facts straight first before we start deciding What It All Means, OK?
Is just a chip that does encryption and
signing. This could either be:
Very good if it uses standard, verifiable
hashes and encryption algorithms. If it
does indeed do encryption faster than this
is a good thing. Esp. If IBM gets export
licences for stronger keys.
Very Bad if it uses proprietary, unverifiable
algorithms, perhaps that don't fully use
key information so as to make it easier to
crack your important e-mail.
The article is pretty vague.
Question about reading chip ID's: Are these
privileged or un-privileged operations?
-- cary
I read that this chip implements RSA public key crypto -- but with maximum key lengths of 256 bits for messages and 1024 bits for signatures. We all know that 256 bit RSA is woefully inadequate for any real security. IBM is not about to piss off the us government by providing good or even mediocre encryption to the masses.
IBM actually will put an encryption chip on all their pc's in the future, enhancing personal security not hindering it. see the register for more info. http://www.theregister.co.uk/990927-000012.html
Does it really make a difference. The government spies because it wants to know if you're a subversive or terrorist. The corporations spy because they want to know if it's worth their while to try to sell you soda, or a new computer, or whatever. I don't think either is worse than the other. They're both bad, and I want my tools to encourage neither and discourage both.
Let's leave watermarking out of computers.
----
----
Open mind, insert foot.
Details on precisely what instructions are involved would presumably be necessary; if one is running Linux, then actually using the instructions requires that someone convinces you to install software compiled with the "Evil Privacy-Killing Instructions."
This will fall high on the list of Things Ulrich Drepper Won't Add to GLIBC; it is equally likely to represent Instructions Unlikely To Be Added To the GCC Code Generator.
Note that this furthermore represents Instructions That Aren't on PPC which would encourage the purchase of PPC-based systems or Alpha-based systems...
If you're not part of the solution, you're part of the precipitate.
The real issue is: How secure is is to trust the identity of the user based on his CPU/board ID when someone else could so easily "pretend" to be me by sending my CPU ID all over the net?
You can't, for precisely the reason you indicate. Anyone considering this information to be an authentic ID is smoking crack.
Fortunately, this chip isn't about sending your "ID" all over the 'Net. It's about cryptography and digital signatures, which are a bit harder to forge than a simple ID.
Along the trojan/virus thread, why in the world would somebody write such a virus? The only data this chip would attempt to make available is perhaps the public encryption key, which is designed to be put out into the public anyways. I don't see the big privacy problem here. A legitimate example of a privacy-invading virus would be one that watches the system and constantly reports where the current machine is browsing, what they're doing, what documents they have, etc., but this can be done with or without a cryptography chip such as this.
I suppose a trojan could use the chip to digitally "sign" something the user didn't intend to sign, but re-read the article: a user PIN (password) is allegedly required to activate this chip. *shrug*..
Why do you think this is proprietary? Don't you think that kind of limits the usefulness of such a chip? I mean what good is a digital signature or encrypted data if only people using an IBM machine with one of these chips can use/decrypt it?
I think it's a pretty safe bet they're using existing cryptographical systems. An earlier post said they were using RSA algorithms, but I haven't been able to verify that myself.
It's not possible to be 100% secure with your data. Period. It's all a matter of "degree". How "secure" do you want to be?
Sure, this solution is secure, but it's not *as* secure as other, unexportable alternatives. In ten years, "real security" will mean something entirely different. The original poster was using the term "real security" by saying the key sizes allowed by this chip were inadequate for truly sensitive data. I was simply saying that IBM is not marketing this mechanism for people that regularly make use of truly sensitive data.
Read the article if you haven't already. This is all discussed there.
But only IBM, or their designated manufacturers, or people who send a signal to my computer to get my "digital signature", can get at my hardware, excluding me.
;) Or, I could just not buy an IBM. Yeah, that's the ticket.
I'm confused. The only thing this chip does is provide encryption and digital signature services to applications. You will need a software-based PIN/password to access these features. I don't see how this allows IBM and its "evil" minions to "get at" your hardware. Am I missing something?
On another note. Isn't an embedded security device likely to go obsolete pretty rapidly? Then what, we have to buy a whole new motherboard instead of just installing the latest version of the software? That sucks.
All hardware-based cryptography products will be "obsolete" in short order. Does that mean they can be upgraded? Not without changes in US export laws.
It's certainly possible this chip is replaceable as cryptography improves in the future.
easy would it be to pry the sucker off?
Hey, suit yourself. It's just hardware-based encryption and digital signatures. The same sort of stuff I'm doing with PGP in software today. The only data that can be made public via this chip is your public key, which is something I make an *effort* to make public while I'm using PGP. I really don't see what all of the fuss is about. If you don't want to use it, just don't use it. If you feel like you don't want to buy from them, fine.
The only thing this chip ever makes available would probably be your public key. The whole concept behind public/private key cryptography is to make the public key publicly available to those you want to communicate with.
If someone wants to write an evil privacy-invading trojan program that secretly tracks your every move, it's probably in their best interests to use any of the other ID mechanisms already on your machine, like the MAC address, Windows registration codes, e-mail addresses in your e-mail clients, etc., etc.
Besides, the article explicitely states that you'd need to enter a PIN/password of some form to use features of this chip. Now, I have no idea if it's possible to circumvent this, but you'd think IBM would have done a bit of thinking and planning prior to now, yes? *shrug*..
In short, the potential for privacy abuse is virtually nil, and it's comparitively zero when held up with other methods for identifying and tracking you that already exist in software and hardware. I don't see any virii, trojans or rogue software companies out there making use of that, do you?
I don't think you quite understand how this chip is supposed to work.
So everything made on a computer can be traced to that computer.
This isn't correct at all. The digital signing/encryption process requires the user to enter a PIN/password. The user must *explicitely* make the effort to digitally sign a document or to encrypt data. This isn't something that can just be hidden in the background for malicious or rogue software companies to take advantage of.
Though to be fair, it's certainly possible that this PIN requirement could be bypassed by a trojan/malicious coder. I'd be interested to hear how IBM plans to keep that from happening.
Furthermore, what happens when 128-bit keys are no longer secure enough and you need to move to 256-bit keys?
I believe a previous poster mentioned that this chip was capable of 256-bit encryption and digital signatures up to 1024-bits. Granted, it will be obsoleted in several years, but it's more than sufficient for items not of a super-sensitive nature. The article explicitely states that it should be adequate for around 80% of their customers. The remaining 20% apparently have needs for stronger encryption and either won't use this hardware chip, or will use it in conjunction with something else (as the article states).
Nobody's *requiring* this chip to be used. The whole idea is that the hardware chip completely hides the private key, making it impossible to recover by software (thus exposing data encrypted with it). Yes, it will be obsolete in time. So will existing software solutions. If you don't want to use hardware cryptography, don't. If you don't want to use software cryptography, don't.
As far as tracking users goes, I can think of much better ways to construct evil programs and trojans to do this job much more effectively and doesn't require that the user have a motherboard with one of these chips. Privacy and security issues here are minimal at best.
Damn I feel like a broken record here..
the software can be used to track people wherever they go
A PIN/password is required to activate features of this encryption chip. Thus, encrypting or digitally signing something requires explicit user intervention.
There is no "ID" that is sent out by evil software. The only thing I can think of that might work in this fashion would be the public key, which is meant to be distributed anyway. If I were writing a trojan or an evil program to track users, I can think of a few better ways of doing this than relying on something only a small percentage of consumers is going to have available (like, say using the MAC address, Windows registration codes, e-mail addresses, etc., etc.)
If you had read and understood the article, you would know:
By placing the private key in *hardware*, it no longer becomes accessible by software. It is impossible to recover a hardware-based private key via software.
The only way a hardware-based key can be discovered is if it's cracked. Seeing how distributed.net has been working on cracking the latest 64-bit RC5 key since the latter part of 1997, I don't think we have to worry about these hardware keys being cracked any time soon.
What happens if your key gets compromised??
:(...
What makes you think this is possible? By storing the private key in hardware, it becomes impossible to access via software.
The only way the key could be discovered is by a cracking effort. At 256-bits (as one poster indicated for encryption, and 1024-bits for digital signatures), it's going to take a long time for that to happen.
How are you going to be able to communicate to the powers that be that your key has changed, and not only that, you could just change your key and all your new transmissions would be unreadable...
Uhh, the same way that people do it today with software encryption products (like PGP). Just pass out your new public key and stop using the old key pair.
Better yet, J. Smith over here invents a utility to reflash the chip with an arbitrary "identifier" and people can now pose as you
You assume that this chip can be "upgraded". It's quite likely that this chip is entirely hardware-based. No "flash" upgrade at all. That would leave it open to the attack you mentioned. The whole idea is to keep the chip completely isolated from software.
This is *not* a "CPU ID" chip. It is designed to do hardware-based public/private key encryption. To use these hardware features, you must supply a PIN/password to enable access to your key pairs. Thus, it is an explicit user-initiated process.
To suggest that web site owners will start requiring people to use these keys is totally absurd. Why in the world would web site owners voluntarily reduce their client base to less than 1% of its current base (those that have machines with these chips)?
People are using the same arguments they used against the Intel PIII CPU ID thing, when really the two situations aren't alike at all.
If you don't want to use the encryption offered by the hardware, DON'T. Stick with PGP or whatever other software-based solution you're using today. The only difference is that in the hardware implementation, it becomes impossible for trojans/virii/malicious programs to steal your private PGP key.
It's rather commonplace for people to upgrade their desktop PC's every few years. CPU's change, motherboards change, hard drives change. To tie software to any of these components seems rather stupid to me.
The only reason this sort of thing worked with older mega-server architectures in the past is because those platforms didn't have the upgrade rate of today's PC's. Plus, even if an upgrade *was* performed, all you usually had to do was contact the software vendor and let them know. A new software key was re-issued in short order.
With the upgrade rates of today's systems, I can't imagine a software company volunteering to create a staff of people set up to handle the enormous volume of requests for new keys as people upgrade hardware.
First of all, why hardware? It's just as easy to implement the crypto in software. And software encryption can be much more flexible, handling larger key sizes for the ultra-paranoid, or forty-bit keys for the clueless.
The whole point behind using hardware crypto is that it's impossible for software to recover private keys that are stored in hardware. With software-based crypto, there's always the (small) chance a trojan/virus will discover and recover your private encryption keys.
Finally, why the hell would you do this when there was so much controversy over the PIII ID? I would figure that IBM has some good PR and advertising folks-- how did this one slip out the door?
Because this crypto chip has nothing to do with ID's. All it does is provide encryption and digital signing services. To use these services, you must provide a PIN to software, which enables the features. It becomes an explicit user-initiated process, not something that can be maliciously hidden in the background.
The whole point is to allow you to digitally sign and encrypt data. What's the point in building a hardware system if malicious code could digitally sign stuff on its own, without your approval?
You assume that these encryption keys are associated with you personally. What you don't realize is that it's very common for secure HTTP sessions and SSH connections to generate new keys all the time.
So long as the remote end has *some* public key that represents your system, they can verify your messages and validate your signatures.
The difference between this hardware scheme and existing software schemes is that it's theoretically possible for a malicious program to obtain your private keys stored on your system. It's not possible to do this if these keys are stored in hardware.
Hell, why not outlaw IP addresses while you're at it.
These things are necessary for networks to function.
As far as the hardware encryption chip goes, do a bit more reading and you'll discover that this really isn't something that *needs* to be disabled. The whole "it's another attempt to brand our computers with an ID" argument is just silly. The only thing that this chip does is hardware-based encryption/decryption of data, much like an MPEG decoder card. The only difference is that, for this chip to work, you'd want to publish the public encryption key so people can send you encrypted messages and you can send others encrypted/signed messages of your own. It's NO different than using a software-based encryption solution, except that with hardware, it's impossible for someone to "steal" your private key.
I will state that all things (this is stated liberally, I am sure that I am wrong in certain cases) that has to do with hardware can be discerned/extracted using software.
The reason private keys can't be "pried" from hardware products is because these hardware products provide no mechanism to retrieve the private keys.
It's the same reason you can't write a program to command an Intel CPU to change colors. The chip simply isn't capable of doing it.
When constructing something like a cryptographic chip, just build functions into the chip that you need. You don't want the private key to be exposed, so don't create a "return_private_key" opcode when designing the chip. There are probably things like "return_public_key", "encrypt_text_at_this_memory_address", etc. Unlike software, you can't just write a program to examine the details or inner workings of a piece of hardware. The hardware has to be explicitely programmed to volunteer that data.
Hardware data encryption has been something pushed for quite a while now. It's not that it's faster or more convenient than software solutions, and *certainly* it's not because the hardware is more adaptable. It's because the hardware version is incapable of allowing the private key to be discovered. Whenever you use software, the public and private keys are stored somewhere on the hard drive in a not-so-cryptographically-secure form. This means it can be found and stolen by a malicious program. That simply isn't possible with hardware solutions.
The keys are stored in the hardware. The article states that in order to access these hardware features, you will have to provide a PIN to the software to gain access to the keys.
Without this manual step, it would become possible for malicious programs to digitally sign/encrypt things you didn't intend to sign/encrypt.
I'm amazed at how many posters on this thread are running on the "it's another CPU ID" gripe when that has no basis in reality.
It's because of the submitter's "summary" and "michael"'s subsequent editorial. It's obvious he didn't read the article. He just saw the "CPU ID" phrase and went ballistic, like so many uninformed privacy nuts that post here regularly.
I really wish the Slashdot authors would try to be a little less biased when it comes to the articles they post here. Slashdot has become MUCH too editorialized, which wouldn't necessarily be *all* that bad, except THEY DON'T DO A GOOD JOB EVEN AT THAT. They base their editorial comments and slurs on stupid/uninformed assumptions based on little/no information. As much as I love Slashdot, it will never be a true journalistic site until it can replace its poorer "authors."
With a hardware encryption scheme (note: *not* ID), it's *impossible* for someone to "steal" your key and use your identity. That's the whole point behind hardware encryption. The private key is stored in hardware and is totally inaccessible to software. This is the most fundamental reason hardware encryption exists.
This chip isn't being marketed at all as any "real" security solution. The article explicitely states this. In the event a consumer needs a more secure solution, IBM has add-ons and other products to suit them. The cryptography, they say, should be adequate for 80% of their customers. I agree.
If there is a backdoor...
*IF* there is a backdoor. Somehow I doubt that such a back door exists. There's always the possibility that a back door will be discovered (and it's almost a guaranteed certainty, given enough time). If one is found, IBM will be nailed with lawsuits up the ass, criminal proceedings, you name it.
It doesn't make good business sense.
You know, it's certainly possible (I mean technologically, obviously) for the government to sneak in a hidden backdoor in Microsoft Windows. Does that mean we should ban and legislate Windows into extinction? It's also possible that they've secretly placed a backdoor in the operating systems that run on our Internet's routers. Quick! Ban the Internet!
Yes, each chip has a public key. If you don't want that public key given out, don't use software that makes use of it. Period.
I occasionally make use of a software-based PGP implementation, but you don't see me scrambling to hide my public key from people.
Remember: Multi-user systems are pretty commonplace nowadays (NT, Unix, even Windows-based workstations). It makes absolutely NO sense whatsoever to suddenly convert all programs so that they use this hardware-based encryption scheme over a user-defined one.
``People from outside (of your organization) can get at your software,'' said Anne Gardner, general manager of desktop systems for IBM. ``People from the outside can't get to your hardware.''
So there will probably not be a software flash-upgrade for this chip or anything like that: after all, if it can be software-upgraded, it can be cracked: witness the recent virus (forget its name) that wiped your BIOS chip if you had a Flash-BIOS capable motherboard and chip. So the only way to upgrade this thing will be to replace the chip -- and it'll likely be soldered onto the motherboard.
``We want this to become an industry standard,'' IBM's Gardner said. ``We want this on as many desktops as possible.''
Which means that if they get there wish, people who build <buzzword>E-commerce</buzzword> sites will start to rely on their customers having PC's with the chip installed.
The features of the security chip include key encryption, which encodes text messages,
What key length? Is it upgradeable? Considering the "can't get at it with software" statement above, probably not. So either it will have export-grade encryption (weak and insufficient, as most /. readers well know) or the U.S. government will restrict its export from the U.S. Furthermore, what happens when 128-bit keys are no longer secure enough and you need to move to 256-bit keys? Whoops, sorry, can't just get a software upgrade, you need a new computer. More lock-the-consumer-into-the-upgrade-cycle stuff here, even if it's not intentional (and it very well may be intentional).
and ``digital signatures,'' which act as unique ``watermarks'' that identify the sender of the document.
So everything made on a computer can be traced to that computer. Just like typewriters in the olden days (I seem to recall a few detective stories based on that fact). Great -- could be useful in some circumstances; law enforcement would love that, for example. This is where the privacy issues (which I'm not discussing here) come in. BUT this just identifies machines and is useless for identifying people. It will almost certainly, however, be misused for identifying people by what computer they use. What happens when (not if) Joe L. User sits down at one of the public-access PCs at his local library to surf the web, sees a cool "web shopping" site and registers as a customer? Assuming the site uses the chip ID the way IBM seems to be suggesting here, it will send Joe's computer (which is actually the library's) a digital certificate for Joe to make it "easier" for him to shop there since next time he won't even have to log in. Joe likes this, of course: it makes things easier for him. So Joe orders a few things and leaves. (Log out? What's dead trees got to do with things, anyway?) Now Carl Cracker comes along, uses the same computer at the library, and checks the Netscape history to see what he can find. He finds Joe's recent visit to the <buzzword>E-commerce</buzzword> site, checks it out, and sure enough, Joe didn't log out. So he visits the site and their software thinks he's Joe. He orders a bunch of stuff and charges it all to Joe.
Plausible scenario? You bet. Could <buzzword>E-commerce</buzzword> site designers be so clueless as to use a mechanism designed for computeridentification to identify people? No doubt about it.
The real solution to the <buzzword>E-commerce</buzzword> security issue is software. Ubiquitous, open-source, peer-reviewed software. Like, say, PGP (International version), or GNU Privacy Guard, or SSLeay. The hard part is that "ubiquitous" bit. You want real security? Here's how: Convince your boss to go open-source on the security aspects of the company's new <buzzword>E-commerce</buzzword> site. Read the Linux Advocacy mini-HOWTO first, then point out the advantages of using PGP or GnuPG or SSLeay rather than a proprietary solution. It'll be a hard sell, but stick with it. If everyone works at this, we'll eventually achieve the "ubiquitous" part.
The solution is out there, folks. Let's go implement it.
-----
New E-mail address! If I'm in your address book, please update it.
The real meaning of the GNU GPL:
"The Source will be with you... Always."
How arrogant of IBM to assume the subversive element of our society won't abuse this new privacy-invading 'feature'. What's worse.. they're actually encouraging the very thing this ID feature was supposed to stop - fraud!
To use an old, but good, example - if you don't have a secure channel with another person, you probably aren't going to be tempted to communicate sensitive information with it. But.. if you think you have a secure channel with another party.. you may be more willing to divulge sensitive information. The key word here is think. If that channel isn't secure.. you're exposing yourself to more risk than if it didn't exist at all! It defeated the very reason it was created - security. The use of this chip holds a similar analogy - if it is used for verification, then anybody who can defeat it can masqarade as anybody relying on it as a method of authentication. In short.. the barn door is wide open.
So privacy nuts... I suggest you adopt this approach instead - crack this scheme as fast as you can! Defeat it before people start relying on it - and issue a joint statement on why this is such a bad idea.
--
Hardware based authentication and security tokens should be based on something portable, and that portable needs to have enough compute power to implement something like zero knowledge proofs. SmartCards fit the bill, and they are cheap. Keyboards should have SmartCard readers, and standard cryptographic methods allow secure transactions to be executed with SmartCards even over untrusted machines.
At best, the computer itself could benefit from hardware encryption that doesn't carry a key, in order to speed up throughput for encrypted data streams. But in the current political climate, putting hardware-based encryption into a PC is futile, since, according to US laws, it cannot be secure anyway.
Of course, e-commerce companies don't like SmartCards because, oh my, the consumer can remove them when they don't want to buy anything and don't want to get tracked. ID chips tied to the CPU or motherboard are great: the kids can order, the software can be used to track people wherever they go, and there is little most people can do about it if they run standard software like Windows.
If IBM wants to drive secure e-commerce, they should be shipping computers with SmartCard enabled keyboards.
I thought I read somewhere (no, I can't remember where) that this chip was just a random number generator in hardware. Which would theoretically be much more secure than one in software, because it could incorporate environmental variables that software can't access... If that's the case, then it's a good thing, so long as it's free for others to implement.
:) IBM predominatly uses Intel chips, so what justification could they give for making a new ID?
If the chip is a new ID, it's a huge waste of effort now that every intel CPU has an ID, every ethernet adapter has a MAC address, and every PC sold (through "legal" means) has a unique windows serial number (i know i know i know, use linux... just as soon as (fill in the blank) is ported!
Responding to a comment above, I know I don't know where my link is, but do you have a link to where it says this chip implements 256-bit RSA??? I find it very hard to believe that IBM would be shortsighted enough to use that.
What I think we're seeing here is the difference between two philosophies.
The geeks seem to hold fast to the belief that: You can not expect differing results from the same behaviour. We've seen the Intel precedent, and the result, and so we're expecting (reasonably) that the same actions by IBM (X) will have the same outcome (Y).. Next time, when a new value of X is fed into the function, the same value of Y will pop out the other end.
On the other hand, it looks like the corporations see it as: The squeak wheel gets the grease. Intel took the brunt of the opposition to the concept. Now IBM has picked up the gauntlet and is trying to run with it. Public opinion has been tested, and now the news is old. There is less likely to be as much opposition to the idea now, since it's not 'sexy' anymore. And if enough large companies reach concensus on this, the cusotmer is likely to simply believe, or give in assuming they can't win. Intel, IBM, any X, will keep chipping away at the issue until the wall gives way.
Eventually, what this will become is a matter of will. We have already made clear the reasons why this is not a good idea. We see it as a solved problem - how many times can you run through the same process until it becomes too tedious, and we move on? Intel was shown to be wrong and has backed down (a little). Now IBM put a new spin on an old hat. Eventually, one side will get tired, and it's likely to be the side that has less PR money.
Eventually we will get tired of voicing the same objections. The customers and the public-at-large will get tired of hearing the same arguments. The right legislator will get greased, and it will come into being.
-- What you do today will cost you a day of your life.
The linked article never mentions a serial number ala Pentium III. Never. Not once. What it does say is that the IBM PC's will include a chip which performs some public-key encryption routines. Specifically, it will perform digital signatures. Now, how exactly is that an invasion of your privacy?
;-)>
I'm amazed at how many posters on this thread are running on the "it's another CPU ID" gripe when that has no basis in reality. Besides, these PC's will probably ship with P-III's, and why reinvent the wheel
To quote from the C|Net story about this:
------quote on--------
Big Blue, taking a lesson from Intel's blunder, worked with privacy groups, such as the Center for Democracy and Technology, on implementing the security chip.
"We found we could create a solution that does not create additional privacy concern, but built on a good security base and lets the user be the ultimate decision-maker," said Hester.
------quote off-----------
While it's true that the devil is in the details, and we don't know a lot about how this will be implemented, I have a hard time seeing how this a bad thing. Unlike the PIII ID feature, which provides no security at all for the user, this has the potential to provide a lot of security for the user. The reality is that encryption based digital signature techniques, which this chip will help enable, are the only way to protect people from identity theft online.
The big question is how avaiable is the documentation going to be. If it will be possible to write linux drivers and (say for example) allow GPG to perform RSA using licensed hardware, that seems like it could be a good thing. Depending on what the API looks like for this thing, it may be possible to turn around the "strong" signature capability and turn it into a "strong" encryption engine. Now that would be cool...
Ya know, I can only believe this is pure flamebait, so I'm an idiot for responding, but your description shows zero knowledge of how digital signatures work.
Well, perhaps you are an idiot, but I do know how asymmetric cryptography works.
Did it ever occur to you that this chip may implement the algorithms for key generation, message signing, and encryption, while the keys themselves get stored on disk, and fed to the chip using device drivers?
As I said, like "PGP on a chip". Did you read me post at all?
No, I do not know how this chip from IBM works, but neither do you, as far as I can tell. Meanwhile, you and a bunch of other people are doing a headless-chicken-scene, which never helps.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Has anybody tried reading the article?
The features of the security chip include key encryption, which encodes text messages, and "digital signatures", which act as unique "watermarks" that identify the sender of the document.
Where in that sentence does is say there is a unique ID embedded in each and every chip? To me, it sounds more like IBM is marketing a hardware-driven security engine, a "PGP on a chip", if you will. I do not see how this translates to a unique serial number on each and every chip.
(Whether you want to trust IBM's security implementation is another matter entirely.)
What does this have to do with My Rights Online? If every hardware crypto product on the market is a violation of the First Amendment to the US Constitution, Slashdot is going to become awful darn cluttered.
When I first read about YRO, I thought it seemed like a good idea. The Internet is a new medium in many ways, and I do not want the government panicking and trying to restrict it. However, YRO seems less about keeping a sensible eye on things and more about paranoid sensationalism, written by anarchists who think that all laws must be bad, all corporations must be bad, everything not invented here must be bad, ahhhhhhhhhhh!
Even if there is a unique ID embedded in this chip, so what? A Unique ID for each computer can be a useful thing. For example, if you are trying to implement property control in a large organization, an electronic serial number would be a Godsend.
The problem with Intel's serial number was twofold: First, they were marketing it for "secure online transactions", something which it is not appropriate for, and second, they tried to smuggle it into every system made, turned on by default. That is not good at all. But there is zero evidence that this scenario is even possible with IBM's chip, let alone going to happen.
Please. Keep your head. Do not react first and then stop to think, or you are just as guilty as the government for panicking when something new comes along.
(And before you tell me "Nobody is forcing you to read YRO": There is thing thing called feedback...)
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
I don't like this idea at all and if one of my future computers will have such a chip inside, I'll take major measures (soldering iron included) to make it not perform as intended. However, I'm not blind and can see the writing on the wall. Hardware authentication makes too much sense to be ignored. Given all the security scares (real and imagined), the government and corporations will want reassurances of security and a hardware solution will appeal (with reason) to them. Besides, I don't really object to hardware authentication on, say, my office box. Not that it can successfully pretend it is something else anyway... :> But as to my home machine: not bloody likely I'll install this thing willingly.
For my fellow paranoids (we know who you are!): keep in mind that all ethernet devices, including the NIC in your machine, already have a global unique identifier -- MAC.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Why shouldn't a customer expect a "'real' security solution" to be "adequate"? Put another way - why bother with security if it is, in fact, not "real" security?
This "solution" just leads to a false sense of security. Furthermore, it leads to confusion and sensationalism when that false security is shattered by a compromise.
Information is power. Today, that statement is more true than ever before. Entire companies are built on information. No other products; no widgets, no foodstuff... just information. Therefore, anything and everything a company can record about you is worth money... to someone. And they will record it. Even if it has no use today, tommorow it might be invaluable. And every step is an invasion into your privacy.
I'm sure you can trust your parents. And I'm sure there are a lot of other considerate, non-snooping people out there. However, I can't say the same for corporations. If there is value, they will snoop. And information warehouses have already shown a complete disreguard for privacy and safeguarding the information they sell.
Identity theft was science fiction in the past. Now its a real problem. If databases of personal information didn't exist, or were at least better guarded, the problem wouldn't exist. But it does. And many advances in data technology simply adds to the ease of generating these databases. This is why we SHOULD be aware of our privacy.
Where did this "Privacy Is The Be All And End All" mind set come from? Its a sign of the times.
So let's get a few things straight:
1. Unique serial numbers have been with us for a long time. (The MAC address of your Ethernet card is unique to your computer. Moreover, the tools are already in place to track your computer using this identifier, I.E. arp.)
2. Unique ID's have many useful functions besides violating, your already non-existent, privacy. (Just to start with, tracking is not necessarily bad. Anybody who has had a laptop stolen from them probably knows what I am talking about.)
3. The real threat is not that we can be tracked, it is that it may be done without our consent and in secrecy. (There are more than enough trojan java and activeX applets that will track every web site you visit AND record your passwords already out there.)
Don't fight the technology, demand a better implementation. Anytime something like this comes up, just make sure the implementation is open and well documented.
Convenience is the great enemy of privacy. Corporations like IBM, Intel, Microsoft, and Sun will always be able to justify (or perhaps legitimately believe) that the convenience of ID stamping or data broadcasting for their latest nifty upgrade-inducing "feature" outweighs the small decrease in consumer privacy. And because most of us are lazy - yes, even you noble Slashdotter - we will ultimately accept these small intrusions in the name of preserving our free time and sanity. Can you imagine living life in American without a SSN? It is legal I believe, and it would indeed greatly inhance your personal privacy, but it is incredibly inconvenient. What about eschewing license plates, and therefore cars? Possible. Not convenient. The process will continue as long as we are blinded by our love of "progress", as defined by the availability of neat new gadgets everywhere we go. Real progress is social change than enhances lives, not merely technology that makes life more ornate. Fat chance of changing our culture, though.
-konstant
-konstant
Yes! We are all individuals! I'm not!
``People from outside (of your organization) can get at your software,'' said Anne Gardner, general manager of desktop systems for IBM. ``People from the outside can't get to your hardware.''
The funny thing is, anyone _can_ get to my software, including me. It's open source. But only IBM, or their designated manufacturers, or people who send a signal to my computer to get my "digital signature", can get at my hardware, excluding me. I like systems I can control a bit more.
On another note. Isn't an embedded security device likely to go obsolete pretty rapidly? Then what, we have to buy a whole new motherboard instead of just installing the latest version of the software? That sucks.
Hmm, the article just says that the chip is embedded in the hardware, somewhere. I wonder where? How easy would it be to pry the sucker off? ;) Or, I could just not buy an IBM. Yeah, that's the ticket.
Communication is only possible between equals
Besides, if you have an ethernet card, you already have a unique ID in your computer hardware. Its called your MAC address. Microsoft uses it to uniquely stamp your word documents. (Thats how they traced down the mellissa virus author.) The misuse of it is all at the software level. I can't imagine anybody writing free software that will use IDs like this. I'll keep away from MS thank you.
Looks like we're in for yet another privacy invasion "debate". I use the term debate very tongue in cheek because everyone will point to the serial number and scream big brother.
:-)
People who don't do things they shouldn't have no fear of "privacy invasion". But with porn being the true fulfillment of e-commerce on the web and the occasional illicit mp3 download it's a safe bet that a sizable percentage of the internet going public have justifiable reasons for not being tracked.
What everyone seems to forget is there is no anonymity on the net thanks to a little thing called an IP address.
Did you download a song from alt.binaries.sounds.mp3? Or maybe that latest nude in alt.binaries.pictures.erotica.*? Your ISP knows exactly who you are. Your IP address is logged along with your user name and password. Your user name is in their billing records - complete with your name, address, phone number, and probably your credit card number.
They could also care less unless someone is calling to say you broke something or you spammed slashdot or something.
Maybe you've visited a ftp site and downloaded a movie. If the ftp site was a sting operation then they've got your number and can force your ISP to turn that number into a name. The same is true for web sites. If you downloaded a movie you're probably broadband and have a greater chance of having a fixed IP address, in which case you already have a serial number even if you use AMD.
Having run a large and successful website I can state absolutely that after 100 unique visitors a day people stop being people and start being demographics. The real life corollary is that everyone has a driver's license and a social security number (and credit card numbers and all that) but even though it's possible to do, you have a better chance of winning the lottery than having someone piece together your every move. So the only true privacy we have is safety in numbers.
Privacy is and always has been an illusion and never more than on the web. The people who want to embed serial numbers in your computers realize this. Shoot -- every slashdot reader should know that given time, determination, and lots of search warrants anyone can be tracked down. The elite slashdoters can do it without warrants and the best of the best can probably do it without using a single z to describe the process. So if there's no anonymity then the good of serial numbers far outweighs the "bad" (mainly giving you a false sense of security which is bad in its own right).
A similar fuss was made over the introduction of caller id. Caller ID still went through and guess what? I haven't gotten a prank phone call since it was introduced. Like caller ID, this too is going to happen. There are too many good reasons for it not to. Forging, changing, or blocking the serial number will also be a very easy. The program to do it will probably have a z in it though. "SerialZ no more" or something. Look for it at that zero-day-warez site near you.
This sounds more like a e-commerce marketing ploy than an evil plot to spy on us. IBM is simply marketing for the same audience that buys into 'Blue'; AOLusers. They're selling it to the uninformed. For the rest of us, the chip is useless. It may provide some limited form of encryption, (read small key) but which of us would actually trust it over GPG? Watermarking? Not as reliable as a Verisign registered key, I'm sure.
Plus, we can be sure that the possible 'Big Brother' applications of it will only be included in MS products, so we're all safe! Right?
.sig: Now legally binding!