IBM stamping ID's into new PC's

Twid writes " Reuters is reporting that IBM is duplicating Intel with the Pentium III and stamping their new PC's with a "watermark" chip to allow for "secure transactions". Just like Intel, no mention is made of how to turn the feature off or how to ensure consumer privacy."

IBM may not have grasped Intel's failure here. Attention IBM: I have been a religious Intel owner. Just the other day I bought several computers with AMD chips instead of Intel P-III's, because I don't want to be tracked - so as long as Intel wants to track me and there's anybody else in the chip-making business, Intel won't be getting my business. You just don't realize that people take their computers seriously - they don't want it ratting on them to every website they visit, they don't want it informing on them behind their back, they don't want Clipper chips performing insecure e-commerce "encryption" for them. It sounds (and of course IBM is releasing this tomorrow, so this is preliminary) like IBM has created a proprietary, closed system, which very probably includes a back-door in it for U.S. law-enforcement access, because otherwise IBM would have trouble exporting it worldwide. Only pointy-haired bosses are going to want to purchase such things. -- michael

Routers got it wrong

IBM actually will put an encryption chip on all their pc's in the future, enhancing personal security not hindering it. see the register for more info. http://www.theregister.co.uk/990927-000012.html

But if We Control The Software...

[Christopher+B.+Brown]

The only way that this feature gets to communicate with the bad guy on the other side is if the software is written to do so.

Details on precisely what instructions are involved would presumably be necessary; if one is running Linux, then actually using the instructions requires that someone convinces you to install software compiled with the "Evil Privacy-Killing Instructions."

This will fall high on the list of Things Ulrich Drepper Won't Add to GLIBC; it is equally likely to represent Instructions Unlikely To Be Added To the GCC Code Generator.

Note that this furthermore represents Instructions That Aren't on PPC which would encourage the purchase of PPC-based systems or Alpha-based systems...

Re:Wait a minute here...

[Fastolfe]

If there is a backdoor...

*IF* there is a backdoor. Somehow I doubt that such a back door exists. There's always the possibility that a back door will be discovered (and it's almost a guaranteed certainty, given enough time). If one is found, IBM will be nailed with lawsuits up the ass, criminal proceedings, you name it.

It doesn't make good business sense.

You know, it's certainly possible (I mean technologically, obviously) for the government to sneak in a hidden backdoor in Microsoft Windows. Does that mean we should ban and legislate Windows into extinction? It's also possible that they've secretly placed a backdoor in the operating systems that run on our Internet's routers. Quick! Ban the Internet!

Yes, each chip has a public key. If you don't want that public key given out, don't use software that makes use of it. Period.

I occasionally make use of a software-based PGP implementation, but you don't see me scrambling to hide my public key from people.

Remember: Multi-user systems are pretty commonplace nowadays (NT, Unix, even Windows-based workstations). It makes absolutely NO sense whatsoever to suddenly convert all programs so that they use this hardware-based encryption scheme over a user-defined one.

Wait a minute here...

[DragonHawk]

Has anybody tried reading the article?

The features of the security chip include key encryption, which encodes text messages, and "digital signatures", which act as unique "watermarks" that identify the sender of the document.

Where in that sentence does is say there is a unique ID embedded in each and every chip? To me, it sounds more like IBM is marketing a hardware-driven security engine, a "PGP on a chip", if you will. I do not see how this translates to a unique serial number on each and every chip.

(Whether you want to trust IBM's security implementation is another matter entirely.)

What does this have to do with My Rights Online? If every hardware crypto product on the market is a violation of the First Amendment to the US Constitution, Slashdot is going to become awful darn cluttered.

When I first read about YRO, I thought it seemed like a good idea. The Internet is a new medium in many ways, and I do not want the government panicking and trying to restrict it. However, YRO seems less about keeping a sensible eye on things and more about paranoid sensationalism, written by anarchists who think that all laws must be bad, all corporations must be bad, everything not invented here must be bad, ahhhhhhhhhhh!

Even if there is a unique ID embedded in this chip, so what? A Unique ID for each computer can be a useful thing. For example, if you are trying to implement property control in a large organization, an electronic serial number would be a Godsend.

The problem with Intel's serial number was twofold: First, they were marketing it for "secure online transactions", something which it is not appropriate for, and second, they tried to smuggle it into every system made, turned on by default. That is not good at all. But there is zero evidence that this scenario is even possible with IBM's chip, let alone going to happen.

Please. Keep your head. Do not react first and then stop to think, or you are just as guilty as the government for panicking when something new comes along.

(And before you tell me "Nobody is forcing you to read YRO": There is thing thing called feedback...)