Possible EU Embargo on Pentium III

A reader writes "The brand new and yet unreleased STOA report (European Union Technical Committee) recommends an inquiry of the possible roles of the NSA ^[?] and the FBI ^[?] in the creation of Pentium III serial number. Possible consequences could be an European Union ^[?] -wide embargo against Pentium III-powered equipment. Read the scoop here. The article is in German, use our beloved BabelFish. " Just a note: this potential embargo not in place - it's just a possibility. But given recent Echelon fears, this is interesting news.

Bad Euros.

[Rombuu]

Don't you just love those enlightened governments in Europe who give lip service to free trade, but are unwilling to let their people make decisions for themselves?

Here's a clue guys, let the market decide. If people are really in a tizzy about this, they won't buy the chips. If they don't care (like me), they will. See? It works out fine that way, and no government intervention needed.

Re:Bad Euros.

[ajs]

[European countries pay] lip service to free trade, but are unwilling to let their people make decisions for themselves?

This is not a matter of free trade. If a device has privacy-fouling features which were inserted by the intellegence organizations of a foreign government, you probably don't want your country standardizing on its use no matter how popular it might be. This is truely a matter of national security. I don't know anything about the Intel/NSA/FBI connection, but if there were one, I would applaud the EU taking these steps. It's sort of scary just how hard our (US) government works to quash any shred of patriotism that we citizens might have once felt.

Re:Bad Euros.

[MikeBabcock]

Did you decide to take this quote out of context on purpose? The original text mentions that this proposed embargo is because of possible NSA involvement -- oh, wait, the NSA IS a branch of government.

- Michael T. Babcock <homepage>

Re:Bad Euros.

[Rombuu]

Puhleeze.. no one has ever proved that. There are a hell of a lot better ways that putting a CPU ID on a chip to track someone down.

Does this mean that the EU will be considering an emargo on Sun workstations as well, since they contain a similar feature? How about Ethernet cards? IPv6?

Re:Bad Euros.

[Hobbex]

This is a matter of individual vs national consquences though.

Individually, if you are worried about your privacy and the implications of the P3, go buy an Athlon or install an OS you can be sure isn't fucking with you. But the European governments ARE mandated in worrying that while individual loss is minimal, there is a national risk about having a feature that caters to foreign intelligence running the IT of the country.

From that perspective there is ampal reason for the governments to act acordingly and on a national level.

-
We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.

Re:Bad Euros.

[Rombuu]

You surely aren't suggesting that the government always knows what is best for you, do you? They love sheep like you....

Re:Bad Euros.

[Rombuu]

Look, so what's your problem? Someone comes out with an allegation (no proof of course, becuase its a conspiracy, see? And if you find any evidence counter to our story, well that's part of the conspiracy too, see? Here, take another hit on this.... ahhhh) of some potential funny business. Why should the EU over-react? I mean does the average person think.. man, I don't want the NSA or FBI or whatever reading my pr0n, er.. email? The "evidence" for all this (and I use this term loosely) is out there. If someone wants to buy a damn P3, shouldn't they have the right to do so? If not, why should Sun workstations and ethernet cards be treated any differently?

Excellent.

[pb]

I always knew they had taste.

Insert something about US not caring about privacy rights here.

But why use BabelFish for something about England? No primary source?
---
pb Reply or e-mail rather than vaguely moderate.

Way to go...

[Fuhrer]

I think that this should have been done a long time ago. What always happens is that whenever a privacy breach occurs, there is a huge public outcry. After a while it dies down.

BUT, the offending product still remains, and NO REAL ACTION is taken.

It'd good on the EU to see this change. For once, a credible world body is giving attention to privacy, and this is a Good Thing.

Now that some REAL ACTION is being taken, maybe people will stop making offending products so that they won't end up on the wrong end of some embargo.

Re:Way to go...

[rde]

The EU is a remarkably inconsistent body; in general they act in the best interests of the people (according to my definition of 'best interests', of course), but they do have a tendency to promote pretty oppressive legislation when the mood takes them; Enfopol for example. A trawl through Statewatch is worth a read if you've got a few minutes.

Of course, there should be certain exceptions...

[Paul+Crowley]

If there's to be an embargo on the Pentium III, it should not cover systems preloaded with operating systems which disable the serial number on start up, and make it difficult for new software installations to arrange for it to be re-enabled on boot.

Now, that's not Windows, but another operating system close to all our hearts...

(Seriously, this is of course a silly suggestion. I'd sooner see a lot more attention paid to big databases than this sort of nonsense.)
--

Why does it matter? (PIII serial number)

[slashdot-terminal]

Suppose I walk into a store with a disguise. Fake beard moustache, wig, colored contacts, teeth, fake id to match. I then decide to buy a PIII enabled computer with cash and leave the store. Drive to some desolate location and take off and burn said desguise. I drive home and presto suddently even if that serial number gets out no one has any idea that it was me (mystery person) who bought it. See look ma no fear here.

Re:Why does it matter? (PIII serial number)

[kbonin]

Fine - there is no initial link between your PSN and your identity. However, as soon as you go online, you start leaving big tracks pointing to your shack in the woods. Even your chained SSH connections through root-kitted hosts can be backtracked through traffic analysis, and it only takes one mistake or insecure program to reveal all.

More importantly, "big databases" mean that once a correlation is established between your PSN and your SSN, your anonymity is gone. And to the extent any logs exist of your activities before this correlation was established, your previous activites are now known.

Before you laugh too loud, making these sorts of correlations between "anonymous" credit card statements sold by your bank and data sold by your merchants is already a hundred million dollar (or more) industry in the US.

Add what is being done in the name of fighting terrorism and hate crimes, and (if you are a US citizen) you have no privacy. You just don't realize it yet.

Re:Why does it matter? (PIII serial number)

[um...+Lucas]

With your Orwellian sig, I'd think you'd be more worried...

Say you plug said computer in, and sign up to an ISP. You probably need to pay via credit card, so there goes your complete anonymity. Then, though you'd have a different IP address everytime you dial in, if there were a function enabled in your browser to send the serial number back up stream, websites could collect a LOT of information on you, because they'ed all have the SN as a key to link it all back together.

It's not like you need so much to worry about Slashdot or anything. But companies like, my personal favorite, DoubleClick.net, who's ads appear across slews of websites, could learn for instance, what sites you like, what articles you read, when you sign on, when you sign off, etc...

Problem is, laws aren't in place that prevent the sharing of this information. Some information is protected, but other information isn't. And if one company abuses it's new found power, well then... I don't know about you, but i'd rather not have my complete psycholical profile stored in many computers across the internet.

Re:Why does it matter? (PIII serial number)

[G27+Radio]

Suppose I walk into a store with a disguise. Fake beard moustache, wig, colored contacts, teeth, fake id to match. I then decide to buy a PIII enabled computer with cash and leave the store. Drive to some desolate location and take off and burn said desguise. I drive home and presto suddently even if that serial number gets out no one has any idea that it was me (mystery person) who bought it. See look ma no fear here.

You could dead-end the trail at the place where you buy it in such a manner, but if someone important is looking for you it's still a pretty good lead. Also, if you're computer is confiscated for some reason, that ID could possibly be used as evidence against you, or even to manufacture evidence against you.

If you really want nothing to fear, just don't do or say anything that will make you stand out from everyone else.

numb

Re:Why does it matter? (PIII serial number)

[um...+Lucas]

The point being it'd take a huge amount of effort for your to protect your anonymity (flying to china, getting a leased line, etc...). You pretty much have to "opt-out" of releasing this (and so much other) information in the internet age.

That's kind of parallel to direct marketing, where it's now illegal for a vendor to say "Hey, since we have your credit card number already, what we're going to do is ship you this product and charge you for it if you don't return it to us in 10 days. If you do return it, we'll still recoup a 30% restocking fee."

Things like that have been tried in the past until they were explicitly outlawed. Why must an individual have to opt out of providing this information, rather than being asked to provide it. It makes a big difference, in my eyes...

And on to a slightly different subject. Has anyone figured out what the point of this ID is? Intel won't use it to track counterfeiters. You can't look up your own ID on intel's site to see what the speed of your chip is supposed to be. A unique ID doesn't aid e-commerce really. Instead it's the Random number generator... The ID just seems to have been rolled into that, where they say the ID aids e-commerce.

CPU's worked fine before they put ID's in there

Re:Why does it matter? (PIII serial number)

[G27+Radio]

How they don't have any idea of who you are. And with the use of leg extensions and such it negates quite clearly any trace. Most law enforcement people are not as smart as those who work for "the Smoking man" on the X-files. Typically most people would be fooled with that and perhaps a phony accent. I can really do a mean british accent when the need arises.

The ID number would just be a piece of the puzzle. Assuming they have no other evidence, and never find any other evidence, then you're correct--they'll probably never find you since you bought leg extensions, dyed your hair, and learned how to speak with a phony accent prior to purchasing the processor.

As far the part about the intelligence of law enforcement... I do agree that most law enforcement people are not as smart as those that work for "the Smoking man" (ie: Chris Carter.) However, the FBI, CIA, NSA, governments, and corporations most assuredly do have people that smart with more resources and tricks up their sleeves than you would imagine.

If you are a typical nerd, destined to make a good clean legal living, and don't engage in political discussions against an oppressive government, etc then it doesn't matter to you.

However, if you are doing something, for good or evil, writing or sneaking information out of the country, or anything that could potentially hurt a powerful organization then that ID number becomes a serious worry.

Suppose a large organization is trying to silence someone that is leaking information to the public regarding wrong-doings. They're starting to take some heat because the guy, still anonymous, has been right on the money too many times for it to be coincidence. They've narrowed the number down to about 50 people on the planet that could have possibly leaked the information. Then boom, one day they get a lucky break, an a processor ID. They track to processor to it's last recorded location, which happens to be a retail outlet less than 3 hours away from one of the 50 suspects--and the other 49 suspects don't even live in the country where the processor was bought. This is what I mean by "a piece of the puzzle." It's not as bad as installing a GPS transmitter in each processor, but it still adds one more security hole in the whole process of maintaining anonymity.

Or maybe I've read too much fiction and watched too much X-files. Maybe there really are no good people fighting evil under the cover of anonymity. Maybe all the good guys already work for our governments, and it's only the bad guys that need anonymity.

--numb

EU sticking up for personal privacy?

Yea, right. Just two bullies( various Euro.
intelligence agencies vs. U.S. counterparts )
fighting over who gets to beat up the smaller
kids.

the effect of FUD

[Basje]

The serial number in processors is presented to us in several different ways. Intel promotes it as a more secure way to do e-business. Privacy advocates label it as a tool for the devil.

The truth is that your computer is filled with unique numbers on hardware (HDD, BIOS, MAC-address on your network card, some graphics cards), all of which are much easier to check (they cannot be disabled), and much easier to use for privacy invasion or to secure e-business.

I think it's sad to hear that high officials now want to use the fear for another serial in hardware as excuse to boycot a company, their decisions based on pure FUD. Which is what it is.

----------------------------------------------

Re:the effect of FUD

[ajs]

I disagree. The goal of the Intel processor ID is to create a standard way of getting a unique ID across all PCs. BIOS ids are not reliably unique, as I recall, and not always accessed the same way. Hard drives may have unique IDs, may not, and they are hard to get. Ethernet cards have unique IDs, but not everyone has an ethernet card (e.g. dialup users and people who do not have a network connection at all, but sneaker-net documents from their computer), plus ethernet IDs can be changed from software.

What Intel is doing is moving access to unique fingerprinting into the realm of trivial. They are going to make it easy and consistent for software manufacturers to uniquely identify the users of software and the creators of documents. Besides all of the awful problems that arise from this (e.g. copy protection that breaks when you upgrade your processor) sort of crutch, there are already some very real-world abuses of such things in software. We do not need another ID, and what the EU is concerned about (US intellegence agencies weakening EU privacy) is a very serious concern, not to be taken lightly.

One good thing is that with the advent of the Athalon (which I understand to have no such ID) there IS a choice for high-powered PC computing.

AMD sales increase?

[Jjaks]

A European wide sales embargo on Intel PIII would mean that AMD's K7 would have that market to itself... That would be a wet dream come true for AMD, I guess.

IF the embargo comes, and I must say I find it unlikely, it's a good thing that AMD makes excellent processors. There aren't any big European processor manufacturers that I know of, so this can't be some new brilliant protectionist policy.

Re: Good euros

[MikeBabcock]

I don't mind being considered an intelligent consumer. I do mind you claiming that any of the people I've done consulting for in the last two years can think for themselves when it comes to processor choices. You do realize, of course, that most of them don't even know what a Pentium is ... as opposed to just being some chip thingy in a computer thingy that does Word faster, right? Anyway, I think maybe its a good idea for a government who feels that another is being bad to inform its consumers this way. You can't buy house paint with lead in it. Why not? Why not let consumers decide if they want lead in their paint? Why not let the market decide if mercury in your water is bad for you or not? Why not let people decide if they want to buy irradiated food or apples washed with deadly chemicals? Because consumers want experts to protect them against potentially dangerous practices of unscrupulous persons and corporations who are capable of anything given their mass wealth. Consider the US constitution; why does it allow for personal use of firearms? Specifically, there is provision for a rogue government and the need to protect one's self ... but there is encouragement to have militias so that this can be done by those trained to do so properly. If it comes down to it, I won't buy Pentiums with serial numbers, but I'd rather have my government (Canada) decide that the NSA or CIA involvement is a bad thing and protect consumers from those issues. I don't personally feel that processor serial numbers are anywhere near as serious as mercury in water -- the point is that a generalistic statement like yours needs to be considered in context!

- Michael T. Babcock <homepage>

This is fascinating!

[jd]

The Germans are a powerful group, in the EU, and they probably don't like that discussion of Echelon has been squished.

The P3 serial number clearly violates European Law on privacy. Never mind the "free trade" argument someone else gave, if someone breaks the law, they don't deserve absolute freedom of trade.

Also, the P3 serial number disabling software doesn't always work, from what I've heard. And who's to say that Intel don't have some kind of "back door", which would let the NSA or FBI get the serial number anyway? Back doors are easy!

No, this calls for a total ban, though the British will probably take it to the European Courts to try and get any ban overturned. (After all, the British are involved in the SIGINT project, and any loss of intelligence, which could be profitable to them, would not be good.)

The Germans, though, are a force to be reckoned with. They have the most influential bank, one of the strongest economies, and most of the top indstries, without which Europe would not survive. And most of those will be people all too happy to deprive US competitors of vital intelligence, such as contracts under negotiation, trade secrets, confidential reports, etc.

I think it's great if Europe can collectively stand up and tell Intel where to stick the P3, and the US intelligence community what it can do with it's unlawful spy network.

Re:This is fascinating!

[jd]

*G* That's why I specified it as a project of SIGINT. :)

Actually, it's fairly evident Echelon exists. The Australians have confirmed it, on a number of occasions, and the prohibition of any British person near Menworth Hill (including members of the Government), is indicitive of a project a bit more secretive than conventional wire-tapping. Then, there's first-hand (NOT second, or nth) accounts I have heard of massively parallel arrays of DSP chips being constructed, as part of Government contracts. I've a nagging feeling those weren't embedded into transatlantic cables to play musak.

Re:This is fascinating!

[scrytch]

> reposted because previous post was marked down. I will be heard !

This is exactly why moderators should moderate UP instead of down. Any moron can repost over and over, whereas marking UP will make for a richer slashdot experience for those people who are finally driven to browse at score 2 or 3 now that the segfault trollers have all come here.

Re:This is fascinating!

[PD]

A good friend of mine from the Netherlands was talking to another friend of mine (who is now his wife) and he used the term "Merkins" in conversation to be funny. Anyway, my American friend got a shocked look on her face and said "Don't you know what a Merkin is?" My Dutch friend said that he didn't know it was a real word and she replied with a straight face that a merkin was a toupee for "down there" because when you're old, even that hair starts falling out!

Hooo hhooo heeee heeeee. I still smile to this day when I hear the word Merkin!

Re:This is fascinating!

[kaphka]

The P3 serial number clearly violates European Law on privacy.

How exactly does it violate the law? (I apologize if the answer is in the article... I found the Babelfish translation less comprehensible than the original German version.)

I know the EU is very strict on privacy, but what exactly is it about the PIII that is so clearly illegal? Is it illegal to put a serial number on your products in Europe?

Of course, the point of the PIII serial number is that it can be transmitted to other computers for identification purposes, but that's not something that the chip does, that's the software -- software which, incidentally, doesn't exist yet, and may very well never exist.

This isn't a flame... I'm assuming you must have some reason for saying the PIII serial number violates the law, and I'd just like to hear it.

Re:This is fascinating!

[jd]

European law states that personal information may not be exported from Europe to a country where privacy laws are weaker than in Europe.

The Pentium III is designed with the purpose of exporting personal infomation. It's irrelevent, for the purpose of European Law that the software doesn't exist, it's the fact that it CAN export personal information, with no controls.

Re:This is fascinating!

[kaphka]

So is it illegal to sell a computer with Ethernet in Europe? (Being that you could easily write a program that would grab the MAC address from a computer and send it somewhere.)

Re:This is fascinating!

[jd]

Only if the MAC address were to be hard-coded into the hardware. As the MAC address can be reprogrammed, there is no personal information being transmitted.

Re:This is fascinating!

[kaphka]

Sorry to draw this out, but... You can change the MAC address? I've seen nothing to indicate that that's possible. And it would seem unlikely, seeing as its purpose is to identify a particular NIC.

Bad Euros????

[Johan+Veenstra]

Have you read the introduction? It clearly states that no embargo is in place. So free trade is stil l in place.

You cannot buy a PIII without the serial number, so consumer choice is limited.

No government intervention is needed? What about no NSA/FBI intervention is needed.

Government publicity!

[Signal+11]

The EU has just been trying to flex it's political muscles. Let them embargo the P3. While they're at it, let's embargo the whole 'net, since I can track each and every packet, connection, and bit of data that hits my router.

This is a publicity stunt. The fact that it is being done by a collection of governments doesn't negate that fact. They're testing the waters.. they are playing "paper tiger" politics. Let them.

--

Confusion of terms?

[Lord+Kano]

Is there some transposition of the terms blockade and embargo?

An embargo is when a mfgr/supplier refuses to sell a product to a potential customer.

A blockade is when a government(or governments) refuse(s) to allow a product into a country(or countries).

While I'm at it, a boycott is when someone refuses to buy a product (or refuses to buy a product from a particular source).

LK

Re: Good euros

[MikeBabcock]

So, unlike your comments w.r.t. MP3 copying, you now believe that certain companies don't have the right to do anything they wish (utilities)?

At any rate, you ignored my comments outright -- no, consumers would buy lead paint because they did long before it was banned ...

- Michael T. Babcock <homepage>

hmmm.... Interesting

[GC]

We don't have a problem giving the NSA land to build their golf balls, but we do have a problem if they have a say as to what numbers they use on processors.

Sometimes these European Decisions are somewhat strange...

Re:Way to go...Yeah Right!

[Lord+Kano]

>>For once, a credible world body is giving attention to privacy, and this is a Good Thing.

The EU is just offended that the FBI and NSA could be involved in stepping on their toes. The EU should be the only ones able to spy on residents of Europe.

If you were to walk/drive/bike around London you could be tracked by video surveillance equipment every step of the way.

The EU is no hero for the cause of privacy.

LK

Re:nonsense!

[seizer]

I think it would be safe to say that the vast majority of people using computers would NOT notice this sort of embedded code - witness the prevalence of Back Orifice, which throws in 150k (depends on your plugins) of extra code.

People are a) used to bloatware and b) just don't look at these sort of things. Be honest - when was the last time you downloaded some util and checked its filesize to see if it corresponded with your idea of how big it should be? MS Word has Pinball in, MS Excel has a pseudo fractal "flight sim", all as little easter eggs. People don't look at the app and go "that's bigger than I thought, it must have something hidden in it."

Think I've thrashed that point to death now :-)

--Remove SPAM from my address to mail me

conflicts on the horizon

[aUser]

There are serious differences in how Americans view privacy versus how Europeans view it.

For example, the credit rating agencies that collect financial information in the US on individuals are absolutely illegal in Belgium.

Except for a well-regulated database maintained by the National Bank on individuals who are behind more than 3 consecutive instalments on a personal loan, there is not one single publicly available, or against payment, financial database on individuals, because that's against the law.

It's also against the law to share or sell databases with information on individuals.

I don't understand how you can justify the buying and selling of information on private individuals, without their explicit consent. As far as I am concerned, I strongly believe that my private information is my personal property, and no one is allowed to trade in it, or disclose it otherwise, without asking me first for permission. I alone hold the copyright on my personal information, and I can assure you that I will prosecute any company that dares to disclose personal information on me to the maximum extent possible under the law, and I am sure that the amount in fines and punitive damages would drive this kind of company out of business right away.

If Intel manages to associate its serial number to my name, and then this serial number to any other personal information ot transactions I do online, they will very soon have to say goodbye to doing business in Europe.

Re:conflicts on the horizon

[jd]

Ok, let's get this straight.

• You have no objection to people saying things about you, behind your back, whether they are true or not.
• You have no objection to any individual being able to track your movements around America, your spending patterns, your lifestyles, your income, even your social security number, licence plate, home address, telephone number and your favourite TV station.

Personally, I doubt you -do- like people knowing that much information about you. I suspect that if you found a person you knew gossiping about you, in detail, to a complete stranger, you'd probably not be absolutely over the moon by it.

If one of the idiots on Slashdot got totally sloshed one night, ran some checks on where posters lived and shot up anyone with a higher Karma than them, I think those being targetted might be a trifle upset.

You can't stop people being insane, dangerous or simply downright rude. On the other hand, actively encouraging them in their insanity, and providing the crazed with the means to get crazier is as insane as the lunatics who are the problem in the first place.

No, I =DON'T= think that laws which give people control of their own lives are the "antithesis" of freedom. I LIKE the idea of having some say-so over who says what about me, and to whom. It's my life, damnit, and if any person on this planet should have a right over it's contents, it's me!

If companies can sell secrets, they won't keep them to other similar organisations. Not for long, anyway. Can you imagine MacDonalds or Burger King doing a police search, based on the licence plate, to determine if they should serve you or turn you in? And what happens if the software goofs up? You get hauled out by an ear, your pic gets in the national press, and all cos information was being shared by glitchy software, with the assumption that computers never make mistakes.

Re:conflicts on the horizon

[jd]

That's possible. I suppose we'll find out from England, where TV cameras monitor everyone outside, day and night. These cameras are hooked into police databases, and anything that can be recognised, is, and is cross-referenced.

Speeding tickets are now sent automatically - the police cameras have built-in RADAR to detect your speed, the software does OCR on the licence plate to identify the owner, who is then cross-referenced in the police databases to see where they live. The ticket is then electronically printed and mailed. No appeals are possible, as there is nobody to defend against.

I think the OS is more of a risk

[Yarn]

If you have the source to your OS, you could either prevent your apps getting at the ID, or *even better* return your own choice of ID :)

As for random number generation, can I interest you in a noisy diode? Attach it to a DAC (Sound card'll do) and you're sorted.

Privacy laws ...

[charlie]

The EU declaration on human rights -- a document about as fundamental to EU law as the US constitution -- explicitly enumerates a right to individual privacy.

No such right exists under US law, although a right to privacy has been inferred on the basis of, for example, the fourth amendment. One consequence of this is that Americans take for granted a degree of corporate -- as opposed to governmental -- intrusion in their private affairs that would cause outrage in most of Europe. (And the European position is that at least the government is democratically accountable ...)

A lot of US companies act in a manner that would be flat-out illegal in other parts of the world, in much the same way that it would be illegal for a European company to try to do business in the US in a manner that, for example, was calculated to blow away the first amendment rights of their customers.

Over the past year, the EU member states have been trying to tighten up on the observation of the right to privacy, making it illegal to export personal data to countries with weaker protection (among other things). This would appear to be a rather dumb attempt to clamp down on what are seen as technologies of privacy invasion. (I say "rather dumb" because of course no equivalent attempt is being made to clamp down on sales of eeevil ethernet boards with embedded 48-bit ID's!)

While I think this action is misdirected, I happen (as a European) to think that privact is valuable. In particular, there should be no invasion of privacy without accountability. Intel is just the latest company (remember RealNetworks, last week?) to get their fingers burned by dismissing privacy as an issue. It isn't a matter of personal preference; it's a fundamental right.

Re:Privacy laws ...

[mjpk]

The facts are not quite as you stated.. in fact the EU has no charter of human rights. The treaty you are referring to is the Council of Europe's convention of human rights and fundamental freedoms.

The Council has no official connection to the Union as the Council has far greater number of members (inc. Russia) and is strictly an intergovernmential organisation.

However, the EU has quite officially recognized aforementioned Convention to form a binding standard to the the EU legistlation. Furthermore, EU has based on the Convention started to form its own charter of fundamental rights to be included to the Union treaties (those are the ones unanimously agreed by members in European Councils ..confusing.. that can be seen as the EU Constitution - eg. Treaty of Rome).

Committees ;) and timetables have been formed, although unfortunately the results may not initially end up in the founding treaties - some gov'ts think that's too federalist.

Btw, I also think, that us Euros value privacy highly. However I hope that this isn't just a publicity stunt that has been designed to increase to the pile of disagreements between the US and EU, amount of which has increased as EU has gained in intergration and influence. But if the cause is real, I applaud..

Below is a link to the full text of the Convention and the privacy clause:

CONVENTION FOR THE PROTECTION OF HUMAN RIGHTS AND FUNDAMENTAL FREEDOMS

Article 8 footnote 1 - Right to respect for private and family life

1 Everyone has the right to respect for his private and family life, his home and his correspondence.

2 There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

Someone is smiling...

[bi0s]

With something like this being looked @ by the EU, you can bet a certain company w/ a 3 letter abbreviation is all smiles. Even if it doesn't pass, the negative press for Intel will still be welcomed.

I never liked the PIII I.D. scheme anyways. Even if it could be disabled, the fact that it exists @ all irks me...

Tom

Re:Someone is smiling...

[harmonica]

I doubt that. Your average Joe Consumer has no clue what this discussion is about. He is the one Intel is targetting with 'ISSE' for faster web surfing, and they're successful with this cheesy marketing crap.

Re:Someone is smiling...

[harmonica]

I'm from Germany, and they are doing these ads here. I cannot come up with an exact quote, though. It's been a while since I last saw the TV commercial.

It isn't the numbers, it is the REASON they exist

[FreeUser]

If the NSA/Intel connection does in fact exist, or their is sufficient circumstantial evidence to suggest that it does, then the European Union is only acting to protect their own (inter)national security and economic interests in banning the product. Their concern isn't necessarilly that the numbers exist, but the reason they were put there. Remember, they have already had industrial secrets stolen from their companies and given to their US competitors by the NSA, costing them real money and real jobs. With no sign that the NSA is at all repentant about what they've done, but rather that to all appearances they are pushing forward with even more intrusive and draconian approaches to gathering information, their concern is entirely warrented and their reaction very reasonable, even (one might argue) quite muted.

Why would Intel serailize the CPU, with all these other "unique numbers on hardware" already present in every computer sold? Why on earth create yet another number for no (apparent) reason? The answer is obvious: serializing the CPU makes not just the computer, but the work that has ever been done on it, easilly traceable in ways MMAC addresses and HD serial numbers cannot. A word document written five years in the past can, on a serialized PII/PIII, be traced to a particular computer. It was this misfeature that led to the identification and arrest of the author of Melissa Virus. While I'm glad he was arrested, I must confess I am much more concerned about my own loss of privacy than I am in offsetting the terrible threat the Melissa idiot ever posed to me.

An MMAC address, BIOS or HD serial number, is at most only traceable while the machine is on-line. They do not get embedded into the aforementioned word document the way the intel CPU serialization did. This demonstrates that the "big brother" ramifications of CPU serialization are quite different (and apparently more significant) than those associated with unique MMAC or IP addresses, or BIOS serial numbers. And who is to say future generations of PIII hardware will even allow the OS to disable their serialization functions?

The Europeans are rightly concerned with respect to their privacy and attempts by our secret organizations to subvert it. They are also very lucky, in that, unlike us, they have governments which actively work to protect their rights and liberties.

Ban Network Cards!

[weloytty]

If we ban the PIII because of the PSN, lets go for banning ethernet cards (MAC addresses), too.

Re:Ban Network Cards!

[Necros]

Just use an Intel Pro 10+ or Pro 100+ and you can edit your mac address at will. I change mine all the time just to fook with the network group at work. It's fun to have your MAC adress report your card as being made by Goodyear (00-40-8D-xx-xx-xx where x= any number). If you don't have one, I highly recommend picking them up.

Lead paint is nice

[Jon+Peterson]

>>"You can't buy house paint with lead in it. Why >>not? Why not let consumers decide if they want >>lead in their paint? "

>Why not? I mean, who would buy it in the first >place? Can you see the advertising campaign? Try >our new foo paint, now with extra lead! >Guaranteed to cause cancer or double your money >back!

For the youngsters out there, lead is was put in paint for any number of good reasons. Some colours are easier to achieve with it, and more importantly it results in a smoother finish on the coat of paint, with drips and brushstrokes less of a problem. I'm sure technology has moved on since lead was banned, but when it was first banned it represented something of a step back from the painters point of view.

Of course it's a bit on the poisonous side, too.

Re:Lead paint is nice

[QuMa]

A bit one the poisonous side, just like getting run over repeatedly by a large truck can give minor health problems.

Re:Lead paint is nice

[MikeBabcock]

But no one would know it was dangerous if it weren't for government institutions or funding proving that it was. My dad works in research and testing for the Canadian Safety Council branch of Canadian Health Services. You can't imagine how many dangerous products try to get to market so the creator can save some money and consumers have no way of knowing about it. Can you imagine if lead paint was labelled like cigarettes, instead of being banned for household use, etc.?

"Use of this paint may cause insanity, sickness and death"

People still smoke, don't they?

- Michael T. Babcock <homepage>

Re:Pentium III Random Number Generator NSA Backdoo

[Lord+Kano]

With the x86, PowerPC (and probably all others too) there is no such thing as truly random number generation. If you learn C or C++ you find this out. The "Random Number Generator" must be given a "seed" to produce pseudo random numbers.

When given a seed, numbers are generated in a fashion that "looks" random, but is not. If you give a program the same seed it will spit the same "random" numbers back out at you. What prevents this from happening is that many programs use the clock as a variable seed for random number generation. If you know the second when the clock was accessed, then you know the seed, from there you can reverse engineer any "random" numbers generated.

Even if you only know the minute you can make 60 tries to get the seed. If you're talking industrial espoinage it's well worth the time. If you'retalking about a government agency with millions upon millions of dollars at their disposal it's not a big deal.

True "randomness" is difficult to achieve, but I'd need a real math guru to explain it coherantly, because I can not.

LK

Thoughts on random numbers

[Otto]

Well, first off, if your encryption uses any built-in random number generator, toss it, it's crap.

Any good encryption program generates it's own random numbers from a random input source. PGP did this (still does, AFAIK) by getting keystrokes from the user, and using timings between them to generate a randomized sequence.

If a program uses the clock as the seed, it's probably not using a second, BTW, but the tick timer. There's a lot of ticks in a second.

Still, it's not an infinite number, and a good way to crack any encryption is to attack the random number generator. If you know the seed, you can generate the same key, and decrypt the message.

I recall that back on the C64, whenever I needed a good random number (the built in one was crap), I turned on one of the sound channels, set it to generate a lot of static, turned the volume off, and grabbed a number from the static. Worked pretty well, and didn't need a seed value. Still not truly random, but good enough.

---

RNGs: you'll need more than that.

[Paul+Crowley]

You'll need a way of conditioning the random number output to remove bias. Fortunately, the Linux kernel contains an excellent such conditioner. Simply cat the output from your noisy diode/soundard combination to /dev/random, and read from /dev/random whenever you need random stuff. That way you get lots of other sources of randomness thrown in the mix for free.
--

Re:Pentium III Random Number Generator NSA Backdoo

[tytso]

According to some reports I've seen, the random number generator in the Pentium III may be flawed generating numbers that appear random, but aren't.

Even if the P3's random number generator (RNG) is flawed, it still can be useful as an input of entropy into Linux's /dev/random driver. The way the /dev/random driver works is that there's a pool of entropy, into which inputs are mixed. The more stuff you mix in, the harder it is to predict what's in the entropy pool. If you mix in something completely predictable --- say, all zeros, or all ones, at worse it just doesn't add any entropy to the pool. If there's any amount of unpredictability in the P3's RNG, though, it can be a useful addition to the linux /dev/random Driver.

It's most likely that the P3 RNG is flawed in some way, so that its output is baised one way or the other. The simplest kind of bias is one where the 60% of the bits are ones, but there are more complicated kind of biases. For example, there might be a 60Hz component in the output, that would be noticeable if you ran a FFT over it. But the wonderful thing about the way the /dev/random driver works is this doesn't really matter, since the outputs of the P3 RNG is only going to get mixed into the entropy pool. The only question is how much entropy "credit" to give when you mix inputs from the P3. If you're really paranoid, you can mix in 0 bits of credit, in which case you're no worse off than if you weren't using the P3, and possibly better off.

The worst case scenario is one where Intel has completely lied, and is using (for example) the P3 serial number plus the time as a seed into some fixed function, and the RNG isn't really an RNG at all, but a total trapdoor to allow the NSA to guess session keys easily. I find this hard to believe, though, for two reasons. First, it would imply that Intel was really deeply enmeshed into the NSA and/or the FBI, and while some conspiracy theorists might believe that, I have trouble believing it. Secondly, Intel has far too much to lose. If they did something like this, the chances that the secret would eventually leak is just far too high (in fact, almost a certaininty) and once it did, Intel would never be trusted again. I don't believe that Intel would ever be quite that stupid, the mistakes the DVD consortium made notwithstanding.

A related story...

[Telcontar]

This story (link on the same page) says that China has banned Pentium IIIs already, fearing espoinage from the USA. Moreover, Win98 has been declared a "danger property" due to security holes and is now forbidden as well =)

What a load of ********

[FallLine]

I do not think the credit rating agencies are perfect, however you do have a choice. You can choose not to participate with credit agencies. Furthermore, did you ever consider that by denying credit reports to financial agencies that you are effectively denying credit opportunities to others. It is a credit history, which speaks volumes for how likely the individual is to pay up. Would you rather loan officers and creditors put more weight in how you act, dress, talk, etc? The 4Cs of credit? The laws in that you describe have serious consequences; a national bank which only discloses >3 missed consecutive payments is NOT enough information. In effect, you would (as EU nations do) remove the choice from the consumer, by removing many good credit opportunities and increasing the number of frauds. Atleast, in the US, you have the choice to participate in the system.

I think this Intel serial number debate is silliness too. I could understand if EU wishes full disclosure of such privacy issues; though, the P3 id is pretty insignificant. The consumer has multiple ways to restrict such information. Identifier is a RESOURCE. One that your software does not need to use. The consumer has a choice, as long as he is provided with pertinant information I have no problem with it. The government argument that it would affect EU national security on the aggregate if Joe Consumer were to buy it....well I just don't buy that. This strikes me as petty nationalism, a strike against Americanism, protectionism, in the name of "privacy". If the US were to take similar steps against, say, Toyota for putting GPS units in their cars (with the possibility for "tracking"), we never hear the end of it. These same people would call it racism and protectionism (et. al)--such hypocrisy.

Re:What a load of ********

[jflynn]

"I do not think the credit rating agencies are perfect, however you do have a choice. You can choose not to participate with credit agencies. "

I'm curious what you mean by this. I've never had a credit card in my life, yet there is most surely a credit rating report on me. Perhaps you mean I can choose not to pay utility companies or anyone else that reports to credit agencies? Doesn't seem very practical really.

the serial number means NOTHING.

[John+Meacham]

it is amazing how much publicity the P3 serial number is getting when it has almost no use in any way, malicious or otherwise. look at any internet protocols. none of them have a spot for the P3 serial number reserved. if you were to grep all the documents you give out none of them would have the number in it. the number has to be read by software running on your personal machine. if you are running untrusted malicious binaries on your system then you have bigger problems. if you find a program which was grabbing the number then dont run that program or modify it. You ultimatly have complete control of all software running on your machine, you dont even need source, just edit out that opcode, if they use self-modifying code, fire up gdb.

There is no way to link this number to anything or use it as a trusted value in any way. since the software that ultimatly retrieves the number has to be running on your machine you can just fake any ID with some creative hex editing making it unuseful as a secret key or secure identifier. in any case CPUs are alot easier to swap than hard disks, and they already have unique identifiers. sorry for the semi-rant all the press about a PR stunt gone bad by intel gets to me after a while.

Re:Way to go...Yeah Right - huh?

[nlvp]

The EU is just offended that the FBI and NSA could be involved in stepping on their toes. The EU should be the only ones able to spy on residents of Europe.

You imply that the EU spies, this is not true. The motivation to protect ones own citizens from foreign snooping should be present. Were I an elected member of a local council, I would be offended enough at the thought of a foreign nation gathering data on my constituents without their explicit knowledge or authorisation that I would do something about it.

You perceive Europe as a super-government, which it isn't. Europe's four main entities, the Council, Commission, Parliament and Court of Justice, deal directly with governments and legislatures, not with individuals. They initiate, debate, pass and enforce legislation with governments - not vis-a-vis individuals.

Directives which are passed by the EU are then enacted in each of the nation states by being passed as laws in those nation states. Europe has no FBI, no CIA and no NSA - it has loose bodies that try to co-ordinate the many national forces, but these bodies are neither funded by nor answerable to the EU - rather they are multi-national initiatives in their own right.

If you were to walk/drive/bike around London you could be tracked by video surveillance equipment every step of the way. The EU is no hero for the cause of privacy.

First of all, the centre of London being covered by cameras has absolutely nothing to do with the European Union - it has everything to do with the British Government and the Police Forces in London. The EU does not spy on it's citizens, individual governments do what they want so long as it isn't illegal or they don't get caught.

The EU as a separate entity doesn't police individuals (other than - perhaps - it's employees, hence the recent resignation of the entire Commission subsequent to a report on their working practices), it has neither the resources nor the remit.

The centre of London is indeed heavily laden with CCTV cameras. Whether this is a good or a bad thing is really material for another debate, where we can discuss the balance between catching rapists, thieves and murderers, and our right to not be spied upon by our respective governments. I think it's irrelevant here because you can't compare observing someone in the street to a foreign entity (government or otherwise) tracking their activities in a medium where they believe they have privacy.

If this bothers you...

[hey!]

Then just buy a motherboard where you can turn off the serial number feature in the BIOS setup.

The serial number thing is really one of stupidest misfeatures ever dreamed up, but its an opportunity for MB manufacturers to offer users a choice. Heck I could imagine a box with a privacy switch and two color LED -- when the LED is red, the MB reports a bogus number and when the LED is green it reports the real one.

Re:If this bothers you...

[QuMa]

I don't know if you where awake at the time, but AFAIK all those MoBo settings can be bypasssed.

Re:If this bothers you...

[hey!]

I don't know if you where awake at the time, but AFAIK all those MoBo settings can be bypasssed.

Hehe. Maybe I wasn't. Care to elaborate?

Re:If this bothers you...

[QuMa]

If you insist :-)

http://slashdot.org/articles/99/02/23/106231_F.s html

Re:What will happen ...

[Rombuu]

If you believe than the free market can resolve all these issues by itself (and it hasn't obviously since this SN thingie has had LOTS of BAD publicity for months, and Intel is STILL doing it)

Well, you can look at this two ways. If people really cared about this, no one would by P3s, and the number would be removed. So either people really don't care about this (since sales of P3s seems to be good, or at least not bad enough for Intel to change this). Or people are really stupid, right? I mean, I'm well informed and I wouldn't not buy a P3 becuase of this, isn't possible other people came to the same decision?

This happened to me!

[nstrug]

I got a bill from MCI for several hundred dollars listing a bunch of calling card calls that I never made. I wrote MCI four times explaining the situation and never got a reply. I replied to every demand they sent me - never got a single reply. I really didn't want to discuss the situation on the phone because a) I work during the day and b) it's usually a good idea to have stuff like this in writing rather than half-remembered phone conversations. Next thing I knew they set a credit collector on me, who also refused to answer the phone or respond to letters. They've given up and I suppose I now have lousy credit - not that I really care as I'm leaving the country soon. However, for anyone who lives here it must be a nightmare.

Nick

PS Yes I did try calling and writing to the state telco regulator - not a single response.

technocracy in action

[jilles]

This is a clear symptom of technocracy & bureaucracy. Both America and europe are changing from democracies into technocracies. The difference being that in the latter form you can still vote but it does not really matter what you vote. I'm very worried about this trend, since it will ultimately limit our freedom.

This decision (or attempt to do so) is late, intel launched the PIII months ago, by the time the decision will be taken (if ever) intel will be busy producing its next generation of cpu's.

It's also a technocratic decision since nobody (as far as I know) is asking for this decision. The EU people decided on its own (most likely with the help of some lobbying, amd?) that it might be a good idea to do this.

BTW. I think the trend of both the EU and the US changing into technocracies is caused by free market. So I don't think it would be a good idea to just let the market decide.

The free market serves only one interest: making as much money as you can. Free speech, privacy and human right are not a free market concern. Early this century we had free market, the results were horrible: big companies stressing their employers to the limit. Then we got labour movements, socialism and communism. After communism collapsed, capitalism became a little more socialistic (at least where I live).

Pure communism and pure capitalism are both a bad thing since they both suffer from the same problem: people are greedy and will try to abuse the system to suit their own needs. In the case of communism this leads to a repressive regime. In the case of capitalism it also leads to a repressive regime (taiwan, singapore, south korea).

"If people are really in a tizzy about this, they won't buy the chips"

One problem: most people lack the technical skills to make a well founded technical judgement of what this chip has to offer. Most users are not aware of the differences between a PII, a PII and a K7.

Personally I'm not so worried about this ID thing, there are other, easier ways to identify somebody. So, I think the EU is overreacting a little.

I think it is very well posible that the NSA made a deal about this ID with intel. At least I can't think of a good technical reason to introduce it and I refuse to believe that those intel guys are that clueless. So seen in this light, the european reaction is not so stupid.

Hmm...

[Greyfox]

Good time to buy some AMD stock? I'm sure the folks over at AMD would love it if an embargo actually went into place...

That is not a logical conclusion--flawed thinking

[FallLine]

Credit agencies perform a valuable function in the economy, in that, they serve as a clearing house of information. Before you are extended credit, the creditor must have some idea as to how LIKELY you are to pay. How would you propose they do this, magic? They do it based on the 5 C's of credit: Conditions, Capacity, Collateral, Capital, Character. Your credit HISTORY goes along way towards illuminating many of these. Would you rather be judged on your ACTIONS, or on some artificial criterion (e.g., how you act, talk, dress, etc)? I don't know about you, but i'd rather have them judge me on WHAT i've done.
Though I concede that they make some mistakes, many wish are harsh on the individual, it works on the aggregate. The mere fact that you and others have been burnt, does not mean you or creditors would be better off without it. Nor does it even necessarily mean that the system could be further optimized.

One thing you must remember, is that creditors are in the business of making money. This means that they want to lend as much money as they can, and get paid back at the highest rates possible. They worry about the aggregate. If there are enough individuals such as yourself, with only few minor "cosmetic" blemishes (if you are to be believed), the odds are high that someone will look past it, as you represent potential profits. Though I readily concede that the system occasionally hurts the individual, it works on the aggregate. Lacking mindreading devices, you should know that banning of credit reporting in its entirity would cause immeasurable damage on the aggregate.

Re:What will happen ...

[Rombuu]

Yeah, and when you can't buy a cigarette or a beer in 10 years becuase the nice government is looking out for people who are too stupid to make a rational decision, I'll know its thanks to smartasses like yourself.

Re:Stupid Politics Accidently Cause Good

[Colm@TCD]

The fact that Intel is american as apple pie is definitly a factor...

A moment's thought would reveal that this can't be about American-versus-EU manufacturers. All the principal CPU-makers are American companies, so causing trouble for one of them is of no net benefit to the EU. Also, the EU market for Intel chips is served almost entirely from the plant in Ireland, while the same market for AMD chips is only partially-served from the German plant (if it's even operational yet). So a shift from Intel to AMD would actually cause harm to EU manufacturing. Think , people!

Re:Pentium III Random Number Generator NSA Backdoo

[QuMa]

Actually, the P3 has some sort of built-in random generator... It measures the amount of some sort of radiation of something.. dunno what, should be lots of info about it, search the intel site...

Re:Um, it IS disablable

[bi0s]

I know it _can_ be disabled, but there are ways around this. A group in Germany proved it. Thats why I said 'even if it could be disabled'.

Tom

Libertarian? Try again.

[coreybrenner]

> If the EU has the guts to tell Intel and US global surveillance industry to fuck off for
> whatever reason then they are to be applauded.

On this point, we agree.

I actually believe, now, that the best friends the citizens of the U.S. have are foreign governments that won't put up with our government's bullshit anymore.

Germany subverting the Wasenaar agreement is a prime case. This possible action by the EU is another.

Where privacy is concerned, our government is becoming as bad as the Soviet Union or China; the policies of this government, from a bird's-eye view, see this country falling more and more toward a socialist society. This is troubling to me, and to most people I know.

But, onward...

> If you want to really live out your Libertarian dreams I suggest you move to Russia NOW and leave
> Western Civilization to those of us who value it.

Pardon me, but are you out of your mind? Do you know what Libertarianism is, or are you simply speaking from your small end?

What is happening in Russia (I originally misconstrued your intent to mean "go and live in a backwards Communist place", but I finally caught a clue) is FAR from Libertarianism.

The criminals are running the show, rather than duly elected representatives. The people have no say in matters, and must pay extortion to the criminals in charge. In such a system, there is no freedom. Nobody in Russia can simply tell the crime syndicate to "fuck off". If they did, they would simply cease to exist. In that way, it is much like the old socialist government of the Soviet Union.

Western Civilization, or, at least, American Civilization (of old) is based more around Libertarian principles than you seem to believe. The idea that someone can conduct their life with a minimum of interference by some governing body, be it a criminal syndicate, a monarchy, or a government like the one we have today (I really don't see a difference, to tell you the honest-to-God truth!), is a Western idea, and the central idea of Libertarianism.

It's all about LIBERTY.

--Corey

Re:What will happen ...

[Rombuu]

Ah, what a thought provoking response. I belive Hobbes once made a similar point. Yes, thank you for showing me the error of my ways.

Link to the full reports

[Zappa]

under this link you can find the fulltext version of the document presented to the EU, they are quite detailled. Available in RTF and PDF.

Best wishes !

Intel deserves this for other reasons

[LocalYokel]

Of course, Germany has a stake in AMD's Fab 30, so they are looking for ways to assist them, but there are other reasons other than this "privacy" bullsh^H^H^H^H^Husiness.

Let's start with false advertising. The claim of "making the Internet more fun" is highly subjective, and I haven't been able to have any more fun with a PIII than any other Intel chip I've had in the past two years. In fact, my Athlon 500 (are there any distros that *do* work with Athlon/FIC SD-11 mobo?) is indirectly making the Internet much more fun -- I can apply the cost savings over a P3-550 towards DSL!

Anticompetitiveness. We've been hearing about Gateway using Athlons (after backing out just before the release) for about a week, and this article at The Register is the most telling so far. Sounds like the kids from Santa Clara are going yet another step farther than the gang in Redmond.

People complain about Microsoft's "monopoly power", but Intel doesn't have a foot to stand on compared to them...

Not good. Expect to see US and Euro versions.

[root]

Just like with DVDs we'll see region coded Pentium III CPUs. They will only work in motherboards with the matching region coding scheme. Software will be able to disable itself from running in certain regions. Executable code itself will soon be encrypted. Bye bye debuggers and disassemblers. We'll have CSS2 encrypted code streams, decrypted in real time inside the CPU at the last moment for execution. Copying code across regions won't work anymore. And breaking the code or hacking the region checks will be illegal under the new Digital Millennium Copyright Act that takes effect in 2000 (thank you Slick Willie). So even if you import a Euro CPU and motherboard, you won't be able to run your domestic software on it. Of course some guys in Norway will eventually crack CSS2 and post a small program that reads encrypted code streams from disk and writes them out unencrypted. The program will be spread widely and then the FBI/NSA/Intel/etc. will pressure sites to remove it. Code will then still be forever runable anywhere thanks to the crack (like with DVDs), but only within an underground world of users running region cracked CPUs, who will always live with the threat of someday being caught and prosecuted. Now maybe all this won't happen with PIIIs this year, but within 10 years or so...??? PH33R the future. I sure do.

North American ignorance?

With European background, it's interesting to see what looks like an emerging major cultural difference between North American and European public.

The North American public seems to be more relaxed about the invasion of privacy issues. Accidentally (?) this is the continent, where the public does not seem to be bothered that the general grocery stores carry about 60% of goods which are genetically modified, and not even labelled. Some scientists call this the experiment on the largest scale in human history - with unforseenable threats to a huge segment of population. Companies, like Monsanto even seem to manage to reverse a fundamental principle: previously producers of new products had to prove that it will not cause harm for customers.
These days these 'new economy' companies want to put the burden of proof to govertment regulation agencies. They think that the product should be able to be marketed - untill someone proves that it's harmful.

In Europe there was a real riot about GMO-s (genetically modified organism), led by customers, who refused to buy these products, forcing new labelling, etc. As a result, European countries have higher standards to protect their health and safety than Americans and Canadians.

Mind you, they had the mad cow desease experience, which hit home very closely.

If Europeans gets pissed off about privacy concerns by the P-III, Intel had better watch out. Again, Europe is a place, where these issues can be really heated: there are deeply rooted memories there about all kind of dictatorial political systems there.
Can you imagine if Hitler or the communist dictators could have had the power of collecting, processing information the way it is possible today?

this is Austrian and non-official.

[Vlad_the_Inhaler]

The whole tone of this article was very speculative. There was nothing in it that would indicate that a boycott could actually take place.
The EU moves very slowly anyway, and the P-III is already selling here.
The German governments (as opposed to the Austrians) have always accepted Echelon in the past. While this *could* change, it has not done so yet.

Re:FUD

[QuMa]

I never claimed eating paint is as bad for your health aa getting run over by a truck, but it is an enourmous understatement to claim that lead is "a bit on the poisonous side".

trading freedom 4 security & privacy 4 convinience

[FreeUser]

Personally, I think the benefits outweigh the problems; it's really, really infuriating to have to look up codes to re-enable software after, say, upgrading one's operating system or getting a new hard drive or whatever.

It is even more irritating to swap out a bad CPU (or upgrade to a faster one, or add a second one on an MP board), and have all of your licenses suddenly become invalid. When you lose a hard drive there is no way (short of RAID) to avoid reinstalling some software, but when all you want to do is swap out a CPU it really shouldn't become necessary to do so simply for licensing purposes. Reinstalling a serialized program over an existing, original installation may or may not work anyway, depending on what has been left lying around in various subdirectories, the registry, etc. It is far, far easier to look up and type in a serial number (usually printed on the CD case or documentation title-page) than to try and retroactively undo and redo whatever licensing shinnanigans the software has done behind your back.

If looking up serial numbers is too much work, use StarOffice or Excel and make a spreadsheet, print the think out, and tape it up next to your monitor. My God man, you have a computer to help make these kinds of tasks easier. Use it. Don't give up what little remaining privacy and anonymouty you have just for a little convinience.

It was once said (I don't recall the attribution) that those who give up their freedoms in exchange for security wind up being neither free nor secure. Even at their most cynical our forfathers never dreamed we'd be giving up the liberties they worked so hard to achieve, all for just for a little convinience.

Re:Ireland is part of the EU

[nstrug]

Either you're trolling or you've got an American geography education. FYI Ireland gained independence from the UK (i.e. Britain) in 1922 (or thereabouts). The UK and Ireland are two entirely seperate countries, both of which are full members of the EU.

Nick

PS Note for pedants: when Ireland gained independence the six predominantly protestant counties in the north remained part of the UK. The geographical entity known as Ireland consists of a sovereign country known as the Republic Of Ireland, and a province of the UK known as Northern Ireland.

Re:It isn't the numbers, it is the REASON they exi

[FreeUser]

I've never heard of anyone worrying about the NSA spying on their Sun workstation.

In light of recent comments by Sun's CEO ("you don't have any privacy, get over it.") yes, one should worry about it. The fact that no one does is an entirely different issue than whether or not one should. FWIW I think Sun probably bears even closer watching than the NSA, but I wouldn't consider either one to be particularly strong advocates of individual rights, particularly when it comes to privacy.

You obviously don't understand CREDIT.

[FallLine]

Credit cards are not the only form of credit; in fact, many "credit cards" are not credit. These agencies don't check on you because they like to, they check on it because they're extending you credit. Utility companies have, in fact, extended you credit, if they're sending you a bill. You'll be hard pressed to find people who won't accept cash upfront. If you pay in cash, that is not credit, thus it does not go on your credit report. There are in fact ways to completely avoid showing up in a credit report, it's just a pain in the butt (people take credit for granted). If you are still worried about your "credit report", the Equal Credit Opportunity Act (Federal law) allows you, the consumer, to both view and refute your credit report.

No.

[FallLine]

It is possible to not have your spending habits show up in a credit report; don't use credit. Credit cards are not the only form of credit, if you're recieving services before you've paid for it, that is in fact credit (e.g., most utility bills). The fact of the matter is that people take credit for granted, they don't realize that they are being extended credit.

Europe is not doing "just fine". Those countries which enforce such stringent credit reporting laws, are, invariably, much harder to obtain credit in (relative to the US). The truely prosperous EU countries do not have such laws.

There is nothing to explain.

[FallLine]

There is nothing to explain. The countries which hold to such stringent credit laws, are plagued with problems. It is significantly harder to get credit any where in Europe, more so in countries which are 'stricter'. Furthermore, these banks make most of their money from businesses, and relatively safe bets at that.

Think about it this way, who would you lend credit to:

a) Joe Schmoe who earns 20 dollars an hour, but has never held a job longer than 6months. Period.

b) Joe Schmoe who holds the same job, with a long history of prompt credit repayments.

Obviously, you would choose B, information is key. Those who are superficially (e.g., job, education, looks, dress, etc) closer to the fringes are FAR more likely to be turned down in such a system, or charged far higher interest rates. Bankers are risk averse, particularly given much of EU's relatively weak economy. This have been demonstrated and charted numerous times.

Citibank makes a significant amount of money in Europe (mostly in the truely prosperous countries, not Belgium (et. al)), but nothing compared to the credit generated profits from Americans, proportionately speaking. My "theory " holds plenty of water, and is a well known fact amongst anyone who really knows banking. Yes, the American credit bureaus could be improved in regards to its approach to the individual; some without significant cost; many, though, are not without substancial economic costs.

There is nothing to explain.

[FallLine]

There is nothing to explain. The countries which hold to such stringent credit laws are plagued with problems. It is significantly harder to get credit anywhere in Europe, more so in countries which are 'stricter'. Furthermore, these banks make most of their money from businesses, and relatively safe bets at that.

Think about it this way, who would you extend credit to:

a) Joe Schmoe who earns 20 dollars an hour, but has never held a job longer than 6months. Period.

b) Joe Schmoe who holds the same job, with a long history of prompt credit repayments...

Obviously, you would choose B, information is key. Those who are superficially (e.g., job, education, looks, dress, etc) closer to the fringes are FAR more likely to be turned down in such a system, or charged far higher interest rates. Bankers are risk averse, particularly given much of EU's relatively weak economy. This have been demonstrated and charted numerous times.

Citibank makes a significant amount of money in Europe (mostly in the truely prosperous countries, not Belgium (et. al)), but nothing compared to the credit generated profits from Americans, proportionately speaking. My "theory " holds plenty of water, and is a well known fact amongst anyone who really knows banking. Yes, the American credit bureaus could be improved in regards to its approach to the individual; some without significant cost; many, though, are not without substancial economic costs.

How many times must it be said?

[FallLine]

I've already posted to this thread numerous times, and it's getting tiresome. Short and sweet, most all of these things you mention ARE in fact credit. Thus they belong on a credit report. It is as simple as that.

You are taking credit for granted. Credit bureaus perform a valid and important function (as I've explained elsewhere in this thread).

They should embargo Microsoft Word, too.

[Ungrounded+Lightning]

A word document written five years in the past can, on a serialized PII/PIII, be traced to a particular computer.

Seems to me that, to be consistent, they should also embargo word processing software (such as Microsoft Word) that stelthily embeds CPU addresses, software serial numbers, MAC addresses, and other such identification in its output files.

Oh gosh! How will you KNOW if the software does this? I guess you'll just have to READ THE SOURCE, won't you. B-)

(Semi OT) Re:hmmm.... Interesting

[Inoshiro]

That wasn't the NSA, that was the US military. And the HIDAR balls (aka "Dew line" or "Golf balls") are not located in Europe, they are located in Canada. They are located there to detect incoming Russian missiles (which are going the short way, right over the N pole). The Canadian PM of the time (probably John Diefenbaker or Mackenzie King) let the US build their dew line on our soil because Roosovelt (sp is wrong) promised to protect Canada if it was ever invaded.

As a Canadian, I value the good will of the US military in protecting Canada (after some of the military exposures here) over our own military.. But I don't thnk the dew line was much of a deterent to the Russians (who were just paranoid about /ANOTHER/ invasion [Hitler, Napoleon, WW1, etc]).

---

Re:(Semi OT) Re:hmmm.... Interesting

[Inoshiro]

Think of it this way. Russia was securing its borders, in the same way that France and Spain were for most of the 1600s, 1700s, 1800s. During this time, they stopped being closed off to the rest of the world, and tried to grow themselves into an economic power, instead of just a monorachy (started by Peter the Great, IIRC). The reason they are still so large, is similar to the reason why Canada and the US are so large: with the size they already had, they were a formidable opponent. When they were attacked, the cold Russian winters drove away the troops (Napoleon sieged Moscow, as did Hitler). The Russians, naturally, became paranoid. They used other countries as a shield after WW2 (on direction of Stalin, not the most kind of rulers). Lenin, Trotsky, and the other inteligencia of the Russian revolution wanted piece and prosperity, whereas Stalin and Barai saw it as a power grab. If you were the leader of a country who was invaded from the west on average once every 50 years, with a determined
push every 100 years or so, would you not get "friendlies" around you? The US certainly made the countries west of Germany friendly with the NATO pact. The problem with pointing fingers, as you have done, is that it leads to problems. People will only build up a military if they feel they can't trust their neighbours. Canada and the US seem to not be afraid of each other (see the free, open border), whereas Pakistan and India are developing Nuclear Weapons to use in case "the other side" strikes first ("they may strike first, but we will WIN and make them PAY"). It's juivinile (sp) to always seek revenge, it only leads to more bloodshed.

Note: Now this thread is really OT ;-)
---

K6-2

[Ungrounded+Lightning]

I happen to work with a tech honcho ex of AMD. He says that there was no serial number in the last one he worked on (K6-2) - and he was in postion to know. (So guess what laptop I'm buying...)

I don't have any info on K7/Athawhatever. But I thought I'd pass on this info about the K6-2, so the truly paranoid would have an extra datapoint.

(Of course the really truly utterly paranoid won't trust me, or my unnamed source, either. B-) )

Re:Knob

[ajs]

any piece of software on your machine can generate a 128 bit Unique number

Well, a piece of software can certainly generate a 128 bit number. Uniqueness, on the other hand, is tricky. Most software that wants to do this (e.g. mailers, news clients, etc) will generate a pseudo-unique string/number by catenating lots of non-unique information, thus reducing the likelyhood of a collision. There is no standard way that everyone does this, and most software has no need to. One excellent example is Web browsers. The only time that, say, Netscape generates a pseudo-unique ID is when it wants to send mail or news. If the P3 becomes common, though, won't people like Netscape and Microsoft be tempted to offer Web site developers a "standard" way to identify customers? This is the concern. Not that having an ID causes your heart to explode in your chest, but that software companies, having an easy way to identify you, will. This sort of behavior has many precidents, so it's not very hard to believe that it would happen. MS and Prodigy are two classic offenders, but there were many others that were not so well publicized. Once this sort of tracking becomes common, anyone snooping on the traffic (oh look, it comes back to the NSA) would be able to start identifying the source of a session, even though dynamic IP addresses and moving a laptop around might mask every other way of identifying the user.... Now, what you have to ask yourself is if this will only be used for "good". Will the organizations that read your mail avoid using it for business advantage, military knowledge (if you think that's impossible from unclassified communications, ask around about what the collage project was), etc? This is all already possible, but the unique ID, coupled with some unfortunate tendancies in the software industry will make it that much easier, and this is, apparently, not where the EU wants to go today.

Re:Boundaries of Privacy

[Lord+Kano]

>>You do know that while your government may not be collecting data on you, just about every commercial organisation in your country is tracking your credit purchases, your on-line habits, movement patterns etc and tieing it into a handy, Government-provided unique identifier (your SSN), don't you?

Not me, I don't give my SSN to anyone when it is not necessary to benefit me. My employer, my bank, and my college have it. I don't give it to anyone else. Just FYI in many places here in the US it is not illegal to give false information as long as there is no fraudulent intent.

>>I could get really petty here by pointing out that it's been around a lot longer, had more ups and downs as a continent and had plenty of opportunity to learn from it's mistakes, unlike your own, however that wouldn't add to the debate so I won't.

I could get just as petty and tell you how we learn from YOUR mistakes and don't have to make them on our own, but I won't.

>>Reduced public perception of danger level and therefore personal protective measures required.

You seem to regard people taking their personal safety obligations on for themselves as a bad thing. I don't. The police can't be everywhere at once, if you want your family to be safe you have to insure it yourself.

LK

Lie: it is the REASON they exist

[Basje]

This is untrue. There's no way code can be tagged to a processor serial, just by the processor.

It's the compiler doing so. The same as with any other serial.

A pentium processor takes a 32 bit word, processes it, and writes it to memory. Fetch, decode, write. That's it!

----------------------------------------------