Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
IPv6 Week: This Brazilian party is for techies only
iPad 3 rumor rollup for the week of Feb. 7
Free Web tool consolidates data on code vulnerabilities
Why one insurance company ditched its own hardware- for a cloud -based SAN
Researchers claim 100-fold increase in data storage speed
U.S. to use climate to help cool exascale systems
Symantec verifies stolen source code posted by Anonymous is "legitimate"
Centrex: It's alive (for now)!
Global broadband snapshot: Hong Kong throttles the rest of the world
The future of hypervisors
Google Chrome headed for Ice Cream Sandwich Android devices
HP moves load testing software to the cloud
Macs take on the enterprise
FTC warns background screening mobile apps may be unlawful
/

Jump on the serialized bandwagon

Today's breaking news
Send to a friendFeedback


Network World, 02/01/99

How about that? Intel on Jan. 20 announced that it will put readable serial numbers in all of its forthcoming Pentium III processors. Each chip will have a serial number "burned in" that can be read by applications. Not surprisingly, a furor has blown up over the plan.

What's all the angst about? Privacy. I talked to Barry Steinhardt, associate director of the American Civil Liberties Union, who believes serial numbers might become "the computer equivalent of Social Security numbers" and could be used to track people's online activities. But Steinhardt also says: "The point I've been trying to make is that this isn't a privacy Armageddon."

Steinhardt sees the Intel serial numbers as a potential problem rather than a de facto threat, and he's right. Without a lot more engineering aimed at taking advantage of the serial numbers, their mere existence is not particularly relevant. Steinhardt's concern is that the issue be addressed before it becomes a threat.

Aha! The voice of reason. Steinhardt obviously understands that we have a long way to go to make the feature truly equivalent to a Social Security number.

But Intel's initiative has aroused the ire of many and, unfortunately, the shrill voices of the pop pundits know no bounds. The Electronic Privacy Information Center (www.epic.org), Junkbusters, Inc. (www.junkbusters.com), and Privacy International (www.privacyinternational.org) have banded together to boycott Intel products under the sobriquet of "Big Brother Inside" (www.privacy.org/bigbrotherinside).

While I applaud their enthusiasm in protecting our interests, I think these organizations are so premature in their desire to jump on a bandwagon that they look rather like rank publicity seekers. Frankly, I'm surprised that microprocessor vendors haven't implemented serialization sooner. In the mainframe, minicomputer and workstation worlds this is an old idea.

Lots of vendors have offered processor serial-number detection, and many application vendors have used it for software copy control.

But before we discuss the good, the bad and the self-serving, let's just take a quick look at how the system apparently works. As I said, the serial number is written into the chip during manufacturing so it can't be changed. It appears that to get the number, you'll access some kind of input/output port and read the 64-bit serial number value.

According to Chuck Mulloy, an Intel spokesman I interrogated recently, whether the port can be read depends on a "sticky bit." This sticky bit is a device on-board the processor that, when set, disables access. To reset the bit requires that the processor itself be reset. On reboot, an Intel software utility has to be run to switch the feature off.

My concern has nothing to do with privacy. Rather, there are a lot of very clever engineers and programmers out there who like nothing more than the opportunity to hack systems. If you don't think they'll come up with a piece of hardware or software that will allow your computer to lie about its serial number, then you really haven't been around the industry for long.

And then there's the fun to be had when a virus randomly switches off the feature. Then when some application tied to the serial number can't find it . . . .

I haven't had time to think through all the pitfalls, but I bet that you, gentle reader, have an even more devious mind than I (despite how evil my shades may make me look).

I think the serial number is a feature that is as dangerous as, say, the embedded and easily read Ethernet address on your PC. And who worries about that as a way of tracking people?

RELATED LINKS

Concerns to nwcolumn@ gibbs.com or on (800) 622-1108, Ext. 7504.

The number of the beast?
Discuss and vote on the Intel plan in our online forum.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.