DebateTopic : Intel recently issued a new CPU (Pentium III) with a unique ID number that could be used for intellectual property protection, marketing, etc. The ID number can be configured to be visible or invisible to applications, including Web browsers.

Resolved : The chip should be shipped with the ID number visible as the default.


Introduction and Background

With the Pentium III, Intel introduced a new feature called the processor serial number. This is a feature that according to Intel, would usher in the next generation of software applications for the world of networked computing. The processor serial number (PSN) is a unique identifier for an individual microprocessor that cannot be modified, but can be read by software to provide identification of a processor. Stronger identification of a system or user can be achieved through combined use of the PSN with other factors such as a username and a password.

Technical Description

The PSN is a 96-bit number programmed into the processor core at manufacturing time. The number is programmed into the silicon of the processor and cannot be modified. The upper 32 bits of the PSN provide coded information of the processor family type. This is currently read by the CPUID instruction on all Intel and Intel-compatible processors, regardless of whether the processor contains the PSN feature or not. The lower 64 bits, however, are different for all PSN-capable processors, providing a unique identifier with no independent meaning.

Instructions

Two new instructions are associated with the PSN: a read instruction and a disable instruction. The read instruction returns the full 96-bit PSN when allowed. A Model Specific Register (MSR) bit, controlled by the disable instruction, determines whether the PSN can be read or not. If the MSR is set to 0, the full PSN can be read by software. If it is set to 1, the ability to read the PSN is disabled, and only the non-unique 32-bit CPUID is readable; the bottom 64 bits of the PSN remain undefined during the read.

Disabling

Once the PSN is disabled using the disable instruction, a hardware reset of the processor (i.e. a machine boot up, or in some systems a resume from deep sleep) is necessary to allow reading of the PSN. This design was intended to protect the privacy of the user so that he or she would be aware if the PSN was being made readable again. The user would knowingly have to reset the machine to turn on the PSN. An outsider theoretically should not be able to enable reading of the PSN without the user knowing.

Control

There are two levels of control for the PSN. The first way of enabling or disabling the PSN is through the Intel processor serial number control utility. The second is through the system BIOS. The PSN control utility is a Windows program that has the advantage of being very easy to use. The user can easily tell whether the PSN can be read or not through a visual indicator. It is a simple process to disable the PSN using the utility program. Enabling the PSN is also straightforward, although a reboot is still required. However, because the control utility is a software program, it is vulnerable to hacking and is less secure than using the system BIOS to control the PSN. Unfortunately, most users are not familiar with making changes to their BIOS settings. Nor is there any readily visible and reliable way of knowing the state of the BIOS settings at any given time. Hence the BIOS security feature is not of much assistance to the average Internet user.
 
 

Debatable Issues

According to Intel, the serial number is designed to help build the next generation networked computing community. It contended that the PSN brought with it a large number of much sought after benefits some of which are mentioned below:

Intel intended to ship the Pentium III with a configurable PSN wherein a user could turn off the reading of the PSN if he or she so desired. Also, the default state of the processor would be ON, allowing the PSN to be read off remotely.

However, there was an outcry against the PSN on the Pentium III. Privacy advocates contended that the serial number is an easy way to track people's movement on the Internet and is an infringement of privacy. They have raised concerns over the security of the PSN and its susceptibility to unauthorized access through hacking. The prominent groups who have advocated a boycott are Junkbusters, a New Jersey firm dedicated to fighting all sorts of commercial intrusions into consumers' lives, and the Electronic Privacy Information Center, a watchdog group focused on making sure personal privacy is safeguarded as technology evolves. According to them, the serial number can be linked in databases like your Social Security number is used by credit bureaus and marketing companies, allowing a massive profile to be efficiently collected and sold.

They compelled Intel to review its plans and ship the Pentium III with the PSN in the OFF default state and provide extra levels of security to make the ID secure from hacks.

Intel agreed to ship systems with the PSN disabled by default by modifying the software control utility used to manage the PSN. Intel has also worked with system vendors to allow BIOS set up programs to also control access to the PSN. While the control utility currently defaults to off, the BIOS switch defaults to ON, making it easy for most users to enable the PSN feature should they desire.

Since then, a Canadian and a German firm have independently claimed to have identified means of hacking the PSN. These claims are hacks targeted against the control utility software. Hacks against the system BIOS, while theoretically possible, are more difficult and are still in strong dispute. Nevertheless, this has led to an outcry amongst the groups against the Pentium III and its PSN functionality, giving them a greater reason for despair.

There is still much debate over privacy issues, and whether Intel has taken sufficient steps to protect the privacy of its customers. While Intel argues that the PSN provides many benefits and creates privacy risks no greater than those already in existence, others argue that the PSN should default to off through the control utility or, better yet, through the system BIOS. There are several firms which have welcomed Intelís move and have expressed willingness in using the PSN as an effective means of copyright protection and encryption.

But the opposition is largely unconvinced. In a more extreme position they have demand that Intel remove the PSN feature altogether from all its processors. Some see this issue as a means of harming the Intel brand image and reaping benefits out of it. There are others who seem to be genuinely concerned about the rights to privacy of an individual on the Internet.

As of now, the Intel Pentium III processor is shipping and it has not created a niche for itself as Intel would have hoped for. The much touted feature of the chip has been reduced to its biggest shortcoming.


Case : Favoring the PSN to be default ON

Benefits

Configuring computers with the PSN defaulting to on allows users to effortlessly take advantage of the benefits the feature has to offer. In a connected world where computers are more likely to be networked to the Internet or to a corporate intranet, the processor serial number feature can add value to numerous applications in both business and consumer computing. The added value appears as benefits in the following areas:

Security

Many computing applications require that information be accessed only by the appropriate user. Along with usernames and passwords, the PSN adds another layer of confidence to user authentication. A financial website, for example, might refuse to transmit account data to a remote computer, even if the username and password are entered correctly. This configuration would restrict transactions to only those between the website and perhaps the account ownerís home personal computer.

Authentication usually relies on at least one of three basic elements:

Something you knowóthese are often traditional login names and passwords

Something you haveóitems such as hardware keys, smartcards, and digital certificates

Something you areóbiometric elements such as fingerprints or retina scans
 
 

The PSN falls into the category of "something you have." Just as a single element of authentication is typically not enough to provide a high level of security, the PSN should not be seen as a complete solution for security by itself. The PSN is meant to combined with other appropriate security elementsóit is yet another option in oneís "bag of tricks." It enhances data security and adds a level of validation to electronic signature approvals.

Accountability

The Internet has seen a growth in community activities such as chat and bulletin boards. The problem sometimes is the irresponsible behavior of certain individuals that can negatively and disproportionately affect the experience of others. Unfortunately, any attempts to ban the presence of these people simply results in these individuals rejoining with a new login name. The PSN can help minimize this by creating more secure community areas where people voluntarily register with both a username and their PSN. This adds a critical layer of accountability for the members of the community.

Software developers that would benefit from this increased accountability might be creators of websites that cater to children. Parents of these children would find comfort in knowing that the websiteís members are accountable both by name and by individual computer.

Resource Manageability

The PSN feature can help IT managers lower the total cost of ownership of their computing infrastructure. The PSN is a more reliable means of identifying and managing hardware and software assets remotely. It provides a consistent way of identifying processors and thus systems, allowing managers to better track a PC throughout its lifetime. Compared to other methods of identifying hardware such as usernames, MAC addresses, and globally unique identifiers (GUIDs), the PSN is more robust; it is easy to identify PCís even if users, network cards, or system software changes. And because the identifier resides at the processor level rather than with peripherals, IT managers are more easily able to configure and upgrade computers remotely.

Information Management

As information management becomes more and more critical, the PSN helps turn information into a competitive advantage. For example, it becomes easier for a business to track change information in a collaborative environment if the PSN is used to help trace which machine created, received, or approved information. In another scenario, the PSN can be used to dictate which machines can receive particular kinds of data. For instance, a bank might allow credit history information to be stored at a loan desk, but not at the teller window. Or perhaps data on removable media is tied to a particular computer system, unreadable elsewhere.
 

Intelís Perspective in Favor of PSN ON

Privacy Safeguards Scheme Design

According to Intel, setting the PSN to on is safe because protecting the userís privacy was a key design consideration for the PSN system. Also, the following arguments are provided:

  1. The user always has the option to disable the PSN if desired, either through the control utility or through the system BIOS.
  2. Anytime the PSN is enabled, the system must reboot, ensuring that the user is aware of the setting change.
  3. The PSN is designed to be a passive element, never broadcast to the operating system, applications or to the Internet. In other words, outsiders cannot directly read a computerís PSN; a separate piece of software must be downloaded and executed before the PSN can be read and transmitted out. Allowing a mischievous piece of software to unknowingly read oneís PSN is no different than allowing any other bit of code to wreak other forms of havoc on your computer.
  4. Finally, Intel will not maintain any database that correlates PSNs with consumers. This eliminates the possibility that Intel will act as "big brother," tracking the movements across the Internet of all its customers.
In addition, Intel is developing software tools and usage guidelines for the responsible use of PSNs by websites and software vendors. Reputable websites will probably follow these guidelines to maintain their credibility with their customer base. These are the only sites that people should feel comfortable with giving their PSN away.

In one such guideline, Intel recommends websites hash a read PSN with another service ID to create a new unique identifier that will be stored and used for authentication. Since the new identifiers would be unique to each service provider, and the hashing algorithms are one-way, different websites are prevented from correlating user profiles.

Network Externalities and Critical Mass

The benefits provided by the PSN will only materialize if software developers see enough participation among customers. If there are enough computer users that are willing to actively use their PSN, application developers will create new products in response to the demand from the market. So it important for those companies interested in seeing the PSN succeed that a critical mass of PSN users is reached. Setting the default for the PSN on new computers to on will help achieve that critical mass. This is because most users will not bother changing the PSN default setting on their PCís. Setting the default to off would require users to actively turn on their PSN.

Consistent Message

Setting the PSN default to on sends a message to consumers that the industry is confident of the acceptance of the PSN and of the overall benefits the PSN will bring. Setting the default to off does not convey as strong a message. Thus, an on setting is more consistent with Intelís plans to proliferate the PSN in future processors and to introduce new security initiatives. Other vendors are sure to follow this lead.

Use with Future Software

As use of the PSN becomes more accepted, more software developers will incorporate uses for the PSN in their applications and websites. Eventually, this new software may assume that the majority of users will have their PSN enabled or will be willing to enable their PSN when requested. By having the default setting for the PSN enabled, taking advantage of these new applications is effortless. In fact, if the PSN is always left enabled, a user will never have to reenable and reboot his or her machine while working. Of course, responsible computing practices should be followed if privacy is a concern for the user.

Possible litigation over privacy violations Unlikely

Some argue that if Intel sets the default for the PSN to on, the company might be legally liable for any privacy-related problems experienced by its customers. However, there is no precedent for any similar scenario. Ethernet card manufacturers have not been made liable for the fact that MAC addresses are unique identifiers. More significantly, Microsoft has not seen any litigation from the recent discovery that its Office products contain a GUID that uniquely identifies the author of any Office document.
 

Miscellaneous Arguments in Favor of PSN ON

Validity of Hacking Concerns

Proponents against the PSN argue that private information about individuals can be obtained once their PSN is illicitly read. It is certainly true that any software can be hacked given sufficient motivation and resources on the part of the hacker. But since this is the case, people should accept the fact that any determined hacker will be able to obtain any desired information from them, regardless of existing security measures. The PSN is no different. The PSN offers reasonable protection against unauthorized reading even when set to on. If set to off, the PSN, like any other software, is still vulnerable to theft. If it is accepted that the PSN can be hacked and turned on, one must also accept that other pieces of private information, such as IP addresses, passwords or cookies, can also be obtained through hacking.

Utility of Someoneís PSN to Another Individual

Even if a hacker obtains another personís PSN, what would they do with it? Perhaps they could log onto a website as the unsuspecting person, but the hacker could have done the same by obtaining the personís username and password on a non-PSN protected website. In fact, addition of the PSN along with username and password is yet one more barrier for the hacker to overcome.

If the hacker wants to track the userís movements in the Internet or perhaps compile personal information about the individual from various websites, there is still the task of correlating PSNís across different websites. This may not be as simple as it first appears, because the recommended implementation for websites is to not store the PSN, but a unique PSN-based identifier instead. As corporate privacy policies become more important for users on the Internet, websites will be at disadvantage if they do not explicitly commit to protecting their customersí privacy to the fullest extent possible.

Measuring Concerns about Privacy

For those still concerned about privacy, there is still the option to disable the PSN either through the control utility or through the system BIOS. Certain large websites can poll visitors to determine what percentage chose to disable their PSN. It is a better measure of concern over privacy to have new computers default to on and then have concerned users actively disable their PSN, rather than have the default set to off and expect less concerned users to enable their PSN. The latter situation is likely to have many users who do not want to deal with the process of turning their PSN on, even though they do not have strong privacy concerns. In short, it is a more accurate poll of privacy concerns to have concerned users opt out of the PSN feature than to have unconcerned users opt in to the PSN.


Case : Against the PSN to be default ON

Transfer of Control to Consumer

The PSN number is likely to be collected by many sites, indexed and accumulated in databases. If the chip is shipped with this number switched off, the people can set PSN ON after fully reading the details of the issues involved and knowing its consequences. They can then decide whether the improved security in terms of electronic transaction offset their privacy concerns or not.

Moreover, most of the people are not computer savvy and are not able to check the state of the PSN, and change the set up in case they want to. Hence, if the chips are shipped with the PSN turned off, Intel will not be blamed for any mishaps.

Increased Security Risk

Having the PSN switched on will only facilitate the illegal retrieval of the PSN number from unsuspecting users. When an unsuspecting user opens an executable file downloaded from the web and the PSN is already on, he will have no way of knowing whether he was covertly transferred to a third party. The executable file could have a component that would allow the transfer of the PSN number.

No Enforcement of Misuse

The Registration Agent server, which is supposed to hash the PSN number will prevent the web site to cash in on the true cross-referencing benefit of obtaining direct data on an identified customer. It is questionable that the economic value of this information will be disregarded with no enforcement mechanism present.

PSN based password decreases, rather than increasing the level of security

Whereas passwords can always be changed in the event of a suspected breach of security, and should be anyway on a regular basis, the PSN number is unique and unchangeable. Most likely it would be a part of most web sites verifications. Therefore once a PSN number is illegally obtained there is no way of using it anymore without it possibly being compromised. The retrieved PSN could be introduced in a fairly simple software program that would intercept the PSN request from a web site and give the hacked PSN as an identifier. As it stands there is no direct way to avoid association with this PSN if it used on the web.

Industry Usage to set the Safest Mode as the Default

First time users of software used to connect to the Internet, such as Internet Explorer and Netscape Navigator are shipped with their security settings at the highest level. This allows for the novice user to be assured the maximum protection from potential harmful computer interaction over the Internet.

The Trade-off is made between the ease of communication and safety. A high level of security will generate numerous false alerts; raising flags when none should be raised. As a user becomes more experienced he will become a better judge on when heed is warranted and when to proceed. Once he reaches that certain level he can choose to lower the security level.

The same argument can be made on the PSN. By having the PSN turned off a user can become aware when and by whom the PSN will be requested during his excursions on the web.

No Reduction in Value Addition

Information Technology departments will still be able to use the PSN to track assets, even if Intel processor is shipped with the PSN switched off. An initial reboot of the computer will turn the id number back on, and users can take advantage of the PSN applications right away, soon not even remembering that it had been turned off once.

Hacking Concerns

Concerns have been raised over the security of the PSN and its susceptibility to unauthorized access through hacking. A Canadian and a German firm have independently claimed to have identified means of hacking the PSN. These claims are hacks targeted against the control utility software. Hacks against the system BIOS, while theoretically possible, are more difficult and are still in strong dispute. Nevertheless, this has led to an outcry amongst the groups against the Pentium III and its PSN functionality.
 

Intelís Perspective in Favor of PSN OFF

Possibility of Litigation with the PSN ON

There is a real threat that certain users will not be aware of the presence, or consequences of the presence of the PSN. If a computer user can successfully demonstrate that he was harmed by the covert transfer of his computerís PSN, Intel could be litigated much in the same way the Tobacco industry was. The burden of proof that would demonstrate that Intel sufficiently explained the effect of the PSN and verified that its explanation was understood, could be substantial.

This leads to the next argument

Brand Name could be Substantially Damaged

The whole controversy around the PSN has already created a Parody Logo on the "Intel Inside" which now reads "Big Brother Inside". If Intel is keen on avoiding further association with Orwellian nightmares, it must soften its stance on the issue and give the customer the option of turning the PSN on. Intel has made itself the target of the vile of a number of Privacy Protection groups and must indicate that it has understood the legitimate concerns about privacy.

Loss of Potential Customers

All the above reasons can potentially deter customers to buy the Pentium III, and by association the whole Intel range of products. It suffices for a company to be involved in a controversial issue, regardless of the soundness of its arguments, that customers and possibly business partners will want to avoid the company. The Hold and Wait reaction might sufficiently undermine sales to have a detrimental effect on the experience curve and the expected profits of the product. This in turn could have negative repercussions on future cash flows and the market value of the company.

Network Externalities and Repercussions of failure in reaching Critical Mass

The PSN turned on may not by itself determine market acceptance and the use could fail to reach critical mass.

Both advertising and marketing industries have been trying for a number of years to find advanced technology means to share information about individual consumer behavior between companies. The PSN number can be put to this purpose, and many companies already acknowledge their plans to use it to improve the quality of information gathered about their customers. But companies web sites might have to send a PSN request to the clients which are trying to connect. Such a request will be easily fulfilled if the PSN is turned on, whereas it would be more cumbersome if it is turned off. This is a good reason to take position in favor of an ID number turned on as default.

But all depends whether the use of the PSN number will reach critical mass or not. In fact, if consumers concerns manage to attenuate the acceptance of the PSN in the different industries that Intel was targeting, the benefit in terms of network externalities, that the "turned on" default state could bring about partly disappear. For instance, if Barnes and Noble decides not to require the PSN number on its web site, Amazon.com might do the same, figuring that PSN numbers acceptance has not reached the critical mass. The resistance generated by the customers would be greater than the matter-of-fact acceptance of PSN requests by electronic stores. In such a situation, the positive feedback advantages of the PSN switched on doesnít exist anymore, since neither Amazon.com nor Barnes and Noble request it, and the customer can purchase his books without worrying about the PSN number at all.

Hence this network effect might cause the industry to shy away from the use of the PSN rather than embracing it.