Technology
toolbar
January 26, 1999

Intel Alters Plan Said to Undermine PC Users' Privacy

Critics Say ID Number Would Allow Companies to Collect Profiles on Consumers
By JERI CLAUSING Bio

Intel Corp. backed away on Monday from a plan to embed an identifying signature in its next generation of computer chips, bowing to protests that the technology would compromise the privacy of users.


Related Articles
Administration Seeks Input on Privacy Policy
(November 6, 1998)

Strict European Privacy Law Puts Pressure on U.S.
(October 9, 1998)

European Law Aims to Protect Privacy of Personal Data
(Oct. 26, 1998)

Forum
Join a Discussion on Online Privacy

Intel, which makes about 85 percent of the world's computer processors, announced last week that each of its new Pentium III chips would have an identifying serial number that would enhance the security of electronic commerce and guard against software piracy.

But advocacy groups said they feared it would mark a further erosion of anonymity on the Internet and would allow companies to collect detailed profiles of consumers, which could then be resold.

On Monday, Intel said it would modify the identification system in the new chips so that it is automatically disabled unless the computer user voluntarily turns it on. The company said it would also offer free software to allow customers to turn off the feature permanently.

"We've always understood that there are security questions that get raised when someone is providing identification in a transaction," Tom Waldrop, an Intel spokesman, said in explaining the reversal. "Whether an individual is showing a driver's license of handing over a credit card number, it always raises a privacy question. We have done things to address that. You have to weigh the positive value of having more secured Internet transactions, more secure electronic commerce, against any privacy concerns."

Marc Rotenberg, executive director of the Electronic Privacy Information Center, a privacy advocacy group in Washington, D.C., which had called for a boycott of the new chip, said, "It looks like we won Round 1." But he said much more needed to be done.

"It's a temporary fix, he said. "It can be as easily disabled as enabled. There's not enough assurance here that the chip will not be misused."

Intel said it would continue to work with consumer groups to allay fears about the new chip.

Intel, the world's largest chipmaker, with $26.2 billion in sales last year, said the chip signature was intended to promote the growth of electronic commerce by giving companies a better way to verify the identities of their customers. It said the feature could also be used to avoid piracy by preventing a single copy of a software program from being installed on several machines.

But after Intel last week announced plans to include the identification technology in its Pentium III chips, which are due for release in a few months, a furor ensued.
Much of the privacy debate has focused online marketers, but the new technology also raises concerns about how it could be used by law enforcement officials.

Junkbusters, a high-tech lobbying group based in Green Brook, N.J., said in a statement on its Web site: "Intel's proposal to put a unique ID code inside of every computer it sells will significantly reduce the level of privacy available to computer users around the world. The unique code will make possible far more extensive tracking and profiling of individual activity, without either the knowledge or consent of the user."

On Friday, Rep. Edward Markey, the senior Democrat on the House consumer protection subcommittee, wrote a letter to Intel's chief executive, Craig Barrett, asking that the company reconsider its plans, "to better balance both commercial and privacy objectives."

Markey said he understood the technology's implications for online commerce, where the anonymity of the Internet can encourage fraud. But he expressed concern that it would also help online marketers surreptitiously track consumers on the Web.

"Intel's new product improves technology for online commerce in a way that compromises personal privacy," Markey wrote.

The skirmish over the Pentium III is the latest front in the struggle between security and privacy on the Internet. Earlier rounds have focused on the use of an identifying mechanism called "cookies," which enable Web sites to write information onto a computer's hard drive that could serve to identify the computer user on future visits. Many Web sites now require users to accept a cookie as a condition of entry. But unlike cookies, which are contained in a text file that can be altered or deleted by the user, the Pentium III signature would be a part of the hardware.

In its effort to reassure consumers, Intel said it would not maintain a master database of consumer names matched to Pentium serial numbers. The company said it would also encourage Web sites and software programmers to warn consumers whenever the serial number is retrieved.

While much of the privacy debate has focused on how online marketers and companies collect personal information, the new technology also raises concerns about whether it could be used by law enforcement officials and governments.

"We've always thought that in this debate over authentication, governments would like more rather than less," Rotenberg said. "This is the flip side of anonymity, and governments are pushing for authentication. So there are some real concerns about government control."

The dispute erupted at an awkward time for the Clinton administration, which has for months been trying to convince the European Union that American companies are doing enough to protect consumer privacy on line.

In October, the European Union enacted a tough privacy law that prohibits companies doing business in its 15-member countries from disclosing personal information about customers without their consent. Rather than pass a law adopting the European Union requirements, the Clinton administration has been pushing online marketers and merchants to adopt self-regulatory models for protecting consumers on line. But it has had a tough time selling that approach as adequate to the European Union, although the union has delayed sanctions against the United States while negotiations continue.

Gary Clayton, counsel and senior privacy analyst for Stone Investments, a technology investment firm based in Dallas, said that while there are some legitimate privacy concerns with the new technology, "this is designed to actually protect people from something privacy advocates have been talking about, which is theft of personal information and fraud."

Related Sites
These sites are not part of The New York Times on the Web, and The Times has no control over their content or availability.

Jeri Clausing at jeri@nytimes.com welcomes your comments and suggestions.

Home | Site Index | Site Search | Forums | Archives | Marketplace

Quick News | Page One Plus | International | National/N.Y. | Business | Technology | Science | Sports | Weather | Editorial | Op-Ed | Arts | Automobiles | Books | Diversions | Job Market | Real Estate | Travel

Help/Feedback | Classifieds | Services | New York Today

Copyright 1999 The New York Times Company