When intel announced that each of its new Pentium III processors would include a unique, built-in serial number that could be used for identification purposes, it wasn't hard to predict there would be some alarm from the public.
After all, when Apple introduced the original Macintosh, its ads used menacing Orwellian imagery to represent everything you didn't want your computer to be.
Now, here was the #1 chip manufacturer in the world seemingly saying it wanted to assign every computer user a number. (Shades of Patrick McGoohan in The Prisoner!)
Sure enough, alarm there was. First, privacy groups stated their concern. Then a U.S. Representative followed suit. A boycott was announced. A bill was proposed in the Arizona legislature to ban the sale or manufacture of Pentium III chips in that state. A Website dedicated to the issue was erected, complete with a "Big Brother Inside" logo ridiculing Intel's marketing slogan.
As Intel tells it, Websites will be able to query the Pentium III serial number to make sure e-commerce customers really are who they say they are. If someone says he's you, but isn't using your computer, a red flag is raised. It's a security feature, the chip maker claims, one that will make users more safe when shopping online.
But according to the Pentium III's opponents, the serial numbering scheme represents nothing less than an attempt to assign ID numbers to computer users. It would allow marketers and the government alike to track net surfers and gather information about them, indexed by number. One spokesman went so far as to refer to the chip as "toxic technology," and called for the destruction of every Pentium III manufactured to date — like tainted meat, or a shipment of bad milk.
Privacy is the haute crusade of civic-minded Netizens everywhere. It's a comforting, romantic notion — to think we're fighting the good fight against some corporate Big Brother who wants to take away our individuality. Unfortunately, in this case, fighting for "the cause" seems more like tilting at windmills.
CPU serialization itself is nothing new. As most anyone involved in the high-end 3-D graphics industry can tell you, "workstation" class computers such as those built by Silicon Graphics have long used unique numbering schemes similar to that proposed for the Pentium III. The practice can be found in much smaller, more mainstream computing devices as well, including 3Com's popular Palm III organizer. What makes the Pentium III any different?
The chip's opponents seem to be arguing that it should be scrapped simply because for the first time CPU serialization will affect us. SGI workstations remain largely the province of high-end graphics studios, Internet service providers, and research facilities. The Palm III is "just a pocket organizer (never mind the fact that the platform has its own graphical Web browser with support for secure e-commerce)."
Intel processors, on the other hand, lie at the heart of most of the desktop PCs in use worldwide, by a large margin. Under Intel's new strategy, the majority of home and business PC users will have a unique ID number assigned to their equipment, for the first time. (Well, sort of.)
As a strict matter of fact, there have been ways of numerically identifying individual computers in use for some time now. For instance, if your computer has an Ethernet interface — standard equipment on all current Macs and many PCs — you've got a unique ID already. It's called a "MAC address," and every piece of Ethernet hardware ever manufactured has been assigned one, under the supervision of a standards organization. No two are ever the same.
The purpose of a MAC address is to allow a computer to identify itself to other computers on a network wire. It's like a "net ID card" for your PC, to make sure it only receives the data that was intended for it, and to announce itself when it sends data to other computers. Without such a consistent identification system, most of the networks in use today would fall apart.
Almost nobody bothers to try and track computer users by their MAC addresses, however, because a number like this is too ambiguous and unreliable a method of identification for people. MAC addresses don't say much about the type of equipment they're assigned to, let alone who's using the equipment.
Similarly, what does a CPU serial number tell a company about you? The serial numbers can't be used for any serious security measures because there's no way to verify them as genuine. They could be forged, or scrambled by "privacy-enforcing" software.
If I sold my computer, or upgraded the CPU, my serial number would change — or someone else would start to look like me. And if I placed an order from a friend's computer, it would be sent along with the wrong serial number.
In truth, a CPU ID can't do much to identify me at all. As such, Intel's claim that the serial number is a security-enhancing feature rings hollow. And by the same token, it's probably not much good for monitoring and indexing net surfers' online habits either.
More likely, the idea of serializing processors has a different motive. For one, it would afford Intel a means to spot knock-offs and clone chips, and give computer resellers more reason to make sure their machines had "Intel Inside."
Perhaps more significantly, it gives software companies like Microsoft, who stand to lose millions of dollars each year to software piracy, more control. By developing a distribution system that ties their software to a CPU serial number, these companies can ensure that each copy of the software will run on only one specific machine — the one it was licensed to.
While a system like this would be good for software publishers, it's bound to cause individual computer users, and particularly IT managers, countless headaches. Managing software assets can be difficult enough without worrying about re-registering every piece of software on a computer following CPU and system upgrades.
If we were going to boycott the Pentium III for any reason, let's let it be this one. I'm all for preventing software piracy, but not at the expense of my productivity.
For now, Intel seems to have bowed to public pressure, and they will ship Pentium III processors with the CPU serialization feature disabled by default. But let's try to keep things in perspective, here. While there are reasons why disabling this feature is a good thing, your Social Security Number didn't turn out to be the Mark of the Beast, and the serial number on your Pentium III isn't either.
Meanwhile, the number of e-commerce transactions increases gradually but steadily each year. Doing business online is something the public wants — but before we fully accept the idea, we want to know that our transactions are secure. And so, rather than vilifying Intel with a tired, ill-informed Chicken Little routine, we should applaud the chip maker's promise to do what it can to heighten that security.
But if Intel's promise is genuine, then the company needs to get it right. A simple serial number may be a good way to prevent digitalpiracy but it is not going to cut the mustard when it comes to making secure online transactions. Surely there are cryptography and security experts who would be willing to give the chip maker some pointers in the right direction, if it will mean a safer, more private Internet for everyone.
Intel's marketing staff brought the issue to the table; let's take them up on the offer.
