To Fund Managers 2/28 · To FTC 2/26 · To FTC 2/22 · To OEMs 2/25 · To OEMs 2/22 · (News on Pentium III)
Background on the Pentium III PSN issue is maintained on our News page. The boycott was called off at the end of April 2000.![[Feedback]](/images/fb.gif){kind=small}
Letter sent to managers of socially responsible mutual funds 1999/2/28
The following open letter to socially responsible investors was sent to the
managers of the funds listed below.
[News release]
They range in size from approximately $100 million to one billion dollars.
They are leading examples of the importance of
social investing
and
shareholder activism.
More than $1 trillion in assets are
under management in socially and environmentally responsible portfolios,
according to a 1997
report
by the nonprofit Social Investment Forum.
The manager of one of the funds
announced
3/1 that they had begun an investigation.
We received a similar undertaking in a letter dated March 4 from Citizens Funds.
[Mutual Fund Magazine]
We write to alert you to the socially irresponsible actions of Intel Corporation, and to seek your assistance in averting the severe damage to privacy that Intel is willfully attempting to inflict on the public.
You may have read some of many media reports in the past month that Intel's Pentium III chip, which went on sale Friday 2/26, contains a unique identifier called the Processor Serial Number (PSN). Intel intends to make the PSN a de facto ID number for the Internet: they anticipated that it would be disclosed during visits to Web sites for example. The dangers to privacy are similar to those of the Social Security Number, but on an even larger scale due to the speed, richness and pervasiveness of the Internet in our society.
Four days after Intel announced the PSN feature our groups called a consumer boycott of the company, and Intel responded within hours claiming that it would change the chip's identifier from "normally on" to "normally off." In fact they did not change the chip at all; they merely changed their recommendations to PC manufacturers on how the chip is configured by software.
Following the public outcry as news of the feature spread through the mainstream media, most PC manufacturers have chosen a method of turning off the number more strongly than Intel recommended. But technical reports suggest that the PSN can still be turned on against the user's wishes by attacks such as viruses, and some manufacturers may not maintain or even start with a configuration where the PSN is off. In countries with repressive governments, the PSN could be used as a powerful tool of surveillance against their citizens. We and other privacy groups have consistently asked Intel to permanently remove this feature in the chip, but they have refused to do this.
Intel assert that the PSN feature is useful to improve the security of electronic commerce transactions, but technical experts have rebutted this claim. There remains no credible benefit of the PSN feature to consumers, only severe and obvious harms. The main reason for Intel's intransigence is plainly the expense and embarrassment of removing the feature now that it has shipped some chips. A similar situation occurred a few years ago with a bug in the original Pentium chip, and Intel was very slow to correct and address consumer concerns.
We have asked PC manufacturers not to ship systems containing the chip, but they all began selling systems on Friday. We and other privacy groups have asked the Federal Trade Commission to compel Intel to change the feature, but the Commissioner has indicated that he believes the FTC may lack the legal authority to do so. Other remedies might eventually be arrived at by the FTC, but time is of the essence here.
Because Intel seems deaf to appeals based on societal good (the statements of many of their executives in the press indicate a disturbing arrogance and disregard for consumers), we are reaching out to socially responsible investors to bring economic pressure to bear on Intel to permanently disable this dangerous feature. Privacy is rising in public importance in the age of the Internet in a manner analogous to the rise of environmental concerns a few decades ago: we hope that you consider this fundamental human right merits your attention and effort to protect.
We would welcome your advice on how to best achieve the goal of
stopping Intel from damaging privacy. Here are our current proposals
to socially responsible investors.
Sincerely
[EPIC, Junkbusters, Privacy International]
Letter sent to FTC 2/26
[Background to this letter is explained in a News release]
By letter dated February 22, 1999, we joined with several other organizations in urging the Commission, in accordance with 16 C.F.R. § 2.2, "to consider action it might take to prevent Intel's Processor Serial Number (PSN) from severely damaging consumer privacy and consequently stunting the growth of e-commerce."
In the days since that letter was transmitted, articles have appeared in the technical press indicating that Intel's representations concerning a software "solution" to the PSN problem are misleading and possibly deceptive. See, e.g., Christian Persson, Pentium III serial number is soft switchable after all, C'T, February 22, 1999 (http://www.heise.de/ct/english/99/05/news1/) (copy attached hereto). We believe that these technical findings may have a direct bearing upon the Commission's consideration of our request for an inquiry.
We understand that the Center for Democracy and Technology
("CDT") has today filed with the Commission a "Complaint and
Request for Injunction, Request for Investigation, and for other
Relief" with respect to this matter. We hereby request that the
Commission consider our pending request for an inquiry and the
CDT complaint together, and that we be advised of any Commission
decision concerning this matter.
Sincerely,
[EPIC, Junkbusters]
encl.
Letter sent February 25 to CEOs of OEMs
To: Eckhard Pfeiffer, President and CEO, Compaq Computer Corp.,
Michael S. Dell, Chairman and CEO, Dell Computer Corp.
Theodore Waitt, Chairman and CEO, Gateway 2000 Inc.
Lewis Platt, Chairman, President and CEO, Hewlett-Packard Company
Louis V. Gerstner Jr., Chairman and CEO, IBM
Dear Sirs
By letter of February 22 we alerted you to our concerns with the Processor Serial Number feature of the Intel Pentium III. In light of developments since then we are now urging you to order an immediate suspension of all your company's products that contain the Intel Pentium III.
We believe that OEMs have a duty to properly inform their customers about the privacy risks of a PC containing a PSN.
Shipping
the Pentium with an assurance that the end user can control
the functionality of the PSN would seem premature in light of
recent reports to the contrary,
such as the
article
published by the German computer magazine c't
on February 22.
We believe that such a claim made
under current circumstances could constitute a material
misrepresentation of the sort prohibited by federal consumer
protection laws and regulations.
Sincerely,
[EPIC, Junkbusters, Privacy International]
Other groups are invited to sign on; those have already replied affirmatively include:
the
Privacy Rights Clearinghouse
and
Private Citizen, Inc.
Letter sent to FTC 2/22 (before Heise bug was noted)
Mr R. Pitofsky
Chairman
Federal Trade Commission
Dear Sir
This letter is to ask the Commission to consider action it might
take to prevent Intel's Processor Serial Number (PSN)
from severely damaging consumer privacy and consequently
stunting the growth of ecommerce.
Most of the media coverage of this issue has incorrectly reported that
"Intel disabled the feature" or that "the number will be off by default."
Both these statements are false. Intel did not change the chip at all;
they merely decided to change the "control utility" software
they will provide to OEMs (PC manufacturers),
which the OEMs may or may not use.
The
page
of questions and answers on the PSN
published on Intel's own web site on or before 2/3 stated that
``While the processor serial number is activated in the chip,
the default control utility setting will turn the feature to "OFF."
The utility then allows the user to choose
whether to enable the processor serial number feature...''
Nothing there suggested that this "default off" setting would be
anything less than universal.
Yet in a 2/18 Reuters story an Intel official admitted
that OEMs will be shipping PCs with the PSN on (contrary to the statement
above) in units destined for the workplace.
So in addition to the statements attributed by the media to Intel,
Intel's own directly published statements
have not accurately reflected the reality
of their position.
We request that the Commission consider whether
its Section 5 authority regarding false claims and deceptive practices
should be brought to bear on Intel.
Beyond the question of deception is the issue of the harm that will be caused by Intel's actions, whether misrepresented or not.
While the case against the PSN has been stated in many places
(such as
http://www.bigbrotherinside.com)
the following argument
has been formulated along lines familiar from other actions taken
by the Commission. In summary we believe that:
1) The PSN is likely to cause substantial harm to consumer privacy
and consequently reduce consumers' participation in ecommerce.
2) This harm will not be easily be avoidable by consumers.
3) The harm will not be outweighed by countervailing benefits.
The following paragraphs expand these three points in turn.
1) The PSN is likely to cause substantial harm to consumer privacy
and consequently reduce consumers' participation in ecommerce.
This assertion is based on the following subassertions.
(a) The PSN will become a de facto standard Global User Identifier (GUID).
(b) The GUID will be used by companies in information practices that are unfair.
(c) Such practices will become known to consumers, some of whom will avoid
participation in ecommerce because they apprehend that their privacy
is at risk by doing so.
(a) The PSN is destined to become a de facto standard Global User Identifier
(GUID) for the Internet, much as the Social Security Number became the
GUID for financial transactions. Intel's stated intention to add the
PSN to their other chips, plus their near-monopoly market share mean
that the PSN feature would be present on the majority of PCs in a few
short years. Although other uniquely identifying numbers have been
available on computer hardware, none has had the ubiquity and attractiveness
of the PSN. Intel has listed copyright protection as one of the advantages
of the PSN, and software publishers are certain to adopt it for the
consumer software market. (In the business software market,
similar mechanisms have been available on expensive workstations for years.)
Any piece of software that requires the PSN for copyright
protection could obviously also use it for other purposes.
(b) The GUID will be used by companies in information practices that are unfair.
The history of cookies has shown that browser manufacturers
and web sites have a mutual commercial interest in tracking and targeting
consumers using mechanisms that are turned on by default. Several companies
have already set up schemes to bypass the limitation of cookies that
each site gets a different cookie, allow the sharing of information about
visitors. Having a PSN provided by the browser to web sites
would allow these extra efforts
to be bypassed. Given that the browser market is a duopoly where both
duopolists have a significant consumer ecommerce operations,
those manufacturers have a compelling incentive to make the PSN available
to their own sites and to partners. Beyond browsers,
other software such as mail and chat programs might choose to disclose the PSN,
overtly or covertly. (Intel have already indicated one of the intended
uses is to exclude "rogue users" from chat rooms.)
In the current legal environment where web sites (except those targeted
at children) are not required to abide by any code of fair information practice,
and where information on online behavior is a valuable and salable,
the PSN will inevitably be used in unfair, privacy-invasive practices.
(c) Such practices will become known to consumers, some of whom
will avoid participation
in ecommerce because they apprehend that their privacy is at risk by doing so.
Surveys such as the 1998 Harris/Business Week poll
indicate that fear for privacy
is the number one reason consumers give for not going online (ahead
of price and usability). The PSN will move reality much closer to
these consumers' worst fears. The considerable media attention
and public discussion of Intel's announcement reflects the high level
of concern over the state of online privacy.
2) This harm will not be easily be avoidable by consumers.
This point follows from each of two assertions.
(i) Many consumers will not know they are using a PSN-enabled machine,
or will not understand the implications of the PSN for privacy.
(ii) Many will be compelled to disclose their PSN.
The most extreme example of compulsion will occur in machines in the workplace.
Intel have listed asset management as an intended use of the PSN.
To support this, organizational buyers would order PCs from the manufacturers
with the PSN permanently enabled in the BIOS. It could be argued that
employees should have no expectation of privacy at the workplace,
but lunchtime private usage actually raises the level of Internet activity,
and many consumers find the cost of establishing an Internet connection
at home prohibitive, so this group will represent a substantial number
of ecommerce participants.
Furthermore, business routinely dispose of PCs to employees,
schools and others for personal use,
and few consumers know how to reconfigure a BIOS.
Even on PCs where use of the PSN is ostensibly optional and opt-in,
experience shows that consumers will be coerced into submitting to
the tracking mechanism. Microsoft for example
demands cookies as a precondition to access to
large amounts of technical information, some essential to performing
key tasks.
Other sites require cookies or registration
as a condition of entry to the site, or as a condition of purchase,
or a condition of using software.
This may be as essential as the operating system or personal finance software.
The putative choice is often illusory.
Returning to point (i), many consumers will not know they are using a
PSN-enabled machine, or will not understand the implications of the PSN
for privacy. Intel has suggested a small taskbar icon as a visual indication,
but this decision is not even in their hands, and
manufacturers are unlikely to voluntarily place a warning
label on their products that explains the privacy implications of
a PSN.
3) The harm will not be outweighed by countervailing benefits.
Intel claims various benefits for the PSN, mostly in improving security.
However as documented on
http://www.bigbrotherinside.com
mentioned above,
several leading technical experts have stated that as a security
mechanism the PSN is too weak to be very useful.
In areas such as asset management and copyright protection,
other mechanisms are already in use that do not depend on a PSN.
This completes our argument that the PSN is likely to cause
substantial harm which will not be easily be avoidable by consumers, and
will not be outweighed by countervailing benefits.
As you may know, privacy groups have consistently called on Intel
to permanently disable the feature since the day it was announced.
Some have asked Intel to recall all product shipped with the feature.
We ask the Commission to consider what action it might take
to reduce the harms to consumer privacy and ecommerce identified here,
including any means to compel the company to disable the feature
and order a recall, whether directly or through PC manufacturers.
We also request that Commission consider whether
its Section 5 authority regarding false claims and deceptive practices
should be brought to bear on Intel.
Finally, we request a meeting with the appropriate staff of the Commission to discuss this matter.
This letter is not a formal petition and complaint to the Commission,
but such a plea might follow at a later date.
The Commission's consideration of this letter and
any response will be very much appreciated.
Very respectfully
[Groups who signed on.]
Note: Correspondence may be addressed to EPIC, who will summarize
and distribute responses, or to all signatories if desired.
Letters sent to CEOs of PC Manufacturers 2/22
To: Eckhard Pfeiffer, President and CEO, Compaq Computer Corp.,
Michael S. Dell, Chairman and CEO, Dell Computer Corp.
Theodore Waitt, Chairman and CEO, Gateway 2000 Inc.
Lewis Platt, Chairman, President and CEO, Hewlett-Packard Company
Louis V. Gerstner Jr., Chairman and CEO, IBM
Dear Sirs
You may already be aware of the boycott over the Pentium III's
Processor Serial Number against Intel;
in case you are not familiar with the privacy impact of the PSN,
a draft letter to the Chairman of the
Federal Trade Commission that summarizes
our concerns is available at
http://www.junkbusters.com/intel.html
on the Web.
Background material is also available at the campaign home page,
http://www.bigbrotherinside.com.
The organizers are considering extending the boycott to major PC
manufacturers who ship Pentium III systems in a configuration that would
significantly damage consumer privacy.
We request your assistance in providing us with information on
your company's intentions, so that we can determine our
organization's boycott policy
regarding your company and any individual consumer products containing a PSN.
We would welcome any information you consider relevant,
but we specifically seek to determine as soon as possible
which of the following statements best describes your company's position.
1) Refusing to ship Pentium III systems until Intel disables the PSN
in the chip.
2) Not currently planning to ship Pentium III systems, for whatever reason.
3) Planning to ship Pentium III systems with the PSN disabled in the BIOS,
so that it cannot be enabled without altering the BIOS.
4) Planning to ship Pentium III systems with the PSN enabled in the BIOS,
but disabled by default in the OS or desktop in a manner that
allows the PSN to be
enabled with a change of configuration and a reboot.
5) Planning to ship Pentium III systems with the PSN enabled by default
after startup, but with a mechanism provided to disable the PSN upon
request by the user.
6) Planning to ship Pentium III systems with the PSN enabled by default
after startup, with no built-in mechanism to disable the PSN.
(The user would have to download an application from some web site
for example.)
These six alternatives above are listed in increasing order of
hostility towards privacy, and we hope that your response will be
one of the first two or three.
If your company intends to ship PCs in different configurations to consumer markets vs. the workplace, please provide details for both.
We would also be grateful for answers to the following questions
whenever you are able to provide them, but please do not delay
answering the crucial question above while preparing this or any additional
information. Depending on your plans, some or all of these questions
may not apply to your company.
(i) How will the consumer be notified whether the PSN is on?
If with a visual indication on the screen, to what extent will this be vulnerable to tampering by viruses or other attacks by hostile applications? What warranty, if any, will you provide to your customers that the PSN will not be disclosed against their wishes?
(ii) Will
clear and
conspicuous notice of the privacy impact of having the PSN enabled
be provided, such as a label on the front panel of the PC, in the printed
documentation, or as a popup on the desktop?
(iii) To what extent
will
your company offer customers
alternatives to Intel processors, both generally and specifically
in the price/performance space of the Pentium III?
In particular, is an offering using the AMD K6-3 planned or available?
(iv) If the PSN is automatically turned off at some point in the startup process, please clarify whether the Microsoft Windows have access to the PSN before it is turned off. If you are aware of whether Windows will store the PSN in the Registry or elsewhere so that it is available to Web browsing functions, please provide details.
We hope that your company will show a true commitment to consumer
privacy with actions, not words, in the computer products it ships
in the next month.
We look forward to hearing from you what these actions will be,
so that we can determine our boycott policy and communicate this
to consumers, consumer groups and government authorities.
Sincerely
[Groups who signed on.]
Enclosure
Note: Correspondence may be addressed to EPIC, who will summarize
and distribute responses, or to all signatories if desired.
Letter sent to consumer and privacy organizations 2/15
The groups that signed on to the letters by 2/22 include the
Center for Media Education,
consumer.net,
EPIC,
Junkbusters,
Private Citizen,
Privacy Rights Clearinghouse,
Privacy International,
and
Privacy Times.
Friends,
I'm writing to seek your support and guidance on the Pentium III boycott.
In the weeks since Intel announced that the Pentium III will contain
a Processor Serial Number, two things have emerged clearly.
1) Consumer and privacy groups consistently oppose the PSN feature
because it will severely damage online privacy.
2) Intel has refused our calls to disable the feature in hardware.
It has offered only cosmetic concessions which do not solve
the basic problem, such as changing the default from on to off
(which is not even under their control).
I propose two actions, for which I seek your support and guidance.
1) Writing to the FTC asking them to consider what they can do
to prevent the harm to privacy that would result from the PSN proliferating.
2) Writing to the heads of the major PC manufacturers, asking them
whether and how they intend to use the Pentium III, and putting them
on notice that they too might be boycotted in the future, depending
on their actions.
Drafts of these two letters are included below. Please let me know
if your organization wishes to be included as a signatory.
Suggestions for changes and other actions are welcome too of course.
None of this requires your organization to endorse a boycott of
Intel or any PC manufacturer (though your expressions of support
here would also be welcome); the current step is simply asking for
improvements and signatures on the letters.
You might also be interested in some of the materials that we have
developed with the help of volunteers: a flyer explaining
the campaign that prints nicely in color or black and white.
You're welcome to include it in your newsletters, on your web site,
or wherever you think best gets the message out:
http://www.junkbusters.com/bbi.pdf
This and the graphic elements and a banner ad will soon be available
on the campaign home page: http://www.bigbrotherinside.org
We're also providing a facility to help consumers draft letters to
PC manufacturers asking them not to ship PCs with a PSN. Here's a sample:
http://www.junkbusters.com/cgi-bin/optout?from=none&to=dell
If you have any questions, comments or suggestions, they are most welcome too.
I would like to try to have the letters and signatories settled
by Friday February 19, as the Pentium III will be launched at the end
of the month. Thanks for your help.
Jason Catlett
Dates and details of the letters
The 2/28 letter to fund managers was sent by regular US mail that day. The 2/26 letter was faxed to the FTC early in the afternoon of Friday 2/26. The 2/25 letter to PC manufacturers (OEMs) was faxed at approximately 2:30pm EST and sent by certified mail later in the afternoon. An earlier letter to OEMs was also faxed and mailed 2/22. The original letter to the FTC was faxed at 3pm on 2/22.
Home · Next · Site Map · Legal · Privacy · Cookies · Banner Ads · Telemarketing · Mail · Spam · Opt OutCopyright © 1996-2005 Guidescope Inc ®. Copying and distribution permitted under the GNU General Public License. 2005/01/15 http://www.junkbusters.com/intel.html