Groups press agency on Pentium III

Representatives from the Center for Democracy and Technology will meet with the FTC next Monday to discuss an investigation into the controversial serial code hardwired into Intel's new Pentium III processor.

Privacy advocates charge that a permanent identification number associated with a computer's hardware is an invitation to exploitation and is moreover an ineffective method of security.

"We're seeking an injunction on the chip itself and an investigation of the safest way for PC manufacturers to disable the chip," said Ari Schwartz, a senior policy analyst at the Center for Democracy and Technology.

The Pentium III serial code was designed as an additional layer of protection for e-commerce transactions and to aid large corporations in tracking technology assets, Intel says. In the wake of the controversy surrounding the chip, most major PC manufacturers have stated they will disable the offending feature of the Pentium III.

But though privacy and consumer advocates such as the American Civil Liberties Union and the National Consumers League continue to press the government for intervention in the Pentium III issue, these groups have been much more conservative in their response to the latest privacy concerns about Microsoft's Windows 98 operating system.

Over the weekend, Microsoft confirmed that the Windows 98 registration "wizard" generates and gathers information about system hardware--even when a user had specified that no information should be gathered.

"Late Friday it was brought to our attention that the Windows 98 Registration Wizard might inadvertently be sending a specific hardware identifier to Microsoft during user registration, regardless of whether the user chose to send his or her hardware diagnostic information," Windows marketing director Yusef Mehdi wrote in a letter to Windows 98 customers today.

"There are hypothetical scenarios in which this number could be used to learn something about the user's system without his or her knowledge," Mehdi wrote, stressing that Microsoft was not collecting the numbers for marketing purposes.

Microsoft has said it will include a fix for the situation, which it terms a "bug," in the upcoming service release for Windows 98, to be released this summer. Although the Windows vulnerability is probably not a major privacy breach, Microsoft's track record on user privacy gives privacy groups and industry analysts pause.

"Privacy is very important and needs to be safeguarded--and Microsoft traditionally has... been somewhat cavalier in terms of personal privacy," said Dan Kusnetsky, an analyst at market research firm International Data Corporation.

"We were pleased that they were so quick to say that [they will issue a fix]," Schwartz said, adding that the group will continue to keep an eye on the situation. "But we will have to wait and see whether they actually fix it."

The CDT will not discuss the Microsoft privacy flaw in its meeting with the FTC, Schwartz said.

The Windows vulnerability is probably not as serious a privacy issue as Intel's decision to include identifying codes in their processors, analysts say. "A lot of the issues have been blown way out of proportion," Kusnetsky added.

The Microsoft privacy flap is probably a "tempest in a teacup," agreed Rob Enderle, an analyst at the Giga Information Group, who believes that more common privacy violations occur among Web sites which use "cookies" to track user's surfing habits and passwords.

"This [controversy] is anticipating a problem that doesn't yet exist," he said. Until biometric security like fingerprint identification is widely available to reassure people who are sending confidential information, companies like Intel and Microsoft will continue to come up with "workaround" solutions, especially as e-commerce and the Internet as a communication medium continues to gain mass acceptance, he said.

"For the most part, users are going to have to get over this," Enderle said. He called for more comprehensive regulation of the way that software companies and Internet sites gather and share information about customers.