PC makers deal with ID security flap

IBM and Dell will ship computers with a more secure method of turning off the Pentium III ID feature, as this explosive issue comes to a head when PC shipments begin tomorrow.

Brooke Crothers Former CNET contributor

Brooke Crothers writes about mobile computer systems, including laptops, tablets, smartphones: how they define the computing experience and the hardware that makes them tick. He has served as an editor at large at CNET News and a contributing reporter to The New York Times' Bits and Technology sections. His interest in things small began when living in Tokyo in a very small apartment for a very long time.

See full bio

Brooke Crothers

Jan. 2, 2002 4:43 p.m. PT

4 min read

Some PC makers will ship computers with a more secure method of turning the Pentium III ID feature off, as this explosive issue comes to a head when PC shipments begin tomorrow.

There has been a growing din of protest from users and civil liberties groups centered on privacy concerns about this ID feature, casting a pall over the kickoff of Pentium III PC sales. The Washington-based Center for Democracy and Technology (CDT) said it would file a complaint Friday with the Federal Trade Commission asking the commission to investigate the ID technology.

In response, some PC makers will make it more difficult for the user to turn this feature on, implying that a strategy suggested by Intel may not be enough.

Essentially, there are two ways to turn off the ID feature (See related story). One is a software program available to the user, called a "utility," which Intel has discussed. The other is more secure and is executed closer to the hardware in an abstruse layer of software called the BIOS.

IBM and Dell Computer will elect to do the latter. Gateway also said that it would disable the ID in BIOS.

Gateway will provide customers with instructions to reactivate the serial code in the BIOS, said Randy Farwell, senior product manager for consumer desktops, adding that Gateway believes the BIOS control is the most secure fix.

"The key thing was concern for privacy," Farwell said, explaining that the BIOS turns the serial code off by default unless the user goes into the setup screen to enable it. "It's similar to changing anything else in the [BIOS] set-up like a user password. We're very confident that that this is the most secure," option.

IBM will provide a similar fix. "IBM understands that consumers will continue to embrace the Internet...only to the degree that they trust the technology," IBM said in a letter.

"IBM understands that consumers will continue to embrace the Internet?only to the degree that they trust the technology," IBM said in a letter.

"There are...legitimate privacy concerns raised by the potential misuse of this feature. IBM plans to go the extra step and disable the processor ID feature at the BIOS level in our Pentium III client systems."

Dell said the ID feature will be off in the BIOS--the more secure method--unless a corporate customer tells them to turn it on.

More coverage on CNET Radio

Doing this in the BIOS is ostensibly a more secure option than disabling or enabling the chip's ID through the software utility, because there are hundreds of variations of boot-up software depending on PC manufacturers, said Christian Persson, editor of the German magazine C't.

IBM added: "This way, if a consumer wants to enable the feature, they will have to do it themselves, using a BIOS set-up option," the letter to the CDT said.

Other major PC makers are expected to take the more secure route also.

Ironically, Intel is suggesting that PC makers leave the ID feature setting in the BIOS on and turn the setting in the software utility to off--a less secure approach. The BIOS method makes it "more difficult for hackers--and users," said an Intel spokesperson. If the BIOS is turned off by the PC maker, then the software utility is rendered unusable, Intel said. In other words, users cannot toggle it on and off, as they please. It is permanently off.

While groups such as the CDT are claiming that the ID can potentially expose users to privacy violations--because it enables computers to be tracked--Intel has intended it as just another feature to help companies track assets or to be used in e-commerce functions.

BIOS makers informed
Intel says it told PC makers about the BIOS option a while ago, in addition to its widely reported software utility. "We've long told makers of BIOS how to put a switch in, long before this erupted as a controversy. Developers like to know what can and can't be done," said an Intel spokesperson, explaining that PC makers can choose between disabling the ID feature in the BIOS, or providing an Intel-developed software utility to do the same task.

Although the BIOS is more difficult for average users to configure than a Windows-based software utility, it is that inaccessibility which makes it a more secure option, he said.

Phoenix Technologies, which develops "boot-up" software for a large percentage of all PCs, has developed three different BIOSs for the Pentium III processor, according to Curtis Williams, engineering manager for the silicon support group at Phoenix.

Basically, these technologies provide different levels of control and security, ranging from support for Intel's software utility to the most secure feature which turns off the ID setting in the BIOS. "This gives [PC makers] the option to completely disable the feature," Williams said. "There is no way for the user to turn it on. We did provide this option just to be very safe."

Locating the "serial code" for the ID feature in the boot-up software may provide more security than the software utility, Williams explained, because the BIOS is "one layer closer to the hardware than the application software."