Intel Processor Serial Number Q&A for OEMs
That was then
The following Q&A document was sent to Intel OEMs on March 5th, 1999 to provide answers to user and press questions on PSN. Processor Serial Number Q&A for OEMs March 3, 1999 Prepared by Howard High Background Intel has briefed press, industry analysts, privacy organizations, and government agencies about a new feature of the Pentium(r) III processor called "processor serial number." This feature is Intel's first step in addressing the security needs of the Internet. We believe this feature adds new value to business and consumer PCs. For example, corporate I.T. departments can use this feature to track assets and manage systems in a more efficient manner to help reduce the total cost of ownership. For consumers, the potential of the Internet promises new ways to shop online, manage their lives, and access and share information. Used in combination with other identifiers such as passwords and user names, hardware features such as processor serial number can provide added confidence. This feature initially gained significant press coverage as three of the more extreme privacy organizations called for a boycott of the Pentium III processor until the feature is removed. Over the past few weeks press coverage has lessened and we continue to work and discuss issues with many of the mainstream privacy organizations. Intel is committed to privacy and is providing a software control utility that will allow users to the ability to turn the processor serial number feature OFF or ON. A Washington-based privacy group -- the Center for Democracy and Technology (CDT) -- sent a written request to the U.S. Federal Trade Commission asking for an investigation and injunctive relief regarding the processor serial number (PS#) feature of Intel's Pentium (R) III processor. CDT alleges deceptive and unfair trade practices. Intel believes it has been very open in promoting the processor serial number feature and its uses. C'T magazine in Germany published a news story on February 22, saying that they had identified a way to "switch on the command for reading out the serial number by software." When the magazine was questioned, they admitted that they have not actually compromised the PS# accessibility, but rather are suggesting that it can be done. However, representatives of the publication have been quoted in press articles indicating that they have actually done this. Intel is working with the publication to correct its web page and encouraging the publication to be more accurate in its representation of facts. Intel has already been on the record saying that any piece of software, including our software utility, can be hacked if the hacker is skilled and motivated enough. While Intel has received phone calls and email from individuals stating their opinion that we should remove the processor serial number feature, the volume has been small. Intel has been averaging a hundred or more queries per day on the privacy issue versus thousands per day during the time of the Pentium processor flaw in 1994 -- even through the number of people on the Internet is 10X larger. If you have press questions, please contact Howard High at Intel (No. deleted). Key Messages about Intel's processor serial number feature:
- The Pentium III processor is the first Intel processor featuring processor serial number to enhance the Internet experience.
- The processor serial number is Intel's first step toward addressing the security needs of the Internet. Intel will continue to work with the industry, security experts, privacy groups, and governments worldwide to further our goal of a trusted, connected computing world.
- Intel is committed to improving security and privacy and is providing a software application that will give users the choice to enable or disable the feature. Intel modified the control utility default to set the processor serial number feature to OFF. This means the user must choose to turn the processor serial number ON.
- Processor serial number also adds new capabilities to business users for applications such as asset tracking and manageability, and for consumers it provides new levels of authentication and validation.
- We recognize that processor serial number also raises privacy concerns and we are working to make sure those concerns are addressed. We believe the best way to protect computer users while allowing them to benefit from this feature is to provide the tools for them to activate or deactivate the use of the processor serial number.
- Questions and Answers Q1: What is the Intel processor serial number? A1: The Intel processor serial number feature is embedded into the chip during the manufacturing process of the Pentium III processor. The Intel processor serial number serves as an identifier for the processor, and, by association, its system. Like the serial numbers on many other electronic devices or products, the Intel processor serial number is implemented electronically, rather than being placed on the exterior of the product. Q2: What are the benefits of the processor serial number? A2: In business, Corporate I.T. departments can use it to track assets and manage systems and information in a more efficient manner to help reduce total cost of ownership. For consumers, the potential of the Internet promises new ways to shop online, manage their lives, and access and share information. Used in combination with other identifiers such as passwords and user names, hardware features such as processor serial number can provide added confidence. Q3: I understand that some PC OEMs are turning it OFF in the system BIOS. Is this true? A3: Most OEMs have followed our suggestions to include an additional level of user control by adding a BIOS switch. While it is true that some OEMs plan to ship systems with BIOS switches preset to OFF, these are primarily for consumer units. Corporate IT departments will be able to choose the default setting in many cases from the OEMs of their resellers. Corporate IT departments particularly see the value of processor serial number for asset tracking and systems management. Q4: Why does security on a PC and over the Internet need to be improved? A4: E-business worldwide is growing rapidly, and users have said that the security of their transactions and information is a primary concern. PCs today are secure enough to handle many e-business applications such as using a credit card, transmitting sensitive information, or providing remote access to corporate networks. However, incremental hardware-based security technologies such as processor serial number will allow users and businesses to more confidently carry out electronic transactions and access or send sensitive information - something that is important for the Internet. Adding processor serial number will enhance - not replace - existing user authentication methods such as user name and passwords. Q5: Once you use the processor serial number control utility to turn the processor serial number feature OFF, it will automatically default back to ON? A5: No. The control utility remembers the user's preference so that it can reinstate it each time the PC boots-up. When first installed, the control utility's default is OFF, and the utility will turn the processor serial number OFF every time the PC is booted. For a user to enable the processor serial number feature, they will need to change the software setting in the control utility to ON, which will update the setting in the Windows* registry. They will then need to reboot their PC. Q6: When users buy PCs, is the processor serial number control utility pre- installed? A6: The control utility may or may not be pre-installed by PC OEMs on their early Pentium III processor-based systems. Intel is working with PC OEMs to have the control utility pre-installed on as many systems as possible. It will also be available in a number of other ways including on a CD-ROM direct from Intel and as a software download on the Internet. Q7: Several privacy groups have recently announced boycotts extending to PC OEMs that are selling Pentium III processor-based PCs. Comment? A7: We continue to work with a number of privacy organizations. We have met with the three organizations that called for the boycott. We continue to believe that the best solution is to leave the control of the utility and processor number feature in the hands of the individual computer user. Q8: Does the Pentium III processor broadcast its serial number when it is enabled and a user is connected to the Internet? A8: No. The processor serial number is passive. Thus, it does not transmit or broadcast itself. If a person chooses to enable the feature, then, when visiting a website that can utilize processor serial numbers, the website needs to send software to the PC to read the processor serial number. Q9: What types of applications and services will use processor serial number? A9: Processor serial number will be used in applications that benefit from stronger forms of system and user identification, such as:
- Applications using security capabilities
- Information Management
- Q10: How do I know whether the processor serial number feature is ON or OFF? A10: The processor serial number control utility offers users a visual indication of the state of the processor serial number feature via an icon in the Windows* system tray, providing a visible means for users to regularly and easily determine whether the processor serial number is enabled or disabled. Q11: Since the control utility consists of software, couldn't someone simply create a virus that could turn it back to ON even though a user had turned it OFF? A11: Not while the PC is running. It requires a reset of the processor, which is normally done by rebooting the computer to re-enable the processor serial number feature. Any software can theoretically be affected by a virus. This underscores that consumers need to exercise safe practices such as accessing trusted websites and software when using the Internet. Q12: Isn't turning off the processor serial number feature something that should be done in the BIOS? A12: Intel believes in choice for consumers. The processor serial number control utility provides a more user-friendly way to control the processor serial number feature than does the BIOS. Most BIOS setup programs are text based, difficult for many users to understand, and harder to access. The Intel processor serial number control utility will have a standard, user-friendly Windows GUI. BIOS programs also vary from system to system, while the Intel processor serial number control utility will provide a common interface for all Windows based systems. Some OEMs and users may prefer certain feature differences between a BIOS and utility solution, and we will support their preferences. We continue to believe that providing end-users with the choice to turn the processor serial number feature ON or OFF in the software control utility provides them with the most options. Q13: Can someone else turn on the control utility remotely in my machine? A13: Once the control utility or the BIOS switch has disabled the processor serial number feature, it cannot be turned back ON without resetting the processor, which normally means rebooting the machine. The control utility is designed to default to the last user selected preference each time the system is turned on. Note that the control utility, or any software, can theoretically be affected by a virus that is allowed onto the user's system. Q14: If a PC is placed in "sleep" mode or is not fully shut-down, will the processor serial number feature be in the correct state when the PC is powered back up (and the full system BIOS is not run)? A14: To enhance the security and privacy for end-users, we are working with PC OEMs and BIOS vendors to help ensure that all BIOS software for the processor serial number feature is properly designed and will set the BIOS control to the user's preference when the PC is resumed from either a "sleep" or powered-down state. Since the processor serial number control utility may already be running when the system is resumed, we have a feature in the control utility which will poll the user preference setting approximately every 15 seconds to make sure that the processor serial number is in fact disabled, assuming the user had selected that preference. Key Messages for the letter to the FTC
- Intel has reviewed the CDT request, and sees nothing new in it.
- Intel believes it has not engaged in deceptive or unfair practices regarding the PS#.
- No complaint has been filed against Intel regarding the PS#. Only the FTC has the authority to file a complaint, and they haven't done so.
- Questions and Answers Q1: Has a complaint been filed against Intel regarding the PS#? A1: No. Only the FTC has the authority to file a complaint, and they haven't done so. A privacy group called CDT has requested that the FTC initiate an investigation of the privacy issues related to the PS# feature. Key Messages for the C'T, a German publication's claims
- C'T currently does not have software running that switches a disabled PS# back on once it has been turned off.
- Computer users have a choice of turning the processor serial number OFF using the control utility or a BIOS switch.
- Hardware provides better security than software alone. PS# is Intel's first step to add hardware primitives for security.
- Based on what we know now, Intel do not see anything new in the C'T claim. The technical details of how PS# gets re-enabled once it has been turned off in the processor have been on our support Web site for several weeks.
Questions and Answers Q1: C'T says that the system does not need to be rebooted to enable the PS#. Is this true? A1: The PS# can only be re-enabled by a hardware reset of the processor. This can occur in several ways, as indicated in the technical information on the support area of Intel's Web site. These include: turning off and on the machine, pressing the "reset" button (in the case of some OEM implementations), or - in the case of some PCs -- when coming out of suspend mode. Depending on make and manufacturer, some PCs use the hardware reset during the sleep mode power-down and resume, which would enable the PS# without a complete system reboot. Q2: So isn't it true that the PS# will be enabled after coming out from sleep mode? A2: In the case of PCs which use a processor reset for the sleep mode, the PS# will be re-enabled. However, the Intel PS# control utility is designed to check the state of the PS# every 15 seconds and compare it to the user's designated preference. If the system finds that the PS# is on, yet the user setting for PS# is OFF, it will turn off the PS#. The purpose of this feature is to confirm that the icon in the system tray reflects the current state of the processor. Q3: Does a BIOS switch disable PS# when the processor comes out of suspend mode? A3: If the PS# has been disabled with a BIOS switch, it will be disabled again when the system resumes -- assuming that the BIOS switch follows Intel's guidelines. -- end -- Intel Confidential ®