Privacy

[Steve]

x-no-archive: yes



A Growing Compatibility Issue in the Digital Age: Computers and Their
Users' Privacy

John Markoff
NY Times 3/3/99


SAN FRANCISCO -- The Intel Corporation recently blinked in a
confrontation with privacy advocates protesting the company's plans to
ship its newest generation of microprocessors with an embedded serial
number that could be used to identify a computer -- and by extension,
its user. 

But those on each side of the dispute acknowledge that it was only an
initial skirmish in a wider struggle. From computers to cellular
phones to digital video players, everyday devices and software
programs increasingly embed telltale identifying numbers that let
them interact. 

Whether such digital fingerprints constitute an imminent privacy
threat or are simply part of the foundation of advanced computer
systems and networks is the subject of a growing debate between the
computer industry and privacy groups. 

At its heart is a fundamental disagreement over the role of
electronic anonymity in a democratic society. 

Privacy groups argue fiercely that the merger of computers and the
Internet has brought the specter of a new surveillance society in
which it will be difficult to find any device that cannot be traced to
the user when it is used. But a growing alliance of computer industry
executives, engineers, law enforcement officials and scholars contend
that absolute anonymity is not only increasingly difficult to obtain
technically, but is also a potential threat to democratic order
because of the possibility of electronic crime and terrorism. 

"You already have zero privacy -- get over it," Scott McNealy,
chairman and chief executive of Sun Microsystems, said at a recent
news conference held to introduce the company's newest software,
known as Jini, intended to interconnect virtually all types of
electronic devices from computers to cameras. 

Privacy advocates contend that software like Jini, which assigns an
identification number to each device each time it connects to a
network, could be misused as networks envelop almost everyone in
society in a dense web of devices that see, hear, and monitor
behavior and location. 

"Once information becomes available for one purpose there is always
pressure from other organizations to use it for their purposes," said
Lauren Weinstein, editor of Privacy Forum, an online journal. 

This week, a programmer in Massachusetts found that identifying
numbers can easily be found in word processing and spreadsheet files
created with Microsoft's popular Word and Excel programs and in the
Windows 95 and 98 operating systems. 

Moreover, unlike the Intel serial number, which the computer user can
conceal, the numbers used by the Microsoft programs -- found in
millions of personal computers -- cannot be controlled by the user. 

The programmer, Richard M. Smith, president of Phar Lap Software, a
developer of computer programming tools in Cambridge, Mass., noticed
that the Windows operating system contains a unique registration
number stored on each personal computer in a small data base known as
the Windows registry. 

His curiosity aroused, Smith investigated further and found that the
number that uniquely identifies his computer to the network used in
most office computing systems, known as the Ethernet, was routinely
copied to each Microsoft Word or Excel document he created. 

The number is used to create a longer number, known as a globally
unique identifier. It is there, he said, to enable computer users to
create sophisticated documents comprising word processing,
spreadsheet, presentation and data base information. 

Each of those components in a document needs a separate identity, and
computer designers have found the Ethernet number a convenient and
widely available identifier, he said. But such universal identifiers
are of particular concern to privacy advocates because they could be
used to compile information on individuals from many data bases. 

"The infrastructure relies a lot on serial numbers," Smith said.
"We've let the genie out of the bottle." 

Jeff Ressler, a Microsoft product manager, said that if a computer
did not have an Ethernet adaptor then another identifying number was
generated that was likely to be unique. "We need a big number which
is a unique identifier," he said. "If we didn't have, it would be
impossible to make our software programs work together across
networks." 

Indeed, an increasing range of technologies have provisions for
identifying their users for either technical reasons (such as
connecting to a network) or commercial ones (such as determining
which ads to show to Web surfers). But engineers and network
designers argue that identity information is a vital aspect of modern
security design because it is necessary to authenticate an individual
in a network, thereby preventing fraud or intrusion. 

Last month at the introduction of Intel's powerful Pentium III chip,
Intel executives showed more than a dozen data security uses for the
serial number contained electronically in each of the chips, ranging
from limiting access to protecting documents or software against
piracy. 

Intel, the largest chip maker, had recently backed down somewhat
after it was challenged by privacy advocates over the identity
feature, agreeing that at least some processors for the consumer
market would be made in a way that requires the user to activate the
feature. 

Far from scaling back its vision, however, Intel said it was planning
an even wider range of features in its chips to help companies
protect copyrighted materials. It also pointed to software
applications that would use the embedded number to identify
participants in electronic chat rooms on the Internet and thereby,
for example, protect children from Internet stalkers. 

But in achieving those goals, it would also create a universal
identifier, which could be used by software applications to track
computer users wherever they surfed on the World Wide Web. And that,
despite the chip maker's assertions that it is working to enhance
security and privacy, has led some privacy advocates to taunt Intel
and accuse it of a "Big Brother Inside" strategy. 

They contend that by uniquely identifying each computer it will make
it possible for marketers or Government and law enforcement officials
to track the activities of anyone connected to a computer network
more closely. They also say that such a permanent identifier could be
used in a similar fashion to the data, known as "cookies," that are
placed on a computer's hard drive by Web sites to track the comings
and goings of Internet users. 

Putting Privacy on the Defensive

Intel's decision to forge ahead with identity features in its chip
technology may signal a turning point in the battle over privacy in
the electronic age. 

Until now, privacy concerns have generally put industry executives on
the defensive. 

Now questions are being raised about whether there should be limits
to privacy in an Internet era. 

"Judge Brandeis's definition of privacy was 'the right to be left
alone,' not the right to operate in absolute secrecy," said Paul
Saffo, a researcher at the Institute for the Future in Menlo Park,
Calif. 

Some Silicon Valley engineers and executives say that the Intel
critics are being naïve and have failed to understand that all
devices connected to computer networks require identification
features simply to function correctly. 

Moreover, they note that identifying numbers have for more than two
decades been a requirement for any computer connected to an Ethernet
network. 

(Although still found most widely in office settings, Ethernet
connections are increasingly being used for high-speed Internet
service in the home via digital telephone lines and cable modems.) 

All of Apple Computer's popular iMac machines come with an Ethernet
connection that has a unique permanent number installed in the
factory. The number is used to identify the computer to the local
network. 

While the Ethernet number is not broadcast over the Internet at
large, it could easily be discovered by a software application like a
Web browser and transmitted to a remote Web site tracking the
identities of its users, a number of computer engineers said. 

Moreover, they say that other kinds of networks require identity
numbers to protect against fraud. Each cellular telephone currently
has two numbers: the telephone number, which can easily be changed,
and an electronic serial number, which is permanently put in place at
the factory to protect against theft or fraud. 

The serial number is accessible to the cellular telephone network,
and as cellular telephones add Internet browsing and E-mail
capabilities, it will potentially have the same identity capability
as the Intel processor serial number. 

Other examples include DIVX DVD disks, which come with a serial
number that permits tracking the use of each movie by a centralized
network-recording system managed by the companies that sell the
disks. 

Fearing the Misuse of All Those Numbers

Industry executives say that as the line between communications and
computing becomes increasingly blurred, every electronic device will
require some kind of identification to attach to the network. 

Making those numbers available to networks that need to pass
information or to find a mobile user while at the same time denying
the information to those who wish to gather information into vast
data bases may be an impossible task. 

Privacy advocates argue that even if isolated numbers look harmless,
they are actually harbingers of a trend toward ever more invasive
surveillance networks. 

"Whatever we can do to actually minimize the collection of personal
data is good," said Marc Rotenberg, director of the Electronic
Privacy Information Center, one of three groups trying to organize a
boycott of Intel's chips. 

The groups are concerned that the Government will require ever more
invasive hardware modifications to keep track of individuals. 

Already they point to the 1994 Communications Assistance for Law
Enforcement Act, which requires that telephone companies modify their
network switches to make it easier for Government wiretappers. 

Also, the Federal Communications Commission is developing regulations
that will require every cellular telephone to be able to report its
precise location for "911" emergency calls. 

Privacy groups are worried that this feature will be used as a
tracking technology by law enforcement officials. 

"The ultimate danger is that the Government will mandate that each
chip have special logic added" to track identities in cyberspace,
said Vernor Vinge, a computer scientist at San Diego State
University. "We're on a slide in that direction." 

Vinge is the author of "True Names" (Tor Books, 1984), a widely cited
science fiction novel in the early 1980's, that forecast a world in
which anonymity in computer networks is illegal. 

Intel executives insist that their chip is being misconstrued by
privacy groups. 

"We're going to start building security architecture into our chips,
and this is the first step," said Pat Gelsinger, Intel vice president
and general manager of desktop products. "The discouraging part of
this is our objective is to accomplish privacy." 

That quandary -- that it is almost impossible to compartmentalize
information for one purpose so that it cannot be misused -- lies at
the heart of the argument. 

Moreover, providing security while at the same time offering
anonymity has long been a technical and a political challenge. 

"We need to find ways to distinguish between security and identity,"
said James X. Dempsey, a privacy expert at the Center for Democracy
and Technology, a Washington lobbying organization. 

So far the prospects are not encouraging. One technical solution
developed by a cryptographer, David Chaum, made it possible for
individuals to make electronic cash payments anonymously in a
network. 

In the system Chaum designed, a user employs a different number with
each organization, thereby insuring that there is no universal
tracking capability. 

But while Chaum's solution has been widely considered ingenious, it
has failed in the marketplace. Last year, his company, Digicash Inc.,
based in Palo Alto, Calif., filed for bankruptcy protection. 

"Privacy never seems to sell," said Bruce Schneier, a cryptographer
and a computer industry consultant. "Those who are interested in
privacy don't want to pay for it." 

Copyright 1999 The New York Times Company 







* * * * * * * * * * * * * *  From the Listowner  * * * * * * * * * * * *
.	To unsubscribe from this list, send a message to:
majordomo at scn.org		In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * *     http://www.scn.org/volunteers/scn-l/     * * * * * * *