Förderverein Informationstechnik und Gesellschaft

FC: Ethernet IDs are unique too; responses to Intel

------- Forwarded Message Follows -------
Date:          Mon, 01 Feb 1999 16:23:03 -0500
From:          Declan McCullagh 
Subject:       FC: Ethernet IDs are unique too; responses to Intel ID chip


Date: Tue, 26 Jan 1999 17:55:05 +0000
From: Karl Auerbach 
To: Declan McCullagh 
Subject: Re: FC: Time to boycott Ethernet too? 

You didn't clearly mention it, but the Ethernet (MAC) address found on
*any* computer on an ethernet is a unique (hopefully) and stable machine
identifier.  (The number is usually on the adaptor card itself.)

But it is never (OK, rarely) carried beyond the local LAN.

By-the-way, I have a host a rather large collection of the IEEE
assigned MAC vendor codes at



From: (Ron Gustavson) 
Subject: Re: FC: Time to boycott Ethernet too?
Date: Wed, 27 Jan 1999 05:47:58 GMT 

Bob wrote:

>>[I'm also not a fan of Intel's move, but I think it's reasonable to note
>>that every computer with Ethernet hardware has a unique ID number that some
>>programs have used for at least a decade to thwart piracy, for instance.

and KM wrote:

>Second, the hardware (where Intel comes in) doesn't talk directly to the 
>network.  The real issue is browser support for this functionality, and 

I'd like to hear more about Pentium III before reacting, but this ID number should be seen in light of Intel's Wired for Management 2.0 spec. ( )

The WFM initiative allows MIS personnel to access remote PCs at sub-OS level.

Here they can start up and reboot PCs remotely, over NIC or modem, and install applications, drivers--or even the OS--from a disc image.

When a WFM PC is shut off, it enters a "soft off" where it can be accessed by IS. To reach a mechanical off state might require an override switch, located in a pinhole or something.

While aimed at corporate networks, could these utilities perhaps be used [or abused] to police future consumer PCs as well?


From: Subject: Re: FC: Time to boycott Ethernet too? To: Date: Tue, 26 Jan 1999 14:20:31 -0800 (PST)


I guarantee you that if CPUID is there, and in the browser/client, it won't be feasible to turn off... merchants will demand it, and just like only strange people put up with sites "asking" about cookies (how practical is your browser when you have to click dozens of times each session to say yes or no to cookies, and web sites start acting wierd when you reject them, and your vendor e-commerce systems require them?)

The thing is either there, and available, or not.

>From a system admin's perspective, tying software to a CPUID is way way
way annoying... which CPU ID does it get tied to in a multi-CPU system? The first one? Oh, and are we going to be happy when the first CPU dies and all the software becomes dysfunctional? All of them? What happens when swapping out the two CPUs in the system requires new licenses for every piece of software on the system? I hated dealing with that stuff on Suns, it was a major pain in the ass... every time I wanted to move stuff, I had to deal with their license bureaucracy and go dig through the manual to figure out how to do stuff.

Do that for the average consumer's PC, where they don't keep track of the licenses much anyway, even for the legit stuff, and then have to deal with vendors saying, "oh, that version isn't supported anymore, you'll have to upgrade" and you'll rapidly wind up with pissed off customers.

Intel has a right to prevent piracy, yes, and anti-theft stuff is cool... but, you can extend the logic to everything... every piece of software running on your PC could be required to authenticate itself with a Internet network server... shareware would have "teeth", freeware (and other software) authors could get an idea of how many people are using their applications, and how often, and hell, on what type of computers with what type of configurations, and what functions they are using (the bigger the bandwidth, the more data logged and sent out)... the concept of a software license could have teeth.

Microsoft "we're raising the price of your MS Office subscription by $300. Send us your payment now, or we'll turn off all your Office installations one week from now."

Not going to happen? Well, *everyone* is against software piracy... would corporate America say no to MS if the next version of Office included this? (probably public outcry would stop it, but who knows?)

Regards, Thomas Leavitt


Reply-To: From: "Austin Hill" To: Subject: Intel inside Date: Wed, 27 Jan 1999 15:07:49 -0500

Hi Declan,

Just a couple thoughts & points that Ian Goldberg and the staff at office have been discussing with regards to the Intel unique serial number.

-Security for stolen PC's

I don't believe this claim (With regards to consumer stolen PCs, which is how I've seen it reported). The premise here is that if my PC is stolen, then I can report it or it will show up as stolen the next time the PC is connected to the Internet. The flaw in this is twofold.

a) If consumers have the option to turn off the reporting, then so do criminals. So the reporting doesn't work unless you assume that everyone who turns off the option is a criminal.

b) If the serial number is not transmitted to Intel directly each time the computer connects (Which I haven't heard is the case) it means that all ecommerce sites, or sites that are able to ask for the serial number will have to share this information with PC vendors and Intel to track down stolen PCs. This means a blacklist or central pooling of serial numbers, as I'm sure you know this increases the amount of information sharing between sites and creates a very bad precedent of creating 'authorized' PC's and 'blacklisted' PC's. What a great way to pull a prank or harass someone. Use BackOrifice, or walk by your computer and get your serial number and then call Intel and report it stolen, next thing you know you can't access certain sites.

(Note: In the area of large volumes of stolen chips, the serial number can be effective since they can warn resellers not to purchase them and have some way to increasing accountability with PC manufacturers. I don't think that this extends to consumer PCs)

-Authentication for eCommerce

This is also a pretty bogus claim. Serial numbers on PCs is NO WAY to authenticate for eCommerce. This assumes that everyone uses only one PC, and only Intel Pentium III processor as well. Is Intel trying to convince everyone that Amazon, and Outpost won't accept my order if I purchase from multiple PCs? Or that I'll have to register each PC that I plan to use purchasing with Amazon? Or that Mac Users, Unix/Linux users, AMD or WebTV users will be treated as second class citizens, not being able to access the same features? This is ridiculous. There is no benefit to eCommerce. This is marketing speak.

Proper user authentication is done with digital certificates, usernames & passwords or authentication devices (Biometrics, token or smart card based).

The real benefit for Intel I believe are based on two separate areas.

-Software licensing. -Per processor software licensing is something that software vendors would like to have. I still think it is an idea that is flawed, since you would need tight integration with the OS and software to allow for things like processor upgrades (i.e. I backup my software, switch hardware and then restore my backup when upgrading my PC. Would my software work?). With these types of scenarios there is just too much ability to patch the software the same way current copy protection systems are patched with cracks.

-Encrypted processor instruction sets

This sets the ground work for creating a security infrastructure inside the chipset. This would most likely include encrypted software instructions and the ability for a processor to run encrypted machine code. This completely removes the ability to know what your applications, operating system and processor are doing. This is very much a concern to us as it should be to anyone who is concerned about security.

I'm surprised more people haven't pointed out or talked about how the claims of eCommerce security & stolen PC retrieval are false. I think Intel has done a fabulous job of spinning this since everyone is talking about turning the option on or off without questioning the validity of why it is in there in the first place.

Just my 0.02


______________________________________________________________________ ___ Austin Hill Zero-Knowledge Systems Inc. President Montreal, Quebec Phone: 514.286.2636 Ext. 226 Fax: 514.286.2755 E-mail:

Zero Knowledge Systems Inc. - Nothing Personal

PGP Fingerprints 2.6.3i = 3F 42 A2 0D AF 78 20 ED A2 BB AD BE 8B 40 5E 64 5.5.3i = 77 1E 62 21 B3 F0 EB C0 AA 6C 65 30 56 CA BA C4 94 26 EC 00 keys available at ______________________________________________________________________ ___

---------------------------------------------------------------------- ---- POLITECH -- the moderated mailing list of politics and technology To subscribe: send a message to with this text: subscribe politech More information is at ---------------------------------------------------------------------- ----