Meltdown Spectre

Intel’s Blunder: Global Digital Meltdown

Group 1

The two recently-discovered CPU flaws, ‘Meltdown’ and ‘Spectre’, have troubled chip-maker Intel, which is now facing 32 lawsuits. Intel was first informed of these potential architecture defects back in 1995 by the National Security Agency, but it chose to not warn the public. These faults revealed issues with the flawed processors produced in the past decade that allow third party applications to access private and personal data. Both Meltdown and Spectre affect personal computers, mobile devices and the cloud.

• Should Intel have told the public about this hardware flaw?

| The Cat is out of the bag

Google’s Project Zero (GPZ) team unearthed the existence of these flaws and reported them to Intel in June 2017. In the security world, whenever researchers find a bug, the convention is to give companies a few months to fix the problem before disclosing it to the public. The GPZ team granted Intel 90 days to fix the problems with a further two deadline extensions, but after a lack of action, the problem was leaked to the public. In order to completely fix the defects, new processor designs are required, which would impose a significant performance decrease.

You only know what you need to know

| Actions speak louder than words

Meltdown SpectreWhen Intel was first warned about the potential flaw in 1995, the decision was made internally was to maintain the original processor design.  This was to complement the digital revolution with the popularity of the internet and the need for higher computing power, instead of fixing an extremely small problem which had a minuscule possibility of causing high damage. Or so they thought!

Ever since Intel was made aware of these issues in 2017, the company has been working on an industry-wide approach to resolve these issues. Software and firmware updates were provided to alleviate these issues once made available. Intel has confirmed that for the average computer user, the performance impacts should not be significant (Table 1) and will become less pronounced over time. The company is working to provide the best solution to everybody.

Benchmark 8th Generation Desktop Intel Core i7 8700K Processor 7th Generation Mobile Intel Core i7 7920HQ Processor 6th Generation Desktop Intel Core i7 6700K Processor
Introduction Date Q4 ’ 17 Q1 ’ 17 Q3 ’ 15
SYSMark 2014 SE Overall 94% 93% 92%
PCMark 10 – Overall 96% 97% 96%
W10  Edge Browser 92% 93% 90%

Table 1
Source: Intel; Note: The data above is based on multiple runs and expected system benchmark variation is assumed to be +/- 3%

| We’ll cross that bridge when we come to it

Intel did not report the flaws to the US authorities after the warning because The National Cyber Security Centre had stated that there was no evidence that hackers had exploited these vulnerabilities. Intel is committed to a responsible disclosure of potential security issues, which is why the company had planned to disclose these issues a week after it was leaked. They had planned to make software updates available by then. In other words, Intel dealt with this problem from a utilitarian perspective and was trying to avoid unnecessary panic by not publicising problems before fixes were ready to the public.

Intel, Ain’ Tell?

| Lucky if you are the chosen one

It is of every end users’ interests to know the performance, safety and security of their purchased devices. They are entitled to the rights to be informed of any design flaw if it is related to their own information security and confidentiality. Instead of protecting all clients, Intel chose to only share the information with a handful of companies such as Apple, Google, Alibaba and Lenovo while withholding it from vast majority. Intel even failed to inform the U.S. government about the vulnerability, let alone majority of its corporate clients and average users.

A customer-oriented approach could have been adopted by Intel. It should have revealed the chip design flaw to the public, at the proper time, by itself. The disclosure of the security defect could have been done in a delicately worded statement, in which the true security flaw is not exposed for hackers to exploit, yet informative enough to let customers know that their confidential information is at risk and their devices may be compromised.

In this way, Intel would have fulfilled its ethical responsibility of disseminating vital security information to customers and retain its reputation. Customers could also have benefited from knowing such flaw exists along with the choices of making their own decisions on how to protect their own information. Additionally, Intel could have avoided these problems back in 1995, by re-evaluating the processor designs. This would probably have affected the company in the 90s, but they could have dodged this bullet now.

| Yesterday Once More? Intel could have done something different this time!  

Hiding facts which may elicit greater damages to customers at a later date is definitely not the fairest approach a company can take. Moreover, the intuitivist approach to solving problems would be to admit them early on. When enough awareness is given, problems can be addressed in a more efficient manner. Without admitting the design flaw and informing customers about it at first place, no productive resolutions could be expected. Last but not least, common sense! Customers should be treated equally as it is every customer’s trust that made Intel what it is today. Losing trust from the majority is the very last thing Intel should consider.

When all is said and done

The fundamental design flaws already exist in the majority of modern chips. By revealing such facts to the public without comprehensive evaluations and feasible solutions, it may lead to a catastrophic disaster. Furthermore, to date, there have been no reports of any system being compromised due to this design flaw. For a greater good, not revealing the defect until it was discovered is acceptable. Therefore, the ethical choice was to not reveal to the public.

| Now the ball is in your court, what are your thoughts?

65 thoughts on “Intel’s Blunder: Global Digital Meltdown

  1. This is an interesting read. I was not aware of the potential damage and the scale of this chip flaw. As a customer, I am with telling the customers decision. Reason being, like mentioned in article, it is my interest to know that my device is compromised such that I can take measurements to minimise my privacy lost. By making this publication, Intel will be under public scrutiny which it will feel the pressure and come up with a solution quicker. Otherwise, the lack of this public supervision will result in Intel prolonging or even hide up the flaw like what it did back in 1995. Thus, to protect all customers and push Intel to do the best it can to solve the chip flaw (the cost should be beard by Intel as it made billions, if not trillions, throughout the year since 1995) making it to public awareness is necessary. Even if in the end, Intel can not solve the issue, we as customers can choose other chip powered devices or storing information offline. Therefore, it is morally just to making the information public.

  2. In my opinion, Intel should release the information to the public the moment they were warned about the chip flaws, or at least should try to fix it soonest possible to avoid leaving millions of devices exposed. Their deliberate silence and inaction have given hackers and other criminals chance to get their mitts on a computer’s entire memory contents, be it personal details or passwords. The worst case is that the whole computer can be taken control over and this leads to critical danger, especially for those working in important sectors or for the government. People are exposed to these vulnerabilities and are unable to protect their privacy. For me, I would rather not store key information in computer and resort to traditional ways, such as writing it down on a notebook and lock it up for self-protection if know there is a problem.

  3. Same thing happened with Volkswagen and Uber. They knew about their flaws but didn’t share the information to the customers. Instead of fixing the problem, they kept trying to hide enven more their mistakes. The companies should use that time to reverse the issue and not spending so much time and money to protect the company image.

  4. It’s very interesting post and was useful to read. Although I’ve always studied and worked technologies equipment and solutions I didn’t have awareness that hardware flaws could result in data security weakness. I’ve always supposed all of data security would either an operational system or application software issues therefore hardware or low level programming were never in my mind.

    I agree that it should be confidential for the details of failures that can be used by hackers and criminals until to be solve them however company must keep the customer aware that there are vulnerabilities. The information should be enough so that users can make their decisions to continue using the products or not. Intel should improve your products security level despite the performance degradation for achieve that and doesn’t leave those products dependent by third-party solution (software level shields).

  5. Very informative. Im a bit on the fence on this one. I believe that ANY single risk should be avoided and confidential data of clients/customers should NEVER be compromised. I feel that Intel should have changed the hardware design when they found out despite any form of losses in terms of revenue or even computing power etc. With advanced technology, im pretty sure the drop in computing power could be overcome.

    On the other hand, i feel that Intel not wanting to cause unnecessary panic was a good course of action. I feel that just because it is possible to hack a person through the ‘meltdown and spectre’ flaws, it doesnt mean that hackers would use that approach. It would be much easier to compromise someone’s data by sending a malware or a weaponised macro and when the user decrypts the file, the whole computer could be accessible by the hacker.

    Since intel cannot undo the damage done, i believe a software update or even a callback for processors should be done to overcome all this because in the end, it is intel’s responsibility to ensure the security of it’s client’s data. Putting things into extreme now, imagine if someone somehow managed to obtain the nuclear launch codes. That said person could literally start WW3.

    PS: I feel that computer users need to learn how to use a computer safely eg: not storing any personal information such as back accounts etc in the computer. This would give them more ease of mind if someone does have access to their computer/data.

  6. Intel made the right move, only sharing the information regarding the potential risks with the parties whom really got a chance to get affected, rather than the general public.

    When dealing with a group of people, especially a global company like Intel, when handling the risks, the best things to do is solve the problem whilst minimize the panic. By sharing the design flaw information with the big companies to have the ‘bug’ fixed solved the problems (in the first place, we should be aware of that personal PC do not really have a chance to get compromised by taking advantage of this flaw and till date no reports regarding personal PC got comprised because of this flaw). In the same time, there is no unnecessary panic created in the public (if there were no 3rd party reporting this flaw).

    So, by releasing information to the party that concerns rather than the general public have the problem solved whilst the unnecessary panic among general public minimized. So Intel made the right move.

  7. In terms of Care Ethics, Intel let their customers down. Care Ethics emphasises relationships, which in this case is the relationship between Intel and their customers. Throughout history the foundation of relationships has been trust. When both parties trust then the relationship works best.

    However, from a utilitarianism and virtue ethics point of view Intel may well have acted correctly. I’m not quite certain how duty ethics evaluates this one.

    1. That is a very good point. It is tricky to think in terms of duty ethics.
      Maybe you could say that Intel did the “wrong thing” about keeping such an important problem private, and it did the “right thing” about not telling any lies, let’s say to try to cover up their problems (In fact, we’ll never be sure of this, because I do think it was strange how they said, when the information was released, that they were “just about to release the information to the public a week later”. It seems very conveniente to them).

      However, I think that the Intel did the wrong thing, in my opinion, when it released the information to a few companies and not the US government and public. This wasn’t commented by Intel, but we’ll never know their true intentions when they did that.

    2. As in for duty ethics, Intel only selectively informed a few technology companies about this design flow. However, Intel chip powered devices were owned by larger demographic group including institutions (banks, schools, government, etc) as well as millions of individual users. All personal/corporate information are equally important. Those big companies, such as Amazon, were given the chance to start transferring data to a more secure places or upgrading their own firewall whereas millions of “unimportant” clients were left in the dark knowing nothing about this. They were not being treated equally by being informed to make their own choice. It was also extremely unfair that only big names such as Apple, Microsoft, and Google were being informed whereas other OEM and services such as Sony, ASUS, MSI and all other smaller companies were left until the leak to scrabbling to come up with a patch to fix Intel’s fault. Therefore, duty ethics were not respected by Intel when deciding to withhold the information.

      As in for other ethical frames that are more explicit, Intel also lost the trust from significant number of consumers which is the fundamental of the care ethic frame. It was also common sense that dishonesty backfires. The longer the hide up, the worst it becomes when unveiled. Knowing the warning can dated back to 1995 was lethal. Like mentioned by Paulo comment, this could tinted the image of Intel so badly and probably would take Intel years to build back the trust from the vast majority.

  8. This article is fascinating! I do agree that there is an argument that Intel acted correctly if you are following Utilitarian ethics, as they offered a powerful and fast chip which enabled users to use their machines for leisure, work, research and more.
    However, the fact that they were warned twice and made little attempt to fix the issue until public backlash that was spearheaded by the mainstream media. With the fallout of the Cambridge Analytica we have learnt how our personal data can be mined and used for political gain. We are storing more and more data on our computers and online but time and time again we are shown that it is not a company’s top priority to ensure our data is secure.
    Contrast this to how we interacted with the internet in the early days, “don’t meet people on the internet,” “don’t give out your name or your age.” It seems that technology companies have, at the least become more lax when it comes to data collection, and at the worst collected and shared our data for corporate gain.
    I believe that in the modern world, where our personal data is more valuable than ever, it is care ethics that is vitally important. It should be their number one priority to ensure data is secure and if it is not they should do all they can to change that. It is important customers are getting the most powerful technology available, but they should also feel safe when using said technology

  9. This is a tricky situation. Although Intel has made a good decision about not telling the public about a flaw that they didn’t know how to fix it, the company has also let their costumers down not telling them about a flaw that could affect their personal data.

    Even though the company didn’t know that the design flaw would cause so many problem, I think that Intel should have done something back in 1995. Back then, the demand for computing power was huge, because of the digital revolution but the company should have thought a bit more about future problems. It is important to think about everything that could happen to your product.

    Another thing the intel didn’t do so well, in my opinion, was to publicise this problem a bit more. Many computer users don’t update their software until last minute, and if the company is relying on that to overcome the problem, it should have definitely publicised it more.

    Also, I agree with what was said in one of the comments above, that computer users should learn how to use computers safely. By doing so, they should be more aware about problems they could encounter related to their personal data being released.

  10. Hiding important information about the safety of the client’s data can backfire in many ways. The people using the Company’s products are the biggest external stakeholders which implies that they have the power to make the institution succesful or bankrupt. Therefore, the Company should always avoid being against public opinion and as a matter of fact It should work with the public to solve problems of that magnitude. If Intel had disclosed the information when it first became aware of the potential flaw the issue would never become as big as It is, for there is the possibility of those vulnerabilities being exploited by hackers.
    Something similar once ocurred with a manufacturer of automobiles and motorcycles and when their product started showing problems they had to withdraw all the motorcycles of that especific type from the streets and fix them for free. It would have been cheaper had they fixed the vulnerability, wich they already knew, before the sales, for instance, not endangering anybody’s life.

  11. A very informative articles. Coming from a medical background, I would say our patients information utterly important. A breach of any patient information data would directly translate into litigations if caught. With almost all computing systems operating here in hospital are powered by Intel chips, not knowing such important security flaw would pose significant unacceptable information security risk. One could not argue that if something has not happened yet would guarantee not happening anytime soon. With increasing number of incidents of the large institutions being targeted by international criminal hacker groups, it is alarming such flaw exist without being shared by Intel responsibly.
    Most recent hacking happened in America resulted in millions of lost customer credit card information. Now imagine that many patient information was lost. It would be a catastrophic event.
    I agree with the suggestion made in the article. Do a delicately worded announcement without revealing too much technical detail for exploitation. This way, big institutions such like us hospitals would take measurements by hiring security firms to get some professional advises. I would imagine other institutions would do the same as their own information are equally valuable and important.
    For average user, the impact of the decision made by Intel probably would not cause too much loss in money term. However, that being said, personal information should not be valued using money term. So Intel really should have not hide it up.

  12. I really enjoy the read. I definitely agree with the conclusion from this article that says that Intel should not have revealed the problem, without knowing how to fix it completely as it would only cause unnecessary panic. Also, I agree with the solution in the article, which was also highlighted by w.booth, that says that the company should have released a delicately worded statement abou these issues.

    One could argue that customers come first and that the company should have chosen the path that is better for the customers, but I think that not releasing the problem before has spared the customers a lot of stress. There were statements saying that these flaws were not used for cyber attacks or anything and that customers that use a personal computers would not be affected that much. That said, I think the company analysed all these aspects and concluded that it was better to keep it private until they completely knew how to fix these issues.

    One interesting point I’ve been thinking is what is the situation now? After the information was leaked and that the company has released many software updates and patches, does anyone know if Intel has plans of replacing the processors?

    1. Thank you for providing the thoughtful comment, Val. It is good to see someone sided with Intel and provided reasoning for such decision. As per you question, I did some research to follow this event a bit up. Unfortunately, Intel decides to not fix the older generation chip. Please see the article here:

      https://nakedsecurity.sophos.com/2018/04/06/intel-wont-fix-spectre-flaws-in-older-chips/

      The affected chip family included: Penryn, Yorkfield, Wolfdale (all 2007), Bloomfield (2008), Clarksfield (2009), Jasper Forest, and Gulftown (both 2010).

      This is very frustrating to be honest. It took Intel that many years to come up solutions which in the end it did not. After an emergency PR response from them saying they are about to release the fix, it decides to abandon majority of the chips now. This to me really strengthen the idea of Intel should inform public earlier on. This gives everyone more time to respond. With the Intel’s decision to not fix the flaw, if also suggests that Intel is probably going to hideup the event from the beginning.

      Do like me know if this changes your mind a little bit or not. Thank you for your comment

      1. Thank you Shan for the reply.
        I guess Intel does want people to buy their new products and make a profit out of this problem. You could say that future generations will be safe from these flaws but will have a decrease in computing power (even if it’s a small one).

        Now that the problem is out there and everybody knows (or at least, should be familiar with it), we should be more careful when using our personal computers, because it’s not everyone that has money to just change for a new pc now (rather than companies, they must be replacing every single thing if they deal with sensitive data).

        Hopefully this problem will make other companies pay attention a bit more in their design and be prepare for any future complications.

  13. This is a good read. Frankly, this issue really comes down to which perspective are you from. If putting myself into Intel’s shoes, I would opt for not making a statement as:

    A) Like mentioned in article, this flaw was not discovered since a long time ago and publicising this information would only worsen the situation.

    B) The most likely reason. The board will not happy with this. It is very important to point out this. Intel is a public company with active board members going after profits and annual dividends. They represent a small group of powerful investors who definitely do not want to see their check losing losing couple of zeros. At least not the time when they are sitting. Management layer, CEO, CFO who has to report to the board is under pressure to generate as much revenues as possible. To lose revenue and risking another major scandal is the last thing they want to see.

    However, things look very different from another side of the road. Average consumers, me included, do feel furious about Intel being unethical about this. It was easy and convenient for them to say that they are about to make a public announcement when the information was leaked. Time after time we know this is just not true. This is a typical emergency PR strategy any big company would do to cover fallout. Whenever things like this happened, I strong feel how powerless we as consumers are when standing alone against corporate giants.

    As such, besides saying Intel should release the information and it is unethical for them of not doing it, I would focus more on possible future measurements to prevent incidents like this happening again.

    It is a tricky job to invoke any legislations without having a thorough consideration of whether this would hinder the innovation. (e.g. Autonomous driving, AI implementation) It would be ideal for some laws to be passed after careful examination of the nature of the law. This, however, is a long way down the road. A more responsive approach would be to have public watchdogs and consumer protection agencies act promptly to events like this. They could represent consumer bodies and file class lawsuits against multinational organisation. This would be a lengthy litigation of course but at least companies like Intel will be checked and aware of the consequences of them only focusing on profits.

    Young engineers should bear in mind the things they do do make an impact on society. And when look at things, look further and think deeper. Do not stop at yes or no level, think about how to fix it and maybe what other things can be done about it.

  14. Intel really should have taken responsibility early on considering how severe the flaw was. Most operating systems were fast to update their OSes to patch the flaw but Intel should never have let it happen in the first place. They need to provide their customers some sort of a reimbursement to gain their trust and stand morally correct.

  15. This is an interesting information age issue which is bound to happen sooner or later. I think IoT will be plague with similar issue years later. Let’s wait and see what happens in a decades time.

    Yes, the argument could arrive from utilitarianism to support Intel’s decision of not releasing the flaw information. I have glimpsed some comments above mentioning profits which can be also very true as the reason why Intel not releasing the information.

    I also like the intuitivist argument in the article claiming why releasing the information is beneficial. Dieselgate should be used as a landmark case for these incidents sharing the same characteristics. It took VW almost three years to recover yet they still haven’t got out of their mess. Some lesson could be concluded from this. Corporations should not lie or hide about their own flaws. It bites when customers loss trust in manufacturers.

    As such, I would say that I am on the customer side as these big companies need to be on check and the best way to do it was to having us customers to voice it out.

  16. This is an interesting article. I am of the opinion that Intel should have inform us customers about its security flaw. Given the fact that more and more important information is stored in computer nowadays, it would be very helpful to know that it is not secure to do so. When we as customers buy laptops, we naturally assume it is safe and hack-proof. If knowing this is no longer the case, I will start storing important information offline or resorting it the old fashion way- hand written notes. For Intel not telling customers would be an irresponsible act.

    I do not see it more of a utilitarianism approach by Intel of not releasing the information but more of a profit seeking practise. The lawsuits is a manifesto. History has always repeated itself where most corporations care more about their money then being moral. I am not surprised Intel is no difference.

  17. When a mega firm, like Intel, making decisions regarding critical issues, a huge amount of factors need to be taken into consideration. One of the best way to evaluate whether the decision is ‘good’ or ‘bad’ is based on its potential outcomes.
    By concealing the design flaw from the majory public and releasing necessary information to highly affected parties is one of the best solution based on utilitarianim point of view.

    We have to acknowledge that, by ‘hiding’ the issues in this case, is one of the best way to prevent potential attacks or unnecessary panics. Most importantly, Intel never stop finding solutions to fixing the problem, and the results do proof Intel did come out with a solution and stopped the potential risks.

    So based on utilitarianism point of view Intel made the right move.

  18. In this case, people may criticise Intel ‘hiding’ the truth and cheated on its customers, but, if we look at this case based on utilitarianism point of view but looking at the results only, the action of ‘hiding’ the issue, in this case, is actually part of the key process to have a good outcome.

    When dealing with a group of people, especially a global company like Intel, when handling the risks, it’s always good to have the issues fixed promptly. Not revealing the design flaw to the public prevented the defects made used by unwanted purpose which protected the user from potential attack. By sharing the design flaw information with the big companies to have the ‘bug’ fixed solved the problems. So, in this way problem got solved with minimus chaos or potentially damaged to the industry.

    So, by releasing information to the party that concerns rather than the general public have the problem solved, whilst the unnecessary panic among general public minimized. So Intel made the right move.

  19. First of all, this is really a good read. Finished it and my mind just blew! Didn’t know about those flaws. In my opinion, Intel went through the wrong path, indeed, and now they’ll probably reap what they’ve planted.

  20. Today technology is at it’s peak, developing even further, especially within the fields of healthcare and finance and Intel has been at the centre of this. NSA knew about the issue since the start however, however, even they chose not to reveal to the public or reprimand the company. Thus, it has become a joint responsibility.

    Another point of view is that all the dot com era that produced the major amount of today’s billion dollar companies were highly dependent on tech developed mostly in collaboration with Intel and thus if a decision was taken to reveal to the public. It would have caused a major panic, reducing the faith in the company causing the stocks to fall down, resulting into a domino effect and crumbling down some tech behemoths.

  21. The article is interesting, informative and an enjoyable read. My only criticism of the article is table 1, I don’t understand if a higher percentage is better or worse, so a clarification would have been nice. In terms of the article subject I think it was irresponsible of Intel to allow this flaw in their chips to be released to the public, had the flaw been discovered by the wrong people catastrophe could have followed. We’re living in the information age and computers hold more information about us that we know.

  22. This coincide with the recent news of EU requiring mega Internet companies to comply with data sharing law. If these big technology companies are not monitored by regulatory bodies, ethical decisions were rarely made by them. Hence arise of the ethical debates throughout the history.

    To make my point clear, I am 100% with the decision of Intel releasing the information. I would never want to be the last one to know that my computer is not safe. Imagine if you were not being told by lock company about the lock at your home can be picked by anyone after living for a year. Doesn’t matter whether I have my stuff stolen or not, I would never use the lock from the same company ever again. Why would Intel be given a green light on this? They should have told me about this so I know the risks of using its chip powered devices. It will definitely influence how and what I will be storing information in my electronic devices and it is important that I know this piece of vital information. I fully agree with the article’s ethical judgment of Intel should be intuitively and applying common sense when encountering sensitive problem like this. At the end of the day, it is us, average consumer, who are being affected by this.

  23. The article is well written. I was not aware of this issue. The publication probably was kept at minimum. However, I knew the news about Mark Zuckburger of Facebook apologised and testified about misusing of user’s data. This is a slightly different problem but should we hold Intel accountable as well? I mainly use my computer for graphic design purpose and do not use it to store personal information. However, if this does affect mobile phones as mentioned by the article, then I would be start concerning about this as my mobile phone has banking app and privacy information which is confidential. For this particular reason, releasing the information to inform everybody would be a good choice as I will be monitoring my bank account more frequently to see if it has been affected it or not.

    I like how the article argued using ethical values from both sides. Being not technically adept to really tell whether Intel is capable of fixing the problem by itself, as far as I am concerned, I do not think keeping the information would not be particular helpfully for anybody but Intel .On the other hand, I agree with the argument that admitting the problem first would speed up the remedy process. I see myself working harder or more willing to change when I admit I have done something wrong. I found myself using more time to argue instead of fixing the mistakes when I do not admit my wrongdoings.

  24. This blog is very informative. This is so bad. What Intel did is ethically unacceptable. Leaving our information exposed and ignoring our fundamental rights and privacy is utterly not unacceptable. I am totally with the article about having the right to know the security and performance of my device as larger percentage of my time is spent on it. Given the fact that it is no longer as secure as it suppose to be, we should have the right to be informed such that we can minimise our privacy lost by start taking protective measurements. Personal data is very important to everyone and risking it to be exploit is absolutely unethical. Though no hacking was done taking the advantage of this system loophole, it does not mean Intel can walk free on this after that many years of inactivity about this until the leak. Casualty result from negligence is still hold accountable in court then this should apply to Intel as well. Even though majority of us probably can not do much technically about the flaw, we will be more aware of this and changing the hobbit of how we store informations on devices accordingly. Intel’s inaction and blatant hide-up is undoubtedly irresponsible and unethical and should be condemned.

  25. This is an interesting article. I have seen a number of similar cases on the news. In this case, you mentioned that Intel did not report the flaws to the US authorities after the warning because The National Cyber Security Centre had stated that there was no evidence that hackers had exploited these vulnerabilities. We all need to deal with the relationship between laws and ethical rules. Even though hiding the truth of CPU flaws may lead to a good effect, the action broke the law that protects the right to know the vulnerabilities.

  26. Interesting and informative article! I guess time factor plays an important role in this context. Back in the 90s, when advancement in cybercrime was not as it is as now, Intel might have considered the warning from NSA as trivial as also stated in the article. But in today’s age, at some point, I think even Intel might have taken its flaw into some consideration before being informed by the GPZ, and it was wise of the company to reveal it after preparing some solutions. Even though the matter was trivial in 1995, the best approach I guess was to tackle the issue right then as the saying goes, “you hit the rod when its hot”, even if it meant the company to slow down in the race of digital evolution. This approach could have saved the company by enormous amounts although I understand that it would have been a much difficult decision to make a trade-off at that time.

    But the selective approach in informing its clients about the flaw could be debatable. It made itself safe from some major firms but risked its trust from other wider institutions and individuals. In short, I would say, Intel made the right move by not informing the public without preparing any solution, which would cause a huge catastrophe among the wider public, although in legal terms this may sound inappropriate. On the other hand, it could have played better in countering the flaw at the right time at some expense. The latter statement could be well arguable as I am not aware of the intricacies involved in countering that problem and needs detailed information to be assertive.

  27. This was a interesting article to read. I was not aware that a design flaw could be exploited by the hackers in this way. Leakage of personal information is a cyber crime and Intel should come up with some alternative to fix this without affecting its performance.

  28. A well written article. This is a controversial issue. One hand, the technology companies are the knowhow players. They do have the very reason to not release the information for preventive purpose. The considerations of causing public panic is also a reasonable assumption given the netizen is at the population of billions. Strip them from their devices or asking them to approach with precautious would be hard.

    On the other hand, you have parties who are really affected by this. The mismatching in security flaw sharing practise is very debatable given there are a lot of players in the field. The already big fish would crush the small fish in the cutthroat competition when security is one of the main marketing point. “Our service is secure to the highest standard”, I bet you see this phrase million times already. This to me seems to be a major concern.

    And of course people who care about their information security will not be happen about this. Although for majority, this will be more emotional than actually negatively affected as for their informative.

    This is a very tricky question and to really pick a side, I am slightly towards releasing the information side as I see it a more moral thing to do. It is not awfully wrong for Intel to not make a public announcement from their consideration but having people informed especially when they are the ones who got affected the most seems to be a better option for me.

  29. This is a very cool article. From the rights point of view, Intel without a doubt should release the article. I agree that customers may feel insecure when knowing their phone or laptop is prone to attack. However, this fear probably will be very short-lived and serving a better good. The action of not releasing the information really set an unfavourable precedent. For information to be only known by everyone by leaks, lost of trust is inevitably. Look back in history, whenever a scandal broke out, the trust issue will always be the consequences. This is more evident in politics. Hilary Clinton is the perfect example. Her definite wrongdoing in handling classified documents using her own server at home and incorporative with the investigation by deleting files painted her an untrustworthy person. The cost is the presidency. Therefore, trust is a powerful tool which Intel in this case definitely lost some of that in not releasing the information.

  30. This reminds me of Edward Snowden. Some say he is a hero and some see him a devil. However, whether what he has done is justified or not, the event undoubtedly had a profound impact on everyone’s view towards privacy. Although not widely spread, I believe Intel’s chip flaw would also sound the alarm to somewhat level and served as a reminder of how important it is to take care of your own privacy yourself. Time after time, the organisation mammoths have always place the user privacy on the last of the must to do list. Facebook turned a blind eye on Cambridge Analytics abusing its user data. By only using ethic as weapon would not get us protected. Ethically I would argue strongly that Intel is on the wrong side and should face the public critic for not announcing the security risk. However, this will not stop next “Intel-gate”. As such, I would focus more on the solution part. Store sensitive information offline. Be vigilant about your confidential data. Always avoid putting any vital information “hot”. (online) Go back to the old-school style of notebook keeping. Top computer scientists all do this to protect their own privacy. Why should you not?

  31. Intel is in a real dilemma when making a decision, especially for companies like Intel, who play an important part in the industry, a huge amount of factors need to be taken into consideration. By using the outcomes to justify whether the decision is good or bad is a good way.
    By concealing the design flaw from the majory public and releasing necessary information to highly affected parties is one of the best solution based on utilitarianim point of view.

    We have to acknowledge that, by ‘hiding’ the issues in this case, is one of the best way to prevent potential attacks or unnecessary panics. Most importantly, Intel never stop finding solutions to fixing the problem, and the results do proof Intel did come out with a solution and stopped the potential risks.

    So based on utilitarianism point of view Intel made the right move.

  32. Very interesting read. Regarding duty ethics, in this case, is a bit tricky.
    Keeping such a big problem in the dark is definitely a ‘bad’ move, however, they are working on fixing the problem and trying to keep the affected group as smaller as possible is a ‘good’ move, and the result does prove them have fixed the issued with minimised impact to the user or the industry.

    So, based on the utilitarianism’s point of view, a good result proof a good action was taken, so Intel made the right decision.

  33. Intel is in a real dilemma. Regarding sharing of information, I strongly agree that user’s privacy should be placed in the first place and never should be compromised. I feel that Intel should have changed the hardware design when they found out despite any form of losses in terms of revenue or even computing power etc. With advanced technology, I’m pretty sure the drop in computing power could be overcome.

    However, when by looking at the outcome of this industry crisis, i feel that Intel not wanting to cause unnecessary panic was a good course of action. By far not report indicate that any persona PC got compromised by taking advantages of this flaw. And more importantly, the flaw was fixed even though with some performance reduction.

    So it’s hard to judge Intel’s action is ‘bad’ or ‘good’, how we view this case lead to a different result.

  34. A very recent tech news. When dealing with technology, especially high tech, which not very well understood by the general public, expert’s guide should be highly valued. For this case, chips and its manufacturing technology is definitely one of the high tech areas we lack of knowledge, so we cannot judge Intel’s action by comparing to other cases which are easier to be explained.

    I agree that company must keep the customer aware that there are vulnerabilities however it should be confidential for the details of failures that can be used by hackers and criminals until to be solved.

    Intel, only informs the parties who are highly related and in the true edge of getting affected and keep the public unaware of it, for this case, is the right decision. Problems got solved and not unnecessary panic created.

  35. Intel got public’s attention because of this recent ‘scandals’, people criticise Intel ‘hiding’ the truth and cheated on its customers, but, if we look at this case based on utilitarianism point of view but looking at the results only, the action of ‘hiding’ the issue, in this case, is actually part of the key process to have a good outcome.

    When dealing with a group of people, especially a global company like Intel, when handling the risks, it’s always good to have the issues fixed promptly. Not revealing the design flaw to the public prevented the defects made used by unwanted purpose which protected the user from potential attack. By sharing the design flaw information with the big companies to have the ‘bug’ fixed solved the problems. So, in this way problem got solved with minimus chaos or potentially damaged to the industry.

    So, by releasing information to the party that concerns rather than the general public have the problem solved, whilst the unnecessary panic among general public minimized. So Intel made the right move.

  36. Interesting article. This is yet another example of corporate wrongdoings. Problems like this will only worsen the trust link between large organisations and consumers. I like the article provides arguments for both sides. However, need to point out one thing that the Intel side’s reasoning is more of a speculation. It is very hard to know whether the chip giant did it for the protection of the people or profit. Nevertheless, the concern from all customers are real. The fear of losing fairness, the fear of losing clients data all mount to the reality of how negatively impacted Intel’s decision to not release the information is. Base on this fact, it is very clear Intel was wrong and information should be released.

  37. This is an interesting article! I am surprised that for 20 more odd years, no whistle blower has stand out to leak the flaw until Google’s team discovered it. That being said, I believe Google team has done the right thing of letting everyone about their devices’ vulnerability. Google’s motto of “don’t be evil” serve them well. On contrast, this really place Intel at the evil side. Making mistakes is acceptable. No company does not any mistakes at all. Some company in aerospace sector or automotive sector made mistake that are fatal yet once to admit it and try to overcome it, public receive them positively. I do not think privacy risk is as bad as loosing lives. This probably loosen the legislation to somewhat extent and Intel took advantage of it.

    Talking about ethics, although there is no duty ethics compels Intel to stand forward, I still think combine with care ethics, Intel should have told everybody about this. Great power comes great responsibility. If Intel can not protect people, at least tell people and let people avoid the risk. Leaving it with chance is a very bad bad decision and unethical.

  38. Leaving customers to the hand of hackers is the worst decision I have heard for a few years. It was like leaving a manhole in a dark valley road uncovered without posting signs saying “manhole be aware” and secretively observe and hope no one is “lucky” enough to fall in. Information security should be treat seriously. I could think many examples of misuse of personal information result in billions of dollars lost. Important as it is, it should not be simply left alone. It is convenient for Intel to say they are about to release the information. However, dating back to 1995 when the first warning was issued. It took Intel 23 years to not come with a solution and all of a sudden it was about to release the information days after the leak? This is a bad emergency response from the company to salvage the lost trust. And I do not think it does anything at all. Piecing together the evidence, Intel’s coverup act really hurts the feeling of its customers and left them feel betrayed. If it were announcing the warning, things will look completely different. Intel probably could be even more dominating in the chip industry. It wasted the chance to build the strong trust by not releasing the information.

  39. This article is very informative. It is interesting to know that hardware flaw can lead to software problem. It is usually known the system flaw would cause security risk and in need of update to fix the problem. Thank you for writing this article such that we know hardware can equally cause the problem. I think this problem really depends on whether you are standing at the corporation side or individual consumer side. For corporations, they would prefer not to release the information for money concerns as this will cause them revenues. However, for customers, they would want to know this flaw as this affects their own privacy. Personally, if not known that Intel was being informed back in 1995, I would slightly leaning towards to not releasing the information as argued in the article the utilitarianism would work the best. However, apparently Intel was not going to fix this problem since it is already 2018. Not fixing it while still selling the flawed chip is unethical. Thus, I think Intel is being unethical about this hardware flaw and not releasing the information is even more unethical.

  40. Thank you for the informative article. In Japan, the misbehaving like what Intel did is unthinkable. A public apology is needed if ever find any company being dishonest about their practise. This is why there are few scandals happening in Japan. When companies in reality cheated, some of them went bankruptcy because people no longer trust them. I think American companies do not hold ethics as high as here in Japan. The public acceptance is higher as well. For us, we do value our privacy dearly. It is illegal to collect individual’s personal data before consent or being negligence during their business practise about their client’s data. I think Intel definitely should release the information and make a public apology.

  41. This is a fascinating topic. The fact that Intel not telling everyone about the design flaw has taken the rights of consumer deciding whether they choose to wait for Intel to come up with the fix or start taking their own action to protect themselves. In the modern world, there are a lot of ways to make sure one’s information security is protected. Storing things in USB, writing things down, storing it in external drive are all feasible and cost effective way to do. Intel effectively has taken everybody’s right of doing this away just because they fear people will stop buying Intel products. This is a very short sighted decision by Intel. Ethically, I agree more on claiming care ethics of trusting each other works more in this case. As such, the decision of not telling is a very bad move by Intel.

  42. I believe that transparency is very important for large companies such as Intel and so, protecting their customers privacy rights should be a priority. I agree with what was said in this article, that the company should have revealed their design flaws through a carefully worded statement. Simultaneously, they could have worked on finding solutions to the problem. In doing so, Intel could address two issues at once, first, that they were working to fix the problem and second, ensuring that they met their ethical responsibilities to their customers by keeping them informed.

  43. This is an interesting article. This somewhat resembles the Cambridge Analytic case. That case even result in big firms stop using facebook such as Spacex. It also emphasises how important it is to respect everybody’s data privacy. Information privacy should be treated as important as private property. No one would leave their house door unfixed while why should the our privacies be compromised? Intel should tell the public about the flaw as it is important as the house builder to tell the tenant that the back door is not closed. Not telling is ethically irresponsible. It deprives the right from the people to take their own actions to protect themselves. As such, the ethical approach for Intel should be inform everyone about this flaw.

  44. This is an informative article. I guess Intel must had been miscalculated the pace of the technology development back in 1990s. It would be insane to think that people will using computers to do banking and processing confidential data except government agencies. Cell phone was not even a thing back then. So the consideration of privacy probably is at the bottom of the list. Or probably nobody knows that we are this dependant on these technologies. To fix a problem that is so minor but would mean a redesign of the chip is not a wise decision. However, as the technology innovates, the situation probably has gone out of Intel’s hand and when it realises the huge privacy problem with their fundamental design, it becomes impossible for them to fix it. However, this does not mean it is squarely okay to not tell everyone about this as this really has a profound impact. I guess it is just that there is so much at stake that Intel can not really lose. I guess this is behind the reason why Intel was reluctant to make any announcement.

    However, with that being said, I don’t think it is a good practise to only inform a few big companies about this flaw. This makes it very unethical as fairness is not respected. Not telling average computer users about this design flaw is somewhat understandable but combining with this practise is definitely not okay any more. Intel has crossed the line. Thus, to respect the fairness and promote transparency, it would be a better decision for Intel of informing everybody about their design flaw.

  45. In my opinion, Intel’s attitude was very unethical. Us, as customers, have the right to acknowledge if something has the potential to affect our integrity. Leaking all the information to the public may not had been the “right way” to expose the facts but, as the company couldn’t comply with the prompt, something should’ve been done.

  46. I had no dimension of the damage we could be exposed by a flaw like this. As a client and a lawyer, I have no doubt that Intel should have posted the problem as soon as it was discovered, not only to prevent further problems, but also to feel the pressure of the customer and come up with a solution quicker. By making this publication, Intel would’ve prevent the customer to not publish certain informations and the damage could be smaller. By not telling the public and making all the effort to hidden the flaw, Intel remain inert and the problem gets bigger.

  47. This is not a clear cut issue. Putting myself into the thinking of Intel, release the hardware information really does not help to solve the problem at all. Intel has the expertise and knowhow to address this flaw whereas average user probably can not do anything at all to fix this. The consideration of the exposure of the issue really increase the chance of the device actually being hacked. Last, not to be naive about this, this piece information probably will have huge impact on the stock price and revenue generation. We are probably talking about billions of dollars being wiped out just because of a piece of information.

    However, if I were thinking from opposite side of Intel, it is a clear feeling that Intel should have let people know about this. The feeling of not being told by anybody about the things that involves me is really unpleasant. No one wants to be the last to know a decision was being made on their own future. Since this also has the implication of other companies being involved. By not telling the information would really harm large demographic area than the benefit of holding it.

    As a rule of thumb, if this decision does more bad than good, we should not do it. Intel in this case, even though probably has some good intention behind it, should have told everybody about the design flaw.

    1. I agree with your point that both actions would have been a double edged sword resulting in some or the other negative impact. However, as you have mentioned a very common utilatarianist concept that the “greater good” needs to be respected and adhered to and thus Intel should have revealed to the public as they have a right to knowledge about decisions affecting their future. However, following the same ethical argument, if the general public were not able to do anything with this information, it would again be meaningless in terms of why was Intel openly giving out vulnerabilities without prescribed solutions? Do we just want information and jeopardise our data or should we actually be patient and wait.

  48. This is an interesting article. The article mentioned about the flaw not being discovered since 1995 would justify that the risk is low and should not be exposed by telling everyone. This reminds me of a debate about whether or not sending probe to Jupiter surface. One side argued that although the probe was being sanitised to 99.99% cleaness level, there is still 0.01% of it carrying earth born bacteria or virus that may contaminated the planet which was pure for trillions of years. The other side argued that if it will be contaminated, it would have been contaminated thousand years ago. Send probes would not affect it at all. I think the second argument is very irresponsible. So does Intel’s decision base on this reasoning. If there exists a flaw, one can never say at the very next second, hacking will not happen. By assuming something one does not know and use it as basis to make decision affect others is purely irresponsible act. Let along there are so many other parties involved makes this implication complicated. I believe Intel made the wrong move and should have told everybody as it should be their duty to do so as an ethical company.

    1. I completely agree with your analogy. Considering care ethics, Intel demonstrated an extremely irrational judgement in terms of not releasing the information as no major hacking had not yet occurred. Also, on basis of virtue ethics, Intel showed a complete irresponsibility and rashness, straining their relation with millions of consumers worldwide. Trust goes both ways and Intel chose not to honour such behaviour.

      If we were to base all decisions on assumptions, we would exist in a Utopian environment where no one would exploit any flaw as that might adversely affect the greater population thus, taking into account that everyone follows a utilatarianist point of view.

  49. I agree with the point that “It is of every end users’ interests to know the performance, safety and security of their purchased devices.” While more confidential information is being stored digitally, end users should be told about the hardware flaws and make their own choice on what kind of information can be stored in intel’s software. It is of corporate responsibility to maintain its company transparency to allow customers to make a rational choice.

  50. This is really down to how important privacy is to everybody. To some, this may be something irrelevant and can be disregard easily. If one look at how lax people are about sharing their personal email address, phone numbers, locations, likes and don’ts, it is not hard to see people are throwing their privacy away. Then on the other spectrum where you got people blocking their webcams, blocking USB ports, not sharing any location information and regularly check if any of their privacy setting is not ticked. These are two very different world. If everybody is the second kind of person, Intel then is obligated to recall all the chips as it is down right important to everyone. It would be insane to think if Takata is allowed to not recall their killer airbags. Then again, if people do not treat their privacy seriously, this gives Intel excuses to say the worst scenario will be people get hacked and nobody cares. I guess we are living in a world which privacy importance is not that important yet. As such, Intel may get away with not releasing the information as it may be best for everyone given the reality.

  51. When a decision has the potential to involved many people’s interest, a huge amount of factors need to be taken into consideration. One of the best way to evaluate whether the decision is ‘good’ or ‘bad’ is based on its potential outcomes.
    By concealing the design flaw from the majority public and releasing necessary information to highly affected parties is one of the best solution based on utilitarianism point of view.

    We have to acknowledge that, by ‘hiding’ the issues in this case, is one of the best ways to prevent potential attacks or unnecessary panics. Most importantly, Intel never stops finding solutions to fixing the problem, and the results do proof Intel did come out with a solution and stopped the potential risks.

    So based on utilitarianism point of view Intel made the right move.

  52. Public criticise Intel ‘hiding’ the truth and cheated on its customers, but, if we look at this case based on utilitarianism point of view but looking at the results only, the action of ‘hiding’ the issue, in this case, is actually part of the key process to have a good outcome.

    When dealing with a group of people, especially a global company like Intel, when handling the risks, it’s always good to have the issues fixed promptly. Not revealing the design flaw to the public prevented the defects made used by the unwanted purpose which protected the user from potential attack. By sharing the design flaw information with the big companies to have the ‘bug’ fixed solved the problems. So, in this way problem got solved with minimus chaos or potentially damaged to the industry.

    So, by releasing information to the party that concerns rather than the general public have the problem solved, whilst the unnecessary panic among general public minimized. So Intel made the right move.

  53. Very interesting article, written well for average consumer such as myself who is pretty illiterate when it comes to pc talks.

    It is shocking that Intel would withhold this sort of information from consumers for over 20 years and when they revealed it it was to big companies. There is no other word for it then just utterly shocking. Thank you for letting us know of this.

  54. The fact that the technology is moving in an unprecedented pace casts significant burden on legislation. It would be hard to strike a balance between not hurting the innovation and too lax for tech companies to take advantages. Personal information is without a doubt very important to everyone. Every man is created equal. They should enjoy equal rights which includes privacy. One may argue that someone does not care and throw it away all the time. Yet, this can not be used as excuses for companies to exploit. Legislation body has done the right to bring Facebook to court to testify and it is also good to hear Facebook is going to change its practise to protect everyones privay. It is also a positive news that European Communication Agency is regarding everyone’s privacy as highly important. In Intel’s case, I see a legislation loophole. Intel of course should release the information. However, I believe more can be done from laws and rules perspective to prevent hideup like this happen again. Justice needs to be served.

    1. Legislation is the primary organ of the government that allows leverage and control over all tech organisations. Considering the digital age literally grows into infancy every single day with new technology being developed regularly.

      I understand and agree with your point of FB being called to testify in front of Congress however, we all saw the result of that testimonial. Unaware senators with no whatsoever knowledge about how tech companies work were firing questions which didn’t even make sense. From an ethical point of view, such an argument would generate no answers. There is a need for a specialised court to just look into matters brought up from technological disasters.

  55. Intel is just another brick in the wall when it comes to such Corporations which are the perfect breeding ground for immoral practices thus the only way to avoid such issues is by providing classes that teach students in STEM fields about ethics.

  56. We have to differentiate this case to others where ‘hiding’ truth doesn’t lead to a good outcome. In this case, people may criticise Intel ‘hiding’ the truth and cheated on its customers, but, if we look at this case based on utilitarianism point of view but looking at the results only, the action of ‘hiding’ the issue, in this case, is actually part of the key process to have a good outcome.

    When dealing with a group of people, especially a global company like Intel, when handling the risks, it’s always good to have the issues fixed promptly. Not revealing the design flaw to the public prevented the defects made used by unwanted purpose which protected the user from potential attack. By sharing the design flaw information with the big companies to have the ‘bug’ fixed solved the problems. So, in this way problem got solved with minimus chaos or potentially damaged to the industry.

    So, by releasing information to the party that concerns rather than the general public have the problem solved, whilst the unnecessary panic among general public minimized. So Intel made the right move.

  57. Media tends to exaggerate the facts to get attention, people criticise Intel ‘hiding’ the truth and cheated on its customers, but, if we look at this case based on utilitarianism point of view but looking at the results only, the action of ‘hiding’ the issue, in this case, is actually part of the key process to have a good outcome.

    When dealing with a group of people, especially a global company like Intel, when handling the risks, it’s always good to have the issues fixed promptly. Not revealing the design flaw to the public prevented the defects made used by unwanted purpose which protected the user from potential attack. By sharing the design flaw information with the big companies to have the ‘bug’ fixed solved the problems. So, in this way problem got solved with minimus chaos or potentially damaged to the industry.

    So, by releasing information to the party that concerns rather than the general public have the problem solved, whilst the unnecessary panic among general public minimized. So Intel made the right move.

  58. I feel like there is a very fine line between right and wrong when it comes to this particular case. Intel could have alerted customers to the potential security risk but in doing so would have alerted hackers as well. they instead chose to wait until it actually became a problem as this was seen to be a much better option, fixing something that has happened as opposed to fixing something that could happen and wasting money if it did not in fact happen.

Leave a Reply