Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Intel The Courts Security Hardware Technology

Intel Hit With Three Class-Action Lawsuits Over Meltdown and Spectre Bugs (theguardian.com) 217

An anonymous reader quotes a report from The Guardian: Intel has been hit with at least three class-action lawsuits over the major processor vulnerabilities revealed this week. Three separate class-action lawsuits have been filed by plaintiffs in California, Oregon and Indiana seeking compensation, with more expected. All three cite the security vulnerability and Intel's delay in public disclosure from when it was first notified by researchers of the flaws in June. Intel said in a statement it "can confirm it is aware of the class actions but as these proceedings are ongoing, it would be inappropriate to comment." The plaintiffs also cite the alleged computer slowdown that will be caused by the fixes needed to address the security concerns, which Intel disputes is a major factor. "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," Intel said in an earlier statement.

Intel Hit With Three Class-Action Lawsuits Over Meltdown and Spectre Bugs

Comments Filter:
  • Naturally.. (Score:5, Insightful)

    by Junta ( 36770 ) on Saturday January 06, 2018 @08:08AM (#55874799)

    This is an obvious outcome. It's worth keeping in mind that filing a suit does not vindicate or disprove anyone, as there's no way to ascertain whether there will be merit in the suit at this point. All it means is there's enough lawyers willing to make a wager when faced with such a *huge* potential payout.

    • by rtb61 ( 674572 )

      Intel are double big time fucked and make no mistake. They were aware of the fault and continued to distribute product without informing the customer of that quite serious fault. Probably because the CIA/NSA were ruthlessly exploiting that fault for all that is was worth, now it comes time to pay the piper, Intel are fucked, globally majorly FUCKED. They are liable for every CPU sold when they were aware of that fault and did not notify the customer. The biggest worry, any hacks that can be attributed to th

  • Intel ME (Score:2, Interesting)

    by Anonymous Coward

    ...while nobody's suing them for their Management Engine garbage. The two bugs may or may not be intentional, but the Intel Management Engine is absolutely intentional and cannot be disabled.

    Of course nothing will ever come out of these lawsuits other than the lawyers getting richer.

    • Re: (Score:3, Funny)

      by Hal_Porter ( 817932 )

      Of course nothing will ever come out of these lawsuits other than the lawyers getting richer.

      Shut up! We're all going to get free replacement i5s and i7s with the bug fixed! I want to believe!

    • That's because their Management Engine, while anti-customer, does work as intended. Their CPUs, on the other hand...

  • by Gravis Zero ( 934156 ) on Saturday January 06, 2018 @08:23AM (#55874829)

    If you just look at Intel's legal history, you'll see they have been mired in accusations and convictions of unethical and anti-competitive business practices since the early 1980s. Buying from Intel has always been a devil's bargain, it's just now that you are realizing what you have done because it's directly affecting you.

    • "Power tends to corrupt and absolute power corrupts absolutely". - Lord Acton, 1887

      A corporation like Intel represents a very great concentration of power. It has enormous wealth, and controls not only the working lives of all its employees but the computing abilities of all its customers, and their customers all the way downstream.

      In a near-monoculture of Microsoft-on-Intel, any serious defects such as Meltdown and Spectre are inevitably inflicted on millions of individuals, corporations and governments, a

      • Intel didn't get corrupted, they started corrupted and used that corruption to get power.

      • nonsense, AMD has protection/separation issues too, as does some of the ARM.

        I expect the other big player's chips will have the problem too

        • by HiThere ( 15173 )

          Every chip that has speculative execution has the Spectre problem. The Meltdown problem is because the Intel chips execute code that they could know is invalid rather than detecting that it's invalid before they execute it. AFAIK, nobody but Intel has that problem.

          OTOH, the entire family of weaknesses means that EVERYBODY is going to need to redesign their chips. So far Spectre hasn't been shown to be usable in a way that breaks protection, but I think everyone believes it's only a matter of time.

          • no, it would be possible to have speculative execution without this problem by hardware dedicated to clearing caches. Power8 might not have this problem, have to wait for reports

            • update power7 and power8 have this problem as do the IBM Z series processors which are related. Itanium claimed not to have problem.

    • uh, more than Intel's chips have similar vulnerabilities.

  • by alternative_right ( 4678499 ) on Saturday January 06, 2018 @08:26AM (#55874833) Homepage Journal

    Court: "OK, so your chip turned out to have a flaw, the company took extra time to investigate, and now your computer is slower sometimes. How is that different than the average Microsoft or Apple update?"

    Intel's lawyers will delay this until the hype is forgotten, and either kill it in court or settle for some absurdly low sum, so that all of the plaintiffs get checks for $0.64 if they remember to sign up at IntelProcessorSlowdownLawsuit.com before December 31, 2019.

    • Remember that there's zero requirement to upgrade. The processor still performs as originally claimed. It's only if they choose to be secure that they may see a performance hit. There was never any guarantee that there'd be no security issues or that performance would be as advertised always no matter what patching was applied.
      • by epyT-R ( 613989 )

        Well linux provides a toggle for the fix. AFAIK, windows does not.

      • by sjames ( 1099 )

        It does not. It was originally claimed that the memory protection was complete. It is obviously not.

    • They knew about this over a year ago: Intel shipped CPUs that had the problem without telling customers.

      That's a bit different IMHO. But TBH IANAL.
    • "How is that different than the average Microsoft or Apple update?"

      If the update referred to really slows down the computer's execution speed, why would that be so? It can hardly be explained as a necessary or desirable improvement, can it? If it slows down the computer in exchange for some very desirable new feature, then customers should be given the option of accepting or declining it.

      If it slows down the computer in order to fix a catastrophic security weakness that should never have been there in the first place, that is unacceptable.

      It's like a car manufacturer selli

    • I'd expect subpoenas here. This is a 20 year old bug, and one that gave Intel a significant performance edge over AMD. It's entirely possible Intel has known for decades. One stray email is all it would take to blow this up like you wouldn't believe.
  • Bloody idiots (Score:5, Insightful)

    by gnasher719 ( 869701 ) on Saturday January 06, 2018 @08:50AM (#55874905)
    If Intel had disclosed that as soon as they knew, with no fix known or available, _that's_ when you would have a reason to sue them. My Mac got mostly protected some time in December. If Intel had disclosed this, there would have been 5 months open to hackers to attack me.
    • Re:Bloody idiots (Score:4, Insightful)

      by hcs_$reboot ( 1536101 ) on Saturday January 06, 2018 @09:07AM (#55874945)
      This is not how it worked. Intel has been aware for quite a long time, a year or more probably. Google found the problem in June, and vendors were made aware around that time. If it wasn't for Google, the issues would probably still be kept secret by Intel (until a hacker or another country find and take advantage of the vulnerability). Intel should have informed vendors a long time ago, like Google did, without of course making the issue a public story until a fix is installed. But Intel admitting the flaw would have triggered many compensation requests. This is one reason why the class action makes sense.
      • by Zocalo ( 252965 )
        Whether Intel knew about it before Google told them is an interesting point, and almost certainly one that will come up when (not if!) this sees the inside of a courtroom. If they knew, or even suspected, there was a potential exploit they could have silently fixed it in future CPU designs and hoped for the best. Given the timescales involved with a chip design, and the costs of fixing flaws later in the process, it's going to be quite telling to see when Intel manages to get a CPU that is immune to the pr
        • by sphealey ( 2855 )

          - - - - - Whether Intel knew about it before Google told them is an interesting point, and almost certainly one that will come up when (not if!) this sees the inside of a courtroom. If they knew, or even suspected, there was a potential exploit they could have silently fixed it in future CPU designs and hoped for the best - - - - -

          Potentially Intel were aware of the situation through the side-effects of the actions of the various national intelligence agencies but were prohibited from saying anything or

        • by HiThere ( 15173 )

          Weelllll..... I don't think it's that simple going forwards. Meltdown can be ameliorated by OS patches, but it can't be fixed. Spectre, though, that's a different beast. All the systems that do speculative execution are vulnerable to Spectre. So the basic underlying design needs to be addressed.

          My favorite choice would be to go for a bunch of simpler processors that didn't do hyperthreading, but using less die space so you could get more CPUs on each die, but I'm sure not expert in the field. Actually,

          • All the systems that do speculative execution are vulnerable to Spectre. So the basic underlying design needs to be addressed.

            I think it's not the speculative execution. It's the fact that speculative execution made it possible to have detectable side effects. For example, if you stopped the processor clock when mis-prediction costs time, that could fix the problem or at least part of it. (So even though it takes more time in the real world, that wouldn't be detectable by any code running).

      • Re:Bloody idiots (Score:4, Insightful)

        by GuB-42 ( 2483988 ) on Saturday January 06, 2018 @10:29AM (#55875177)

        What makes you think Intel knew that a year ago?
        All Intel CPUs with speculative execution are affected by Meltdown, and all CPUs with speculative execution, including those by AMD and ARM are vulnerable to Spectre. Intel discovering that a year before Google would be a coincidence. It is not just a bug, it is a fundamental issue in the way all modern CPUs are designed.

        • It is not just a bug, it is a fundamental issue in the way all modern CPUs are designed.

          To be precise, it is a fundamental bug in the way all modern CPUs are designed.

          Nice try at evasion, though.

        • by Agripa ( 139780 )

          All Intel CPUs with speculative execution are affected by Meltdown, and all CPUs with speculative execution, including those by AMD and ARM are vulnerable to Spectre. Intel discovering that a year before Google would be a coincidence. It is not just a bug, it is a fundamental issue in the way all modern CPUs are designed.

          So why were AMD's CPUs designed in such a way as to be immune to Meltdown? Did they notice this problem years ago?

      • Intel has been aware for quite a long time, a year or more probably.

        That just doesn't ring true to me. Intel's last round of processors it released in October were vulnerable. Had they known for a year or more, that would have been plenty of time to roll out a permanent fix in those models before shipment, and they certainly could have done that silently, without breaking the embargo. If you're saying they continued to roll out new flawed chips they had time to fix before release, that's a level of conspiracy theory that's hard to buy into without some concrete evidence.

        • by HiThere ( 15173 )

          I don't think you understand just how much of a redesign is needed. And Intel had no reason to believe that others would know until Google told them. So that's not evidence as to when Intel learned about it...at least it doesn't pin things down very strongly. I'll grant that if they'd known about it back wen they were designing the latest round of chips they would have altered the design, but after the masks were cut and the factories readied for manufacture....that's a lot of sunk cost to just write off

      • by emil ( 695 )
        State-level agencies also must have known. Intel might have had conversations with them about it.
      • I just bought a new CPU a couple months ago. I was on the fence between AMD & Intel and had I known this I would have gone with Ryzen.
      • Intel should have informed vendors a long time ago, like Google did, without of course making the issue a public story until a fix is installed. But Intel admitting the flaw would have triggered many compensation requests. This is one reason why the class action makes sense.

        Um, that makes the class action not make sense. According to your reasoning, the threat of a class action caused the very behavior (Intel not informing vendors) the class action is purportedly trying to discourage.

        Anyhow, more than

    • by Kohath ( 38547 )

      Class action lawsuits are about lawyers getting paid. In order for lawyers to get paid more, they have to say Intel did the wrong thing. Therefore, Intel did the wrong thing, regardless. If they waited, it's wrong. If they didn't wait, it's wrong. If they both waited and didn't wait, it's doubly wrong. Because money for lawyers.

  • And what about servers?

  • Computers have sense because they are general usage (i.e. universal) machines.

    Then, it is possible to do many things with them, even more than the original designers visualized. This is why we have Windows, Linux, MacOS, Virtualization and many embedded applications using exactly the same chips, making the effort to create complex solutions extremely cheap and in timely fasion.

    But this means that the undecidable nature of what can be done with the computer brain, the CPU, tends to create some undesire

  • by Kohath ( 38547 ) on Saturday January 06, 2018 @10:01AM (#55875091)

    Since there are zero cases where the flaw has been exploited to cause any problems, no one has suffered any economic harm. You need to have been harmed in some way to have standing to sue.

    And Intel will also argue that they never promised any different chip behavior. They are not issuing any errata. The chips work correctly as designers intended, just like other vendors’ chips.

    I expect at least a couple of these lawsuits to be thrown out by judges. Maybe all of them will be dismissed.

    • by Anonymous Coward

      Since there are zero cases where the flaw has been exploited to cause any problems, no one has suffered any economic harm. You need to have been harmed in some way to have standing to sue.

      If your processor performs even 1% slower because of a bug in the hardware itself, you can easily call that being harmed, especially if you're a business that relies on that performance in any way.

      • Re: (Score:3, Insightful)

        by Nkwe ( 604125 )

        Since there are zero cases where the flaw has been exploited to cause any problems, no one has suffered any economic harm. You need to have been harmed in some way to have standing to sue.

        If your processor performs even 1% slower because of a bug in the hardware itself, you can easily call that being harmed, especially if you're a business that relies on that performance in any way.

        Intel is not making your existing processor run 1% (or any percentage) slower. Your processor runs the same speed as the day you purchased it. If you or on your behalf Microsoft or some other operating system vendor plan on changing / patching your operating system with a version that runs slower than a previous version, how is this Intel's fault? Machines will only run slower if you change the software that runs on them.

        The computing industry makes security vs. performance and usability design decision

    • If you really get a 5%-30% decrease in performance, it wouldn't be crazy for users to expect some kind of compensation for this. I got a shiny new 8700 processor on black friday and definitely don't want the performance decline for my offline gaming rig.

      Give me a way to turn the new security features off, or give me a 5%-30% refund.

      • by Kohath ( 38547 )

        If you really get a 5%-30% decrease in performance, it wouldn't be crazy for users to expect some kind of compensation for this.

        How can a court let the lawsuits go forward without evidence that it's 1% or 30%? If these lawsuits were about just compensation rather than about lawyers getting paychecks, you'd already know whether you were harmed and by how much.

        Give me a way to turn the new security features off, or give me a 5%-30% refund.

        No one is forcing you to download the fixes.

    • by Tom ( 822 )

      Since there are zero cases that we know of where the flaw has been exploited

      There, fixed that for you.

    • by Agripa ( 139780 )

      Since there are zero cases where the flaw has been exploited to cause any problems, no one has suffered any economic harm. You need to have been harmed in some way to have standing to sue.

      Having their CPU lose a significant amount of performance is economic harm.

  • This kind of class action is useless as it gives nothing to people affected by this issue. The only ones to profit here are the lawyers and there isn't even the nebulous "correct their behavior" part as Intel will fix it next time anyway regardless of the suit.

    • not true, people in the class can make a claim. Of course, that may require proactive behavior on your part

      • If you intend to make a serious claim you will have to exclude yourself from the inevitable settlement for lots of money to lawyers and 10$ off coupon for new intel cpu for the masses as the lawyers have no interest in pushing this past their payout. You can as well skip the class action part and sue yourself as its exactly where it will end anyway.

  • Expect to receive a coupon worth $0.99 off a shiny new Intel Inside(tm) computer in the US mail sometime around 2028

  • That most of us were not benefiting from the technological blunder that puts us at such risk.

  • by yayoubetcha ( 893774 ) on Saturday January 06, 2018 @02:09PM (#55876089)

    Intel pretty much has to get software right before a processor get's fab'd.

    Microsoft, Google (chrome), or web and app entities can fix and fix and fix and .. as many times as needed. Also true for Boeing aircraft. A problem can be discovered and fixed (it is often) on aircraft.... Intel, well, they can do so much with microcode patches.

    The degree of difficulty for Intel, AMD, ... is ORDERS of MAGNITUDE greater

    Most of you who pounce, really, are coming at it, it seems, from a javascript, Java, or other software release, discover bug, patch perspective.

    When was the last time you had to send a processor back and get it replaced? When was the last time you could log into your Mac OS and get root access?

  • I'm not the biggest Intel fanboy, but this isn't a problem limited to only Intel. It affects IBM's Power architecture, ARM, older AMD chips, and probably SPARC too. The most vocal people upset by this aren't the ones deeply concerned about the security implications, but are the ones pissed off that their frame rates in the latest MMORPG might suffer with a patch. I propose letting those people run without a fix, so they can bitch later when their unpatched machines leak their entire identity & finance
  • Is there a difference between being "hit" with lawsuits and just having someone file one against you? I've always wondered this. Is actual physical impact involved? Because some of those briefs can be pretty thick.

Quantity is no substitute for quality, but its the only one we've got.

Working...