Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Intel Bug The Courts Hardware

Intel Fails To Get Spectre, Meltdown Chip Flaw Class-action Suit Tossed Out (theregister.com) 32

"Intel will have to defend itself against claims that the semiconductor goliath knew its microprocessors were defective and failed to tell customers," reports the Register: On Wednesday, Judge Michael Simon, of the US District Court of Oregon, partially denied the tech giant's motion to dismiss a class-action lawsuit arising from the 2018 public disclosure of Meltdown and Spectre, the family of data-leaking chip microarchitecture design blunders....

To defend against Meltdown and Spectre, Intel and other affected vendors have had to add software and hardware mitigations that for some workloads make patched processors mildly to significantly slower. The disclosure of related flaws has continued since that time, as researchers develop variations on the initial attacks and find other parts of chips that similarly expose privileged data. It is a problem that still is not entirely solved...

[L]awsuits have been consolidated into a multi-district proceeding known as "Intel Corp. CPU Marketing, Sales Practices and Products Liability Litigation" (3:18-md-02828-SI). And since 2018, Intel has been trying to get them to go away. Twice before the judge had dismissed the plaintiffs' complaint while allowing the plaintiffs to amend and refile their allegations. This third time, the judge only partially granted Intel's motion to toss the case. Judge Simon dismissed claims based on purchases up through August 2017 because Intel was unaware of the microarchitecture vulnerabilities up to that point. But he allowed seven claims, from September 2017 onward, to proceed, finding the plaintiffs' contention that Intel delayed disclosure of the flaws to maximize holiday season sales plausible enough to allow the case to move forward.

"Based on plaintiffs' allegations, it is not clear that Intel had a countervailing business interest other than profit for delaying disclosure for as long as it did (through the holiday season), for downplaying the negative effects of the mitigation, for suppressing the effects of the mitigation, and for continuing to embargo further security exploits that affect only Intel processors," the judge wrote in his order. [PDF]

This discussion has been archived. No new comments can be posted.

Intel Fails To Get Spectre, Meltdown Chip Flaw Class-action Suit Tossed Out

Comments Filter:
  • Either they new and covered it up or they didn't know. It makes sense to figure that out in court and hold them accountable if they knew.

    • by shanen ( 462549 )

      But it's pretty hard to prove a negative, so I think this is just another winning game for the lawyers. It reminds me of the old small-town joke about "Two lawyers can make a living where one can't." I think proving ignorance has to fail, so they'll need to prove that Intel made a testable claim that was false, and that Intel is therefore liable for not doing the test. But I also think Intel's lawyers are rather too smart to have allowed that to happen.

      But just maybe the Intel marketing droids were running

      • by Rockoon ( 1252108 ) on Sunday January 30, 2022 @03:48PM (#62221781)
        Prove a negative?

        Anyways, they just have to prove that Intel knew, and they can show evidence by going back in time and showing that Intel at one point cared about this particular kind of security flaw by using designed that avoided it and only when AMD was cleaning their clock did they redesign their CPU's to their "Core" series, and every one of these modern side-channel security flaws was suddenly introduced.
        • Absolute security isn't a thing. In every design there is a trade off with respect to speed, functionality, or features.
          Simply introducing something that reduces security in favour of speed doesn't make them guilty of anything other than designing a product which favours speed, something that Intel's customers were objectively in favour of (which is self evident given how the overwhelming majority of the world chose *not* to mitigate the problem in favour of the higher performance).

          • The plaintiffs do not have to prove absolute security. They just need to prove that Intel either knew or should have known that there were flaws. If there were internal discussions from engineers that their speculative execution methods were prone to security risks and ignored the risks, for example. "Should have known" is harder as few in the industry publicly identified speculative execution as a risk from what I remember.
            • The plaintiffs do not have to prove absolute security. They just need to prove that Intel either knew or should have known that there were flaws.

              No they don't. They need to prove a claim of unreasonableness. Simply knowing about flaws doesn't make someone liable for anything. Also do you understand what the word "risk" means? You're use the term in absolutes. There only way to run a computer risk free is to not run it, better still burn it in case someone comes and steals it, since that is also a risk. The presence of a risk doesn't make anyone liable neither does ignoring said risk in favour of something else like speed.

              The question is: Is the risk

              • Simply knowing about flaws doesn't make someone liable for anything.

                Grimshaw v Ford [slashdot.org] says otherwise. Ford knew the Pinto had flaws and ignored them.

                Also do you understand what the word "risk" means?

                In the case of Grimshaw v Ford [spokesman.com], Ford internally did a calculation that it was cheaper to pay for lawsuits than it was for a recall.

                You're use the term in absolutes. There only way to run a computer risk free is to not run it, better still burn it in case someone comes and steals it, since that is also a risk. The presence of a risk doesn't make anyone liable neither does ignoring said risk in favour of something else like speed.

                You seem to arguing every single hypothetical instead of the simple question of whether Intel knew there was a security risk and chose to ignore it.

                The question is: Is the risk unreasonable, and the industry which has effectively ignored it for most cases even going as far as disabling mitigations by default has spoken quite clearly about how reasonable they consider the risk.

                Have you look at the car industry? That seems to run counter to your arguments.

      • by DRJlaw ( 946416 )

        I think proving ignorance has to fail...

        The task here is proving knowledge without contemporaneous disclosure, which is shockingly easy to do when you have tens of thousands of employees and an email system. People talk amongst themselves, and eDiscovery tools allow one to find it.

        so they'll need to prove that Intel made a testable claim that was false...

        Because Intel has never made security claims [intel.com] in connection with virtualization and SGX. Not once.

        • by shanen ( 462549 )

          I'm not following you here. It sounds like you are fully agreeing with me, but your tone sounds like you're disagreeing. Is it related to how you snipped things? Or maybe it's some kind of "wisdom of crowds" thing?

        • which is shockingly easy to do when you have tens of thousands of employees and an email system. People talk amongst themselves, and eDiscovery tools allow one to find it.

          How are they going to do that? Are they going to have access to all of the employee emails?

      • But it's pretty hard to prove a negative

        You don't need to prove a negative in court. It's up to the other party to prove a positive.

    • They had to have known the risk existed and exactly how easily it would be to exploit by the time they made the initial press release, because it didn't take me more than about 30 seconds after that to realize myself that it would be dangerous and highly exploitable. I'm certain that I'm on record somewhere saying that at the time.

    • Issue for Intel is that they'd have to show a lot of behind the scene's documents to prove either option, which I don't think Intel wants to do.

      It would be similar to the whole Epic vs Apple case that brought up a whole slew of paperwork into the public eye. It might not have shown anything illegal, but it could hurt their business in other ways.
  • by bigtreeman ( 565428 ) <treecolin@gDALImail.com minus painter> on Sunday January 30, 2022 @03:03PM (#62221675)

    Speculative and out of order both speed up execution at the expense of complexity.
    Complexity always introduces faults.
    K.I.S.S.

    • w.r.t. increase complexity... it depends what level of analysis you are at

      once you are to the point where the instruction set and micro-ops are disjoint and you are pumping through a pipeline your level of analysis changes .. where now you would need to increase complexity if you want to *prevent* out of order execution... because in reality there is no reason to test if the previous instruction is done if the current instruction doesnt use any of the state it produces.. no reason not to do simple things
      • by AmiMoJo ( 196126 )

        The flaw wasn't even a mistake really, they just figured that they didn't need to ensure correct behaviour because nothing bad would happen if they skipped a few steps in the name of performance. Their mistake was thinking that it couldn't be abused.

    • by tlhIngan ( 30335 )

      Speculative and out of order both speed up execution at the expense of complexity.
      Complexity always introduces faults.
      K.I.S.S.

      There's a reason why we accept the complexity - speculative execution and out of order execution dramatically speed up a chip. We're not talking small potatoes, we're talking huge gains in speed.

      We went from chips that spent multiple clock cycles per instruction to single cycle execution - achieved by pipelining the chip. Superscalar execution allows more than one instruction to be e

  • by nospam007 ( 722110 ) * on Sunday January 30, 2022 @03:06PM (#62221695)

    James Bond failed for 50 years to get them.

  • by williamyf ( 227051 ) on Sunday January 30, 2022 @03:30PM (#62221739)

    ... fill an amicus brief siding with intel.
    As all their architectures had Meltdown/Spectre type flaws as well...

    If Intel falls, the ambulance chasers will use that precedent to extract money from the other mentioned parties too...

    • by Anonymous Coward on Sunday January 30, 2022 @04:03PM (#62221811)

      I guess IBM, ARM, MIPS, Sun/Fujitsu will also... fill an amicus brief siding with intel.
      As all their architectures had Meltdown/Spectre type flaws as well...

      It isn't the flaw Intel is in trouble for.
      It's because Intel lied in their public marketing materials and claimed to have removed all speculative branch acceleration circuitry in their latest chips, which they did not actually do.

      • It's because Intel lied in their public marketing materials and claimed to have removed all speculative branch acceleration circuitry

        Cite? I don't think I've seen Intel advertise anywhere that they were rolling back CPU performance by 20 years.

        Speculative branch acceleration is essential in all modern CPUs, except for Itanium, but look how well that worked. I'd be very keen to see where you claim they made this claim.

        In fact the current court case is nothing to do with intel advertising what you claim.

      • People with an actual Computer degree, know the basics. Extreme pipe-lining means interrupts and overflow get complex. Throw in architecture and remap - you get trouble. Then Intel did not want to initialize things - so save time. OK, someone approved that clear security blunder. It will be interesting when Apple sells the point their processors are more secure. IBM has hardware protection features. Maybe Intel should add that. Oh wait, hardware assist does NOT do speculative things. ZILOG knew that, and h
    • by AmiMoJo ( 196126 )

      It depends if the fixes slowed the CPUs down much. AMD had some issues, not as bad as Intel, and was able to fix them in a way that didn't have any measurable impact on performance. Intel's fixes dramatically crippled performance.

    • Only if the plaintiffs assert that all speculative execution methods is the issue. It would be far easier for the plaintiffs to show how IBM or ARM did theirs in contrast to Intel.
  • by willoughby ( 1367773 ) on Sunday January 30, 2022 @04:07PM (#62221833)

    I'm all ready to receive my check for three dollars.

  • Is a job for 007

A consultant is a person who borrows your watch, tells you what time it is, pockets the watch, and sends you a bill for it.

Working...