Intel advances LaGrande architecture, gingerly

SAN JOSE, CALIFORNIA - Intel Corp. Tuesday announced it was taking steps to ensure that its design for the next generation of computer security components, code-named LaGrande, will be accepted and not vilified by the industry.

Speaking at the Intel Developer Forum in San Jose, Intel executives said LaGrande will be aimed at business users rather than consumers. They also announced plans to make it easier for users to opt out of LaGrande, saying Intel no longer plans to include the LaGrande technology in all of its microprocessors.

Intel also has released a draft of a policy white paper designed to address privacy concerns relating to the LaGrande design. LaGrande specifies a number of security features for the processors, chipset, storage, input devices and graphics components that will be created by Intel and partner companies to improve the security of Intel-based systems.

The chip maker hopes that LaGrande will avoid the kinds of privacy concerns that plagued the company when it added serial numbers to its Pentium III processors in 1999. Intel eventually scrapped the serial number plan, but not before the company had been widely criticized by privacy advocates.

"In our naivete as technologists, we blundered into this policy area and were pretty soundly criticized for it," said Mike Ferron-Jones, manager of advanced technology marketing in Intel's desktop platforms group. "We have learned a lot from that experience and as a result, we are being tremendously proactive... in developing policies around LaGrande technology deployment."

Intel's plan to no longer include LaGrande in all its processors represents a shift in direction. When LaGrande was announced at last year's Intel Developer Forum, executives planned to eventually include it in every Intel microchip. Users who didn't want LaGrande would be given the option of turning it off on their machines. Now Intel has decided to give customers the option of buying systems with or without the LaGrande technology.

"LaGrande technology, at many levels, is going to be an opt-in solution," said Ferron-Jones. "At the highest level, you can opt into choosing a system with or without the technology," he added. "We're not going to put people in a position where they have to consume this technology."

Also, Intel has no plans to include LaGrande in its Itanium 2 line of 64-bit processors. When LaGrande-enabled systems begin to ship, the security technology will be available for the 32-bit desktop and mobile systems, Ferron-Jones said.

Intel has also decided not to create "back door" mechanisms that would give law enforcement agencies ways to access encrypted data on LaGrande systems, according to David Grawrock, a security architect with Intel.

The company discussed the matter with law enforcement, he said, but ultimately decided not to go that route, he said.

Intel's proactive stance earned praise from one industry analyst.

"I'm impressed by how sensitive they are to the privacy issues," said Nathan Brookwood, an analyst with consulting company Insight 64. "It's all part of their plan to be up front, so people can't accuse them of trying to sneak something in."

LaGrande systems are expected to begin shipping within two to three years, Ferron-Jones said.