Intel will have to defend itself, claiming that the semiconductor giant knew its microprocessors were defective and didn’t tell customers.
On Wednesday, Judge Michael Simon of the U.S. District Court for Oregon partially rejected the tech giant’s motion to dismiss a class-action lawsuit stemming from the 2018 public disclosure of chip microarchitecture errors in the Meltdown and Spectre data breaches.
register Breaking the Meltdown story On January 2, 2018, Intel and the person who reported the security flaws privately were ready to disclose them.Day Two, Google’s Plan Zero Announcement details Research by Meltdown and its cousin Spectre shows that efforts to make CPU cores faster using speculative execution leave them vulnerable to side-channel attacks that can read otherwise out-of-reach memory and leak confidential information.
To defend against Meltdown and Spectre, Intel and other affected vendors had to add software and hardware mitigations that would slow the patched processor slightly to significantly slower for some workloads.
Disclosures of related flaws have continued since then, as researchers developed variants of the initial attack and discovered other parts of the chip that similarly exposed privileged data. This is an issue that is still not fully resolved.
Intel, the largest maker of x86 microprocessors, was most affected by the findings: its chips are vulnerable to Meltdown (along with Arm Cortex-A75 and IBM POWER) and Spectre, while rivals like AMD are only affected by Spectre.As such, Intel is the focus of many lawsuits: business Facing 32 lawsuits Only a month after the vulnerability was publicly acknowledged.
The lawsuits have been consolidated into a multidistrict lawsuit entitled “Intel Corporation CPU Marketing, Sales Practices, and Product Liability Litigation” (3:18-md-02828-SI). Intel has been trying to get them out since 2018.
The judge had twice previously dismissed the plaintiffs’ complaints, while allowing them to amend and resubmit their allegations. For the third time, the judge only partially granted Intel’s motion to dismiss the case.
Judge Simon dismissed claims based on purchases as of August 2017 because Intel was unaware of the microarchitectural vulnerability before then. But he allowed seven claims from September 2017 to continue, finding that the plaintiffs’ arguments about Intel’s delay in disclosing flaws to maximize holiday sales appeared to be enough to keep the case going.
“Based on the plaintiffs’ allegations, it is unclear whether Intel has a business interest other than offsetting profits, as it delays disclosure (through holidays), downplays the negative impact of mitigation, suppresses impact mitigation, and continues to prohibit further advances affecting only Intel processors. security breach,” the judge wrote in his order [PDF].
“With respect to the seven plaintiffs who purchased computers after September 1, 2017, they have alleged enough facts at this stage of the proceedings for Intel to dismiss their motion for failure to file a claim.”
The case has not yet been scheduled for trial, as there are more procedural steps down the road. Without further procedural defenses, Intel’s likely way out would be a settlement — with the potential for significant damages at trial.
Attorney Christopher Seeger said: “We are pleased with the court’s decision that our alleged allegations show that Intel ‘exploited consumers’ lack of knowledge and the resulting inequity was stark and blatant , complete and thorough,” said Seeger Weiss LLP, the plaintiffs’ lead attorney, in an emailed statement.
“We look forward to advancing this lawsuit on behalf of consumers and businesses whose computers are slower and less secure due to flaws found in Intel processors.”
Intel declined to comment. ®
