Intel will have to defend itself against claims that the semiconductor goliath knew its microprocessors were defective and failed to tell customers.
On Wednesday, Judge Michael Simon of the US District Court of Oregon partially denied the tech giant’s motion to dismiss a class action lawsuit based on the 2018 public disclosure of Meltdown and Specter, the family of data-leaking chip microarchitecture design flaws.
The Register published the Meltdown story on January 2, 2018, as Intel and those who had confidentially reported the vulnerability were preparing to disclose it. The following day, Google’s Project Zero released details about Meltdown and its cousin Specter, revealing that efforts to make CPU cores faster through speculative execution have opened them up to side-channel attacks that can read memory that should be out of reach and sensitive information reveal .
To defend against Meltdown and Spectre, Intel and other affected vendors have had to add software and hardware mitigations that make patched processors slightly to significantly slower for some workloads.
Disclosure of related bugs has continued since, as researchers develop variations on the original attacks and find other parts of chips that expose similarly privileged data. It is a problem that is still not fully resolved.
Intel, as the largest maker of x86 microprocessors, was hit hardest by the findings: its chips were vulnerable to both Meltdown (along with Arm Cortex-A75 and IBM POWER) and Specter, while rivals like AMD were only affected by Specter. As a result, Intel is at the center of many lawsuits: just a month after the vulnerabilities became public knowledge, the company faced 32 lawsuits.
These lawsuits have been consolidated into a multi-district litigation known as the “Intel Corp. CPU Marketing, Sales Practices and Products Liability Litigation” (3:18-md-02828-SI). And since 2018, Intel has been trying to make them disappear.
Twice previously the judge had dismissed the plaintiffs’ complaint and allowed the plaintiffs to amend and restate their allegations. This third time, the judge only partially granted Intel’s motion to dismiss the case.
Judge Simon dismissed claims based on purchases up until August 2017, as Intel was unaware of the microarchitecture vulnerabilities up to that point. But he allowed seven lawsuits as of September 2017 and found the plaintiffs’ allegation that Intel delayed disclosure of the defects to maximize Christmas sales plausible enough to move the case forward.
“Based on the plaintiffs’ allegations, it is not clear that Intel had any conflicting business interest other than profit because it delayed disclosure for so long (during the holiday season), downplayed the negative impact of mitigation, suppressed the impact of mitigation, and for the continued embargo on further vulnerabilities affecting only Intel processors,” the judge wrote in his order [PDF].
“For the seven plaintiffs who purchased computers after September 1, 2017, they have asserted enough facts at this stage of the proceeding to survive Intel’s motion to dismiss for lack of allegation.”
The case is not yet earmarked for trial as there are further procedural steps along the way. The likely exit for Intel in the absence of further procedural defenses would be a settlement — a lawsuit carries the risk of significant damages being paid.
“We are pleased with the Court’s decision, which found that the allegations we make show that Intel ‘exploited the ignorance of consumers so that the resulting injustice was apparent, blatant, complete and unrestricted’, said Attorney Christopher Seeger, with Seeger Weiss LLP, the plaintiffs’ lead counsel, in an emailed statement.
“We look forward to advancing this litigation on behalf of consumers and businesses who have been left with slower and less secure computers because of the flaws found in Intel’s processors.”
Intel declined to comment. ®
Comments are closed.