Data protection right to have data deleted

[1nvest]

The Data Protection Act 2018 defines that your data must be conveyed/processed/stored in a secure manner and where there are failings you have the right to have such processing stopped and your data deleted on the grounds that the organisation failed to comply with the rules on data protection.

Since 2009 (Intel), 2013 (AMD) and processors have included sub-system processors where the control code is a blob, not open source. Such subsystem have the capacity to operate entirely independently from the main system, can even be running when the main system is powered down. Any system where such processors are a part of that system, used to convey, process or access data, are a security risk, are a breach of the data protection act. I note however that there are many barriers to having your data prevented from being collected, processed and retained by the state. 'Essential' type exclusions. As such the state has formed laws that belittle the entire purpose of data security/protection. Obviously if many opted to have their data removed out of HMRC, CONNECT ...etc. on such security grounds and in spite of numerous and repeated HMRC disclosures of data security breaches, the state would not oblige.

If the state has no regard for individuals security/privacy then that state needs to be changed. By rights the UK should have retained ownership over its Cambridge based CPU technology, but as ever the state likes to turn a quick buck in disregard of mid/longer term benefits, and clearly does not care for either its physical borders, nor the security of its citizens.

[Gerry557]

Does it?

[didds]

Such subsystem have the capacity to operate entirely independently from the main system, can even be running when the main system is powered down.

how?

[1nvest]

Such subsystem have the capacity to operate entirely independently from the main system, can even be running when the main system is powered down.

how?

Internal management engine IC layer structure/code are closed systems. A factor is if it were made open then it could be exploited by black hat hackers. One thing that can be deemed is that it can operate/communicate even when the system is powered down. Intel were layering that it as of 2009, so any Intel systems after that date, AMD followed in 2013. Similar in some respects to kvm, where another entirely separate OS can be loaded into/run from within the internal kernel virtual machine, but instead at a internal hardware level rather than software level.

State sponsored investigation I very much suspect would open up hacks, where attacks were perhaps reserved for times of electronic warfare. But none the less having any system with such a embedded system being reasonably considered as being insecure.

Seems to be common practice however that the likes of MP's don't even care, will use common social media platforms and devices for communications.

[didds]

so what's its power source? the cmos battery?

which can be removed if one is sufficiently paranoid (rather stuffs up the system clock...)

[JonE]

so what's its power source? the cmos battery?

which can be removed if one is sufficiently paranoid (rather stuffs up the system clock...)

Perhaps it depends on how one defines 'powered down'.

The intel link says a feature is that "its power states are independent of the host OS power states". That could mean the switch on the front being 'off' but the box (and this engine) still connected to mains (or the laptop equivalents of this scenario).

That's not so very strange. I have an HP EliteDesk 800G2 which, according to the manual, has one of the USB ports able to provide charging power even when the switch on the front of the box is 'off'.

Cheers!

[Gerry557]

Just get an AMD computer then.

[stewamax]

Hmm... not too dissimilar to the UEFE BIOS that at a slightly higher level has been around on PCs for 20 years.

Anyone remember the microcode loaded from a resident diskette for IBM S/370 in the 1970s, and the S/370 channels that were autonomous processors?
More to the point, any 'mainframe' today is plethora of subsystems with their own memory and processors that provide data compression, network tasks, cryptography and other minutiae, plus the SAPs (system assist processors) that are descendants of the channels.
And PCs are going that way too with graphics cards (GPUs) that offload not just gaming displays but virtual machine assist, cryptography (no TPM 2.0 chip, no Windows 11) and so on.

Since, for instance, GPU firmware is, for commercial reasons, anything but 'open', who knows what is retained there when the power is off? And for a long time, 'power off' has several other meanings: sleep, hibernate, and 'soft' power off where the network card and USB ports are always on and can trigger an awakening.