Class Action Lawsuits Over Meltdown and Spectre CPU Bugs

Major tech companies face sweeping class action lawsuits over critical CPU security flaws, Meltdown and Spectre, raising concerns about data security, disclosure, and fixes.

ByDani Alexis Ryskamp, J.D.

Updated on

Meltdown and Spectre Lawsuits

Intel, Apple, and AMD currently find themselves facing what may be the most far-reaching class action lawsuits of our time.

The class actions all focus on two major security flaws, dubbed “Meltdown” and “Spectre,” which affect nearly all Intel processors dating back to 1995. The bugs make it possible for hackers to access sensitive data that is ordinarily protected by the computer’s hardware.

Intel’s technology underpins the majority of processors in use today. As a result, the Meltdown and Spectre bugs affect hardware and software produced by a wide range of companies, including not only Apple and AMD, but ARM, Nvidia, Google, and even Microsoft.

A Short History of Meltdown and Spectre

In non-affected systems, CPUs use a process called “speculative execution” in which the chip guesses what information the computer will need to perform its next function. As the chip guesses, the information it’s “guessing” is momentarily easier to access.

Normally, the guessed information is protected by the processor – not unlike how a person’s guess is “protected” by remaining inside their private thoughts. Meltdown and Spectre, however, offer two ways for hackers to access that guess and exploit the information it contains.

According to the class action lawsuit filed against Apple, “The first hacking technique is known as ‘Meltdown’ because it ‘melts security boundaries which are normally enforced by the hardware,’ and the other hacking technique is known as ‘Spectre’ because its root cause is speculative execution, and ‘because it is not easy to fix, it will haunt us for quite some time.’”

The Meltdown bug appears primarily in Intel processors, but it has a long history: Processors made as early as 1995 have been deemed affected by the bug. Spectre has a shorter history but a broader reach, affecting processors made by companies like AMD as well.

Identifying the Bugs, Filing Lawsuits: What Happened

Google claims to have informed Intel and other affected companies about Spectre on June 1, 2017, and to have reported Meltdown by July 28. Both companies, however, appear to have avoided any public statements until early 2018, when leaked news about the bugs caused Intel’s stock price to drop by 3.4 percent.

The first class-action lawsuits against Intel were filed in early 2018, only days after information about the bugs became public. A class-action lawsuit against Apple appeared a few days later. AMD became a defendant in yet another class-action by mid-January 2018 as well.

The class action lawsuits against Intel, Apple, and AMD all raise similar concerns: What went wrong? When did the respective defendants know about it? Did they respond appropriately? And are the proposed cures worse than the initial flaws?

The last question is particularly troublesome. To fix the Meltdown and Spectre bugs, the system’s method of handling core memory must be altered. Early tests of patches revealed that while most desktop applications showed no signs of slowed performance, storage I/O operations speeds dropped by 2 to 7 percent in some systems, and some enterprise applications slowed significantly. In January 2018, Microsoft stopped offering the early patches altogether after reports that the patches had made some PCs unbootable.

An attorney for the plaintiffs in the Intel suits has called Meltdown and Spectre “one of the largest security flaws ever facing the American public.”

The Experts’ Perspective

Users whose computers, smartphones, tablets, or other devices are affected by the Meltdown or Spectre bugs can download a patch and update their operating systems, according to Intel and AMD. To do this, users won’t need an in-depth understanding of either flaw; they’ll only need to know how to update their devices.

Fact-finders in the class action lawsuits, however, will need more information. They’ll need to understand the nature of the flaws and how they are identified. Because Meltdown appears to affect processors back to 1995, judges and jurors will need to understand how processor technology has developed over the previous 25 years. They’ll need to know how soon troubleshooters like the Google team could have identified the problem, and they’ll need background on how companies like Intel and AMD typically check for flaws.

Imparting all this information will require the work of lawyers who can structure a case well and expert witnesses who can fill in the technical details. While the details may seem dry to non-technically-minded jurors, they can be woven into a compelling story with sufficient attention to an expert’s qualifications and performance while testifying.

About the author

Dani Alexis Ryskamp, J.D.

Dani Alexis Ryskamp, J.D.

Dani Alexis Ryskamp, J.D., is a multifaceted legal professional with extensive experience in insurance defense, personal injury, and medical malpractice law. Her diverse background includes valuable internships in criminal defense, which have enriched her understanding of various legal sectors. She served as the Executive Note Editor of the Michigan Telecommunications and Technology Law Review, demonstrating a strong commitment to legal scholarship. Dani graduated with a J.D. from the University of Michigan Law School in 2007, following a summa cum laude B.A. in English from Ferris State University in 2004. She is an active member of the Michigan State Bar and the American Bar Association, reflecting her dedication to the legal profession.

Currently, Dani has channeled her legal expertise into a successful career as a freelance writer and book critic, primarily focusing on the legal and literary markets. Her writing portfolio encompasses a wide range of topics, including landmark settlements in medical negligence cases, jury awards in personal injury lawsuits, and analyses of legal trial tactics. Her work not only showcases her legal acumen but also her exceptional ability to communicate complex legal issues effectively to a broader audience. Dani's unique blend of legal practice experience and her prowess in legal writing positions her at the intersection of law and literature, allowing her to contribute meaningfully to both fields.

Dani earned her Bachelor of Arts in English from Ferris State University, where she was involved in various activities, including serving as a tutor at the Writing Center, editor in chief of the Muskegon River Review, president of the Dead Poets' Society, secretary of the Public Administration Association, and a member of the varsity synchronized skating team. She obtained her Doctor of Law from the University of Michigan Law School, participating in the Michigan Telecommunications and Technology Law Review, Wolverine Street Law Moot Court, and the Mock Trial Team. Additionally, Dani holds a Master of Arts in English Language and Literature/Letters from Western Michigan University, where she was a graduate assistant for the Hilltop Review.

PREVIOUS ARTICLE

Bellwether Trial Date Set for C.R. Bard IVC Filter Litigation

background image

Subscribe to our newsletter

Join our newsletter to stay up to date on legal news, insights and product updates from Expert Institute.

Sign up now