Sale of the sentry
The price of memory may have gone down but that hasn't stopped the IT thieves. So why aren't dealers making more effort to protect their kit?
The PC industry may be one of the quickest in the world to innovateIT thieves. So why aren't dealers making more effort to protect their kit? and bring the latest product to market, but it is not quite as fast when it comes to addressing larger issues affecting the whole industry, such as the marking and registering of PCs to combat theft. Such issues require co-operation across the channel but rivals are reluctant to share information about their customer bases, believing it could weaken their competitive position.
The problem is simple. Despite the fact that falling memory prices have made it a less attractive crime, the IT thieves are still out in force. The biggest complaint from the police as PC theft has soared is the lack of adequate and permanent marking of PCs and components by manufacturers.
In addition, there is no central record of who has bought a PC. So, if a PC is stolen and later recovered, the police have no way of checking who the legitimate owner is and whether the PC is stolen.
A number of senior police officers have been critical of the PC industry's response to this problem of chip and PC theft.
It is now over four years since Metropolitan Police assistant commissioner Tom Wilkinson set up the police/industry Joint Action Group (JAG) on computer theft and called on PC vendors to 'design out' PC theft in the same way car radio manufacturers did in the 1980s. Many ideas for protecting PCs were mooted, including PCs that would not boot if wrenched from their moorings, and various steel-plate 'full metal jackets'. But too few vendors have taken up the features for them to be of practical use and to act as a deterrent.
The concern is that PC theft has not gone away. Although it is not as prevalent as in 1993 to 1994 - because the fall in the value of memory does not make the PC such a good steal - the likelihood is that as mem-ory prices start to rise again, the UK PC industry will be as vulner-able as it was four years ago.
The most useful device for thwarting PC theft - or at least making sure computers and components are reunited with their rightful owners - is starting to come into play, but it is not a blanket policy. It is also being held back by the negative attitude of dealers. In response to customer and police demand, more of the major manufacturers are laser-etching unique serial numbers on PCs and components. The lead here has been taken by IBM, Compaq and Intel.
But it is not enough to etch the serial number onto hardware. The system will only work if the numbers are recorded somewhere, along with the identity of the final customer. If such a system were set up by the police - who do not have a central database of stolen PCs as they do for stolen cars, and so lump PC theft in with other stolen electrical goods - they would be able to trace all computer equipment they came across.
SSo far, so good. But the problem is, if the police have neither the manpower nor the willpower to run such a scheme, who will?
PC vendors have always left the running and maintenance of asset registering for dealers to sort out on a voluntary basis. It has worked before. One of Apple's West Country dealerships set up a voluntary system that recorded the serial numbers of Apple kit in a bid to keep down theft. And there are companies trying to start wide-spread systems.
A number of third-party com-panies coming out of the sec-urity marking and PC auditing sectors are starting to offer an asset registering service to dealers and manufacturers. The idea is that dealers register customer details with the asset registry as part of its value-added service and the information is recorded on a database. The database, which is made available to the police via an online connection, will be used to flag stolen PCs. In theory, if all dealers and manufacturers joined the same scheme, any PC could be identified.
The problem is that there is no central body to oversee the asset registering schemes and they are developing in isolation. They are also being held back by anxious dealers that refuse to register their customers.
Asset Software International (ASI) works primarily with Compaq to record and make available to the police serial numbers of stolen kit, but it is sceptical about the chances of a central system ever taking off.
'You will never see a central database that lists all PC ownership,' says ASI sales director Chris Brown. 'All PC vendors are paranoid about their customer details getting into rivals' hands.' Dealers tend to be the most paranoid, he claims.
It is the dealer - the only person that knows who the customer is - that needs to run these schemes effectively. However, it is also the dealer that has the most to lose. The most prized asset of any dealer is the customer database, and the risk of that falling into the hands of another dealer - or worse, the manufacturer - does not justify the benefits of joining any scheme. 'There is more paranoia here than necessary,' says Brown.
The issue is compounded by the fact that few customers are aware of the asset registry schemes, or demand their PC be registered when they buy. Typically, a registry charges about #5 per PC to put an owner's details on the internet. A canny dealer could offer the service as part of a value-add package the customer would not get in a superstore. A recent security survey found that 60 per cent of IT managers would pay an extra four per cent of the cost of a PC - typically #40 to #80 - for a PC with a built-in security feature. The hitch is that it's down to customers to demand such protection, but so far they haven't.
Clearly, the customers most keen to register details of their PCs are corporates that have large numbers of PCs and the most difficulty keeping track of them. Increasingly, corporate re-sellers are offering some kind of asset registering with a sale, but corporates with dedicated IT staff tend to have the best security policy anyway. It is the smaller customers and smaller dealers that are less likely to get involved with registering schemes, yet they are the ones that could benefit most.
Sir Peter Imbert, former Metropolitan Police commissioner, is now chairman of security specialist Retainagroup - an asset registry with a background in security marking. Retainagroup is the asset registry used by IBM. 'IBM is laser-etching its chips at source,' Imbert says. 'The unique number of the chip is linked with the serial number of the PC.' This means that not only can the PC be traced, but the user can check the chip in the PC is not counterfeit or a slower chip that has been swapped.
'By registering details with us, the owner of the PC avoids the embarrassment of seeing stolen chips handed back to the thief because they cannot prove they are the legitimate owner,' says Imbert. He says running the database is beyond the scope of the police and the size of it means it has to run commercially. 'For the database to work, there need to be millions of entries,' he says. 'That takes a lot of effort to maintain. The question is, who is going to pay for it?' For this reason, he says, it has to be done commercially.
There are several different databases in the UK alone and with the potential to move stolen chips around the world it would be preferable to have a database that could be accessed by police anywhere in the world. 'It would be useful if all databases came to-gether,' he says, 'because it would make it easier for the police.' Currently, even if a PC is registered, it would take the police time to track down which database it is on.
'At the moment there is still confusion with PC security,' says Imbert.
'The aim of the database is to simplify it. It is no good marking property unless there is a database that records that mark and makes it available to the police.' There are a number of other ways of marking PCs, such as stencilling the name of the company onto the casing, but this affects the resale value - the database record needs to be changed when the PC is resold - and it can't be done if the PC is obtained through a leasing company.
Another approach to marking and recording information on PCs is offered by the use of Alpha Dots. These are tiny adhesive pieces of film that are marked with a serial number and the postcode of the customer. The details of the dots are logged on a database operated by Traceline. The dots are placed on and inside the PC and are hard to detect. The idea is that if a number are fixed to the PC, then thieves will not be able to detach all of them.
A representative for Alpha Dot distributor Insight says: 'The problem with etching serial numbers is they tend to be on separate plates that can be removed. Some PC vendors are still selling PCs with peel-off paper serial numbers, which are useless in tracing PCs. Using a number of dots increases the chances of the PC being returned to its rightful owner.' The dispenser for the Alpha Dots, which contains marking for up to 20 PCs, costs #25. It is sold by dealers, but it is up to the customer to register the details with Traceline.
Marking PCs is only one part of an effective security regime, according to one PC consultant. 'Marking is the second line of defence - it doesn't stop the thief and is only useful if the police recover the stolen goods,' he says. In practice, the majority of stolen PCs are not recovered. Protection needs to work at a number of levels, making it difficult for the PC to be stolen in the first place, for instance, by using casings, bolting PCs down and improving build-ing security.
But there is a place for effective marking and dealers should encourage it.