Cellphones, Eavesdropping / Wiretapping, Privacy, Technology

This Cell Phone Software Company Might Know Everything About You

By  
on

Last week, the tech world caught fire with the newest in an increasingly long list of electronic privacy scandals. Carrier IQ, a small Silicon Valley software company with its product installed on millions of cell phones, made headlines when a young programmer posted a video allegedly showing the software’s ability to log keystrokes and collect other, very personal information from phones.

By the end of last week, the controversy had already sparked an angry letter from democratic Senator Al Franken, two class-action lawsuits, and a flurry of denials and explanations from the software company as well as major mobile phone carriers. We briefly mentioned the story in Friday’s Non-Sequiturs, but it deserves a deeper look.

Is Carrier IQ as bad as it sounds? Good question….

The whole thing started when Wired’s Threat Level blog posted a video by 25-year-old programmer Trevor Eckhart. He allegedly revealed the surprising extent to which the Carrier IQ software “secretly chronicles a user’s phone experience–ostensibly so carriers and phone manufacturers can do quality control.”

His video allegedly showed the software logging keystrokes for things like text messages or Internet searches.

Carrier IQ staunchly denies logging keystrokes. In a later interview with Wired, a spokesperson acknowledged the company collects a whole bunch of information — web usage, where and when and to what numbers calls and text messages are sent and received, as well as app deployment, battery life, phone CPU output and data, and cell-site connectivity. But not keystrokes!

Sponsored

“We do recognize the power and value of this data,” Andrew Coward, the chief marketing officer, said. “We’re very aware that this information is sensitive. It’s a treasure trove.” …

Company executives invited Wired to Carrier IQ offices Friday to debunk the keystroke logging claim. Coward also emphasized that the software does not know the content of websites or apps or text messages or phone calls, but acknowledged that it does transmit website addresses to some carriers as a diagnostic tool.

The explanation was not enough to stop two class-action lawsuits from being filed last week, accusing Carrier IQ, Samsung, and HTC of violating the Federal Wiretap Act. Sen. Al Franken, who has taken an interest in privacy issues, also demanded more answers from the company.

At the same time, other large technology companies tried to distance themselves from Carrier IQ. In a New York Times article from Thursday, an Apple representative said the company is in the final stages of phasing out the software. A Verizon wireless spokeswoman said Verizon does not use Carrier IQ at all. Nokia, as well as European carriers Vodafone and Orange, said the same.

On the other hand, various writers and software researchers quickly came out in defense of the until-recently unknown company. In a blog post entitled “Carrier IQ Is Not Evil,” Above the Law’s editor emeritus Kashmir Hill wrote:

Senator Al Franken, who sent a letter to Carrier IQ this week about the company’s business practices, is asking the right question here: “Does [Carrier IQ] subsequently share [data it collects] with third parties? With whom does it share this data? What data is shared?” If Carrier IQ is sharing the data with anyone but the carrier that hired it, that’s a problem. If not, as the company claims, then it’s just a subcontractor doing work on behalf of a carrier that already has access to the same information anyway.

Sponsored

The central defense for Carrier IQ is the need for research and data to improve computer software. Part of that need means consumers often let companies see personal information about their electronic devices.

I understand the need for diagnostics and what is basically customer feedback. But I tend to be less sympathetic. I find it a bit unsettling that the world we live in is so desensitized to giving up this information that a lot of people don’t seem surprised at the extensive list of information Carrier IQ admits to collecting from, like, 150 million people. Instead, the response is, “well, at least they’re not logging our keystrokes!”

Maybe it’s lame to complain because I have an iPhone, and I launch my data into cyberspace just like everybody else. But stories like this still give me the heebie-jeebies. (A couple weeks ago, before this new story broke, Wired said Carrier IQ was one of the reasons we should all start wearing tin hats.)

It’s only a matter of time till attorneys and law enforcement (not to mention advertisers) find a way to access this “private” information that phone companies swear they only use for diagnostics. We’ll start seeing it in subpoenas, as we have with Twitter, Facebook, and even cars.

Either way, I find this saga very interesting. Everybody seems to have passionate opinions about the ethics of what Carrier IQ is doing, as well as the legality, utility, and general appropriateness of the software. All this despite the fact that the specifics of how the software works and where the data goes are still very muddy.

Anyone else feel like a symbolic, group viewing of “Into the Wild” is in order?

Researcher’s Video Shows Secret Software on Millions of Phones Logging Everything [Wired Threat Level]
Carrier IQ Admits Holding ‘Treasure Trove’ of Consumer Data, But No Keystrokes [Wired Threat Level]
Programmer Raises Concerns About Phone-Monitoring Software [New York Times]

Christopher Danzig is a writer in Oakland, California. He covers legal technology and the West Coast for Above the Law. Follow Chris on Twitter @chrisdanzig or email him at cdanzig@gmail.com. You can read more of his work at chrisdanzig.com.

CRM Banner

Topics

, , , , , , , ,