Carrier IQ Gate: A brief summary of the controversy

Carrier IQ has become the buzz lately, but not for good reasons. It all started when a researcher named Trevor Eckhart posted evidence that Carrier IQ logs every text message, Google search, and phone number typed and reports back to the phone carrier. Shortly after, Carrier IQ sent a cease and desist letter to Eckhart claiming he violated copyright law by publishing Carrier IQ training manuals online. Eckhart didn’t back down as he enlisted the Electronic Frontier Foundation, a digital rights group, which resulted in Carrier IQ backing off their legal threats.

What is Carrier IQ? They market themselves to carriers as a program that can “measure performance and user experience with no visible impact to customers.” Eckhart found that in his HTC device, the program not only recorded information about app activity and battery life, but also records when users press any key on the phone along with text messages. The information is then sent back to Carrier IQ’s servers. Why would Carrier IQ need to record such information if all they’re trying to do is improve users’ experiences by collecting data on dropped calls, signal quality, and other troubleshooting problems? At least this is what they told Wired.

This is all being done without permission from the consumers and there is no way to turn it off unless you are rooted. If it weren’t for Eckhart, nobody would even know about it. Eckhart recently released a video showing how Carrier IQ records this information.

YouTube Preview Image

So now what? Well you can check to see if your phone has Carrier IQ with this tool from Trevor Eckhart. What about the carriers? Verizon, US Cellular, Vodafone, and O2 deny using Carrier IQ. Google Nexus Phones are clean as well as the original Motorola XOOM. T-Mobile has decided to pass the buck by saying they never asked for Carrier IQ, so if its there it isn’t their fault. Sprint and AT&T have admitted to using it. As to manufacturers, HTC and Samsung have admitted to using Carrier IQ. RIM has a “pass the buck” attitude as well, but Windows phones appears clean. Apple has instituted Carrier IQ in the past, but has abandoned it with iOS 5.

Now Senator Al Franken is chiming in. As chairman of the Senate’s subcommittee on Privacy, Technology, and Law, he gave Carrier IQ until December 14th to explain itself, but now is concentrating his questioning to the companies that admit to using it like Sprint, AT&T, HTC, and Samsung. He wants to know why it’s being used and what is being tracked.

Carrier IQ just released a press statement defending itself. In it they state:

Privacy is protected. Consumers have a trusted relationship with Operators and expect their personal information and privacy to be respected. As a condition of its contracts with Operators, CIQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers’ networks or in our audited and customer-approved facilities.

Below is the full press release:

Carrier IQ Updates Statement: Operators Use Carrier IQ Software Only to Diagnose Operational Problems on Networks and Mobile Devices

MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–To clarify misinformation on the functionality of Carrier IQ software, the company is updating its statement from November 23rd 2011 as follows:

“Having examined the Carrier IQ implementation it is my opinion that allegations of keystroke collection or other surveillance of mobile device user’s content are erroneous”

We measure and summarize performance of the device to assist Operators in delivering better service.

While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.

“Having examined the Carrier IQ implementation it is my opinion that allegations of keystroke collection or other surveillance of mobile device user’s content are erroneous,” asserts Rebecca Bace of Infidel Inc. a respected security expert.

Privacy is protected. Consumers have a trusted relationship with Operators and expect their personal information and privacy to be respected. As a condition of its contracts with Operators, CIQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers’ networks or in our audited and customer-approved facilities.

Carrier IQ is aware of various commentators alleging Carrier IQ has violated wiretap laws and we vigorously disagree with these assertions.

Our software makes your phone better by delivering intelligence on the performance of mobile devices and networks to help the Operators provide optimal service efficiency.We are deployed by leading Operators to monitor and analyze the performance of their services and mobile devices to ensure the system (network and handsets) works to optimal efficiency. Operators want to provide better service to their customers, and information from the device and about the network is critical for them to do this. While in-network tools deliver information such as the location of calls and call quality, they do not provide information on the most important aspect of the service – the mobile device itself.

Carrier IQ acts as an agent for the Operators. Each implementation is different and the diagnostic information actually gathered is determined by our customers – the mobile Operators. Carrier IQ does not gather any other data from devices.

CIQ is the consumer advocate to the mobile operator, explaining what works and what does not work. Three of the main complaints we hear from mobile device users are (1) dropped calls, (2) poor customer service, and (3) having to constantly recharge the device. Our software allows Operators to figure out why problems are occurring, why calls are dropped, and how to extend the life of the battery. When a user calls to complain about a problem, our software helps Operators’ customer service more quickly identify the specific issue with the phone.

Stay tuned because this is not the end of the story, but I presume the end of Carrier IQ, which is a good thing.

[via washington post, gizmodo, theverge, huffingtonpost]

 


About the Author: Robert Nazarian

Robert lives in upstate New York where he was born and raised. Technology was always his passion. His first computer was a Radio Shack TRS80 Color that used a cassette tape to save programs, and his first laptop was a Toshiba T1200FB that sported a CGA greyscale screen and two 720kb floppy drives (no hardrive). From the early 90’s through late 2011, he only owned Motorola phones starting with the MircroTAC all the way through to the Droid X. He broke that streak when he bought the Galaxy Nexus. Now he's sporting a Galaxy Note 4, and absolutely loves it. He has a wonderful wife and a 6 year old son. In his free time he enjoys sports, movies, TV, working out, and trying to keep up with the rapid fast world of technology.


  • Abelard

    I always laugh when I hear companies like CarrierIQ swear on their collective mothers’ graves that they are only doing this so they can make a better experience for the user.

    Here’s a thought:  why not just ASK ME what I think would make my experience better?

    I know… crazy talk.

  • Curt

    It’s one thing to allow users to ‘opt-in’ to record for a ‘better user experience’. It’s another thing to record AND DO IT WITHOUT ASKING PERMISSIONS.

    When you do something in the background, not tell anyone, make it hard to find out what your are doing, and not allow the user to turn it off, its not a matter of making a better user experience. It’s a matter of they have something to hide. When you do something in the dark, not allow anyone to know what your doing, and hiding behind everything what you can hide behind, there is nothing good about this. Of course they are going to deny that they record anything. Of course they are going to deny that there are no personal identifiers to identify YOU as the user. Of course they are going to deny that they are doing anything illegal. But consider this. IF they are doing everything legal, WHY ARE THEY EMBEDDING THE SOFTWARE WHERE NO ONE CAN FIND IT? WHY ARE THEY SHOWING THE WORLD WHAT THEIR SOFTWARE DOES/DOESN’T DO?

    They are still hiding their software, not showing any permissions that the software needs to run/see/record. They are now showing how it works. Why is that?

    They are still hiding because they know that their software is abusive on a users rights. Its abusive because its recording things that they KNOW it should not record. They hide it because its bad.

    and I will not believe anything that they say unless they actually come out and SHOW what their software does, and they change the software so a user has to OPT-IN, not hide the software and not ask for permissions.