Over the last two days this whole Carrier IQ thing has taken over all mobile news feeds. The concern is that a ton of data is being sent to carriers informing them of what users are doing, where they are, etc. It’s said that these things are even recording keystrokes. Basically, everything done on one of these phones is being sent to home base.
This is much like the technology that was going to be used to track mall shoppers via their cellphones. With mall shoppers, it’s a little easier to see how it may have been thought of as a way to track how people shop and optimize the experience. Still, without informing these people, it’s still invading their privacy. People started looking deeper into things and eventually Carrier IQ was discovered.
This was discovered when Android developer Trevor Eckhart noticed the software, and started looking into it. He found that it can be shown as being present in the handset, or set up to be hidden from the user. The HTC phones that Eckhart took a look at all had hidden software. One way to get rid of Carrier IQ, he said, was to unlock your bootloader to remove most of Carrier IQ, however, that voids warranty, and he said that “the only way to remove Carrier IQ is with advanced skills.”
Users Don’t Know
The issue here is that most users don’t know this is going on. There is really nothing on the phone that shouts, “Hey, we’re collecting this data. Are you cool with that?” And according to Eckhart, while HTC devices on Android have no way to switch off Carrier IQ, Samsung devices do allow users to turn it off. The only problem is that most probably aren’t aware that this is happening anyway.
According to carriers, this is all a way to improve network usability. They want to see how subscribers use these devices and say they want to improve functionality. As a spokesperson for Carrier IQ said, they want to know when people have dropped calls, battery problems, SMS problems, etc. Could be well-meaning, then. However, why aren’t the users of these handsets informed of this beforehand?
The Legal Threats
Carrier IQ didn’t like what Eckhart had said, so they tried to silence him with a cease-and-desist. They wanted him to replace his original blog post with a retraction written by the company and an apology. That didn’t bode to well with the Electronic Frontier Foundation, who came into his defense. Then it wasn’t long before Carrier IQ was apologizing to him for their actions, which in the end just shows you that it was nothing more than a bully tactic that they deployed in hopes of getting Eckhart to back down.
The iPhone Also Has Carrier IQ? How to Disable Carrier IQ on iPhone
That’s right. Carrier IQ is also on the iPhone. The good news is that with iOS 5, you can easily shut it off.
All you have to do is go to: Settings>General>About>Diagnostics & Usage
That’s it. That, according to what we’ve read, disables Carrier IQ.
RIM on Carrier IQ
RIM claims that they do not authorized Carrier IQ on their BlackBerry handsets. However, it’s unclear at this point as that contradicts Eckharts findings. However, RIM said they are investigating the claims. We’ll just have to see what they say after all this as they aren’t likely to offer further comment for the time being.
“RIM is aware of a recent claim by a security researcher that an application called “CarrierIQ” is installed on mobile devices from multiple vendors without the knowledge or consent of the device users. RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution. RIM also did not develop or commission the development of the CarrierIQ application, and has no involvement in the testing, promotion, or distribution of the app. RIM will continue to investigate reports and speculation related to CarrierIQ”
Which Phones Have Been Found to Have Carrier IQ?
iOS 3 and iOS 4 are said to have this. iOS 5 also has Carrier IQ, but it can be turned off easily (as shown above).
BlackBerry OS was said to have it, but RIM’s statement says that it’s not true. Looks like the truth may not come immediately.
WebOS also has the software installed. It’s not very widely used, so may not be as much of a concern as Android, iOS or BlackBerry at this point.
Android. This OS is very popular. Many of the devices running Android do use Carrier IQ. Some make it easy to disable, and others hide it deep within the code. The Nexus One, Nexus S, Galaxy Nexus and the original Xoom tablet are said to be in clear with no Carrier IQ software.
Symbian. This is Nokia’s OS. It’s dwindling in popularity, but worth knowing to those running the operating system.
Know that Windows Phone 7 is said to be clear of this software. That’s good news for users of the platform.
Senator Al Franken Weighs In
Franken was not very happy and wrote an open letter to Carrier IQ demanding to know more. He wants them to clarify and answer the questions on people’s minds.
Below is his letter:
Dear Mr. Lenhart,
I am very concerned by recent reports that your company’s software—pre-installed on smartphones used by millions of Americans—is logging and may be transmitting extraordinarily sensitive information from consumers’ phones, including:
• when they turn their phones on;
• when they turn their phones off;
• the phone numbers they dial;
• the contents of text messages they receive;
• the URLs of the websites they visit;
• the contents of their online search queries—even when those searches are encrypted; and
• the location of the customer using the smartphone—even when the customer has expressly denied permission for an app that is currently running to access his or her location.
It appears that this software runs automatically every time you turn your phone on. It also appears that an average user would have no way to know that this software is running—and that when that user finds out, he or she will have no reasonable means to remove or stop it.
These revelations are especially concerning in light of Carrier IQ’s public assertions that it is “not recording keystrokes or providing tracking tools” (November 16), “[d]oes not record your keystrokes,” and “[d]oes not inspect or report on the content of your communications, such as the content of emails and SMSs” (November 23).
I understand the need to provide usage and diagnostic information to carriers. I also understand that carriers can modify Carrier IQ’s software. But it appears that Carrier IQ’s software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics—including who they are calling, the contents of the texts they are receiving, the contents of their searches, and the websites they visit.
These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.
I ask that you provide answers to the following questions by December 14, 2011.
(1) Does Carrier IQ software log users’ location?
(2) What other data does Carrier IQ software log? Does it log:
a. The telephone numbers users dial?
b. The telephone numbers of individuals calling a user?
c. The contents of the text messages users receive?
d. The contents of the text messages users send?
e. The contents of the emails they receive?
f. The contents of the emails users send?
g. The URLs of the websites that users visit?
h. The contents of users’ online search queries?
i. The names or contact information from users’ address books?
j. Any other keystroke data?
(3) What if any of this data is transmitted off of a users’ phone? When? In what form?
(4) Is that data transmitted to Carrier IQ? Is it transmitted to smartphone manufacturers, operating system providers, or carriers? Is it transmitted to any other third parties?
(5) If Carrier IQ receives this data, does it subsequently share it with third parties? With whom does it share this data? What data is shared?
(6) Will Carrier IQ allow users to stop any logging and transmission of this data?
(7) How long does Carrier IQ store this data?
(8) Has Carrier IQ disclosed this data to federal or state law enforcement?
(9) How does Carrier IQ protect this data against hackers and other security threats?
(10) Does Carrier IQ believe that its actions comply with the Electronic Communications Privacy Act, including the federal wiretap statute (18 U.S.C. § 2511 et seq.), the pen register statute (18 USC § 3121 et seq.), and the Stored Communications Act (18 U.S.C. § 2701 et seq.)?
(11) Does Carrier IQ believe that its actions comply with the Computer Fraud and Abuse Act (18 U.S.C. § 1030)? Why?
I appreciate your prompt attention to this matter.
Chairman, Subcommittee on Privacy
Technology and the Law
How Do You Feel?
Is this something that disturbs you? Or do you feel like your privacy is being invaded? I personally have it turned on on my iPhone as I don’t have a problem with it. However, that’s not to say everyone on iSmashPhone feels the same way. Our editor turned his off, and I’m sure each writer on the staff has their own feelings about it. It doesn’t come down to a “I don’t have anything to hide” decision, either. I just don’t mind if my browsing history is shared with anyone who probably doesn’t know or care who I am. Again, that’s just a personal thing. That said, I appreciate having the information and knowing that I have a choice on my iPhone. I wouldn’t appreciate it so much if it was done without my consent and I had no say in it. What are your thoughts?