News Archive (1999-2012) | 2013-current at LinuxGizmos | Current Tech News Portal |    About   

Carrier IQ monitoring company hit by lawsuits

Dec 5, 2011 — by LinuxDevices Staff — from the LinuxDevices Archive — views

Carrier IQ, whose diagnostic firmware has been criticized for supposedly monitoring keystrokes on Android devices, has been hit with at least eight lawsuits, most of which also target major device vendors and mobile carriers. Meanwhile, U.S. lawmakers and European regulators are looking into Carrier IQ, and a security researcher is claiming the snooping claims are overblown.

The troubles for mobile software vendor Carrier IQ continue mounting as the lawsuits roll in and lawmakers and regulators ask questions. A startup few had ever heard of before last week has been named in at least eight lawsuits over its monitoring software — installed in millions of smartphones worldwide, primarily in Android phones. 

System administrator Trevor Eckhart published a report in late November accusing Carrier IQ of installing firmware onto smartphones. Eckhart claimed the monitoring tool allows phone manufacturers and carriers to keep track of key presses, browsing history, SMS logs, and location data without the user's knowledge or permission.

Carrier IQ runs in the background and is very difficult to remove, according to Eckhart. Late last week, a Voodoo Carrier IQ detector app (pictured), which is said to detect the presence of Carrier IQ on Android devices, appeared on Android Market.

One of the lawsuits filed Dec. 1 in United States District Court for the Eastern District of Missouri named HTC and Carrier IQ as defendants. The suit accuses the companies of unlawfully intercepting communications from private mobile phones, smartphones, and handsets. Another lawsuit filed in District Court for the Northern District of California named HTC, Samsung, and Carrier IQ as defendants.

Both lawsuits accuse the companies of violating the Federal Wiretap Act, which can result in damages of $100 a day per violation. The California lawsuit also said the tracking software is in violation of California's Unfair Business Practice Act.

Other lawsuits filed in Delaware and California named Apple, Motorola, Sprint, AT&T, and T-Mobile. The Delaware suit, for example, seeks to block carriers and phone makers from using the software. The St. Louis suit claims the defendants "intercepted, recorded and collected information concerning the substance, purport or meaning of the electronic communications transmitted without the authorization of the parties to those communications."

Lawmakers, regulators look into Carrier IQ

The revelations about Carrier IQ have also drawn the attention of lawmakers in Washington, D.C. "I have serious concerns about the Carrier IQ software and whether it is secretly collecting users' personal information, such as the content of text messages," Rep. Edward Markey, D-Mass., said in a statement that accompanied the letter he wrote to the Federal Trade Commission requesting an investigation into the company.

Meanwhile, Sen. Al Franken, D-Minn., said in a statement, "While I understand and acknowledge the legitimate need for diagnostics software on smartphones, the data that Carrier IQ's software appears to be logging is alarming." 

Franken wrote to the phone vendors and carriers to find out "exactly why they feel the need to install this software on their devices and what they're doing with the information they're gathering," stated the Senator.

European regulators are also investigating Carrier IQ's monitoring software to determine if mobile phone vendors and carriers are violating consumer privacy. For example, the United Kingdom's Information Commissioner's Office said it will contact mobile phone operators to find out whether Carrier IQ or similar software is installed on U.K. customers' handsets. If the software exists, the ICO wants the carriers to explain what steps are being taken to ensure privacy is not compromised, according to the organization.

"Being open and up-front with customers about how their personal data is being used is fundamental to maintaining their trust," the ICO said.

Meanwhile, Germany's Bavarian State Office for Data Protection has sent a letter to Apple to clarify how the company had used the Carrier IQ software in the iPhone.

Carrier IQ gains a defender

It's still unclear just how invasive the Carrier IQ firmware really is. In a Nov. 30 post, security researcher Dan Rosenberg wrote on Pastebin that Carrier IQ doesn't actually record keystrokes for data collection.

"There's a big difference between 'look, it does something when I press a key' and 'it's sending all my keystrokes to the carrier!'" wrote Rosenberg.

Carrier IQ itself has denied the worst of the claims, claiming the firmware delivers metrics and aggregated data to operators to help improve services, and does not collect personal information about users.

"We measure and summarize performance of the device to assist operators in delivering better service," Carrier IQ said in a statement, noting that the firmware makes the phone "better" by delivering intelligence that operators can use to provide "optimal service efficiency."

The firmware does not record, store or transmit the contents of SMS messages, email, photographs, audio or video, according to Carrier IQ. "For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen," the company stated.

Carrier IQ also "vigorously" disagreed with claims that it violates wiretap laws. The actual information gathered by the software is determined by the carriers, and none of the information is ever sent to Carrier IQ, the company said.

Apple said it included Carrier IQ in earlier versions of the iPhone but dropped it from iOS 5 and has not collected any personal information. Google has said the software doesn't exist on the Android phones under its control, but may exist on Android devices from other manufacturers.

Research In Motion, and Nokia have denied loading the software on their phones. AT&T, Sprint, HTC, Samsung, and T-Mobile have admitted some of their phones use the software. HTC and Samsung claimed they installed the software at the request of the carriers.

Finally, AT&T and Sprint said the software is just a diagnostic tool to collect network and device data that is used for service and quality assurance purposes, and denied any privacy violations.

Fahmida Rashid is a writer for eWEEK.


This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.



Comments are closed.