Carrier IQ lawsuits pending for Apple, Samsung, HTC, AT&T, Sprint and more
On Nov. 28, Android developer Trevor Eckhart posted a video on YouTube showing the software Carrier IQ interacting oddly with his mobile phone activity. Eckhert alleged his keystrokes and data were being collected without his permission.
Speculation and accusations began flying immediately over what data Carrier IQ was collecting. Massachusetts congressman Rep. Edward Markey has asked the Federal Trade Commission to investigate the company over concerns of consumer privacy. Many believe the software was logging keystrokes and collecting sensitive data.
Carrier IQ is software that is embedded onto mobile devices to collect and analyze data for wireless carriers. The company says they only collect diagnostic data.
A statement by the company last week attempted to clarify how information was being collected.
"Our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen."
Keylogging accusations debunked
CNET's chief political correspondent Declan McCullagh consulted with security expert Dan Rosenberg to determine the truth behind the accusations. Rosenberg analyzed the code "under the hood" and could not back Eckhart's claim of keylogging.
"The application does not record and transmit keystroke data back to carriers," Rosenberg told CNET. After reverse-engineering the software his results showed that "there is no code in Carrier IQ that actually records keystrokes for data collection purposes."
According to McCullagh, security expert Rebecca Bace was given full access to Carrier IQ's engineers and internal documents.
"I'm comfortable that the designers and implementers expended a great deal of discipline in focusing on the espoused goals of the software - to serve as a diagnostic aid for assuring quality of service and experience for mobile carriers," Bace told CNET.
While McCullagh notes that Carrier IQ is not guilty of keylogging, there are serious privacy concerns that need to be addressed. The software does report user data to wireless carriers, like what applications are used and web history.
Carrier IQ provides the software, but carriers like AT&T, Sprint, and T-mobile decide what data to access. Because it's being distributed by the carriers, no smartphone is left behind - not even iPhones.
According to CNET, Verizon says it does not use Carrier IQ, while Sprint, AT&T and T-Mobile say they use it to improve network performance.
The question of how these carriers can self-regulate has raised questions worldwide.
Ars Techinca reports that lawsuits have been filed against Apple, Samsung, HTC, Motorola, AT&T, Sprint and T-mobile, citing the violation of the Federal Wiretap Act, Stored Electronic Communications Act and the Computer Fraud and Abuse Act. The suits allege that "[i]n addition to collecting device and service-related data, Carrier IQ's software can collect data about a user's location, application use, Web browsing habits, videos watched, texts read and even the keys they press."
A lawsuit was filed in San Jose, Calif. that claims, Carrier IQ "is involved in installing spyware on mobile phones and using that hidden software to siphon off private consumer data without consumer consent."
Similar suits were filed in Chicago and St. Louis against Carrier IQ, HTC and Samsung, citing violations of the Federal Wiretap Act. The law forbids the interception of "oral, wire or electronic communications."
According to Computer World, European countries like Germany and the U.K. have began investigating Carrier IQ's tracking software, to determine if it was violating the privacy of smartphone users.
"Being open and up-front with customers about how their personal data is being used is fundamental to maintaining their trust. It is obviously also vital that mobile manufacturers and operators comply with the Data Protection Act," the U.K. Information Commissioner's Office said in a statement.
Popular in SciTech
- Oops! The five greatest scientific blunders
- Apple's next iPhone may be coming in June
- Thousands online proclaim: Jahar Tsarnaev is innocent
- 40 years later: Why the Endangered Species Act still matters
- Zynga demands employees return stock or get fired
- Beam this up: Creating the sounds of "Star Trek"
- Alternatives to Google Reader
- Apple's iPhone 6 may have bigger screen, analyst says