More than two weeks ago, security researcher Trevor Eckhart posted a video about Carrier IQ, an obscure software installed on approximately 150 million smartphones. The 17-minute video sparked a firestorm not only because it alleged the software logged numerous details about users’ activities, but also because it did so without their knowledge.
But this week, two wireless carriers that use Carrier IQ’s software said customers should not have been surprised that some of their activities were being tracked. In letters to Sen. Al Franken (D-Minn.), who asked them to explain how they used the software, AT&T and Sprint said Carrier IQ’s capabilities were clearly outlined in their privacy policies.
AT&T gives “clear notice” to customers that “we collect network, performance and usage information from our network and customer devices, and we use that information to maintain and improve our network and their wireless experience,” wrote Timothy McKone, AT&T’s executive vice president for federal relations.
The mobile carriers told Franken they use Carrier IQ software only to collect diagnostic information about their networks to improve customers’ experiences. But their responses did not satisfy Franken, who said he was “still very troubled by what’s going on.”
“People have a fundamental right to control their private information,” Franken said in a statement. “After reading the companies’ responses, I’m still concerned that this right is not being respected. The average user of any device equipped with Carrier IQ software has no way of knowing that this software is running, what information it is getting and who it is giving it to — and that’s a problem.”
According to reports, Sprint says it is disabling Carrier IQ software on its devices.
Samsung and HTC, which also wrote letters to Franken, said they install Carrier IQ software on their devices at the behest of mobile carriers and do not receive data collected by the software. Franken gave T-Mobile and Motorola until Dec. 20 to explain their usage of Carrier IQ’s software.
Eckhart’s video claimed the software logs every text message, Google search and phone number typed on a wide variety of smartphones and reports them to the mobile phone carrier. But AT&T said it uses Carrier IQ only to collect phone numbers sent and received by customers and Sprint said it uses Carrier IQ only to collect the URLs of websites customers visit and only for troubleshooting purposes.
In a 19-page statement released Monday, Carrier IQ acknowledged its software contained “an unintended bug” that “unintentionally” captured and transmitted encoded SMS messages to its carrier customers, including wireless companies — Sprint, T-Mobile and AT&T. The company said the bug occurred only in “unique circumstances,” like when a user receives a text message during a call, though the messages are “not human readable.”
But the company denied that its software captures or forwards to wireless carriers the content of multi-media messages (MMS), emails, photos, web pages, audio or video.
Following Eckhart’s video, Carrier IQ, which is based in Mountain View, Calif., was hit with a class-action lawsuit.
Earlier this week, Carrier IQ CEO Larry Lenhart and VP of Marketing Andrew Coward met with members of the Federal Trade Commission and Federal Communications Commission “in the interest of transparency and full disclosure, and to answer their questions,” said Carrier IQ spokeswoman Mira Woods.
On Wednesday, FBI Director Robert Mueller denied the bureau had ever sought information from Carrier IQ, but said he could not rule out the possibility it obtained data collected by the controversial software through requests from wireless carriers. AT&T and Sprint told Franken they had never disclosed Carrier IQ data to law enforcement.
Gerry Smith – Huffingtonpost