The backlash over phone-tracking firm CarrierIQ has snowballed to Washington, as members of the Senate are demanding answers to discover exactly what the software records.
Senator Al Franken is specifically asking whether the data is transmitted back to the developer company, or handed over to third-parties, and whether the privacy rights of American consumers has been violated.
It would make the location-tracking data 'bug' earlier this year look like a raindrop in an ocean.
Earlier this week, a video showed how software embedded in many mobile phone manufacturers' software, including iPhones and Android devices, collects keystrokes, location, and other deeply personal information of its users.
The furore has angered many consumers, after it was found that the software, deeply embedded within the software of the world's most popular mobile phone operating systems, was collecting information not limited to:
- when they turn their phones on;
- when they turn their phones off;
- the phone numbers they dial;
- the contents of text messages they receive;
- the URLs of the websites they visit; the contents of their online search queries -- even when those searches are encrypted;
- and the location of the customer using the smartphone -- even when the customer has expressly denied permission for an app that is currently running to access his or her location.
With the risk that it could have violated federal wiretapping laws, and given the fact that Carrier IQ, the developer of the software, has mysteriously gone silent, Sen. Franken demands to know what, how, and why.
Franken sent an open letter to the company's president and chief executive Larry Lenhart, with a list of questions about what the company does, and how it conducts itself.
In a statement on his senate.gov website, Franken said:
"Consumers need to know that their safety and privacy are being protected by the companies they trust with their sensitive information.
The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling. This news underscores the need for Congress to act swiftly to protect the location information and private, sensitive information of consumers.
But right now, Carrier IQ has a lot of questions to answer".
Earlier this year, the Senate introduced the Location Privacy Protection Act, which would oblige companies such as Carrier IQ to obtain explicit permission from its unwitting customers before tracking their location, or sharing such information with third parties.
ZDNet columnist James Kendrick says that mobile carriers will be aware that class-action suits are "no doubt going to be filed shortly by outraged customers", he foresees that some criminal suits in addition to civil suits could "getting ready to fly".
The full text of his letter can be found here [PDF].
- CarrierIQ: Follow the money and it is the carriers behind it
- Adrian Kingsley-Hughes: So, there's a rootkit hidden in millions of cellphones
- TechRepublic: Discussion on CarrierIQ rootkit