Carrier IQ tries to spin its way out of trouble

Carrier IQ tries to spin its way out of trouble

Summary: Carrier IQ, your smartphone spyware company, is trying to talk its way out of its personal information stealing, but the class-action lawsuits are already arriving.

SHARE:
TOPICS: Hardware, Mobility
33

Is someone spying on your smartphone?

Is that a spy in your smartphone?

Carrier IQ, the mobile phone network analysis company at the heart of the smartphone spyware scandal, isn't talking to me, but it is talking to AllThingsD. To them, Andrew Coward, Carrier IQ's VP of marketing, explained that "The software receives a huge amount of information from the operating system. But just because it receives it doesn't mean that it's being used to gather intelligence about the user or passed along to the carrier." Tell it to the judge. The class-action lawsuits have already begun.

Besides, thanks to white hat hacker Trevor Eckhart's video we already knew that Carrier IQ's rootkit was grabbing an amazing amount of private information. Coward explains though that "What it [Eckhart's video] doesn't show is that all information is processed, stored, or forwarded out of the device."

OK, then why is it being collected if it's not to be processed, stored, or forwarded? I mean I'm a former network administrator, I get why carriers want to know about why calls are dropped, why a text goes missing into the ether and so on. What I don't get is why, for example, Carrier IQ or a carrier is collecting a text's content.

Carrier IQ swears that "We don't read SMS [short message service, aka texts] messages. We see them come in. We see the phone numbers attached to them. But, we are not storing, analyzing or otherwise processing the contents of those messages." Again, then why are you collecting their contents in the first place?

The company has an "explanation" for that: It's the carriers' fault. In a recently revised statement, Carrier IQ explains now that "Carrier IQ acts as an agent for the Operators. Each implementation is different and the diagnostic information actually gathered is determined by our customers - the mobile Operators. Carrier IQ does not gather any other data from devices."

They're right of course. For all that Carrier IQ is taking most of the fire, they are delivering a service to the carriers and phone original equipment manufacturers. (OEM)s. In specific, if the carriers hadn't asked for it, neither Carrier IQ nor the OEMs would be delivering this data to them. Of course, following orders is far from a perfect defense.

The OEMs, in turn, are dumping Carrier IQ as fast as they can. Apple already claims they stopped use the software in their firmware with iOS 5.

Why is everyone running so fast from Carrier IQ's data collecting ways? Is it because Senator Sen. Al Franken has come down on them like a ton of bricks by demanding to know whether the data is transmitted back to the developer company, or handed over to third-parties, and whether the privacy rights of American consumers has been violated? I doubt it. No, the real reason they're retreating like a kid from a broken window is that Carrier IQ and its carrier--AT&T, Sprint and T-Mobile--and OEM--Apple, HTC and Samsung--partners are already seeing the first class-action suits against them.

The first two class action lawsuits, which are being made on the basis of Federal Wiretap Act for unauthorized data collection, have been fired at Carrier IQ, HTC, and Samsung. Frankly, I'd be shocked if the first telecomm lawsuits are served by the end of the day.

In the end, it doesn't matter how Carrier IQ and partners spin this, all of them will end up paying hundreds of millions in damages before this is done. Yes, detailed network analysis has its place, collecting and transmitting personal private information without explicit permission is both wrong and illegal.

Related Stories:

Finding and cleaning out your smartphone's Carrier IQ poison

Which phones, networks run Carrier IQ mobile tracking software?

Carrier IQ speaks out: Points finger at networks, customers

Apple: We stopped using Carrier IQ in iOS 5

Carrier IQ is good for you, so why get so spun up?

Spy image by Anonymous9000, CC 2.0.

Topics: Hardware, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

33 comments
Log in or register to join the discussion
  • RE: Carrier IQ tries to spin its way out of trouble

    Just let us opt out of all data collection easily. Problem solved. Or better yet, give us root without having to jump through hoops and we'll fix it ourselves.
    txscott
    • RE: Carrier IQ tries to spin its way out of trouble

      @rshol

      Or, better yet, these things could be an OPTIONAL install when you first turn on the phone, that you are referred to and have to AGREE TO!

      It's time for these companies to STOP with the goddamned opt-out bullcrap. That is NOT reasonable to require for tracking like this, make it OPT-IN!
      Lerianis10
      • Carrier IQ .. is going to pay big money

        Samsung, HTC, and all the cell operators that used it will be hurting bad.

        ATT will be hit the worst!
        Uralbas
      • Carrier IQ .. is going to pay big money

        Samsung, HTC, and all the cell operators that used it will be hurting bad.

        ATT will be hit the worst!
        Uralbas
    • RE: Carrier IQ tries to spin its way out of trouble

      @rshol No, not opt-out but OPT-IN.

      Most people do not care or know what pre-installed is, as long they can just do what they want to get done.

      Examle, PC market does not have competition for Windows because Microsoft gets Windows preinstalled every (dont even start about that) PC sold there.
      If every computer would come empty and user should buy separately a disk and install it at home or buy a service for that, everything would be correctly done.

      Opt-in is different than Opt-out.
      Fri13
  • "We see them come in."

    The key question is 'where' do they "see them come in". Do they see this information come in on their severs (transmitted off the phone back to them) or is he simply saying that the program on the phone sees the information come in.

    A secondary question is, what capabilities does CIQ have? Even if all the information is not being tx'd off the phone, is it possible for the software to send all of the information that it processes to be transmitted off the phone. If it is possible, then the government already has a wiretap installed in every phone with CIQ running, it simply has to turn the tap on.
    retnep
  • As someone noted on another Carrier IQ talk back

    Another 'beef' I have is taht I am paying for all usage to and fro to my earlier generation iPhone. Which, by the way does not appear to allow me to opt in or out .... and the carrier and/or Apple are stealing bandwidth for which I am paying.
    whatagenda
  • RE: Carrier IQ tries to spin its way out of trouble

    "It???s the carriers??? fault."

    BS... Carrier IQ programmed (wrote) the code for this rootkit. Therefore they knowingly understood that they were adding code that would collect cell phone information in plain text along with other key presses.
    sev13sev@...
    • RE: Carrier IQ tries to spin its way out of trouble

      @sev13sev@...

      It's also partially the carriers fault for not asking Carrier IQ for a LOT more information on this program before they allowed it to be installed on their phones, to be blunt.

      The carriers should have told Carrier IQ "No, we are not going to allow you to put this stuff on our phones except as an OPTIONAL installation at a later date in the form of an app!"
      Lerianis10
  • RE: Carrier IQ tries to spin its way out of trouble

    Please note that these findings are from a young inexperienced person claiming to be a wireless security expert. He is an ITT graduate IE desktop support and got a few certs. And oh boy look out he is a boy scout!!! He is also employed by a known competitor in the same business space. Makes you wonder doesn't it! Carrier IQ has posted from actual security experts that Trevor's claims are in fact false. None of his resume titles gives him any knowledge in the wireless space, and he also works for a company which competes in this space so don't be fooled!
    Please see official company responses regarding these false claims.

    http://allthingsd.com/20111201/carrier-iq-speaks-our-software-monitors-service-messages-ignores-other-data/?mod=snippet

    http://www.pcmag.com/article2/0,2817,2397156,00.asp

    Please also note Carrier IQ as based upon it reports works within the original end user agreement with it's carrier like AT&T or whomever. So no laws are being broken and and this report is baseless unless otherwise proven.
    The person reporting this is by far not an expert and what he shows is not what is stored or transmitted according to the company.
    He should get his facts straight before crying fire in a crowded theater.
    sanchanim
    • You protesteth too much?

      @sanchanim

      Sounds like an appeal to authority, a logical fallacy. CIQ is in trouble, rightfully so. As the lawsuits roll in the discovery process will uncover exactly how much they transmit.

      If this is a tempest in a tea cup why did they threaten legal action and then back off when the EFF stepped in?

      There's more than smoke here, the question is how much damage are the carriers going to soak up when CIQ is hit with a legal Tsar Bomba?
      wolf_z
    • You miss the point...

      @sanchanim The software, where ever it came from is BAD and WRONG. It also should have NOT been done without the end user's consent. You instead try to crucify and discredit the messenger when you should be questioning why is it what he found. If those that are responsible are found guilty, I hope they get penalized and fined the maximum possible to send a message that this is not tolerated.
      lenohere
    • RE: Carrier IQ tries to spin its way out of trouble

      @sanchanim
      I read your comment several times and read the links you listed. Sure sounds to me you are trying to discredit Trevor. Where did he claim to be a wireless security expert? He is a Boy Scout get over it. What company is he working for, what is his job title and what does this company do exactly? No job title written tells anyone what you really do.

      Maybe I am wrong, sure sounds like what I would see from someone having a connection to Carrier IQ, OEM or a carrier.
      daikon
      • RE: Carrier IQ tries to spin its way out of trouble

        @daikon If you don't like the other links, try this one. http://news.cnet.com/8301-31921_3-57335715-281/how-carrier-iq-was-wrongly-accused-of-keylogging/%20?tag=content;siu-container
        My job is hard enough, without having to respond to the Sr. VPs who read these reports from "security experts" and want to know what I am doing about it.
        jjprehn@...
    • RE: Carrier IQ tries to spin its way out of trouble

      @sanchanim If your security experts were so much better than this uncredentialed boyscout then where is their prior security analysis on Carrier IQ that says it's not a threat? Oh.... they didn't know it was on the phone. Oops.
      physics2010@...
    • RE: Carrier IQ tries to spin its way out of trouble

      @sanchanim
      I can only assume you work for CIQ, or else your attempt to discredit this kid makes absolutely no sense. First you tried to silenced him with a cease and desist letter, now you're trying to smear his name. You do realised you're pouring gas on a fire. I would suggest you hire the kid and make him head of your security because you guys obviously aren't so bright.
      jihobbyist
    • RE: Carrier IQ tries to spin its way out of trouble

      @sanchanim
      Ad hominem abusivum
      Ad hominem circumstantiae
      Ad hominem motivum

      You didn't say anything valid.
      Fri13
    • RE: Carrier IQ tries to spin its way out of trouble

      @sanchanim Sounds like his facts ARE straight - your perspective on this is perhaps slightly skewed, do your paycheck stubs feature a "CarrierIQ" label on them?

      The reason I ask is because you seem to be the lone voice supporting a group of people who are essentially spying without our consent.
      athynz
  • RE: Carrier IQ tries to spin its way out of trouble

    This software should have been an opt-in and used only when a phone is having trouble. I can see the need for recording some button presses for example say your number 3 on the key pad is sticking when dialing or pressing it once the system sees it pressed 3 times, but to record texts and not encrypt https links is just foul play. I do hope the senator's investigation will reveal more about what info they actually get.
    Loverock Davidson-
  • RE: Carrier IQ tries to spin its way out of trouble

    Who cares if the kid was mistaken about a thing or two. Have you seen the permissions list for this spyware? People should be given a clear and up front choice about whether or not they want Carrier IQ to have access to: your accounts, your personal information, services that cost you money, messages, location, network communication, storage, phone calls, hardware controls, and system tools. Carrier IQ, phone manufacturers, and carriers were all in cahoots.
    Delvardo