Carrier IQ, the mobile phone network analysis company at the heart of the smartphone spyware scandal, isn't talking to me, but it is talking to AllThingsD. To them, Andrew Coward, Carrier IQ's VP of marketing, explained that "The software receives a huge amount of information from the operating system. But just because it receives it doesn't mean that it's being used to gather intelligence about the user or passed along to the carrier." Tell it to the judge. The class-action lawsuits have already begun.
Besides, thanks to white hat hacker Trevor Eckhart's video we already knew that Carrier IQ's rootkit was grabbing an amazing amount of private information. Coward explains though that "What it [Eckhart's video] doesn't show is that all information is processed, stored, or forwarded out of the device."
OK, then why is it being collected if it's not to be processed, stored, or forwarded? I mean I'm a former network administrator, I get why carriers want to know about why calls are dropped, why a text goes missing into the ether and so on. What I don't get is why, for example, Carrier IQ or a carrier is collecting a text's content.
Carrier IQ swears that "We don't read SMS [short message service, aka texts] messages. We see them come in. We see the phone numbers attached to them. But, we are not storing, analyzing or otherwise processing the contents of those messages." Again, then why are you collecting their contents in the first place?
The company has an "explanation" for that: It's the carriers' fault. In a recently revised statement, Carrier IQ explains now that "Carrier IQ acts as an agent for the Operators. Each implementation is different and the diagnostic information actually gathered is determined by our customers - the mobile Operators. Carrier IQ does not gather any other data from devices."
They're right of course. For all that Carrier IQ is taking most of the fire, they are delivering a service to the carriers and phone original equipment manufacturers. (OEM)s. In specific, if the carriers hadn't asked for it, neither Carrier IQ nor the OEMs would be delivering this data to them. Of course, following orders is far from a perfect defense.
The OEMs, in turn, are dumping Carrier IQ as fast as they can. Apple already claims they stopped use the software in their firmware with iOS 5.
Why is everyone running so fast from Carrier IQ's data collecting ways? Is it because Senator Sen. Al Franken has come down on them like a ton of bricks by demanding to know whether the data is transmitted back to the developer company, or handed over to third-parties, and whether the privacy rights of American consumers has been violated? I doubt it. No, the real reason they're retreating like a kid from a broken window is that Carrier IQ and its carrier--AT&T, Sprint and T-Mobile--and OEM--Apple, HTC and Samsung--partners are already seeing the first class-action suits against them.
The first two class action lawsuits, which are being made on the basis of Federal Wiretap Act for unauthorized data collection, have been fired at Carrier IQ, HTC, and Samsung. Frankly, I'd be shocked if the first telecomm lawsuits are served by the end of the day.
In the end, it doesn't matter how Carrier IQ and partners spin this, all of them will end up paying hundreds of millions in damages before this is done. Yes, detailed network analysis has its place, collecting and transmitting personal private information without explicit permission is both wrong and illegal.
Spy image by Anonymous9000, CC 2.0.