7 questions that Carrier IQ needs to address immediately

According to Carrier IQ's website, the rootkit is deployed on over 140 million handsets.

[UPDATE: According to a statement from Apple, the company stopped supporting Carrier IQ with iOS 5.0 on most of its devices, but the iPhone 4 still uses it.]

So it has been revealed that millions of handsets (yes, even the iPhone) have been kitted out with a 'rootkit' that logs out activity on that handset. That 'rootkit,' which is called Carrier IQ, is used to supply diagnostic information to the carriers and handset makers.

But it turns out that evidence has emerged that this software is logging all sorts of handset activity, including it seems key presses and the contents of text messages that have are sent or received.

According to Carrier IQ's website, the rootkit is deployed on over 140 million handsets.

The capabilities of the rootkit were first discovered by 25-year-old Trevor Eckhart. Here a video in which he presents the case against Carrier IQ. It's scary stuff:

Carrier IQ have their own video in which they claim that the tool doesn’t record keystrokes and doesn’t provide tracking tools:

Given these mixed messages, Carrier IQ need to address the following questions:

  1. What devices has Carrier IQ been installed on?
  2. Carrier IQ claims the rootkit doesn't log any data, but Eckhart's video seems to suggest otherwise - what's going on here?
  3. What data is being sent back to the carrier/handset maker?
  4. Is the data sent/stored in a way that could identify the handset?
  5. Who has access to this data?
  6. How long is this data kept?
  7. Can users opt out?

At the moment we have deluge of questions and a drought when it comes to answers.

[UPDATE: Senator Al Franken sent an open letter to Carrier IQ’s president and chief executive Larry Lenhart with a whole load of questions of his own.]