search
Login   |   About  |   Haiti  |   Top 100 Stories of the Decade  |   Contact us  |   Glossary  |   Advertising  
« Clearwire Funding From Sprint
Russians Not Controling Springfield Water Pumps »

Carrier IQ Questioned

Today, Senator Al Franken sent an open letter to the president and chief executive of Carrier IQ, Larry Lenhart, with a list of pointed questions about what exactly Carrier IQ does.

Earlier this week, 25-year-old Trevor Eckhart created a video showing how the software hidden deep in the operating systems of millions of phones can silently watch every keystroke entered into the device, along with other sensitive data including location, behavior that may violate federal wiretapping laws.

The letter says [in part]:

Dear Mr. Lenhart,

I am very concerned by recent reports that your company’s software—pre-installed on smartphones used by millions of Americans—is logging and may be transmitting extraordinarily sensitive information from consumers’ phones, including:

  • when they turn their phones on;
  • when they turn their phones off;
  • the phone numbers they dial;
  • the contents of text messages they receive;
  • the URLs of the websites they visit;
  • the contents of their online search queries—even when those searches are encrypted; and
  • the location of the customer using the smartphone—even when the customer has expressly denied permission for an app that is currently running to access his or her location.

It appears that this software runs automatically every time you turn your phone on. It also appears that an average user would have no way to know that this software is running—and that when that user finds out, he or she will have no reasonable means to remove or stop it.

These revelations are especially concerning in light of Carrier IQ’s public assertions that it is “not recording keystrokes or providing tracking tools” (November 16), “[d]oes not record your keystrokes,” and “[d]oes not inspect or report on the content of your communications, such as the content of emails and SMSs” (November 23).

I understand the need to provide usage and diagnostic information to carriers. I also understand that carriers can modify Carrier IQ’s software. But it appears that Carrier IQ’s software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics—including who they are calling, the contents of the texts they are receiving, the contents of their searches, and the websites they visit.

These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.

I ask that you provide answers to the following questions by December 14, 2011.

Carrier IQ, a carrier-sanctioned keylogger and activity monitor, has been confirmed to exist on Android devices, on AT&T and Sprint networks, has been found in iOS.

Acccording to Forbes:

If the case went to court, Carrier IQ’s first line of defense might be that users have agreed to some form of tracking in their contract with one of Carrier IQ’s cellular carrier customers. But when I reached Eckhart by phone, he pointed out that in his tests, he turned on the phone’s airplane mode, shutting down its cellular connection and using only Wifi. Even then, the app seemed to record all his keystrokes and communications as they happened. “[Sprint] defines their service as their network,” he says, referring to his own tests on his Sprint-connected HTC Evo. “I don’t understand how my phone on my own wireless network is their service, and how they have the right to look at that.”

Nokia, Google, O2, Verizon, Vodafone, and Orange say they’re clean. Engadget has a list of which companies are using Carrier IQ.

Trevor Eckhart, the researcher that originally discovered the rootkit, has developed several different applications that can test your device, (here).

The Italian software company, Hacking Team claims they allow a government agency to secretly and remotely install a small piece of software on your mobile phone, turning it into a device which traces your location, listens in to your conversations, and even takes pictures of you. Their software can be installed on phones running popular operating systems.

Western and Chinese high-tech companies are competing aggressively to sell, install and manage internet surveillance equipment, a six-month investigation has found. During 2011, investigators from Privacy International, a London-based NGO, infiltrated closed international surveillance equipment marketing conferences, obtaining private briefings and technical product specifications that they published on the net today.

The Commerce Department is conducting a survey of US carriers, asking for a detailed accounting of network equipment as well as security-related incidents. The survey comes weeks after a powerful House intelligence committee launched an investigation into whether the increased presence of Huawei and ZTE in the U.S. infrastructure market will provide “the Chinese government an opportunity for greater foreign espionage.”

WikiLeaks: The Spy Files has a collection of 287 digital surveillance firms’ marketing materials, price lists and catalogues.

It’s a joint effort with Bugged Planet, The Bureau of Investigative Journalism, and Privacy International, and media partners including the Washington Post, the Hindu, the Italian paper L’Espresso and the French news outlet OWNI.

Related Dailywireless articles include How Your Location & Preferences are Recorded, Behavioral Targeting: Kill/Capture, Google Vs The Feds, Inside the Libyan Uprising, Internet Traffic: 18 Minute Gap?, Communications Law: Net Neutrality & Surveillence and Spy Squirrels Captured.

Be Sociable, Share!

Posted by Sam Churchill on Thursday, December 1st, 2011 at 9:34 am.

Something to say?

You must be logged in to post a comment.