updated 12:55 pm EST, Thu December 1, 2011
Senator says Carrier IQ may be in trouble
Carrier IQ's problems mounted dramatically on Thursday after Senator Al Franken sent a letter to the company demanding answers as to the company's extensive phone logging practices. He was concerned that Carrier IQ might be violating the Computer Fraud and Abuse Act, Electronic Communications Privacy Act, the pen register statute, and Stored Communications Act by recording without consent not just diagnostic information but phone numbers, text messages, web addresses, and the location. Carrier IQ's earlier denials that it wasn't tracking keystrokes or personal content were "especially concerning" given evidence showing just the the opposite, Franken said.
He was also concerned that, in the Android implementations, Carrier IQ's software was running automatically and hidden from the user. Even if they did find out, typical users had "no reasonable means" to stop it, the senator wrote. Trevor Eckhart, who originally discovered the full extent of Carrier IQ, has posted an early detection tool.
Providers had a valid desire to get diagnostic information to improve their service, Franken said, but the scope of the software was going beyond what was needed to accomplish the task at hand. "It appears that Carrier IQ’s software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics," he explained.
Carrier IQ has until December 14 to respond.
The questioning came as several companies openly distanced themselves from the company. Nokia was emphatic that it "does not ship products" with the software, whether on Symbian or Windows Phone. Although Carrier IQ lists BlackBerry support, RIM in a statement not only said it "does not pre-install" Carrier IQ but that it had "no involvement" in testing or distribution.
So far, the only Android devices known for certain not to have Carrier IQ are those running completely stock versions of the OS, including the Galaxy Nexus, Nexus S, Nexus One, and Xoom, tips to The Verge said. As minority devices, however, they could be outnumbered by large parts of the regular Android platform.
Apple is believed to have some Carrier IQ code in iOS. As it controls the whole software and hardware with little input from carriers, however, it's believed to have made logging strictly opt-in and to have had much less access, focusing more on actual diagnostics.
Some carriers themselves have openly distanced themselves from the practice. In responses to mocoNews, O2 and Vodafone said they weren't collecting information, while Verizon claims that none of its devices have the tool installed.
The extensiveness still raises significant concerns both over what carriers are allowed to collect as well as Google's control over its own OS. Although itself intending to be respectful of privacy, its lack of direction lets hardware companies either bow to pressure or voluntarily implement tools that at least raise privacy concerns and at most are potentially illegal.