The clamor over Carrier IQ and its eponymous software that reportedly monitors smart-phone performance—and possibly tracks users' actions—has attracted the attention of federal legislators.
Senator Al Franken, chairman of the Senate Subcommittee on Privacy Technology and the Law, has issued a letter to Carrier IQ seeking clarification on the purposes of its software and the types of data being collected from consumers' smart phones. Among the 11 questions to be answered by December 14, Senator Franken asks (PDF):
Does Carrier IQ believe that its actions comply with the Electronic Communications Privacy Act, including the federal wiretap statute (18 U.S.C. § 2511 et seq.), the pen register statute (18 USC § 3121 et seq.), and the Stored Communications Act (18 U.S.C. § 2701 et seq.)? Does Carrier IQ believe that its actions comply with the Computer Fraud and Abuse Act (18 U.S.C. § 1030)? Why?
The din and confusion over Carrier IQ and its software has grown steadily since software developer Trevor Eckhart discovered the software earlier this month on several Google Android smart phones. Much like the tracking software on HTC smart phones that he discovered in October, Eckhart claims the Carrier IQ software captures smart-phone users' data—Web addresses, phone numbers, text messages, location information, and so on.
In an official statement (PDF), Carrier IQ said that its software is installed by "device
manufacturers along with other diagnostic tools and software." And while the Carrier IQ software looks at "many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools."
Yesterday, Carrier IQ issued an updated statement, stating, "Our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video."
Wireless service providers, device makers and others have also been adding to the controversy of Carrier IQ software.
For example, AT&T, Sprint, and T-Mobile acknowledge using the software on smart phones to improve wireless service, not to track individual subscribers. Verizon and phone makers, such as Nokia and Research in Motion (RIM), have similar tracking-software controversy in April, said in a statement released yesterday:
We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.
Senator Al Franken's letter to Carrier IQ (PDF) [U.S. Senator Al Franken]
Sen. Franken demands answers from Carrier IQ, suggests phone snooping violates federal law [Ars Technica]
Phone 'Rootkit' Maker Carrier IQ May Have Violated Wiretap Law In Millions Of Cases [Forbes]
CarrierIQ [Android Security Test]
Carrier IQ Statement about its software (PDF) [Carrier IQ]
Android researcher: Carrier IQ 'diagnostic' tool really a rootkit spy [CNet]
Carrier IQ Updates Statement: Operators Use Carrier IQ Software Only to Diagnose Operational Problems on Networks and Mobile Devices [BusinessWire]