Holy data privacy scandal! Over the last week the news that Carrier IQ has been tracking millions of smartphone users without their knowledge has ballooned into a full-blown clusternut. Carrier IQ, huh? Sounds nefarious. But what exactly does it do? And why should you care?
Smartphone manufacturers and carrier alike are dying to know how you use their products in the real world. They want this information to help them to study performance, make business decisions, and improve products. Carrier IQ is an "embedded analytics company" that serves that information up to its clients on a silver, snooping platter.
Until yesterday, most people probably didn't even realise they had Carrier IQ installed on their phones. The software isn't part of Android, iOS, or BlackBerry OS. It's installed independently by either your carrier or your phone manufacturer. A rolling counter on the Carrier IQ website claims more than 140 million devices. But which ones? It's not entirely clear at this time, although several companies have stepped forward to say they don't have the software. And you can also test your own Android phone to see if you're affected.
What data the software collects depends on what entity installed it on your phone, because CarrierIQ is customised to meet the desires of the client that uses it. In corporate marketing materials, Carrier IQ says that includes relatively benign info like data speed and app usage. But Trevor Eckhart, the developer who first outed Carrier IQ, has demonstrated that the software can log virtually anything you do on your phone: calls, location, even keystrokes. That means it could in theory log all your passwords and credit card numbers when you punch them in.
If we've learned anything about privacy from Facebook it's that this level of granular data collection freaks people out even when they know about it. And when you think about what it does when it's done with spying, tracking, logging — pick a term — it's downright sickening. What's being collected and what do they know about me? What are they going to do with that information and who has access? Those are all still open questions.
The legal ramifications within Britain regarding Carrier IQ have yet to be realised, but in the States Carrier IQ has already been hit with a Senate investigation. And as Forbes reports, since we didn't know about the service it might actually violate the America's Wiretap Act millions of times over. Is it possible that you signed off on some terms and conditions agreement that had Carrier IQ buried deep? Sure. But it's still not unreasonable to expect a class action lawsuit and other legal action.
According to a statement by Carrier IQ, it's besides the point that they can log keystrokes because the software is "counting and summarising performance, not recording keystrokes or providing tracking tools."
The company claims it's not logging keystrokes or anything else, and even if it was, it's all processed before it ever goes back to the clients. But that stance was largely disproven by Eckhart, who demonstrates on film that keystrokes submit unique key codes to Carrier IQ on affected phones, and that even secure connections are vulnerable.
There's going to be a lot more information coming as this story unfolds, but in the meantime: either the carrier/handset manufacturers associated with Carrier IQ didn't know exactly what was going on, or they did and thought they wouldn't get caught. And either way, this is repulsive stuff. Hopefully a reckoning is on its way.
Research in Motion had this to say about this article:
"RIM is aware of a recent claim by a security researcher that an application called "CarrierIQ" is installed on mobile devices from multiple vendors without the knowledge or consent of the device users. RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorise its carrier partners to install the CarrierIQ app before sales or distribution. RIM also did not develop or commission the development of the CarrierIQ application, and has no involvement in the testing, promotion, or distribution of the app. RIM will continue to investigate reports and speculation related to CarrierIQ."