Carrier IQ explains its software as FBI denies FOIA request

By Lee Kaelin on December 14, 2011, 8:55 AM

Carrier IQ is once again making headlines as the company continues to fight back at the negative publicity its carrier-diagnostic "utility" is receiving. For those that do not recall, at the end of November a security researcher by the name of Trevor Eckhart uncovered a hidden application installed on many smartphones that appeared to log all activity on the handset.

Now it appears the FBI is also entangled in the controversy after journalist Michael Morisy on behalf of MuckRock, a website that facilitates requests made under the Freedom of Information Act (FOIA), was denied a routine request for "any manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ."

The government agency said that the information was "located in an investigative file which is exempt from disclosure," and that said files are law enforcement records involved in a pending proceeding. In essence, this means either one of two things, that Carrier IQ is handing data collected to the FBI, or they are currently under investigation after their software was brought into question and became front-page news.

Interestingly, in a statement to the Washington Post, Carrier IQ dismissed claims it was working with the FBI: "Carrier IQ has never provided any data to the FBI. If approached by a law enforcement agency, we would refer them to the network operators because the diagnostic data collected belongs to them and not Carrier IQ." Clearly, if that's the case then it's fair to suggest that the firm is possibly under investigation by the FBI.

In an attempt to appease those concerned about Carrier IQ's software the company released a 19 page report (PDF) titled "Understanding Carrier IQ Technology" in the hopes of calming concerned citizens with the way their software works. "In this document, we want to let consumers to know exactly what it is that our software does, the security measures we have in place, and our commitment through our software design and processes to protecting consumers’ privacy while improving consumers’ experience," it read.

The report responded to Eckhart's video saying the events were recorded because a manufacturer debug software was left on in handsets sold to consumers. According to them, the data viewable in the security researcher's video was the result of "debug messages from pre-production handset manufacturer software."

For those concerned about whether their handsets are using this software, we recently published a full roundup with statements from handset manufacturers and wireless carriers confirming or denying the use of Carrier IQ.




User Comments: 3

Got something to say? Post a comment
Guest said:

I read somewhere a couple days ago that HTC is responsible for the line of code that made it possible for Mr. Eckhart to find.

Source:

http://www.dailytech.com/One+Line+of+Code+Created+a+World+of
Woe+for+HTC+Carrier+IQ+et+al/article23483.htm

IvanAwfulitch IvanAwfulitch said:

Does anyone really believe anything they're saying? Does debugging software really translate shttp into plain text? Why would they need to do that on a smartphone? I could maybe see specific codes for button presses, texts, and calls being useful for figuring out if it's working properly, but any applications outside of that are highly suspect. Especially if it leaves confidential information unencrypted.

And that doesn't answer the question of what is being done with the information that the debugger collects. Why is it collecting information on us in the first place? Where is it going? Who is reading it? Why are they reading it? Why are they allowed to read it and collect it?

I'm not convinced. They can claim whatever the hell they want to, but none of it is adding up.

Guest said:

All these recent companies need to remember to adhere to 1 word that would make things less headache for them and ease scrutiny ; PERMISSION. Companies are doing more and more controversial marketing tactics (Carrier IQ included) without the consumers consent. It's essentially a violation of 4th Amendment (Unwarranted SEARCH, which may include but not limited to personal information). Any program that harbors itself on your physical properties to access & collect information without your expressed consent or a warrant should be considered a Violation of a Citizens Liberties and Rights.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.