Carrier IQ explains its software as FBI denies FOIA requestBy Lee Kaelin
Carrier IQ is once again making headlines as the company continues to fight back at the negative publicity its carrier-diagnostic "utility" is receiving. For those that do not recall, at the end of November a security researcher by the name of Trevor Eckhart uncovered a hidden application installed on many smartphones that appeared to log all activity on the handset.
Now it appears the FBI is also entangled in the controversy after journalist Michael Morisy on behalf of MuckRock, a website that facilitates requests made under the Freedom of Information Act (FOIA), was denied a routine request for "any manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ."
The government agency said that the information was "located in an investigative file which is exempt from disclosure," and that said files are law enforcement records involved in a pending proceeding. In essence, this means either one of two things, that Carrier IQ is handing data collected to the FBI, or they are currently under investigation after their software was brought into question and became front-page news.
Interestingly, in a statement to the Washington Post, Carrier IQ dismissed claims it was working with the FBI: "Carrier IQ has never provided any data to the FBI. If approached by a law enforcement agency, we would refer them to the network operators because the diagnostic data collected belongs to them and not Carrier IQ." Clearly, if that's the case then it's fair to suggest that the firm is possibly under investigation by the FBI.
In an attempt to appease those concerned about Carrier IQ's software the company released a 19 page report (PDF) titled "Understanding Carrier IQ Technology" in the hopes of calming concerned citizens with the way their software works. "In this document, we want to let consumers to know exactly what it is that our software does, the security measures we have in place, and our commitment through our software design and processes to protecting consumers' privacy while improving consumers' experience," it read.
The report responded to Eckhart's video saying the events were recorded because a manufacturer debug software was left on in handsets sold to consumers. According to them, the data viewable in the security researcher's video was the result of "debug messages from pre-production handset manufacturer software."
For those concerned about whether their handsets are using this software, we recently published a full roundup with statements from handset manufacturers and wireless carriers confirming or denying the use of Carrier IQ.