Does Your Cell Phone Know?

I know it's rare that I write about something going on in the world of technology. What some of you may not know is that in addition to being a politics nerd, I am also a tech world aficionado. But that's a different story for a different day. The reason I am writing today is there is something that has concerned me very much for the past week: Carrier IQ, a hidden software that at least reads every single one of your keystrokes and other common activities you do on your phone as well as your location, without you even knowing it. It is installed on your phone by your carrier. If you own a cell phone - whether it's a smartphone or not, you need to read this.

This video by Trevor Eckhart, the security researcher who found this, is pretty clear. Even if you are not a techwiz, you can see the Carrier IQ software always running, and logging everything you do on your phone:



Now, what we do know is that Carrier IQ, which is on an abundant amount of devices at the behest of wireless service providers. What we do not know is whether Carrier IQ is recording everything it is logging. For a software program, it's quite possible to intake a great amount of data and have very little of it actually recorded or committed to memory. Indeed, that is how carriers and Carrier IQ say they are operating - that they are in fact not recording personal data or keystrokes. If that's the case, one wonders why Carrier IQ freaked out and threatened this young researcher with a cease-and-desist letter, only to back off when the Electronic Frontier Foundation, with their own lawyers, came to his defense.

But even assuming the claims of Carrier IQ is true, this should raise some critical questions:
  1. If they are not recording the keystrokes or other sensitive data, why are they logging it? I guess you "never know" when something useful will come up, huh?
  2. Software collecting any sort of data from someone's personal device that can be tracked to that specific device has no business getting on your device without your consent, let alone your knowledge.
  3. Why the first instinct to keep any information about Carrier IQ under wrap?
I and other concerned Americans are not the only ones to be asking these questions. Former Justice Department prosecutor Paul Ohm has said, given the logging of all Internet traffic and activity without a court order or user consent may very well run afoul of federal wiretap laws.
Based on that revelation, Carrier IQ may run afoul of federal wiretap regulations. "If the Carrier IQ/cellphone rootkit story is accurate, this is a clear, massive, felony wiretap. Not a close case," said Paul Ohm, a former Justice Department prosecutor and law professor at the University of Colorado Law School, via Twitter. "Carrier IQ, prepare for a multi-million $ class action lawsuit. Maybe a criminal case too? Federal wiretapping is a 5-year felony," he tweeted.

Ohm told Forbes.com. "Even if they were collecting only anonymized usage metrics, it doesn't mean they didn't break the law," said Ohm. "Then it becomes a hard, open question. And hard open questions take hundreds of thousands of dollars to make go away."
Sen. Al Franken, who is the Chairman of the Subcommittee on Privacy in the Senate Committee on Technology and the Law, has sent a letter to the CEO of Carrier IQ, demanding an explanation, and opening the door to just the questions I have asked above:
I understand the need to provide usage and diagnostic information to carriers. I also understand that carriers can modify Carrier IQ’s software. But it appears that Carrier IQ’s software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics—including who they are calling, the contents of the texts they are receiving, the contents of their searches, and the websites they visit.
I am not someone that gets alarmed at every 'privacy' scare. I do examine them all closely, and most of the time it turns out to be nothing more than alarmists running around with their hair on fire. Not this time. It's serious. Carrier IQ and your carrier (Sprint and AT&T has confirmed they use Carrier IQ, Verizon has said they do not) may have installed on your phone (depends on your phone - see this page for information on detecting Carrier IQ on your phone and removing it) tracking software that is prima facie illegal, and has given you no way to opt out or turn it off.

ACTION: Here is what you can do:
  • Contact Carrier IQ and tell them you are aware of this, and you will do everything to put this software out of circulation. Here's the info:

    CARRIER IQ, Inc.
    1200 Villa Street, Suite 200
    Mountain View, CA 94041 USA
    Phone: +1 650 625 5400
    Fax: +1 650 625 5435
    sales@carrieriq.com
  • Contact your Senators and Representatives and tell them to sign on with Sen. Franken's effort to get to the bottom of this.
  • Contact your wireless company and demand they (1) rid your phone of Carrier IQ, and (2) drop their contract with Carrier IQ or any other such product


Like what you read? Chip in, keep us going.