A View from David Talbot
Everything You Need to Know about CarrierIQ
Behind the storm of controversy over software that silently captures many smartphone users’ every click.
“Carrier IQ” is a company that sells software to wireless companies that reports how well networks are performing in real-time, by sending performance data from more than 141 million phones.
Sounds boring enough, but over the past two weeks Carrier IQ has become the center of a major controversy amid revelations that its software could capture (and therefore potentially transmit) keystrokes, location data, and just about anything else about your phone activities—and that most users were not only unaware of its presence, but couldn’t disable it.
The company’s website says the software helps network providers provide better service and is a boon to battery life.
Our software allows operators to figure out why problems are occurring, why calls are dropped, and how to extend the life of the battery…. Carrier IQ’s Mobile Service Intelligence Platform (MSIP) … receives raw data (known as Metrics) from phones and converts them into reliable, repeatable Measures which feed into analytic applications.
On November 16 a 25-year-old security researcher named Trevor Eckhart, after poring over Carrier IQ company training manuals and documents, made his first claims that these metrics included all kinds of personal data.
The scope of the word metric is very broad …including device type, such as manufacturer and model, available memory and battery life, the type of applications resident on the device, the geographical location of the device, the end user’s pressing of keys on the device, usage history of the device, including those that characterize a user’s interaction with a device. … When a user browses a webpage, HTTP header information can be grabbed along with detailed information on the page, or CarrierIQ can log keypresses made on what webpage. When location is changed the phone can report in. When a call is placed or data is started any metrics can be queried. There is a lot more, these are just what was shown in public documents.
The company sent him a cease-and-desist letter, but later backed down after the Electronic Frontier Foundation stepped in on Eckhart’s behalf. Things then exploded on Monday when Eckhart posted a video showing, in real-time, the software capturing the text of his SMS message (“Hello World!”), as well as Google search terms, his location information (even though he’d disabled GPS), and the full URL of websites he visits.
In one of the finer rhetorical flourish of the week, Information Week op-ed writer Jonathan Feldman said:
You just can’t make this stuff up. If I had told you six months ago to be very careful about entrusting corporate data to mobile carriers who pre-install app crap, because they would build spyware into phones, collect secure Web browsing information, and embed this software so deeply that you have to change the ROM to get rid of it, you would have written me off as a paranoid. Yet, that appears to be the situation with CarrierIQ, a carrier utility gone wild. Like the Master Control Program in the ’80s science fiction classic, “Tron,” CarrierIQ collects data for an ostensibly harmless purpose: to help carriers improve the quality of their network and improve the user experience. Then, it goes crazy and tries to kill everyone…. From an enterprise perspective, this is massive.
On Thursday, Carrier IQ served up a vociferous defense, saying it did not “record, store, or transmit” personal information despite the apparent recording shown on Eckhart’s video, and quoted a third-party researcher defending the company:
While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.”Having examined the Carrier IQ implementation it is my opinion that allegations of keystroke collection or other surveillance of mobile device user’s content are erroneous,” asserts Rebecca Bace of Infidel Inc. a respected security expert. Privacy is protected.
Also Thursday, U.S. Sen. Al Franken, D-Minn, sent the company a letter demanding information from the company, including whether it ever shared data with law-enforcement agencies.
….[I]t appears that Carrier IQ’s software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics—including who they are calling, the contents of the texts they are receiving, the contents of their searches, and the websites they visit. These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.
Wireless carriers and hardware makers also issued explanatory statements. For example, Sprint said:
We do use Carrier IQ, but we do not and cannot look at the contents of messages, etc., as some have speculated. Carrier IQ provides information that allows Sprint, and other carriers that use it, to analyze our network performance and identify where we should be improving service. We also use the data to understand device performance so we can figure out when issues are occurring. We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool. The information collected is not sold and we don’t provide a direct feed of this data to anyone outside of Sprint.
Verizon said the software is not on any of its phones, and AT&T said “we solely use CIQ software data to improve wireless network and service performance,” echoing a statement from T-Mobile.
We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.
Ekhart had done his video using an HTC Android phone. HTC said:
Carrier IQ is required on devices by a number of U.S carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we’d advise them to contact their carrier. It is important to note that HTC is not a customer or partner of Carrier IQ and does not receive data from the application, the company, or carriers that partner with Carrier IQ. HTC is investigating the option to allow consumers to opt-out of data collection by the Carrier IQ application.
Nokia said Carrier IQ does not ship software for Nokia phones.
Some Samsung mobile phones do include Carrier IQ, but it’s very important to note that it’s up to the carrier to request that Samsung include that software on devices. One other important point is that Samsung does not receive any consumer user information from the phones that are equipped with Carrier IQ.
RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution. RIM also did not develop or commission the development of the CarrierIQ application, and has no involvement in the testing, promotion, or distribution of the app. RIM will continue to investigate reports and speculation related to CarrierIQ.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today