Carrier IQ Denies Wiretap ClaimsSmartphone network diagnostic software maker says it only collects data that carriers request. Is your phone affected?
Carrier IQ, a "mobile service intelligence" provider, has responded to ongoing questions about exactly what types of information its handset monitoring software records, and denied allegations that its software runs afoul of wiretapping regulations.
"Carrier IQ is aware of various commentators alleging Carrier IQ has violated wiretap laws and we vigorously disagree with these assertions," according to a statement released by the company Thursday.
According to Carrier IQ, while its smartphone monitoring applications see smartphone data--to assess what is or isn't pertinent to monitoring the performance of the smartphone or the network that it uses--that isn't the same as recording or transmitting that data. "While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store, or transmit the contents of SMS messages, email, photographs, audio, or video," according to Carrier IQ. "For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen."
[ Carrier IQ is an insane breach of enterprise trust, says IT leader Jonathan Feldman. See what he says must change, in Carrier IQ: Mobile App Crap Must Stop. ]
Notably, federal wiretapping statutes provide exemptions for carriers and their business partners to monitor the performance of their infrastructure. Carrier IQ said that it "acts as an agent for the operators," to help make their customers' phones work better. "Our software allows operators to figure out why problems are occurring, why calls are dropped, and how to extend the life of the battery," it said.
Carrier IQ's Thursday statement includes a testimonial from security expert Rebecca Bace of Infidel, a former member of NSA's Information Security Research and Technology Group, as well as deputy security officer for Los Alamos National Laboratory. "Having examined the Carrier IQ implementation it is my opinion that allegations of keystroke collection or other surveillance of [a] mobile device user's content are erroneous," said Bace.
Carrier IQ's statement was released in response to growing questions about what data its software collects from handsets, and why. Suspicion had been mounting over the company's software after the Electronic Frontier Foundation disclosed a cease-and-desist letter that Carrier IQ had sent to 25-year-old Connecticut security researcher Trevor Eckhart last month--threatening at least $180,000 in copyright damages--after he published insights into how the company's software operates, and branded it as a rootkit. (Similarly, security researchers before him had labeled it as spyware).
1 of 2