Risk
12/15/2011
12:09 PM
Connect Directly
RSS
E-Mail
50%
50%

Carrier IQ Faces FTC Probe

FBI Director Robert Mueller says bureau doesn't knowingly use data collected by Carrier IQ.

10 Epic Android Apps
10 Epic Android Apps
(click image for larger view and for slideshow)
Carrier IQ is reportedly facing a federal probe over allegations that its monitoring software collected smartphone data and transmitted it to carriers without consumers' knowledge.

Government officials, speaking on condition of anonymity since any investigation would be private, confirmed that the Federal Trade Commission has begun an inquiry into Carrier IQ, reported The Washington Post. The FTC is responsible for policing companies' privacy policies, and also helps protect consumers against unfair or deceptive practices.

Regulators are reportedly reviewing how Carrier IQ collects data. The company's data-collection practices came to light after security researcher Trevor Eckhart highlighted the existence the company's monitoring software, which is employed on about 140 million handsets. Prior to Eckhart's research, few people had been aware of the software's existence.

[ States are becoming more active in fighting cyber crime. Read California Forms Cyber Crime Unit. ]

Studies by independent security researchers ultimately found that Carrier IQ's software was only collecting performance monitoring data, as allowed by telecommunications laws.

But Carrier IQ's initial failure to fully detail what its software did, and why, had led many to question whether its software might be breaking wiretap or privacy laws. Senator Al Franken (D-Minn.) wrote to the company, demanding detailed information about its data collection and sharing practices. Likewise, Rep. Edward Markey (D-Mass.) urged the FTC to investigate Carrier IQ to ensure it hadn't engaged in unfair or deceptive practices. "Consumers and families need to understand who is siphoning off and storing their personal information every time they use their smartphone," said Markey in a letter to the FTC.

This week, two Carrier IQ executives went to Washington to reassure legislators, as well as regulators at the FTC and Federal Communications Commission, about how its software works. "This week Carrier IQ sought meetings with the FTC and FCC to educate the two agencies about the functionality of its software and answer any and all questions," said Andrew Coward, VP of marketing for Carrier IQ, via email.

In addition, in spite of Markey's request that the FTC investigate Carrier IQ, "we are not aware of an official investigation into Carrier IQ at this time," said Coward.

Carrier IQ president and CEO Larry Lenhart, as well as Coward, also met Tuesday with the staffs of three senators--Franken, as well as Richard Blumenthal (D-Conn.) and Christopher A. Coons (D-Del.)--each of whom had written letters of concern to the company. Wednesday had been the deadline set by Franken for Carrier IQ to provide him with detailed responses to his questions.

Carrier IQ Tuesday also released a detailed report into exactly which types of data its software collected, and noted that all data points were selected by carriers for tracking, and that collected data was shared only with the relevant carrier.

On a related note, at a Wednesday Senate Judiciary Committee hearing, FBI Director Robert Mueller said that his agency had never requested data from Carrier IQ. But he couldn't rule out the possibility that data provided by carriers to the bureau may have originated from Carrier IQ's collection software.

"We may obtain information that in some way Carrier IQ may have been involved with," said Mueller in response to a question posed by Sen. Franken, reportedComputerworld.

He also said that the bureau's recent rejection of a Freedom of Information Act request for details about how it used Carrier IQ data had been misinterpreted. The FBI's rejection said that disclosing the information might impede an investigation, leading many to wonder whether the FBI was relying on Carrier IQ's data, or whether Carrier IQ itself was under investigation. But Mueller said that the rejection was only a simple "standard exemption" employed by the bureau.

IT's spending as much as ever on disaster recovery, despite advances in virtualization and cloud techniques. It's time to break free. Download our Disaster Recovery Disaster supplement now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2006-1318
Published: 2014-09-19
Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."

CVE-2014-1391
Published: 2014-09-19
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.

CVE-2014-4350
Published: 2014-09-19
Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.

CVE-2014-4376
Published: 2014-09-19
IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments.

CVE-2014-4390
Published: 2014-09-19
Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

Best of the Web
Dark Reading Radio