FBI Director Robert Mueller says bureau doesn't knowingly use data collected by Carrier IQ.

Mathew J. Schwartz, Contributor

December 15, 2011

4 Min Read

10 Epic Android Apps

10 Epic Android Apps


10 Epic Android Apps (click image for larger view and for slideshow)

Carrier IQ is reportedly facing a federal probe over allegations that its monitoring software collected smartphone data and transmitted it to carriers without consumers' knowledge.

Government officials, speaking on condition of anonymity since any investigation would be private, confirmed that the Federal Trade Commission has begun an inquiry into Carrier IQ, reported The Washington Post. The FTC is responsible for policing companies' privacy policies, and also helps protect consumers against unfair or deceptive practices.

Regulators are reportedly reviewing how Carrier IQ collects data. The company's data-collection practices came to light after security researcher Trevor Eckhart highlighted the existence the company's monitoring software, which is employed on about 140 million handsets. Prior to Eckhart's research, few people had been aware of the software's existence.

[ States are becoming more active in fighting cyber crime. Read California Forms Cyber Crime Unit. ]

Studies by independent security researchers ultimately found that Carrier IQ's software was only collecting performance monitoring data, as allowed by telecommunications laws.

But Carrier IQ's initial failure to fully detail what its software did, and why, had led many to question whether its software might be breaking wiretap or privacy laws. Senator Al Franken (D-Minn.) wrote to the company, demanding detailed information about its data collection and sharing practices. Likewise, Rep. Edward Markey (D-Mass.) urged the FTC to investigate Carrier IQ to ensure it hadn't engaged in unfair or deceptive practices. "Consumers and families need to understand who is siphoning off and storing their personal information every time they use their smartphone," said Markey in a letter to the FTC.

This week, two Carrier IQ executives went to Washington to reassure legislators, as well as regulators at the FTC and Federal Communications Commission, about how its software works. "This week Carrier IQ sought meetings with the FTC and FCC to educate the two agencies about the functionality of its software and answer any and all questions," said Andrew Coward, VP of marketing for Carrier IQ, via email.

In addition, in spite of Markey's request that the FTC investigate Carrier IQ, "we are not aware of an official investigation into Carrier IQ at this time," said Coward.

Carrier IQ president and CEO Larry Lenhart, as well as Coward, also met Tuesday with the staffs of three senators--Franken, as well as Richard Blumenthal (D-Conn.) and Christopher A. Coons (D-Del.)--each of whom had written letters of concern to the company. Wednesday had been the deadline set by Franken for Carrier IQ to provide him with detailed responses to his questions.

Carrier IQ Tuesday also released a detailed report into exactly which types of data its software collected, and noted that all data points were selected by carriers for tracking, and that collected data was shared only with the relevant carrier.

On a related note, at a Wednesday Senate Judiciary Committee hearing, FBI Director Robert Mueller said that his agency had never requested data from Carrier IQ. But he couldn't rule out the possibility that data provided by carriers to the bureau may have originated from Carrier IQ's collection software.

"We may obtain information that in some way Carrier IQ may have been involved with," said Mueller in response to a question posed by Sen. Franken, reportedComputerworld.

He also said that the bureau's recent rejection of a Freedom of Information Act request for details about how it used Carrier IQ data had been misinterpreted. The FBI's rejection said that disclosing the information might impede an investigation, leading many to wonder whether the FBI was relying on Carrier IQ's data, or whether Carrier IQ itself was under investigation. But Mueller said that the rejection was only a simple "standard exemption" employed by the bureau.

IT's spending as much as ever on disaster recovery, despite advances in virtualization and cloud techniques. It's time to break free. Download our Disaster Recovery Disaster supplement now. (Free registration required.)

About the Author(s)

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights