Skip to main content

Researcher who exposed Carrier IQ tracking software gets legal threats

Some pretty alarming news coming from the Android hacking community today. If you haven’t yet heard of Carrier IQ, it’s essentially tracking software that has been found loaded into the source code of several devices being shipped by Samsung, HTC, and other Android vendors. The software is said to track and log user activities. Now, this has been known for sometime and wouldn’t normally be newsworthy at this point, but the company behind Carrier IQ is now actively threatening XDA-Developers member Trevor Eckhart, a.k.a TrevE, the same dev who first discovered the software.

As part of Eckhart’s research to expose the software, he posted training material that the company had already made available publicly online. Following his analysis and criticism of the software, Carrier IQ  removed the training material from their own website and issued a cease-and-desist letter to Eckhart demanding that he remove the documents and replace his report with a statement written by Carrier IQ renouncing his research. They also want him to issue that statement as a press release.

Eckhart didn’t back down, fortunately. On his behalf, the Electronic Frontier Foundation has issued a response to Carrier IQ’s cease-and-desist letter. Here’s an excerpt:

We have now had a chance to review your allegations against our client, and have concluded that they are entirely baseless. Mr. Eckhart used and made available these materials in order to educate consumers and security researchers about the functionality of your software, which he believes raises substantial privacy concerns. Mr. Eckhart’s legitimate and truthful research is sheltered by both the fair use doctrine and the First Amendment. 

The EFF then urges Carrier IQ to disprove Eckhart’s claims:

You also claim that Mr. Eckhart published “false allegations” that are “without substance,” “untrue,” and that Carrier IQ considers “damaging to [its] reputation and the reputation of [its] customers.” We have repeatedly asked you to specify the statements you believe are actionable.  You have failed to do so, and have instead merely repeated your broad accusations.  We believe you are not able to substantiate your allegations because Mr. Eckhart’s factual findings are true. If you are able to specify any statement that you believe is false, Mr. Eckhart will be happy to provide you with the documentation of that finding.

On November 16 following the software getting media attention, Carrier IQ issued this public letter how they gather and utilize data from smartphones. As of right now, all of the documents posted by Eckhart have been removed.

(EFF via The Verge)

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Jordan Kahn Jordan Kahn

Jordan writes about all things Apple as Senior Editor of 9to5Mac, & contributes to 9to5Google, 9to5Toys, & Electrek.co. He also co-authors 9to5Mac’s weekly Logic Pros series and makes music as one half of Toronto-based Makamachine.