In a matter of less than two weeks, the Carrier IQ controversy blew up and became the mainstream topic in national newspapers and evening newscast. The idea that millions of people have been carrying a cell phone in their pocket that runs an app in the background which secretly collect personal information without their consent naturally has had privacy advocates cry foul.
Making the privacy scare even more scary, The Federal Bureau of Investigation refused to release information about its own use of Carrier IQ in response to the request under the Freedom of Information Act filed December 1 by Michael Morisy. David Hardy, who’s with the Bureau, replied:
The material you requested is located in an investigative file which is exempt from disclosure. I have determined that the records responsive to your request are law enforcement records; that there is a pending or prospective law enforcement proceeding relevant to these responsive records.
That the agency wasn’t forthcoming to Morisy’s request to release any manuals and documents outlining their use of data gathered by Carrier IQ only serves to underscore the lack of transparency on their part, if not a waste of taxpayers’ money. That’s not to say that Big Brother is monitoring your calls or eavesdropping on your messaging all the time, but the Bureau clearly has had this capability for a long time and could be working with Carrier IQ to downplay the media outrage.
As we repeatedly stressed, Carrier IQ is the mobile industry’s worst kept secret. Carrier IQ CEO Larry Lenhart and vice president of marketing Andrew Coward sat down with AllThingsD’s John Paczkowski to discuss the controversial data mining software. In damage control mode, the two executives pretty much admitted to Carrier IQ’s keylogger-like capabilities and sucking your SMS messages into the cloud…
Asked whether a newly discovered bug was to blame for the collection of users’ text messages, Coward replied:
As we went and did a deep dive into our technology to prove to consumers that there is nothing untoward in it, we found a bug. We found that if an SMS was sent simultaneously while a user is on the phone, the SMS would be captured by our software. Obviously, this is something that doesn’t happen very often, but we discovered that it could happen, and we caught it. Now, that information was never used. It wasn’t decoded. It sat on a server in encoded format, and no one could really get to it.
Some ‘bug’, you’ll agree…
Coward’s response runs counter to his company’s original press statement maintaining that Carrier IQ “does not record, store or transmit the contents of SMS messages, email, photographs, audio or video”. Now, Coward didn’t specify which phone brands or models might have been plagued by this issue, but it’s safe to assume all devices running the app are probably affected. Apple on its part confirmed existence of Carrier IQ in iOS 5 and said it plans to “remove it completely in a future software update”.
Asked to comment on Trevor Eckhart’s finding that Carrier IQ is collecting logs on Android devices containing sensitive phone and user information, which he documented in a video, Coward went on to argue it was just an Android system log file. The file was never captured by his company nor was it stored or taken off the device, he explained, adding:
What he was looking at there was an Android log file. And to be blunt, there was information there that shouldn’t have been. In order for Carrier IQ to get information off a device, we work with the manufacturers to deliver that information through an API. That information shouldn’t show up in an Android log file. We don’t read from Android log files; we don’t see Android log files. That info just shouldn’t be there. And, ultimately, what goes in that log file is up to the manufacturer. One of the problems with that video, and something we’ve been working to clear up, is that, while you could see that information had been passed to Carrier IQ, there was no video of what happened to that information afterwards.
Cross-posted on 9to5Mac.com.