Carrier IQ Denies Wiretap Claims

Smartphone network diagnostic software maker says it only collects data that carriers request. Is your phone affected?

Carrier IQ, a mobile service intelligence provider, has responded to ongoing questions about exactly what types of information its handset monitoring software records, and denied allegations that its software runs afoul of wiretapping regulations.
Carrier IQ is aware of various commentators alleging Carrier IQ has violated wiretap laws and we vigorously disagree with these assertions, according to a statement released by the company Thursday.
According to Carrier IQ, while its smartphone monitoring applications
see smartphone data
--to assess what is or isnt pertinent to monitoring the performance of the smartphone or the network that it uses--that isnt the same as recording or transmitting that data. While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store, or transmit the contents of SMS messages, email, photographs, audio, or video, according to Carrier IQ. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.
[ Carrier IQ is an insane breach of enterprise trust, says IT leader Jonathan Feldman. See what he says must change, in
Carrier IQ: Mobile App Crap Must Stop
. ]
Notably,
federal wiretapping statutes
provide exemptions for carriers and their business partners to monitor the performance of their infrastructure. Carrier IQ said that it acts as an agent for the operators, to help make their customers phones work better. Our software allows operators to figure out why problems are occurring, why calls are dropped, and how to extend the life of the battery, it said.
Carrier IQs Thursday statement includes a testimonial from
security expert Rebecca Bace
of Infidel, a former member of NSAs Information Security Research and Technology Group, as well as deputy security officer for Los Alamos National Laboratory. Having examined the Carrier IQ implementation it is my opinion that allegations of keystroke collection or other surveillance of [a] mobile device users content are erroneous, said Bace.
Carrier IQs statement was released in response to growing questions about what data its software collects from handsets, and why. Suspicion had been mounting over the companys software after the Electronic Frontier Foundation disclosed a
cease-and-desist letter
that Carrier IQ had sent to 25-year-old Connecticut security researcher Trevor Eckhart last month--threatening at least $180,000 in copyright damages--after he published insights into how the companys software operates, and
branded it as a rootkit
. (Similarly, security researchers before him had
labeled it as spyware
). Notably, Eckhart also manages corporate networks, and had begun looking into Carrier IQs software after finding
unauthorized communications
between devices inside his network and Carrier IQs servers. Eckharts research ultimately highlighted that while Carrier IQ software was running on more than 141 million handsets, it was typically installed so that it was hidden, impossible to deactivate, and transmitting unknown data points off of the device. Accordingly, Eckhart demanded detailed answers from Carrier IQ about what its software was doing, and why.
Since then, Carrier IQ has said that it only transmits data that the carriers tell it to capture. Its the operator that determines what data is collected, Carrier IQ CEO Larry Lenhart told
All Things Digital
on Thursday. They make that decision based on their privacy standards and their agreement with their users, and we implement it.
In other words: We capture only the data they specify, and provide it to them, he said. We dont capture more than that.
While Carrier IQ hasnt detailed exactly which data points that includes--say, on a carrier-by-carrier basis--it now has a December 14 deadline to do so. Thats thanks to a
letter to Carrier IQ
, sent by Senator Al Franken (D-Minn.) Thursday. Franken has demanded detailed answers to numerous questions, including whether Carrier IQ logs users location, exact details of the data it logs (such as telephone numbers, URLs visited, or online search queries), exactly which data points get transmitted to Carrier IQs servers, and whether Carrier IQ will
allow users to opt out
of this data collection. He also asked for a detailed response as to why the company believes that it complies with the federal wiretap statute, the
Stored Communications Act
, and the
Computer Fraud and Abuse Act
.
Which carriers use Carrier IQ software, and which smartphone manufacturers include the software as part of their Android operating system distributions? Carrier IQ hasnt published a customer list, but many carriers and manufacturers--including Apple--have recently clarified their relationship with the company. We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update, according to a
statement from Apple
. In addition, it said that all other diagnostic data collected by Apple is only done if users explicitly opt in, at which point the data is sent in anonymized and encrypted form.
Nokia has denied that its current handsets ship with Carrier IQ, and Verizon has also said that none of its handsets currently ship with Carrier IQ software installed. RIM, meanwhile, released this statement: RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution.
In terms of current Carrier IQ customers, AT&T and Sprint both use its software on some of their handsets, though both say they use it only for diagnostic purposes. In addition, HTC and Samsung have confirmed that Carrier IQ runs on some of their handsets, and said that they added the software in response to carriers requests.
IPv4 address space is being gobbled up by the vast number of devices connecting to the Internet, and its expected to be depleted in the next year. In this report, we offer recommendations for ensuring that your data center is fully ready.
Download it now.
(Free with registration.)

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Carrier IQ Denies Wiretap Claims