CarrierIQ Tries To Silence Security Researcher

phaedrus5001 sends this quote from a story at Wired: "A data-logging software company is seeking to squash an Android developer's critical research into its software that is secretly installed on millions of phones, but Trevor Eckhart is refusing to publicly apologize for his research and remove the company's training manuals from his website. Though the software is installed on millions of Android, Blackberry and Nokia phones, Carrier IQ was virtually unknown until the 25-year-old Eckhart analyzed its workings, recently revealing that the software secretly chronicles a user's phone experience, from its apps, battery life and texts. Some carriers prevent users who actually find the software from controlling what information is sent." The EFF is hosting PDFs of CarrierIQ's C&D letter, as well as their response on Eckhart's behalf.

Re:He should remove it.

[masternerdguy]

You can't sacrifice privacy for security, it doesn't work that way.

Re:He should remove it.

[wierd_w]

Ahh, but therein lies the rub 'brother':

As many christian fundementalists are publicly on record for asserting, the very people that would have access to this technology's data logs are also "secular, heathen, sinners" who "hate god", and "actively disparage and discriminate against true believers."

This tool would enable deadly and repressive government officials to prevent the spread of christianity though this technological outlet, and would function just as sensationally as a tool of religious and ideological censorship as it would as a powerful tool to identify and punish criminals.

You cannot have your cake and eat it too, 'brother'.

(My troll-o-meter is pegging a 10, but it could be a poes law false positive. If you be trollin, research your religious fundies more dutifully next time. If you were simply naive about the serious implications of software like this, and honestly felt that a "think of the children!" Argument was in any way grounds for outright debasement of fundemental liberties that everyone enjoys and society is demonstrably better for, my advice would be to always think about what would happen if an evil person had control over that part of the process. The price of freedom is eternal vigilence, and those that trade freedom for the illusion of safety deserve neither.)

Re:He should remove it.

[Ethanol-fueled]

While you are just trolling, the ultimate goal of the "total information awareness" program is in fact to quantify data used to predict events before they happen. This especially applies to the concept of "pre-crime," where your data would be fed through an algorithm. If your actions are undesireable to the establishment, then you will be followed and arrested with the first excuse they can muster.

And a fact most appropriate to your user ID - Religious lobbying in America has increased 500%. Among the most important issues of religious lobbying groups are:

- The relationship between church and state (pissing on that thing we call the constitution)
- Civil rights and liberties for religious and other minorities(like the gays?)
- Bioethics and life issues, including abortion, capital punishment and end-of-life issues(force people to have kids they don't want and prevent people in constant paint to pass peacefully, generally impede scientific progress)
- Family/marriage issues, including definition of marriage, domestic violence and fatherhood initiatives(great job in the bible belt, with its higher rates of divorce)

So yes, this is all related, because Christians are in charge of America, and Christians believe that everybody else should be subject to the same overbearing parenting that Christians were subject to as children. Big brother is their way of foisting their so-called "morality" upon everybody else, willing or unwilling.

Why blame CIQ?

[artor3]

Their software serves a legitimate purpose. It reports usage metrics so that phone makers can make phones that better serve people's needs. This is a Good Thing.

The problem is that you should be allowed to opt out. Some people don't like participating in these programs, and that should be their choice. By default, CIQ's software lets the user opt out. The problem here is that some companies are blocking that option or making it extremely difficult. They are the ones who should be criticized here.

Re:Why blame CIQ?

[miserere+nobis]

This is like saying that a person who follows and videotapes everything you do, from your bedroom moments to your PIN-entering moments, serves a legitimate purpose by being able to report usage metrics on how well your shoes meet your needs in getting you from place to place, and that the existence of the Nike Stalker Program therefore, because it can help bring about better footwear, is a Good Thing. Highly misplaced acceptance. While I would be happy to see my shoe companies take an active interest in how comfortable or uncomfortable I am while wearing their products for certain types of activities, subjecting me to complete surveillance in order to carry this out is inappropriate, morally wrong, personally unacceptable, and falls very much into the Bad Thing category.

Re:Why blame CIQ?

Sure, but that's just their (improper) reaction to the initial wave of criticism. This guy decided to beat up on them for no good reason,

You sound like a real tool right now. The guy is a security researcher and he pointed the finger at some nefarious software. What was he supposed to do? Just go, "Aww, shucks, I know y'all didn't really mean to do all this stuff so I'm a let this one slide.". I mean, WTF man? I you scared their feelings are going to get hurt or something?

Re:Why blame CIQ?

[jamesh]

Their software serves a legitimate purpose. It reports usage metrics so that phone makers can make phones that better serve people's needs. This is a Good Thing.

The problem is that you should be allowed to opt out. Some people don't like participating in these programs, and that should be their choice. By default, CIQ's software lets the user opt out. The problem here is that some companies are blocking that option or making it extremely difficult. They are the ones who should be criticized here.

The other problem is that you can't opt-out of something if you don't know it's there...

Re:Why blame CIQ?

[Zero__Kelvin]

"The problem is that you should be allowed to opt out. "

Actually, it should be opt-in.

Re:Why blame CIQ?

[Zero__Kelvin]

Sounds like he picked the right target to me.

Re:Why blame CIQ?

[pla]

Ease back on the rhetoric (calling it a rootkit, for example), and assign the blame where it's due.

So what would you call deliberately hidden software running as root, without your knowledge or consent?

Spyware by any other name would smell as bad.


It's a shame he picked the wrong target.

At some point, you have to hold the guys "just doing their job" accountable for their actions. Yes, their customers (the cell carriers) bear the brunt of the bad karma here, but no one sells thumb-screws to 4th-world dictators "for novelty purposes only".

does this really matter?

[miserere+nobis]

I don't know how even on Slashdot there are some people who tend to argue "what do I care, if I'm not doing anything bad with my phone?" Let's get rid of that before it gets started here. I have a Samsung, Android, Sprint phone. That means I apparently have a logger installed that can track every key I press, every message I send, every web site I visit. That means that Sprint, Sprint employees, and whosoever Sprint or its employees should share this information with, whether that be government, advertisers, companies or individuals with malicious or invasive intent, whether this is shared on purpose or by accident or security breach, has access to such things as:

• * All my bank accounts
• * My email accounts
• * All my associates, how often I call them, and what I say to them via text message
• * The password to my KeePass database and every password stored therein

• Phones are not just text messaging and dialing devices anymore. A keylogger on my phone is equally offensive as a keylogger on my home PC, and has the potential for just as great a compromise of my life's privacy and security. I have no control over the security with which Sprint or anyone else transmits or stores my personal information, and even more importantly, they have no right to have it in the first place. Besides the fact that the FBI has a well-known history of tracking the lives of many private citizens with politically motivated intent, I certainly do not care for the idea of private corporations and whoever works for them having all of my passwords and knowing where all my accounts are. There is no reasonable argument for why I should think this is okay. I do not have to be doing anything illegal for me to reasonably object to my mobile phone company having, or storing (with who knows what security), a back door into every single piece of my life. Somebody whose involvement in my life is supposed to be merely providing me with telephone service does not need and has no right to expect the master key to my whole digital, financial, social, and business life.

  I will be contacting Sprint and asking them for a means to permanently remove this software from my phone. If they are unwilling (which they probably will be, but they need to actively hear a complaint from me and everyone else so they understand the offensiveness of their actions), I will have to go down the "root it and fix it myself" path. I hope the rest of you with affected phones will do the same.

Re:He should remove it.

[Runaway1956]

Well, Jake, your name seems to imply that you are a Christian. The Imam will be happy to get this CarrierIQ data, so that he can behead your infidel ass.

Not to mention, "Pastor" seems to imply that you're a Protestant. Just think, if the Pope had this sort of data way back, all you Protestant apostates could have been burned at the stake, along with that wench, Joan of Arc.

And, the atheist movement will also welcome all this information. This will make it easier to find you, for deportation to a reeducation camp.

In short - you're an idiot.

cost

[currently_awake]

They are inflicting a financial cost (bandwidth charge) upon you without consent. It's like buying a car and having them keep a set of keys so they can take it for joyrides (using your gas).

Re:Carrier IQ's PA on the matter

With the facts provided by your google research, with your search results tailor by google based on their analsys of your browsing behaviour...

Re:He should remove it.

[LordLimecat]

While you are just trolling, the ultimate goal of the "total information awareness" program is in fact to quantify data used to predict events before they happen. This especially applies to the concept of "pre-crime," where your data would be fed through an algorithm. If your actions are undesireable to the establishment, then you will be followed and arrested with the first excuse they can muster.

Baloney. What would a private company with no visible gov't affiliations care about any of that? Its about marketing, plain and simple-- theres no conspiracy or Minority Report scenario needed to explain this, and Occam's Razor points straight to what they claim to be-- analytics and marketing.

And a fact most appropriate to your user ID - Religious lobbying in America has increased 500%. Among the most important issues of religious lobbying groups are:

Trying to link this to religious groups is such a reach its not even funny. Can you point to a single bit of lobbying that went into this CarrierIQ situation? I thought not.

You completely fail to grasp that "separation of church and state" has NOTHING to do with what your values are and how they are formed. "A pastor voting in line with his religious views" isnt a violation of separation of church and state, its protected speech under the first amendment and in line with everything the constitution stands for.

So yes, this is all related, because Christians are in charge of America, and Christians believe that everybody else should be subject to the same overbearing parenting that Christians were subject to as children.

That calls for a big bold [CITATION NEEDED]. All the religious christians I know-- including myself-- regard a big overbearing government as a pretty bad thing, and understand that big groups of powerful authority figures are rarely a pure win. It MIGHT occur to you that pretty much everywhere protestantism took hold eventually became a democracy, and our founding fathers were at LEAST theist with some of them being more overtly christian.

Im actually more worried about secular states that think they can achieve a utopia here and now, because those are the places that tend to turn into nightmarish totalitarian states.

Re:This is why I do not use Android

[RyuuzakiTetsuya]

yes, because completely anonymous crowd sourced location data is just like having the carrier snoop on your every text and call.

Re:He should remove it.

[Galactic+Dominator]

All the religious christians I know-- including myself-- regard a big overbearing government as a pretty bad thing, and understand that big groups of powerful authority figures are rarely a pure win.

Well, in case it's time for you renounce your totalitarianism celestial North Korea who convicts people of thought crime.

http://www.youtube.com/watch?feature=player_detailpage&v=8ORn-wmhliU#t=164s

Re:You might want to send something like this to t

[maevius]

Although I would like this to work, I'm familiar with PCI-DSS and I'm pretty sure that it's your fault for keeping this data on a cell phone which is not PCI-DSS compliant and not the carrier's/CarrierIQ's