Slashdot Mirror

← Back to Stories (view on slashdot.org)

Carrier IQ Relents, Apologizes

Posted by timothy on from the well-said-gentlemen dept.

symbolset writes "Update from an earlier story here, where Carrier IQ was pursuing a security researcher for pointing out privacy issues in an application alleged to track and record the activities of smartphone users. The company has relented, and retracted their Cease and Desist letter. In their press release [PDF] they say: 'As of today, we are withdrawing our cease and desist letter to Mr. Trevor Eckhart. We have reached out to Mr. Eckhart and the Electronic Frontier Foundation (EFF) to apologize. Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart. We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world.' Notch another win for the Streisand effect."

33 of 78 comments (clear)

  1. How much of this was out of their heartfelt goodne by Anonymous Coward · · Score: 5, Insightful

    First Post

    How much of this was due to the slashdot publicity and EFF involvement

    Or was this all out of the goodness of their hearts?

    How many little guys are getting squashed because they dont get the publicity or cant get the support of a big organisation?

  2. Does it end with IQ? by Anonymous Coward · · Score: 5, Insightful

    'Sorry' is the most devalued word in the corporate world today :-/

    1. Re:Does it end with IQ? by grub · · Score: 5, Insightful


      Corporations can't feel remorse or make decisions.
      The person who decided to go after Eckhart should be the one to say "sorry". Hiding behind the corporate logo makes the apology empty.

      --
      Trolling is a art,
    2. Re:Does it end with IQ? by Lennie · · Score: 3, Insightful

      But corporations are people too ! ;-)

      http://en.wikipedia.org/wiki/Corporate_personhood

      --
      New things are always on the horizon
    3. Re:Does it end with IQ? by migla · · Score: 2

      Corporations can't feel remorse or make decisions.
      The person who decided to go after Eckhart should be the one to say "sorry". Hiding behind the corporate logo makes the apology empty.

      True, but I find that the case is more often that whoever it is that makes the decisions for these emotionless machines gets to blame some (or a few) individual(s) for whatever it is that is done in the name of the corporation, which can then go about business as usual.

      http://en.wikipedia.org/wiki/List_of_corporate_scandals

      --
      Some of my favourite people are from th US; Vonnegut, Chomsky, Bill Hicks.
    4. Re:Does it end with IQ? by jbolden · · Score: 3, Interesting

      Most likely there were multiple people. This was an institutional act, and the institution is taking responsibility. Generally having people take responsibility is a way for institutions to scapegoat and duck the structural problems. So I couldn't disagree more. Who cares about going after some director who gave the order?

    5. Re:Does it end with IQ? by Lisias · · Score: 4, Insightful

      But corporations are people too ! ;-)

      I understood the joke, but I'l pretend I didn't in order to say:

      I will believe it when I see a corporation going to jail or in the death row. :-)

      --
      Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
  3. Re:How much of this was out of their heartfelt goo by AdamJS · · Score: 4, Insightful

    Probably almost entirely the EFF's utter thrashing of CIQ's request/demands.

  4. Re:How much of this was out of their heartfelt goo by Hotweed+Music · · Score: 2

    Id say 0% due to slashdot, nerds are already pissed at them for it regardless of apology.

  5. Re:How much of this was out of their heartfelt goo by Anonymous Coward · · Score: 5, Insightful

    The EFF is a great organisation

    Where would we be without them

    Donate https://www.eff.org/deeplinks/2011/11/double-your-impact-take-eff-mission-challenge with dollar for dollar matching by the Brin Wojcicki Foundation until december 31st

    I've sent mine in

  6. Re:How much of this was out of their heartfelt goo by Anonymous Coward · · Score: 3, Insightful

    That's my question.

    Dear EFF. I will happily donate another $100 this year if you announce intent to vigorously pursue total disbarment of the attorney that signed the letter from carrier IQ.

    Judging from the response, virtually none of the clients actions seemed at all questionable under even the vaguest attempt to examine things reasonably. Just like the former Mr. Jackson's doctor...just because their client *really really wanted* their services does not mean it was ethical (or lawful) for them to supply them.

    Sure, it might be nice to get CIQ to arrange a donation to the SFLC or EFF. But really--I don't expect everybody to necessarily understand subtleties of IP law. That's what a lawyer is for. The company *had* a general counsel. Who should have done his damned job instead of just collecting a check.

    I'd like to see some of these bottom-feeders start losing their occupation for their crimes against society and the legal system.

    There needs to be higher and worse consequences to barratry.

  7. Not only cell phones... by dogsbreath · · Score: 5, Insightful

    Any subscribed service with a 2-way tethered user device such as cell phones, dsl / cable boxes, and cable/dsl/digital television will have embedded information gathering and remote update/control software almost guaranteed.

    Much of it is strictly for service metrics, diagnostics and predictive problem avoidance. Some of it is used as an interactive problem solving tool for tier 1 support. You might want to look at www.motive.com as an example company.

    If desired though, these products usually have the capability for being very invasive. eg: TV set top boxes can record all kinds of info about your viewing habits: every button push on the remote can be recorded, effectively recording much about your viewing habits.

    It's an old story: there are legitimate and desirable uses for these tools but they are all capable of misuse. Even when not abused, our access to privacy and anonymity is severely eroded from what it was even 20 years ago.

    Benign? Maybe. Food for thought anyways.

    1. Re:Not only cell phones... by dogsbreath · · Score: 3, Interesting

      I believe there is some legislation brewing in Canada to keep commercial audio levels the same as programs. Muting is still the best option for that annoyance but killing the audio on your remote doesn't stop the ability to gather info.

      Your stb is able to record and report every button push but that doesn't mean the service provider either wants or gathers the info. Mostly they want to know about network quality and whether or not you really did watch that adult pay per view that you are denying ever since your wife caught it on the bill.

      Nonetheless, we are now bound in a tracking web by the very nature of the services we use and it isn't necessarily because there is some evil plan or because big brother wants to watch us, although these are possibilities.

      It's just the way the stuff works. Dumb landline phones and 56k audio modems are pretty simple and do not require a provider control presence on the device. If you draw out a block diagram of the overall system, it is reasonable to draw a border between subscriber side and network side with the phones and modems on the subscriber side. Sub purchases and owns the device, and is responsible for everything on his/her side of the nid (the point where the phone line enters the location).

      Cell phones, stbs, and dsl/cable modems are different. You may think you bought the phone and you own it but not really. Major parts of it are only licensed to you. Further, if you can still draw that border it has moved with the DSL modem or stb on the network side. The sub only owns the local network and even that is getting invaded with TR69 derivatives (service provider can configure your home network remotely).

      The service providers see the home devices as part of the network because things like routers are complex and difficult to manage through conversation with the subscriber, and because the devices cause problems which are expensive to remedy. Misconfigure your home router and your IPTV may die. How is tier 1 going to fix it without rolling a truck? There is a legitimate impetus to bind your home network with the provider's control structure but it also ties the user to a sticky information web. The same system that gives the provider access to maintain your network also gives access to how you use your service.

      The cell phone is murkier than your landline broadband because everything is in one device. There is no physical separation between the service provider piece and the subscriber's side; there are only information boundaries. It's OK to gather network quality info but not personal info. Not everything is that black and white though. Is it OK to gather stats on how often the settings menu is used? How about how often the "YouTube" app is invoked?

      These information boundaries are only respected because of laws and organizations such as the EFF. Oh, and it just may be that no one has had the need or desire to graze on a particular set of data yet.

      Sigh: even without CarrierIQ and like services, our smartphones bind us into the info/tracking web. No need for "AirMiles" cards. Every purchase a user makes is tracked forever by the App store. And that nifty app that maps provider 3G coverage also sends tidbits off to some developer geek's server without even a nod to privacy laws. Anyways, the user is in Canada and the dev is in China or Greece or Russia or where ever. Which laws apply?

      Caveat emptor.

  8. The EFF got results. GO GIVE THEM MONEY! by Qubit · · Score: 5, Insightful

    No, really.

    This is why the EFF is so important -- because they have the resources and know-how to stand up for the Hackers, the Security Researchers, the Makers, the Professors, and even the lowly Undergraduates.

    The EFF didn't just get results here, they effectively Pimp-slapped the company....with knowledge.

    So before you go out on Black Friday to blow a few hundred on electronic toys..err...valuable tools for your job, go give the EFF $20 dollars. Heck, give them something like $65 and they'll even send you a sweet T-Shirt.

    What are you waiting for? Think about it: You're a geek and don't get to pimp-slap anyone. Live vicariously through the EFF -- strike a blow against Censorship.

    http://eff.org/donate

    --

    coding is life /* the rest is */
    1. Re:The EFF got results. GO GIVE THEM MONEY! by migla · · Score: 5, Interesting

      http://eff.org/donate [eff.org]

      And for the remainder of 2011, they seem to have some sort of drive for someone to match the donation, doubling it.

      https://www.eff.org/deeplinks/2011/11/double-your-impact-take-eff-mission-challenge

      Now seems like a good time to donate. I would, if I had any money of my own.

      --
      Some of my favourite people are from th US; Vonnegut, Chomsky, Bill Hicks.
  9. The Apology Looks Sound to Me by Anonymous Coward · · Score: 4, Funny

    The apology letter looks sound to me. I don't see any reason why we should be second-guessing their intentions. There is nothing ambiguous here.

    It says at the very end, "We welcome feedback on our products and understand that Mr. Eckhart and other developers like him play an important role by raising questions about the complicated and technical aspects of the mobile ecosystem."

    These people really sound like fair players, people who are listening, people who are concerned, and who are trying to do a good job. They aren't silencing discussion, and they aren't showing themselves to be anything other than fair.

  10. Mod parent up! by openfrog · · Score: 5, Interesting

    The EFF is a great organisation

    Where would we be without them

    Donate https://www.eff.org/deeplinks/2011/11/double-your-impact-take-eff-mission-challenge with dollar for dollar matching by the Brin Wojcicki Foundation until december 31st

    I've sent mine in

  11. 3 Questions by Nom+du+Keyboard · · Score: 2

    1: How can I determine if this rootkit crapware is on my Android phone?

    2: How can I remove it?

    3: How can I sue Carrier IQ for invasion of privacy and anything else that good lawyer can think of?

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
    1. Re:3 Questions by compro01 · · Score: 4, Informative

      1/2. The guy who discovered it wrote an app that will detect CIQ (among other things), though you need to have root for it to work. It'll also remove it for you if you donate a dollar. Alternatively, use a ROM that has it removed.

      http://forum.xda-developers.com/showthread.php?t=1247108

      --
      upon the advice of my lawyer, i have no sig at this time
    2. Re:3 Questions by flonker · · Score: 3, Funny

      3: How can I sue Carrier IQ for invasion of privacy and anything else that good lawyer can think of?

      First, you need $50,000 for the lawyer.

  12. Re:How much of this was out of their heartfelt goo by dotancohen · · Score: 5, Informative

    The EFF is a great organisation

    Where would we be without them

    Donate https://www.eff.org/deeplinks/2011/11/double-your-impact-take-eff-mission-challenge with dollar for dollar matching by the Brin Wojcicki Foundation until december 31st

    I've sent mine in

    Note that the "Brin" in Brin Wojcicki is none other than Sergey Brin from Google. I think that speaks volumes, the cofounder of Google is giving half a million dollars of his personal fortune to the EFF. What other corporate entity would side with the EFF on any matter?

    --
    It is dangerous to be right when the government is wrong.
  13. Re:How much of this was out of their heartfelt goo by Runaway1956 · · Score: 2

    Now, you hush up, youngster! You're going to cause some of those Apple and Microsoft phanbois to have apoplectic fits and seizures!

    More seriously, I badmouth Google a little bit, now and then. But, you're perfectly right. There aren't a lot of corporations funding the EFF. Nice find!

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  14. Re:How much of this was out of their heartfelt goo by Runaway1956 · · Score: 3, Interesting

    Uhhhhmmmm - slashdot people may very well over rate their impact on things like this. But, 0%? Seriously? If some organization is engaged in shady operations, and those shady operations are exposed, the more eyes on them, the more nervous they get. At least, that's what I think. Don't discount the value of being slashdotted. Or, tweeted, or dug, or whatever. The more eyes, the better!

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  15. Re:How much of this was out of their heartfelt goo by Anonymous Coward · · Score: 2

    Why? What on earth did this attorney do that merits disbarment? Fire him, fine, whatever, but the fight for transparency and intellectual freedom is not waged with petty vendettas.

  16. Re:How much of this was out of their heartfelt goo by ville · · Score: 2

    Perhaps it was the fear of what happened to HBGary with Anonymous.

    // ville

  17. Re:How much of this was out of their heartfelt goo by TheInternetGuy · · Score: 2

    Shouldn't that be more like: double likelyhoodOfValidArgument = 1-modPointsWhenPosted/6; or perhaps: bool ValidArgument = ( modPointsWhenPosted2);

    --
    If my comment didn't sound as good in your head as it did in mine, then I guess we all know who's to blame
  18. Re:How much of this was out of their heartfelt goo by shutdown+-p+now · · Score: 3, Informative

    Note that the "Brin" in Brin Wojcicki is none other than Sergey Brin from Google. I think that speaks volumes, the cofounder of Google is giving half a million dollars of his personal fortune to the EFF. What other corporate entity would side with the EFF on any matter?

    Actually, both Apple and Microsoft match donations to EFF made by their employees (up to $10k per employee for Apple, and up to $12k for MS). Granted, this is nowhere near as all-inclusive as Brin's program, but if you count matching donations as "siding with", well...

  19. Re:How much of this was out of their heartfelt goo by Kalriath · · Score: 3, Insightful

    Just to add though, that's a reflection on Brin, not Google.

    --
    For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
  20. The other lesson for CarrierIQ to remember... by Shoten · · Score: 4, Informative

    Dear CarrierIQ,

    It's good that you've recognized that the security researcher in question had no illicit intent in mind, and was actually working for the good of the general public. Very nice, and definitely the high road. But...

    It's clear that not only did you unapolgetically and unreservedly produce a product with the explict, baked-in and horrific capacity to spy on the activities of millions of people (with no distinction between adults and minors, many of whom also have smartphones these days), but you also intended to use brutish, irresponsible tactics to muzzle a person who called you out on it.

    So the lesson you need to take away from this is not that pushing the envelope and then apologizing gets you off the hook. The real lesson you need to learn is that, from this point onwards, when I see the brand name "CarrierIQ" before me, my brain will automatically and reflexively replace the phrase "PIG-FUCKING ASSHOLES". And I'm sure I'm not the only ones who feel that way, you scumbag pieces of shit. Fuck you all. I wish nothing more than that the carriers who are your customer base will be ashamed to buy your product, and that you will go out of business.

    Clean up your product and make it about..and only about...what you say your goals are as a company, and after half a decade most of the people who feel like I do (including me) will come around and actually see "CarrierIQ" when we read "CarrierIQ". That's the cost of what you have done, and the real lesson you should take away from this.

    --

    For your security, this post has been encrypted with ROT-13, twice.
  21. Re:Snotty by symbolset · · Score: 3, Informative

    Since it was me who wrote that, I suppose I should reply. The existence of the Streisand effect is well-known but should be more publicized. Lawyers are just not good at shutting people up. The blowback from unleashing the lawyers on people can have far more disastrous consequences than making a mistake and fixing it - it can scuttle a whole company that has unquestionably good parts as well as one that's being questioned. I think it's important that responsible people understand that because it saves everybody a lot of trouble and outrage, it saves the jobs and products unrelated to the issue.

    I think CarrierIQ press release is brilliantly done. I have no doubt they'll use more care to guard privacy and engage the public openly when there are questions from now on. And I think the world's going to forgive and forget, mostly.

    Lighten up, Francis.

    --
    Help stamp out iliturcy.
  22. Re:How much of this was out of their heartfelt goo by jopsen · · Score: 2

    Agree... This is probably due to EFFs involvement...

    But let's also have a little respect for Carrier IQ, it takes balls to make this kind of turnaround...

  23. Re:How much of this was out of their heartfelt goo by dotancohen · · Score: 3, Funny

    Actually, both Apple and Microsoft match donations to EFF made by their employees (up to $10k per employee for Apple, and up to $12k for MS). Granted, this is nowhere near as all-inclusive as Brin's program, but if you count matching donations as "siding with", well...

    Right, that's how they catch the traitors from within. Clever!

    --
    It is dangerous to be right when the government is wrong.
  24. What the ABA says by Quila · · Score: 2

    A lawyer shall not bring or defend a proceeding, or assert or controvert an issue therein, unless there is a basis in law and fact for doing so that is not frivolous.

    Well, we know this had no basis in law and fact. Now about frivolous:

    A lawyer's conduct is "frivolous" for purposes of this Rule if:

    (1) the lawyer knowingly advances a claim or defense that is unwarranted under existing law,
    except that the lawyer may advance such claim or defense if it can be supported by good faith argument for an extension, modification, or reversal of existing law;

    (2) the conduct has no reasonable purpose other than to delay or prolong the resolution of litigation, in violation of Rule 3.2, or serves merely to harass or maliciously injure another

    Either the lawyer knowinly advanced an unwarranted claim in order to injure another (prevent a researcher from doing his work) or he's completely incompetent.

    Yeah, I think at least an official reprimand is in order.