Slashdot Mirror
Carrier IQ Drama Continues
alphadogg writes "A Cornell University professor is calling the controversial Carrier IQ smartphone software revelations a privacy disaster. 'This is my worst nightmare,' says Stephen Wicker, a professor of electrical and computer engineering at Cornell. 'As a professor who studies electronic security, this is everything that I have been working against for the last 10 years. It is an utterly appalling invasion of privacy with immense potential for manipulation and privacy theft that requires immediate federal intervention.'" Read on for a grab-bag of other news about the ongoing story of Carrier IQ's spyware.
Federal intervention is already on the menu; new submitter mitcheli writes "Following the video from Trevor Eckhart on Youtube after the filing of the Cease and Desist letter and subsequent reply by the EFF and apology letter (as reported on Slashdot), Senator Franken of the Subcommittee on Privacy Technology and the Law asks some rather pointed questions."
Franken has more reason, apparently, to look into this than might legislators in other countries; an anonymous reader submits news that Cambridge researchers have found the software to be confined to (or at least only confirmed in) American customers' phones. From their report: "We performed an analysis on our dataset of 5572 Android smartphones that volunteers from all over the world helped us create. From those 5572 devices, only 21 were found to be running the software, all of them in the US and Puerto Rico. The affected carriers we observed were AT&T, Boost Mobile and Sprint.
We found no evidence of the Carrier IQ software running on Android devices in any other country."
Another anonymous reader suggests that "Apart from anything else, the fundamental mistake that Carrier IQ made was attempting to silence a developer using a heavy-handed legal threat. Certainly this was the tipping point in terms of bring the whole incident to the public's attention."
Like apparently begets like; reader adeelarshad82 writes "Not surprisingly, the Carrier IQ controversy has resulted in some legal action. Class-action lawsuits have been filed in California and Missouri that accuse Carrier IQ, as well as Samsung and HTC, of violating federal wiretap laws. The California case was filed on behalf of four smartphone users with HTC and Samsung devices and accuses the companies of violating the Federal Wiretap Act, which prohibits the unauthorized interception or illegal use of electronic communications, and California's Unfair Business Practice Act."
Finally, GMGruman writes with the cautionary note that Carrier IQ and Facebook pose "the least of your privacy threats": "[S]o far these forms of monitoring anonymize the data, so an individual's actual privacy is not invaded. And while people fret over these potential invasions, a more pernicious privacy invasion is under way, one that monitors actual individuals and then uses that information to try to direct their behavior. For example, car insurers give monitoring boxes to customers to track their driving behavior and offer a discount if it is 'good.' Of course, the flip side is higher rates or no coverage if the black box decides you are "bad." And, as this blog post points out, this is just one of many such 'Big Brother corporation' efforts out there that give significant power to insurers and others who have a history of abusing personal information, such as for redlining and coverage denial."
Franken has more reason, apparently, to look into this than might legislators in other countries; an anonymous reader submits news that Cambridge researchers have found the software to be confined to (or at least only confirmed in) American customers' phones. From their report: "We performed an analysis on our dataset of 5572 Android smartphones that volunteers from all over the world helped us create. From those 5572 devices, only 21 were found to be running the software, all of them in the US and Puerto Rico. The affected carriers we observed were AT&T, Boost Mobile and Sprint.
We found no evidence of the Carrier IQ software running on Android devices in any other country."
Another anonymous reader suggests that "Apart from anything else, the fundamental mistake that Carrier IQ made was attempting to silence a developer using a heavy-handed legal threat. Certainly this was the tipping point in terms of bring the whole incident to the public's attention."
Like apparently begets like; reader adeelarshad82 writes "Not surprisingly, the Carrier IQ controversy has resulted in some legal action. Class-action lawsuits have been filed in California and Missouri that accuse Carrier IQ, as well as Samsung and HTC, of violating federal wiretap laws. The California case was filed on behalf of four smartphone users with HTC and Samsung devices and accuses the companies of violating the Federal Wiretap Act, which prohibits the unauthorized interception or illegal use of electronic communications, and California's Unfair Business Practice Act."
Finally, GMGruman writes with the cautionary note that Carrier IQ and Facebook pose "the least of your privacy threats": "[S]o far these forms of monitoring anonymize the data, so an individual's actual privacy is not invaded. And while people fret over these potential invasions, a more pernicious privacy invasion is under way, one that monitors actual individuals and then uses that information to try to direct their behavior. For example, car insurers give monitoring boxes to customers to track their driving behavior and offer a discount if it is 'good.' Of course, the flip side is higher rates or no coverage if the black box decides you are "bad." And, as this blog post points out, this is just one of many such 'Big Brother corporation' efforts out there that give significant power to insurers and others who have a history of abusing personal information, such as for redlining and coverage denial."
Isn't it interesting that the only OS that sent the info out by default was Android? iPhone didn't. While they were there too, Carrier IQ was disabled by default.
So interesting as the fact that only Noth America seems to have Carrier IQ on their Android devices...
And after all, Carrier IQ was just Google Analytics to mobiles. [...]
Google Analytics ANALyses every keystroke on your computer? Because Carrier IQ receives every dialer keystroke on the device.
(I'm not saving Google's face here)
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
Wrong. Apple install it by default and even obfuscate the files.
Wrong yourself, or at least misleading - The carrier IQ that Apple ships with does not record anything at all by default, and even if you could figure out how to enable it records only a tiny bit of data, no keystrokes or SMS for example...
Nor do they obfuscate anything (unless you call shipping with it off a form of obfuscation).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Skeptics find flaws in Carrier IQ application analysis
As I posted in another forum, the court of public opinion isn't in complete agreement.
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
As a 'Linux fan', you should know that not everything provided in your install was provided by the manufacturer, or was part of 'Linux'. Neither is CarrierIQ in any way part of Android. It is a separate piece of software, installed on some Android based phones by the carrier. It does not send data to Google, and there is even some debate on whether it sends anything, or merely logs it. Google is not benefitting from this data, nor can they sell it to others, since it isn't data they collected, or even knew about. It also, I might add, is installed on every iPhone from AT&T. It is likely still logging, but only sends the data back to CIQ if you allow it (which on older iPhones, is when you activate it. there seems to be no way to turn it off after that).
And I think the answer to that will be, it was the carriers that decided what functions to enable. And the carriers were exempted from all electronic spying restrictions by the FISA extension of 2008 (aka absolve AT&T bill).
sPh
You can put anything on iPhone without a jailbreak
You just have to pay for a developer's license and enroll your phone.
What you don't get is the ability to to put any software you want on other people's phones by letting them download your application from your web site, you have to go through iTunes for that, and doing that requires Apple to approve your application. But when we get to that point, we've stopped talking about developer freedom and started talking about entrepreneurial freedom, which is something completely different.
PS: iPhones don't come with carrier crap installed; that's one of the reasons Apple didn't initially partner with Verizon; the other two reasons were the Qualcomm patent tax on CDMA hardware, and Verizon not wanting to set up a Visual Voice Mail service that met Apple's requirements.
PPS: All of the projects for running Linux on phones are only going to get somewhere if they break signature verification in the boot loaders, and the baseband software runs on a separate chip, rather than on the same chip as applications. That lets out a lot of smartphones (e.g. anything running a Qualcomm Snapdragon CPU). If they try to go ahead on those phones anyway, men in suits will show up citing the Code of Federal Regulations, 47, Section 2.944 covering Software Defined Radio.
-- Terry