Slashdot Mirror
Carrier IQ Drama Continues
alphadogg writes "A Cornell University professor is calling the controversial Carrier IQ smartphone software revelations a privacy disaster. 'This is my worst nightmare,' says Stephen Wicker, a professor of electrical and computer engineering at Cornell. 'As a professor who studies electronic security, this is everything that I have been working against for the last 10 years. It is an utterly appalling invasion of privacy with immense potential for manipulation and privacy theft that requires immediate federal intervention.'" Read on for a grab-bag of other news about the ongoing story of Carrier IQ's spyware.
Federal intervention is already on the menu; new submitter mitcheli writes "Following the video from Trevor Eckhart on Youtube after the filing of the Cease and Desist letter and subsequent reply by the EFF and apology letter (as reported on Slashdot), Senator Franken of the Subcommittee on Privacy Technology and the Law asks some rather pointed questions."
Franken has more reason, apparently, to look into this than might legislators in other countries; an anonymous reader submits news that Cambridge researchers have found the software to be confined to (or at least only confirmed in) American customers' phones. From their report: "We performed an analysis on our dataset of 5572 Android smartphones that volunteers from all over the world helped us create. From those 5572 devices, only 21 were found to be running the software, all of them in the US and Puerto Rico. The affected carriers we observed were AT&T, Boost Mobile and Sprint.
We found no evidence of the Carrier IQ software running on Android devices in any other country."
Another anonymous reader suggests that "Apart from anything else, the fundamental mistake that Carrier IQ made was attempting to silence a developer using a heavy-handed legal threat. Certainly this was the tipping point in terms of bring the whole incident to the public's attention."
Like apparently begets like; reader adeelarshad82 writes "Not surprisingly, the Carrier IQ controversy has resulted in some legal action. Class-action lawsuits have been filed in California and Missouri that accuse Carrier IQ, as well as Samsung and HTC, of violating federal wiretap laws. The California case was filed on behalf of four smartphone users with HTC and Samsung devices and accuses the companies of violating the Federal Wiretap Act, which prohibits the unauthorized interception or illegal use of electronic communications, and California's Unfair Business Practice Act."
Finally, GMGruman writes with the cautionary note that Carrier IQ and Facebook pose "the least of your privacy threats": "[S]o far these forms of monitoring anonymize the data, so an individual's actual privacy is not invaded. And while people fret over these potential invasions, a more pernicious privacy invasion is under way, one that monitors actual individuals and then uses that information to try to direct their behavior. For example, car insurers give monitoring boxes to customers to track their driving behavior and offer a discount if it is 'good.' Of course, the flip side is higher rates or no coverage if the black box decides you are "bad." And, as this blog post points out, this is just one of many such 'Big Brother corporation' efforts out there that give significant power to insurers and others who have a history of abusing personal information, such as for redlining and coverage denial."
Franken has more reason, apparently, to look into this than might legislators in other countries; an anonymous reader submits news that Cambridge researchers have found the software to be confined to (or at least only confirmed in) American customers' phones. From their report: "We performed an analysis on our dataset of 5572 Android smartphones that volunteers from all over the world helped us create. From those 5572 devices, only 21 were found to be running the software, all of them in the US and Puerto Rico. The affected carriers we observed were AT&T, Boost Mobile and Sprint.
We found no evidence of the Carrier IQ software running on Android devices in any other country."
Another anonymous reader suggests that "Apart from anything else, the fundamental mistake that Carrier IQ made was attempting to silence a developer using a heavy-handed legal threat. Certainly this was the tipping point in terms of bring the whole incident to the public's attention."
Like apparently begets like; reader adeelarshad82 writes "Not surprisingly, the Carrier IQ controversy has resulted in some legal action. Class-action lawsuits have been filed in California and Missouri that accuse Carrier IQ, as well as Samsung and HTC, of violating federal wiretap laws. The California case was filed on behalf of four smartphone users with HTC and Samsung devices and accuses the companies of violating the Federal Wiretap Act, which prohibits the unauthorized interception or illegal use of electronic communications, and California's Unfair Business Practice Act."
Finally, GMGruman writes with the cautionary note that Carrier IQ and Facebook pose "the least of your privacy threats": "[S]o far these forms of monitoring anonymize the data, so an individual's actual privacy is not invaded. And while people fret over these potential invasions, a more pernicious privacy invasion is under way, one that monitors actual individuals and then uses that information to try to direct their behavior. For example, car insurers give monitoring boxes to customers to track their driving behavior and offer a discount if it is 'good.' Of course, the flip side is higher rates or no coverage if the black box decides you are "bad." And, as this blog post points out, this is just one of many such 'Big Brother corporation' efforts out there that give significant power to insurers and others who have a history of abusing personal information, such as for redlining and coverage denial."
The general population of Slashdot finds these things distasteful, and I'm sure the rest of the world would too if they actually knew about it. This isn't the kind of news the majority hears.
To offset political mods, replace Flamebait with Insightful.
Nice troll, but the vanilla Android devices (Nexus line) don't ship with the CarrierIQ software, which means that either the handset manufacturers or, much more likely given the US-centric focus, the carriers are responsible for installing it.
Isn't it interesting that the only OS that sent the info out by default was Android? iPhone didn't. While they were there too, Carrier IQ was disabled by default.
So interesting as the fact that only Noth America seems to have Carrier IQ on their Android devices...
And after all, Carrier IQ was just Google Analytics to mobiles. [...]
Google Analytics ANALyses every keystroke on your computer? Because Carrier IQ receives every dialer keystroke on the device.
(I'm not saving Google's face here)
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
Very good question from the senator:
Does Carrier IQ believe that its actions comply with the Computer Fraud and Abuse Act (18 U.S.C. Â 1030)? Why?
That's the kind of question you don't want to be asked. People don't ask that way if they don't already have an opinion. Basically, he wants to see them dig their own grave, and enjoy it.
That's good news. Let's see if they spring the lobby machine into overdrive and try to get the issue "lost" in sub-comittees and extended deadlines.
Assorted stuff I do sometimes: Lemuria.org
Wrong. Apple install it by default and even obfuscate the files.
Wrong yourself, or at least misleading - The carrier IQ that Apple ships with does not record anything at all by default, and even if you could figure out how to enable it records only a tiny bit of data, no keystrokes or SMS for example...
Nor do they obfuscate anything (unless you call shipping with it off a form of obfuscation).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
There is a big, BIG difference between CIQ and Google Analytics. Google Analytics tracks your browsing behavior, which is on the open web, and is being done in public. While it is certainly creepy that your web browsing behavior is being tracked, you are still doing all of that in public, where you have no expectation of privacy. CIQ, on the other hand, is a keylogger. It can track private communications that you are intending to send out encrypted before you even send them. This is a whole different ball of wax, and is considered to be criminal behavior in almost all cases in the PC world. Comparing Google Analytics to CIQ is like comparing a case of the common cold to ebola, there are certainly similarities, but one is VERY different in terms of degree.
To the haters: You can't win. If you mod me down, I shall become more powerful than you could possibly imagine
That might be so, but it doesn't change the fact that it's only Android devices where it's enabled by default.
That's probably because the carriers are not able to enable it in iOS. So Apple - the only manufacturer of iOS devices - doesn't want it enabled in their phone, and the carriers are not able to do this. Android is more open, so either the phone manufacturers like Samsung and HTC can install it, or the carriers. So it's true, but it's only true because of the open nature of Android.
To go with an unfortunately appropriate analogy, CIQ is just a street-level heavy. Three of the largest telcomm corporations in the United States are Al Capone. The latter party is almost certainly the driving force behind the former party's crimes; but he's virtually untouchable and isn't exactly going to get his hands dirty to keep a lacky from getting thrown under the bus.
The carriers, while they almost certainly are up to their eyeballs in slime, have zillion-page 'contracts' with the people they are screwing, massive lobbying expertise, and quite possibly de facto or even de jure legal impunity when it comes to a little of the old wiretapping(just look at the, er, unimpressive consequences when their collaboration with the NSA was revealed...) CIQ, by contrast, is just a little coder shop somewhere, 6 years of history, not even the flimsiest of contracts with any phone users, and no obvious friends. Everybody who isn't their customers certainly has no reason not to want them gone, and even their customers would almost certainly rather switch spyware vendors(they've got plenty of options) than endure the PR hit of defending their present vendor...
Much as I'd love to watch CIQ's operations burned down with those responsible locked inside, I suspect that the focus on CIQ will drown out the (far more dire) fact that contemporary communications technology is running headlong into the dystopian future, and the world is crawling with upmarket spyware vendors who provide very similar products and services worldwide. CIQ was unlucky enough to land in hot water
Just a little while back, Etisalat was trojaning its blackberry customers with (poorly made) spyware from the wonderful people at SS8. Guess who suffered no consequences whatsoever and is still merrily peddling "Lawful intercept solutions"?
Something that hasn't been brought up is: Who is paying for transmitting the data from your handset to CarrierIQ?
Sleep your way to a whiter smile...date a dentist!
As I'm sure you know: Without complete corresponding source code to all of the software running on a phone, you'll never know the answer to those questions.
RMS knew the solution to this problem before the problem became widespread (as he often does) and he got the solution right early on: this is a social problem, not a technological problem. The solution is software freedom for all computer users for all the software they run.
Sadly, the Carrier IQ debacle is unlikely to propel people to see this solution. The problem is too weak in its urgency because Carrier IQ's (or any other workalike) privacy violations are merely annoying or scary. Privacy violations usually don't kill or maim anyone. Also, the affected audience has low market value: the general public. When proprietary software used in internal medical devices fails and kills someone, there will be another opportunity to talk of software freedom as a social solution to be taken seriously. And, for a time, people will be more receptive to the idea that all computer users deserve software freedom. People seem to have no problem hiring professionals in other fields they don't understand (plumbers, doctors, lawyers, mechanics, builders) so it's not far-fetched to expect the public to hire computer programmers to inspect and modify programs on their behalf.
Digital Citizen
A contract?
You are welcome on my lawn.