Carrier IQ Responds To FBI Drama, EFF Wants More Information

New submitter realized writes "Yesterday Carrier IQ released a report (PDF) which tries to answer some questions about how their system operates. Also, after reports of the FBI using Carrier IQ data, the company responded by saying, 'Carrier IQ has never provided any data to the FBI. If approached by a law enforcement agency, we would refer them to the network operators.' Additionally, the EFF just released a report which says they believe keystroke data 'is in fact being inadvertently transmitted to some third parties,' but they would like to study carrier profiles to verify information." Reader Trailrunner7 adds that Carrier IQ's report indicates "under some limited circumstances its software will log the contents of SMS messages sent to a user's phone, but that that the contents of those messages would not be human readable. Instead, they would be in an encoded form that could not be decoded without special software and the carriers don't have access to the contents of the messages either. The company said it has worked on a fix for the bug, which affected devices running the embedded version of the Carrier IQ agent."

No secret decoder ring here!

[undeadbill]

Instead, they would be in an encoded form that could not be decoded without special software and the carriers don't have access to the contents of the messages either.

Yeah, first they say they don't sniff your traffic, then they say this, then that, then they pull the "not without our secret magic decoder ring" argument. If they are working with government agencies to use this software (and it may not be the FBI), they wouldn't even have the ability to admit to it- those kinds of agreements require the company to deny everything in perpetuity.

First thing this new year, I'm migrating my phone over to cyanogenmod. I'd do it now, but I just don't have the time.

Re:The more you know...

[cosm]

And we give you more shiny toys...
All the better to track you my dearie!

And we give you better airport security...
All the better to control you my dearie!

And we give you more in store free membership cards...
All the better to know your every purchasing move my dearie!

And we give you more places to report SSNs...
All for the illusion of importance and identification my dearie

And we give you traffic and overhead cameras...
All the better to make sure your driving safe dearie!

And we give you more more social networks...
All the better to keep you and our friends close, so we can keep you our enemy closer!

And we give you internet shaping and monitoring...
All the better to provide better content delivery my dearie!

And we give you more child porn laws and content ratings...
All the better to protect your eyes my dearie!

And we give you more drug laws and consensual restrictions...
All the better to keep you safe my dearie!

And we invade other countries and install governments...
All the better to ensure your security my dearie!

And I give you the slow erosion of all that is personal responsibility, hard work, civil liberties, freedoms, independence, free speech, and everything America ever once strived at standing for...
All the better to own you my dearie!

Carriers should make the service heat maps avail

[klubar]

I read the CIQ pdf, and the part I was most impressed with was the service quality heatmaps. It would be great if the carriers made (or were required to make) this data available. This would make it much easier to evaluate a carrier in your actual area. Instead the carriers just release vague maps that show that nearly the entire US is green. Clearly they have the data.

Google got slammed, but not CarrierIQ?

[Okian+Warrior]

One thing that's bothered me about all this:

Google's street-view car inadvertently logs SSID broadcasts, which are transmitted in the clear. They 'fess up and get washed and hung out to dry. Threats from governments, demands that they turn over the data, investigations galore.

CarrierIQ sends your text messages and keypresses and location information (including your typed passwords) to various third parties including the FBI and carriers... and nothing. A handful of small entities are "seeking suit" against the company.

Where's the outrage? You'd think that CarrierIQ only affects geeks.

Re:A Little Help Please?

[Black+Parrot]

I've got the iPhone, how do I crib smother this Carrier IQ parasite?

Next time you drive across a bridge, toss it out the window.

Carriers don't have access?

[ChipMonk]

"Carriers don't have access to the contents of the [SMS] messages." Then how the hell do they get them to my phone in a human-readable format?

Re:"A fix for the bug"?

[Wolfier]

It's not spyware. Carriers want info on how people use their phones so that they can fix bugs and make better phones. It's no different from software that occasionally reports home with usage statistics. Everyone does it, and it's a good thing. The only problem is that a few OEMs and carriers disabled the user's ability to opt out.

CarrierIQ makes a legal, useful, morally-sound product. Some companies go on to use that product in a legal, useful, but less moral manner. But some asshole of a security researcher figured out (correctly!) that he'd get way more hits on his webpage if he accused them of making a rootkit and keylogger. And now all the innocent, hardworking developers at this small business will be out on the streets, because the rage-a-holics want something to scream about, and the media is more than happy to manufacture controversy if it means good ratings.

So congrats. You're going to destroy the lives of some innocent people over the tiniest of slights. I'm sure you're very proud.

Not so fast. I suspect if CarrierIQ didn't attempt to SLAPP the researcher, none of its PR disaster would have happened.
Don't act as if CarrierIQ is totally in the right, because it is not. The moment they decided to unleash a lawyer first, and then an honest disclosure when necessary, their fate was sealed.