Your company just spent $10 billion dollars developing the next great widget that everyone will want to buy. The information copied allowed manufacturers in {cheap labor country Zuliwabee} to duplicate the plans, and produce the product without having invested the R&D money. All the investors are screwed, thats grandma and grandpas pension funds. The company closes down, and the people who produced the next great widget are all penalized for doing so.
You are permanently depriving them of the time it took to produce the software, and their right to get paid for producing the software.
Your argument is similar to hiring someone to paint your house, then refusing to pay them after the job is done. You have deprived the painter of his time. When you pirate software, you are depriving the person or people who spent time developing that software of their time.
If you agreed to work for a company for 6 months, developing software, and when you were done, the company said "Well, sorry, we arent going to pay you that last $10,000 installment, get lost"... would that be alright with you ?
Who can resist an important message from Sandra, the topless 3 boobed Nigerian government official charged with distributing $10 million dollars in oil industry windfall profits and free samples of Viagra ?
Also I invite you to read the post by "Riskable" which details out a number of laws that Carrier IQ (and or HTC) are likely breaking.
I read it, and replied to it. Almost the entire post by Riskable was invalid and inaccurate, as much as you would like it to be otherwise.
My original comment stands that privacy legislation specifically addressing this issue is required to resolve it, because right now what the carriers are doing by installing CarrierIQ and monitoring you, and having you agree to the monitoring via the TOS, appears to be perfectly legal ( at least in the US ).
If you don't like it, don't get a cell phone. The industry and government will respond rapidly when sales plummet to $0. The odds of people being willing to go without a cell phone of course, I would place so close to zero it might as well be zero. As long as people are unaware or willing to accept this sort of monitoring, it will continue.
1) The Payment Card Industry Data Security Standard (PCI DSS):
The PCI DSS is not a law or an industry regulation, but an industry standard that is an agreement between private parties, and it is up to the mastercard/visa people to pursue in civil court if they so decide. No crime here.
2) Graham Leach Bliley Act (GLBA). Undoubtedly, personally identifiable financial information is being recorded, transported, and stored without the user's knowledge or consent (each transaction/event would need its own notice and agreement with the carrier). That could add up to literally MILLIONS of violations.
GLBA applies to "financial institutions" and Verizon / CarrierIQ are not financial institutions.
Also, from Verizons website, which, I am assuming is part of their TOS/customer contract:
Verizon Wireless may use mobile usage information and consumer information for certain business and marketing reports. Mobile usage information includes the addresses of websites you visit when you use our wireless services. These data strings (or URLs) may include search terms you have used. Mobile usage information also includes the location of your device and your use of applications and features. Consumer information includes information about your use of Verizon products and services (such as data and calling features, device type, and amount of use) as well as demographic and interest categories provided to us by other companies (such as gender, age range, sports fan, frequent diner, or pet owner).
Note where it says "includes." Legally the term "includes" does not exclude other types of data not specifically mentioned.
3) Sarbanes Oxley: If they're recording this data they had better damned well keep an audit trail on it and be regularly disclosing that they're doing so to all their investors. They also must have documented controls & procedures and (likely) perform regular audits to ensure that said controls & procedures are being properly followed.
- Has nothing to do with customer information transmitted on Verizons network. Only pertains to corporate accounting practices.
4) They can be held liable for having knowledge of crimes but not reporting them.
If the data is not analyzed for criminal activity, then the company has no knowledge of crimes. Data != knowledge of criminal activity. If you have a specific legal reference or precedent, by all means let everyone know about it.
5) They can lose their common carrier status: Since they're now recording literally everything users do online they can be held (partially) accountable for what those users do. If you recorded the data you certainly could've audited it for fraudulent activity. "Have you been the victim of a crime that took place over a cell phone? Call the law offices of Sue & Win."
From wikipedia:
Internet Service Providers have argued against being classified as a "common carrier" and, so far, have managed to do so.
This seems to be pure speculation on your part.
6) There's probably a dozen laws that say you can't intercept and/or store information related to people's banking accounts and financial transactions
There's probably a dozen planets with intelligent alien lifeforms. Without details, it will remain a probability of an unknown quantity.
7) Unless their contract specifically spells out that they're going to record every keystroke you enter into your phone they've opened themselves up to millions of lawsuits. If anyone ever wins one of these it will be game over for the carriers. "verizon" and "at&t" will likely become some of those "$50-per-click" Adwords on Google.
Their website, as noted above, and assumed to be part of their TOS, states they are recording "mobile usage information
"One might think that an application need to ask for a location permission (either ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION) in order to do that, but that’s not true. If an application asks for permissions for the WiFi state (ACCESS_WIFI_STATE ) and has internet access, it can use the skyhook service (which is available for the Android) in order to retrieve the phone’s location."
http://useroriented.wordpress.com/2009/02/22/a-security-flaw-in-google-android/
Do your own research. The price list for data requests was leaked to the web awhile ago. Also, that was in response to "Please show a single case where Google has sold user info or actions." which it satisfies perfectly... so piss off.
What you and me consider to be a lie, or at least, deceitful, is entirely different, in what is required for a court to rule a statement as being a lie or fraud.
If the company issues the statement, claiming, keystrokes were not being collected, and the app was designed to not collect keystrokes, they can claim, that statement, was made, with the technical understanding, that event data was being collected, and not just keystrokes, and this would undoubtedly come out in any lawsuit or inquiry based upon the publics interpretation of the statement.
You and I can call it a lie, believe its a lie, feel strongly that we have been lied to, etc., but the odds of a court to rule they are lying are astronomical.
Oh how nice of you to lump Google into this. I wonder if you are just pro trolling, or some fanboy of some type. . THis event has nothing to do with Google.
There are a few methods, that I am aware of, that might, although the legality of such methods I am unsure of, still allow for cell phone use while preventing this sort of spying from occurring.
One method, is to get a GNU Radio ( http://gnuradio.org/redmine/projects/gnuradio/wiki ) device and operate it as a cellphone carrier firewall. This would accept connections from your cell phone, log and allow you to filter what is being sent, and then communicate with your carrier.
The other method, would be to use a cellphone data device / mobile hotspot, and then operate your cell phone using encrypted VOIP to an Asterisk server in your home / office.
If there are other methods, by all means let everyone know about them.
there's a LOT of things you can't just ask consumers for permission on the TOS and then go "nanananan it's legit you signed the contract!".
same thing applies to that you can't sign away your career through non-competes even if some employer wants you to believe so.
There is no law that I am aware of, that prevents private parties ( carrier and customer ) from agreeing to share information with each other. As for non-compete agreements, that is an entirely different issue ( legally ) than information sharing. It is voluntary for you to share, or not share, information with another party, while it is decidedly not voluntary for you to work and earn a living, unless someone else is working and earning a living to support you.
if it were legal to write any fucking kind of contract you want we would all be living in some crazy dystopia where everybodys life was determined by contracts written and signed before the person was even born(that would be pretty much what sucked about the middle ages).
I hate to break the news to you, but this is the world you live in now. Contracts are binding unless found all or in part ( under specific circumstances ) to be invalid by prior legislation or precedent.
because it's such a fucked up business decision in the first place and only serves to move money _away_ from the operator.
No. It increases shareholder value, up until the point where the public 1) becomes aware of it and 2) refuses to accept it and 3) finds the will to boycott the service. Unless all 3 of those things happen, the data collection is valuable, and enhances the bottom line.
so do you really think it would be legal for at&t to start generating traffic using cIQ and place all their customers to 1 million dollar debt by leaving it to transfer data all night long? that's what you're implying the tos would allow them to do and what they _should_ do "to increase shareholder value" . it's just ridiculous.
It is legal for AT&T to define "data usage" and "data caps" as "including data required to operate the service." As for whether they do this or not, cheCk your specific TOS. As an example of another industry that successfully did this, look at hard drive manufacturers. They have been claiming "300 Megabytes" when only "270 Megabytes" were in fact usable for over a decade now with much success.
As to your example of 1 million dollars in debt from carrier generated data streams, yes, that would cause the public to boycott the service and create lawsuits and bad debt. It is your extreme hypothetical abusive interpretation of the definitions that is ridiculous. In practice, this would optimally, from a revenue generation standpoint, be an amount that customers do not notice, whatever that amount may be.
I have not suggested carriers do anything, in any of my comments. I have merely attempted to explain the current ecosystem. No need to kill the messenger if you don't like the message.
Carrier IQ DENIES that they are recording keystrokes.
They aren't recording "keystrokes".... they are recording "event data" of which, keystrokes are merely a sub-class of events. It's not a lie, just like when Bill Clinton told everyone "I did not have sexual relations with [Monica Lewinsky]." He didn't have sexual relations, as in, intercourse, he just played around with a cigar.
So even if our agreement with the carrier permits logging/capturing of this data, it doesn't allow you to LIE about doing it.
As argued above, they are not "lying." They are simply being extremely technically specific in their statements.
We, as private citizens, need to get better at reading between the lines, as that is where the truth is, in order to protect ourselves from the non-lying-liars.
Indeed. If the government began a program to spy on everyone domestically, it would undoubtedly cause a huge uproar, and likely be deemed unconstitutional ( at least I hope it would be deemed as such. )
But if companies collect the data, then the government can simply request the records, and pay the company a fee for retrieving them, as part of an "investigation."
Web search... "what are you interested in ?"
Web analytics... "what sites are you visiting ?"
Friends lists... "who do you know / communicate with ?"
Mapping... "where are you going ?"
GPS / wi-fi detection.... "where are you at right now ?"
SMS... "what have you said to whom ?"
Welcome to the matrix. Good luck flushing yourself from it.
I should add, that the moment I heard that Google was releasing a smartphone OS aka Android, my first thought was "Nice. Now google can spy on everyone when they are away from their computer and follow their movements in the physical world."
Beware of free ice cream from pimply faced CEOs of publicly traded corporations who claim to have your best interests in mind.
This situation is only going to get worse. The same data collection practices concerning smartphones are being adopted by car manufacturers, and Google wants to use event data that your spiffy new car collects, in order to "predict" and "suggest" a route for you to travel. Do you really think Google ( and other companies active in this area ) are doing all this work for free because they like you ?
A contractual agreement to something deemed illegal does not overrule the law.
It is not illegal, for you to agree, to the carriers collection of the data, which is why regulation specifically making it illegal, or spelling out your rights, is required to stop it.
I see no reason for a carrier's data collection policy to include keylogging everything a customer does outside of extenuating circumstance (suspected terrorist or something).
Yes, you, like myself, see no reason "to allow" carriers to collect this data. That said, a carrier has "every incentive to collect" this data. It has commercial value. They can sell it to the government / police for investigative purposes, they can data mine it in order to find hidden value, and every bit of data sent can be counted towards your monthly usage cap, thereby, increasing the odds that you will run over and incur additional charges.
Please understand I am not arguing on behalf of carriers, merely attempting to point out the reality of the current environment. I don't own a smart phone, as I am aware that the reality of it, is that, I am paying to be spied on.
Therein lies the rub. In order to use your cellphone/smartphone, you have to sign the carriers agreement, and in the carriers agreement, there is undoubtedly a clause where you give them permission to collect your data and use it as they see fit. This makes the data collection legal, not illegal, as you agreed to it.
Nothing short of privacy regulation specifically forbidding carriers to use this information, or at the very least, allowing you to specify that you would like your data to remain private, will prevent this practice from being standard, as the monetary incentive is to collect the data. Corporations have an obligation to protect and grow shareholder value, no matter how many advertisements they run claiming "We care about our customers."
Slashdot Mirror
Your company just spent $10 billion dollars developing the next great widget that everyone will want to buy. The information copied allowed manufacturers in {cheap labor country Zuliwabee} to duplicate the plans, and produce the product without having invested the R&D money. All the investors are screwed, thats grandma and grandpas pension funds. The company closes down, and the people who produced the next great widget are all penalized for doing so.
Is this your idea of utopia ?
You are permanently depriving them of the time it took to produce the software, and their right to get paid for producing the software.
... would that be alright with you ?
Your argument is similar to hiring someone to paint your house, then refusing to pay them after the job is done. You have deprived the painter of his time. When you pirate software, you are depriving the person or people who spent time developing that software of their time.
If you agreed to work for a company for 6 months, developing software, and when you were done, the company said "Well, sorry, we arent going to pay you that last $10,000 installment, get lost"
Who can resist an important message from Sandra, the topless 3 boobed Nigerian government official charged with distributing $10 million dollars in oil industry windfall profits and free samples of Viagra ?
Perhaps you have not heard the term "quantitative easing."
Also I invite you to read the post by "Riskable" which details out a number of laws that Carrier IQ (and or HTC) are likely breaking.
I read it, and replied to it. Almost the entire post by Riskable was invalid and inaccurate, as much as you would like it to be otherwise.
My original comment stands that privacy legislation specifically addressing this issue is required to resolve it, because right now what the carriers are doing by installing CarrierIQ and monitoring you, and having you agree to the monitoring via the TOS, appears to be perfectly legal ( at least in the US ).
If you don't like it, don't get a cell phone. The industry and government will respond rapidly when sales plummet to $0. The odds of people being willing to go without a cell phone of course, I would place so close to zero it might as well be zero. As long as people are unaware or willing to accept this sort of monitoring, it will continue.
1) The Payment Card Industry Data Security Standard (PCI DSS):
The PCI DSS is not a law or an industry regulation, but an industry standard that is an agreement between private parties, and it is up to the mastercard/visa people to pursue in civil court if they so decide. No crime here.
2) Graham Leach Bliley Act (GLBA). Undoubtedly, personally identifiable financial information is being recorded, transported, and stored without the user's knowledge or consent (each transaction/event would need its own notice and agreement with the carrier). That could add up to literally MILLIONS of violations.
GLBA applies to "financial institutions" and Verizon / CarrierIQ are not financial institutions.
Also, from Verizons website, which, I am assuming is part of their TOS/customer contract:
Verizon Wireless may use mobile usage information and consumer information for certain business and marketing reports. Mobile usage information includes the addresses of websites you visit when you use our wireless services. These data strings (or URLs) may include search terms you have used. Mobile usage information also includes the location of your device and your use of applications and features. Consumer information includes information about your use of Verizon products and services (such as data and calling features, device type, and amount of use) as well as demographic and interest categories provided to us by other companies (such as gender, age range, sports fan, frequent diner, or pet owner).
Note where it says "includes." Legally the term "includes" does not exclude other types of data not specifically mentioned.
3) Sarbanes Oxley: If they're recording this data they had better damned well keep an audit trail on it and be regularly disclosing that they're doing so to all their investors. They also must have documented controls & procedures and (likely) perform regular audits to ensure that said controls & procedures are being properly followed.
- Has nothing to do with customer information transmitted on Verizons network. Only pertains to corporate accounting practices.
4) They can be held liable for having knowledge of crimes but not reporting them.
If the data is not analyzed for criminal activity, then the company has no knowledge of crimes. Data != knowledge of criminal activity. If you have a specific legal reference or precedent, by all means let everyone know about it.
5) They can lose their common carrier status: Since they're now recording literally everything users do online they can be held (partially) accountable for what those users do. If you recorded the data you certainly could've audited it for fraudulent activity. "Have you been the victim of a crime that took place over a cell phone? Call the law offices of Sue & Win."
From wikipedia:
Internet Service Providers have argued against being classified as a "common carrier" and, so far, have managed to do so.
This seems to be pure speculation on your part.
6) There's probably a dozen laws that say you can't intercept and/or store information related to people's banking accounts and financial transactions
There's probably a dozen planets with intelligent alien lifeforms. Without details, it will remain a probability of an unknown quantity.
7) Unless their contract specifically spells out that they're going to record every keystroke you enter into your phone they've opened themselves up to millions of lawsuits. If anyone ever wins one of these it will be game over for the carriers. "verizon" and "at&t" will likely become some of those "$50-per-click" Adwords on Google.
Their website, as noted above, and assumed to be part of their TOS, states they are recording "mobile usage information
"One might think that an application need to ask for a location permission (either ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION) in order to do that, but that’s not true. If an application asks for permissions for the WiFi state (ACCESS_WIFI_STATE ) and has internet access, it can use the skyhook service (which is available for the Android) in order to retrieve the phone’s location." http://useroriented.wordpress.com/2009/02/22/a-security-flaw-in-google-android/
Do your own research. The price list for data requests was leaked to the web awhile ago. Also, that was in response to "Please show a single case where Google has sold user info or actions." which it satisfies perfectly ... so piss off.
Google Sells User Data To U.S. Government
http://breakingnewsworld.net/2011/06/google-sells-user-data-to-u-s-government/
See recent article on slashdot titled "Google Throws /. Under Bus To Snag Patent"
What you and me consider to be a lie, or at least, deceitful, is entirely different, in what is required for a court to rule a statement as being a lie or fraud.
If the company issues the statement, claiming, keystrokes were not being collected, and the app was designed to not collect keystrokes, they can claim, that statement, was made, with the technical understanding, that event data was being collected, and not just keystrokes, and this would undoubtedly come out in any lawsuit or inquiry based upon the publics interpretation of the statement.
You and I can call it a lie, believe its a lie, feel strongly that we have been lied to, etc., but the odds of a court to rule they are lying are astronomical.
Oh how nice of you to lump Google into this. I wonder if you are just pro trolling, or some fanboy of some type. . THis event has nothing to do with Google.
"How Google–and everyone else–gets Wi-Fi location data" http://www.zdnet.com/blog/networking/how-google-8211and-everyone-else-8211gets-wi-fi-location-data/1664
Check the mirror. There you will find your fan boy.
where does the shareholder value come from?
Googles entire business plan and damn near 100% of its revenue comes from selling the data you enter while using a Google service.
Their current market cap is $188 billion dollars. That is how valuable usage data is.
Have you tried to find a payphone in the US recently ? You practically need a smartphone with google maps to find one. ;)
There are a few methods, that I am aware of, that might, although the legality of such methods I am unsure of, still allow for cell phone use while preventing this sort of spying from occurring.
One method, is to get a GNU Radio ( http://gnuradio.org/redmine/projects/gnuradio/wiki ) device and operate it as a cellphone carrier firewall. This would accept connections from your cell phone, log and allow you to filter what is being sent, and then communicate with your carrier.
The other method, would be to use a cellphone data device / mobile hotspot, and then operate your cell phone using encrypted VOIP to an Asterisk server in your home / office.
If there are other methods, by all means let everyone know about them.
there's a LOT of things you can't just ask consumers for permission on the TOS and then go "nanananan it's legit you signed the contract!". same thing applies to that you can't sign away your career through non-competes even if some employer wants you to believe so.
There is no law that I am aware of, that prevents private parties ( carrier and customer ) from agreeing to share information with each other. As for non-compete agreements, that is an entirely different issue ( legally ) than information sharing. It is voluntary for you to share, or not share, information with another party, while it is decidedly not voluntary for you to work and earn a living, unless someone else is working and earning a living to support you.
if it were legal to write any fucking kind of contract you want we would all be living in some crazy dystopia where everybodys life was determined by contracts written and signed before the person was even born(that would be pretty much what sucked about the middle ages).
I hate to break the news to you, but this is the world you live in now. Contracts are binding unless found all or in part ( under specific circumstances ) to be invalid by prior legislation or precedent.
because it's such a fucked up business decision in the first place and only serves to move money _away_ from the operator.
No. It increases shareholder value, up until the point where the public 1) becomes aware of it and 2) refuses to accept it and 3) finds the will to boycott the service. Unless all 3 of those things happen, the data collection is valuable, and enhances the bottom line.
so do you really think it would be legal for at&t to start generating traffic using cIQ and place all their customers to 1 million dollar debt by leaving it to transfer data all night long? that's what you're implying the tos would allow them to do and what they _should_ do "to increase shareholder value" . it's just ridiculous.
It is legal for AT&T to define "data usage" and "data caps" as "including data required to operate the service." As for whether they do this or not, cheCk your specific TOS. As an example of another industry that successfully did this, look at hard drive manufacturers. They have been claiming "300 Megabytes" when only "270 Megabytes" were in fact usable for over a decade now with much success.
As to your example of 1 million dollars in debt from carrier generated data streams, yes, that would cause the public to boycott the service and create lawsuits and bad debt. It is your extreme hypothetical abusive interpretation of the definitions that is ridiculous. In practice, this would optimally, from a revenue generation standpoint, be an amount that customers do not notice, whatever that amount may be.
I have not suggested carriers do anything, in any of my comments. I have merely attempted to explain the current ecosystem. No need to kill the messenger if you don't like the message.
Carrier IQ DENIES that they are recording keystrokes.
They aren't recording "keystrokes" .... they are recording "event data" of which, keystrokes are merely a sub-class of events. It's not a lie, just like when Bill Clinton told everyone "I did not have sexual relations with [Monica Lewinsky]." He didn't have sexual relations, as in, intercourse, he just played around with a cigar.
So even if our agreement with the carrier permits logging/capturing of this data, it doesn't allow you to LIE about doing it.
As argued above, they are not "lying." They are simply being extremely technically specific in their statements.
We, as private citizens, need to get better at reading between the lines, as that is where the truth is, in order to protect ourselves from the non-lying-liars.
Indeed. If the government began a program to spy on everyone domestically, it would undoubtedly cause a huge uproar, and likely be deemed unconstitutional ( at least I hope it would be deemed as such. )
... "what are you interested in ?" ... "what sites are you visiting ?" ... "who do you know / communicate with ?" ... "where are you going ?" .... "where are you at right now ?" ... "what have you said to whom ?"
But if companies collect the data, then the government can simply request the records, and pay the company a fee for retrieving them, as part of an "investigation."
Web search
Web analytics
Friends lists
Mapping
GPS / wi-fi detection
SMS
Welcome to the matrix. Good luck flushing yourself from it.
I should add, that the moment I heard that Google was releasing a smartphone OS aka Android, my first thought was "Nice. Now google can spy on everyone when they are away from their computer and follow their movements in the physical world."
Beware of free ice cream from pimply faced CEOs of publicly traded corporations who claim to have your best interests in mind.
This situation is only going to get worse. The same data collection practices concerning smartphones are being adopted by car manufacturers, and Google wants to use event data that your spiffy new car collects, in order to "predict" and "suggest" a route for you to travel. Do you really think Google ( and other companies active in this area ) are doing all this work for free because they like you ?
http://media.ford.com/article_display.cfm?article_id=34591
Certainly, the army of attorneys at the disposal of the carriers, has been careful to word the agreement such that your scenario also applies.
Kudos. Lets hope the rest of the world adopts a sane, fair approach.
A contractual agreement to something deemed illegal does not overrule the law.
It is not illegal, for you to agree, to the carriers collection of the data, which is why regulation specifically making it illegal, or spelling out your rights, is required to stop it.
I see no reason for a carrier's data collection policy to include keylogging everything a customer does outside of extenuating circumstance (suspected terrorist or something).
Yes, you, like myself, see no reason "to allow" carriers to collect this data. That said, a carrier has "every incentive to collect" this data. It has commercial value. They can sell it to the government / police for investigative purposes, they can data mine it in order to find hidden value, and every bit of data sent can be counted towards your monthly usage cap, thereby, increasing the odds that you will run over and incur additional charges.
Please understand I am not arguing on behalf of carriers, merely attempting to point out the reality of the current environment. I don't own a smart phone, as I am aware that the reality of it, is that, I am paying to be spied on.
companies that illegally wiretap their customers
Therein lies the rub. In order to use your cellphone/smartphone, you have to sign the carriers agreement, and in the carriers agreement, there is undoubtedly a clause where you give them permission to collect your data and use it as they see fit. This makes the data collection legal, not illegal, as you agreed to it.
Nothing short of privacy regulation specifically forbidding carriers to use this information, or at the very least, allowing you to specify that you would like your data to remain private, will prevent this practice from being standard, as the monetary incentive is to collect the data. Corporations have an obligation to protect and grow shareholder value, no matter how many advertisements they run claiming "We care about our customers."
newegg.com just had 16GB of DDR3 on Black Friday for $60. They have since sold out however.
You want to post a link to some proof of this accusation, or are you just going to spout anti-US drivel and run off ?