Carrier IQ: A privacy tempest in your pants pocket

Privacy and cyber law experts weigh in on the privacy implications surrounding the Carrier IQ mobile diagnostic software.

. What's this?

By

December 05, 2011CSO

The lines at Carrier IQ haven't stopped ringing since accusations began flying that the mobile diagnostic company has installed rootkits on millions of phones around the world. Detractors have broadly claimed that the company's software, at best, violates end user privacy and, at worst, federal wiretap laws.

"This entire situation has touched a nerve with a lot of people beyond the IT industry," says information privacy, security, and compliance consultant Rebecca Herold. "People who don't normally pay attention to these issues are asking questions. People fear their identity data, texts, emails, keystrokes are being collected and sent to Carrier IQ."

These are claims, however, that Carrier IQ vehemently denies. "We measure and summarize performance of the device to assist operators in delivering better service," the company said in a statement issued late last week.

"While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen," the company said.

Also see: FAQ: Behind the Carrier IQ Rookit Controversy

Sen. Al Franken (D-Minn.) isn't taking the company at its word. Franken has called on the company's president, Larry Lenhart, to detail precisely what the company's software records, transmits, and if the application violates federal law or poses a security or privacy risk.

In addition to questions surrounding the nature of the Carrier IQ software, the public outcry -- which was as swift as it was broad -- is interesting in itself. "I think much of the reaction has to do with the fact that people feel that they were not told the nature of the data collection occurring on their phones," says Herold.

Mark Rasch director of cybersecurity and privacy consulting at CSC, said based on what is known publicly, the jury is still out as to whether Carrier IQ has committed privacy violations, or is simply monitoring for quality of service.

"Carriers and handset companies want to know what their users' experience is like. When does the handset crash calls? And, if they have bad calls is there something that the user is doing that creates that condition? Are there hundreds of customers in an area that may need a new cell tower? Do certain applications affect the device performance? These are the things the software is seeking. They are trying to capture the behavior of the phone," says Rasch. "The trouble is that in capturing the phone experience it is operating similarity to a rootkit installed on the phone."

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER