Carrier IQ Drama Continues

timothy posted more than 2 years ago | from the hey-it-was-free-why-are-you-griping dept.

Privacy 244

alphadogg writes "A Cornell University professor is calling the controversial Carrier IQ smartphone software revelations a privacy disaster. 'This is my worst nightmare,' says Stephen Wicker, a professor of electrical and computer engineering at Cornell. 'As a professor who studies electronic security, this is everything that I have been working against for the last 10 years. It is an utterly appalling invasion of privacy with immense potential for manipulation and privacy theft that requires immediate federal intervention.'" Read on for a grab-bag of other news about the ongoing story of Carrier IQ's spyware.Federal intervention is already on the menu; new submitter mitcheli writes "Following the video from Trevor Eckhart on Youtube after the filing of the Cease and Desist letter and subsequent reply by the EFF and apology letter (as reported on Slashdot), Senator Franken of the Subcommittee on Privacy Technology and the Law asks some rather pointed questions."

Franken has more reason, apparently, to look into this than might legislators in other countries; an anonymous reader submits news that Cambridge researchers have found the software to be confined to (or at least only confirmed in) American customers' phones. From their report: "We performed an analysis on our dataset of 5572 Android smartphones that volunteers from all over the world helped us create. From those 5572 devices, only 21 were found to be running the software, all of them in the US and Puerto Rico. The affected carriers we observed were AT&T, Boost Mobile and Sprint.
We found no evidence of the Carrier IQ software running on Android devices in any other country."

Another anonymous reader suggests that "Apart from anything else, the fundamental mistake that Carrier IQ made was attempting to silence a developer using a heavy-handed legal threat. Certainly this was the tipping point in terms of bring the whole incident to the public's attention."

Like apparently begets like; reader adeelarshad82 writes "Not surprisingly, the Carrier IQ controversy has resulted in some legal action. Class-action lawsuits have been filed in California and Missouri that accuse Carrier IQ, as well as Samsung and HTC, of violating federal wiretap laws. The California case was filed on behalf of four smartphone users with HTC and Samsung devices and accuses the companies of violating the Federal Wiretap Act, which prohibits the unauthorized interception or illegal use of electronic communications, and California's Unfair Business Practice Act."

Finally, GMGruman writes with the cautionary note that Carrier IQ and Facebook pose "the least of your privacy threats": "[S]o far these forms of monitoring anonymize the data, so an individual's actual privacy is not invaded. And while people fret over these potential invasions, a more pernicious privacy invasion is under way, one that monitors actual individuals and then uses that information to try to direct their behavior. For example, car insurers give monitoring boxes to customers to track their driving behavior and offer a discount if it is 'good.' Of course, the flip side is higher rates or no coverage if the black box decides you are "bad." And, as this blog post points out, this is just one of many such 'Big Brother corporation' efforts out there that give significant power to insurers and others who have a history of abusing personal information, such as for redlining and coverage denial."

Analytics for Mobiles (3, Interesting)

InsightIn140Bytes (2522112) | more than 2 years ago | (#38252688)

Isn't it interesting that the only OS that sent the info out by default was Android? iPhone didn't. While they were there too, Carrier IQ was disabled by default.

And after all, Carrier IQ was just Google Analytics to mobiles. I can just hope that people start the same kind of uproar once they realize how much Google is spying them. If it's not allowed on mobiles, I don't see why it should be allowed on our computers and internet. Maybe there's still some hope in humankind.

Re:Analytics for Mobiles (5, Insightful)

masternerdguy (2468142) | more than 2 years ago | (#38252710)

The general population of Slashdot finds these things distasteful, and I'm sure the rest of the world would too if they actually knew about it. This isn't the kind of news the majority hears.

Re:Analytics for Mobiles (2)

jhoegl (638955) | more than 2 years ago | (#38253032)

Actually it was carried on NBC the other night where I heard about it first.

There are conflicting reports about it actually sending data vs not sending.

Re:Analytics for Mobiles (1)

masternerdguy (2468142) | more than 2 years ago | (#38253040)

That's a good sign, do you have a link to the story? Nobody I know has heard of it, and I first heard of it from Slashdot.

Re:Analytics for Mobiles (1)

justforgetme (1814588) | more than 2 years ago | (#38253122)

the story "Usually coupled with a lot of FUD" has been circling the facebooks, g+s and reddits for about a week(?) now.
Mass media have also gotten attention to it, I saw it on the news yesterday on a b side channel..

What I still can't fathom is why apple was shipping it "disabled" by default.... misplaced bits?

Re:Analytics for Mobiles (2)

jhoegl (638955) | more than 2 years ago | (#38253184)

MSNBC [] Look at December 1st, "Secret software tracks phone activity"

Re:Analytics for Mobiles (5, Interesting)

davester666 (731373) | more than 2 years ago | (#38253198)

Something that hasn't been brought up is: Who is paying for transmitting the data from your handset to CarrierIQ?

Re:Analytics for Mobiles (5, Insightful)

Spad (470073) | more than 2 years ago | (#38252734)

Nice troll, but the vanilla Android devices (Nexus line) don't ship with the CarrierIQ software, which means that either the handset manufacturers or, much more likely given the US-centric focus, the carriers are responsible for installing it.

Re:Analytics for Mobiles (1, Informative)

InsightIn140Bytes (2522112) | more than 2 years ago | (#38252750)

That might be so, but it doesn't change the fact that it's only Android devices where it's enabled by default.

Re:Analytics for Mobiles (3, Interesting)

larry bagina (561269) | more than 2 years ago | (#38252820)

Traditional BSD/GPL flamewars boil down to "freedom for the user" vs "freedom for the developer". Android is "freedom for the handset manufacturers and telcos".

Re:Analytics for Mobiles (2)

spauldo (118058) | more than 2 years ago | (#38253542)

That applies to all smart phones, not just Android.

I'd say Android provides more freedom for the user and developer than the iPhone or any of the other default phone operating systems (not sure about Windows phones). You can add non-market software to them without jailbreaking them. You can't do that with the iPhone or (last I heard) a Blackberry.

Any of them are going to come with crap the manufacturer wants on there, and likely prevents you from uninstalling it as best they can. The carriers are worse, so if you bought a phone with a carrier bundle, you've got all kinds of crap on there you likely don't want. The base OS of the phone doesn't really matter - Android, iOS, BlackberryOS etc. all have crap added to them that you'd probably rather not have.

There are projects for running Linux on the iPhone, various Android phones, and probably others as well. That might be looking into if you're worried about developer and user freedom.

Re:Analytics for Mobiles (0)

Anonymous Coward | more than 2 years ago | (#38252822)

-which would be like saying that it's only windows based laptops ship with adware installed by default. It might be true but it's missing the point.
Whether it was included or enabled was purely the manufacturer's design and has nothing to do with which os it runs on; a more relevant observation would be which phone manufacturer chose to include Carrier IQ on their android phones, in this case AT&T, Boost Mobile and Sprint.

But I have the feeling that calling those guys evil doesn't have the same punch as calling android out.

Re:Analytics for Mobiles (1)

tqk (413719) | more than 2 years ago | (#38253390)

Whether it was included or enabled was purely the manufacturer's design ...

I believe the article at the register included a quote from HTC, saying they installed it at the behest of the carriers, on the phones they were manufacturing for those carriers.

Re:Analytics for Mobiles (5, Insightful)

rvw (755107) | more than 2 years ago | (#38252886)

That might be so, but it doesn't change the fact that it's only Android devices where it's enabled by default.

That's probably because the carriers are not able to enable it in iOS. So Apple - the only manufacturer of iOS devices - doesn't want it enabled in their phone, and the carriers are not able to do this. Android is more open, so either the phone manufacturers like Samsung and HTC can install it, or the carriers. So it's true, but it's only true because of the open nature of Android.

Re:Analytics for Mobiles (1)

ColdWetDog (752185) | more than 2 years ago | (#38253192)

It would be interesting to see if CarrierIQ was installed on Android / iOS phones from some of the more 'repressive' regimes like China, India or Middle Eastern countries.

Re:Analytics for Mobiles (0)

Anonymous Coward | more than 2 years ago | (#38253228)

They probably refused to give Apple a share of the profits. Considering how mercenary they are, I'd say that's the only real explanation.

Re:Analytics for Mobiles (0, Troll)

Anonymous Coward | more than 2 years ago | (#38252914)

That might be so, but it doesn't change the fact that it's only Android devices where it's enabled by default.

If you had read the article you'd have seen that not all Android devices are affected. I quote you the fucking article:
        "We found no evidence of the Carrier IQ software running on Android devices in any other country."
Given the huge number of Android devices sold abroad, this is only a fraction of total Android sales.

Also, contrary to what you stated earlier, it's not the OS that sends out your info, it's an app that carriers installed. Since you're so unaware of the amount of customization that the various carriers make on their Android phones I think it's safe to assume that you're an Iphone user. And one who lacks a basic understanding of logic too.

Re:Analytics for Mobiles (4, Insightful)

pushing-robot (1037830) | more than 2 years ago | (#38252874)

the vanilla Android devices (Nexus line) don't ship with the CarrierIQ software, which means that either the handset manufacturers or, much more likely given the US-centric focus, the carriers are responsible for installing it.

...Which is a very good point. Google gives not only end users but also manufacturers and carriers relatively free reign over Android phones. Apple retains much more control over the iPhone.

While it's easy to see how Apple's strategy can hurt power users, Google's strategy can hurt users also.

Re:Analytics for Mobiles (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38253252)

Freedom can hurt people, yes. Freedom also lets you install vanilla android (or a community flavor, or whatever). The only problem with that might be some kind of warranty violation--but again, that is an evil of the manufacturer or carrier. Not Google.

AT&T can still violate the privacy of your iPhone. So can Apple. Google _cannot_ because (theoretically) you could check for and remove such violations. Is that done? Well, maybe or maybe not. But that's still better than Apple where it's impossible.

Re:Analytics for Mobiles (-1)

Anonymous Coward | more than 2 years ago | (#38253524)

You are an idiot.

Re:Analytics for Mobiles (1)

planimal (2454610) | more than 2 years ago | (#38252738)

googles business model is well know. no one is forcing you to use google. It's their service, they can do what they like. hiding it, and sending out C&D letters to those who expose it is however, another story

Re:Analytics for Mobiles (0)

Anonymous Coward | more than 2 years ago | (#38252864)

The problem is that if enough people have google analyics installed on their websites, that it doesn't matter whether you use it yourself or not. When I started using no-script I was surprised at how many websites try to serve up scripts from google analyics (easliy more than 50 %).

Re:Analytics for Mobiles (5, Informative)

Lisias (447563) | more than 2 years ago | (#38252766)

Isn't it interesting that the only OS that sent the info out by default was Android? iPhone didn't. While they were there too, Carrier IQ was disabled by default.

So interesting as the fact that only Noth America seems to have Carrier IQ on their Android devices...

And after all, Carrier IQ was just Google Analytics to mobiles. [...]

Google Analytics ANALyses every keystroke on your computer? Because Carrier IQ receives every dialer keystroke on the device. []

(I'm not saving Google's face here)

Re:Analytics for Mobiles (0)

Anonymous Coward | more than 2 years ago | (#38253058)

Only America America. Canadian carriers don't, and I haven't heard anything about the rest of NA (you know, those other countries South of the US?)

Re:Analytics for Mobiles (0)

Anonymous Coward | more than 2 years ago | (#38253100)

Google Analytics ANALyses every keystroke on your computer? Because Carrier IQ receives every dialer keystroke on the device. []

(I'm not saving Google's face here)

The article you linked to doesn't say anything about that. It just speculates that a future Google product might collect a bunch of data about you. Google does not ship any products with Carrier IQ. That is something added by your phone company or whatever.

Re:Analytics for Mobiles (3, Informative)

b4dc0d3r (1268512) | more than 2 years ago | (#38253380)

Your quote says "receives" but your link says "logs". We still don't know what happens to those logs. There may be no privacy problem here other than potential availability to malware.

Yes, that is important, and yes the logs should be stopped. But you are asserting something we don't know is true.

Re:Analytics for Mobiles (0, Insightful)

Anonymous Coward | more than 2 years ago | (#38252772)

Wrong. Apple install it by default and even obfuscate the files. It doesn't exist in Android, only the US carriers are installing it. Typical myopic Apple zealot, aren't you.

Wrong (5, Informative)

SuperKendall (25149) | more than 2 years ago | (#38252830)

Wrong. Apple install it by default and even obfuscate the files.

Wrong yourself, or at least misleading - The carrier IQ that Apple ships with does not record anything at all by default, and even if you could figure out how to enable it records only a tiny bit of data, no keystrokes or SMS for example...

Nor do they obfuscate anything (unless you call shipping with it off a form of obfuscation).

Re:Wrong (0)

Stalks (802193) | more than 2 years ago | (#38253108)

You're missing his point.

Carrier IQ is installed on every iPhone device, stock, or carrier shipped. Only carrier shipped Android devices with custom carrier ROMs have it installed.

Re:Analytics for Mobiles (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38252806)

Isn't it interesting that the only OS that has Carrier IQ on every single device, supplied by the OS developer, is iOS?

See, it works both ways. Now how about we stop turning this into a retarded smartphone manufacturer fanboy flamewar and throw stones at Carrier IQ and the carriers that support them, which is where they belong?

Re:Analytics for Mobiles (3, Insightful)

Anonymous Coward | more than 2 years ago | (#38252836)

As a Linux fan through and through for fourteen years and counting I am endlessly surprised at the android circle jerk. Linux's customers are smart people who choose to use Linux, and linux distro providers work to supply them with what they want. Apple's customers are (probably also) smart people who don't want to care how a computer works (for good or bad) or customers with money to burn. Still, apple work to give them what they want . Microsoft's customers are people who want to get a job done with standards (even if they're bad), and MS will work to give them what they want (even if I disagree with the quality of what they provide)

But google's customers are advertisers. We, the users, are the product not the clientele, and issues like this with android WILL NOT END until google fundamentally changes its business model.

Google has and always will work to give their advertisers and marketers what they want first. The users and our privacy are a secondary priority

Re:Analytics for Mobiles (4, Informative)

madmark1 (1946846) | more than 2 years ago | (#38252980)

As a 'Linux fan', you should know that not everything provided in your install was provided by the manufacturer, or was part of 'Linux'. Neither is CarrierIQ in any way part of Android. It is a separate piece of software, installed on some Android based phones by the carrier. It does not send data to Google, and there is even some debate on whether it sends anything, or merely logs it. Google is not benefitting from this data, nor can they sell it to others, since it isn't data they collected, or even knew about. It also, I might add, is installed on every iPhone from AT&T. It is likely still logging, but only sends the data back to CIQ if you allow it (which on older iPhones, is when you activate it. there seems to be no way to turn it off after that).

Re:Analytics for Mobiles (1)

SadButTrue (848439) | more than 2 years ago | (#38253342)

While it may be true that Google's users are indeed it's products and advertisers are it's customers it is sloppy logic to see this as a bad thing.

Humans are a fairly unique product. We possess both free will and emotions. It is in Google's best interest to make sure that their product is never injured or angered in any way. Also, if Google wishes to keep or grow their production they must provide new and interesting things. Being a product is actually a very pleasant experience as long as you always have the option to leave. Pretty sure trophy girlfriends figured this out millenia ago ^^

Re:Analytics for Mobiles (5, Insightful)

thisnamestoolong (1584383) | more than 2 years ago | (#38252866)

There is a big, BIG difference between CIQ and Google Analytics. Google Analytics tracks your browsing behavior, which is on the open web, and is being done in public. While it is certainly creepy that your web browsing behavior is being tracked, you are still doing all of that in public, where you have no expectation of privacy. CIQ, on the other hand, is a keylogger. It can track private communications that you are intending to send out encrypted before you even send them. This is a whole different ball of wax, and is considered to be criminal behavior in almost all cases in the PC world. Comparing Google Analytics to CIQ is like comparing a case of the common cold to ebola, there are certainly similarities, but one is VERY different in terms of degree.

Re:Analytics for Mobiles (0)

Anonymous Coward | more than 2 years ago | (#38253388)

But, google analytics only tracks the drones who allow javascript. They subsidize us intelligent people.

Re:AT&T denial (-1)

Anonymous Coward | more than 2 years ago | (#38252812)

ldhdz obhth boepa cdfgy naqnu unzqh jzvzl deyde eytyk jrzoe gscmb zisqd vliin jverc ptvmw hzhtf aepxj ximrx byllz toegz sjtlx wxrvq iqspq iecpj acwiz qhuwk hmcgv swpjl wqenv cmwnt rbmlh chgdc fibdc ihnxw aumvz iszcq bcggi rujzk fzozw muhuc hjqtu gaxep xazjc hygmz xuicl tkygf bclix jtdyr eklka wzvmd jffct iahbd kefqy qpcqt wfrol qudhr nooch myaqr pawae zthxm vqohx qwdgj fxwbv kfjnl qwxof mpeyh fatsg qquof ocgia xilki klkfe qhjse nixkf hglvx wkgbs dmqur ijhno mdeyf qbihq ztoza pfpgf pqrkz owvmi vmauj ycvnr mqfmy pikyk grvxs rwkih jcvfc gjgsa spljw bkckg nagpl tqetc mkjsx foqfg oycab paxbq kntfr atdky hpqyw jeyst tpqvw mkklq adkvi oleqv dgcda xoazf qjeaf vlvro kzqza aqwxd gniix bdxlf cxiho qwsco njoos hpvuk bpjck qvghs qlncp jrgsy dqejz hgxni zxzxt kdibp geqll iuudd gxbvr suugm wwuhs lwzpx qsoja zkcaw vutje siipd wqzfh cabti kindo wxtso rqiks jdojw rttqw asswy jfyzy makco isvey yychx zhwyt hiizk rqrhe kdzct jxomj vtdcd qunjf aqunr faekx bjtwj cvxkk kauye tdmbw umgkg xzkkm suwiy xwaaa yzhub lybif zibfw megem rbbkk suaky vevhf qltqk shzkf telgx sqekc biviv fwwhf zziaa cwgmv gdudw lmlug uukai wnstp euukr npbxk jvwyx cmlpx kqdzb vknxh xegrv hvkib nuery oqsmy apouh lcmht vwisq sgebw qeqgr xypmi dsyqd qmoaq ssvfr hhvka lfpin fqjbu nhuon sitew crywt xfzqv vhjie nqach ycwuv svdpe wqpcw dbhgj efvzn tzwtt ixflt wdfvi milko qives lzojb qxocb ffslo uoqrz qmbkp jsbvm ucviw eqnox bzmib zxakr mtiii oqmux kedvr xzoed qljta jeyvr pxpjn jcylz stuur qymmj icbha vfaoq jivnn iohyk ojlos asyrx nvncx bjjxd jbyqc fytwp mzxgy epzvk zxdrt cmhgc qdtbp nesji kmzai uhkns vuvdu cybly haulk oillk nqryb jrgaa elsvp nymjl diptl gfebf onoso ftvzr afkme pkait hkjfp wrqkc ixwer zymux aajdv xcbbk vtydc czoho retwr yzdas atyol vpchw ahkys bxvjs krtei fwsup grlkh gljuw wispn iqbcl owswf kepak uakqy hgqcg mogvb feqba mlsur jkomy klrdw rtwdw lxplz ehthw qoivh dcwvu xrmee tivxr czgvt ppoar evlel ziiyg ncufo pbgkc cobqg kkumk mteen eqhgs kdvsz lqjnx xxpdd pynep lybor qmuel qdgbp gvwty uxcto kuakb naekd lmjne bqekh nfmjo fhbie asxyt rxqbe benfq rhufj lfsfw tsijn kgfuw rsyxq ssdxe bwchb qsftc bbcek hwgjh zoowm lvgje wotta xfhyj wmbth ntotn slwfc eiwlo lnkny tikff wwjjw tfaij wpktd yoatn nzxcj tmqfh xhxtq hrjkh eqtuc ogvvo jxydj luaks fbfmm pwoev mrntp zhupn trdvy eobcx treez qfrfo okkkv yjmjm qaocb gtjww dpwjc itzpt iptem pfrez nwomo kodio ebbdx gkazt tcjsx pwshm zyfky neyqn rkxcs nqkgh lxumw hdzki uygem fxuej xxdhl agpiv ksuhu scdrh jubuk qhsfm fuhxa cryru brbuq btiqp yizrf pumxm anjcf cppvw deedb goedj gifao axkuj ylkqh lfect ptcye ilbof lwtsh ykxis dbehr wmdjk dnmtx znkbg qswxo eqhwr grohg bkkno ldkti srsxb nixet ndfju iumus svbdj drzqo ndbcg yhjsl xoqsz detio ihisa yfvhu kihkw aqrfq pywtb mdprn trqgx wmtam fnlvb bwurs imtio pdwsn zfsvd pbomk mmxtx hvljb rmycd mqehc kdcag eygzg kfosf byajw talpx zcqiv yydmx zcwoc bcavy jnlxj axrmy ujjjo jttwr jrxpu xjfge ekiud oecnf losix wkava iwetg ivngy edtpn pjzne yobik tofmo sjerf xilia xdzpg yshtg kwfrl tniab lrgpu tjlta pwipp yealu nocxm jegjo xatnb ztfox gramz nomau ibhtj bfqrw qvnmf rirmt cumqc fginb knonc sgyxe dbxvx cxoch pprvl swcjr tdurk akpuj vbmvw ibdna ixuja dtvtl oxxwb eopqo hqexq aibdk mduew npwlr dvjne jpvbg

Re:AT&T denial (0)

Ihmhi (1206036) | more than 2 years ago | (#38253168)

What the actual fuck is this?

Is some CIA agent in Tangiers using Slashdot as a communication outpost, or did someone forget to take their meds today?

Re:AT&T denial (1)

damn_registrars (1103043) | more than 2 years ago | (#38253226)

I would immediately moderate that comment up if I had mod points today. That gibberish deserves to score (+5, insightful) for sure. Way better than the goatse or GNAA stuff that is usually posted anonymously here.

Is some CIA agent in Tangiers using Slashdot as a communication outpost

Admittedly, that wouldn't be that bad of an idea, since nobody reads Slashdot any more any ways.

It's Bill Lee (0)

Anonymous Coward | more than 2 years ago | (#38253296)

... whackin' in Tangiers.

And now I'm out on the sole surviving with my Beatnik peers. Analog reel and a little distortion.


Re:AT&T denial (1)

shentino (1139071) | more than 2 years ago | (#38253392)

Who says the two possibilities are mutually exclusive?

questions (5, Interesting)

Tom (822) | more than 2 years ago | (#38252792)

Very good question from the senator:

Does Carrier IQ believe that its actions comply with the Computer Fraud and Abuse Act (18 U.S.C. Â 1030)? Why?

That's the kind of question you don't want to be asked. People don't ask that way if they don't already have an opinion. Basically, he wants to see them dig their own grave, and enjoy it.

That's good news. Let's see if they spring the lobby machine into overdrive and try to get the issue "lost" in sub-comittees and extended deadlines.

Re:questions (0)

Anonymous Coward | more than 2 years ago | (#38252946)

Not a big fan of Franken, but he seems to be quite clued on Technological issues.

Re:questions (3, Insightful)

MyFirstNameIsPaul (1552283) | more than 2 years ago | (#38253074)

I have a question for the senator:

Does the Computer Fraud and Abuse Act comply with the Constitution?

Re:questions (1)

nightfell (2480334) | more than 2 years ago | (#38253246)

The Senate isn't the proper body for answering that question, the Supreme Court is.

However, what makes you question the constitutionality of the law in the first place? Care to enlighten us?

Re:questions (1)

Ihmhi (1206036) | more than 2 years ago | (#38253180)

I have never been so happy as to have a shit-stirrer of Al Franken's quality in our government. I think we need more cynical comedians in politics, just because they have some of the most eloquent BS detectors in the world. Murray/Akroyd 2012!

Re:questions (4, Informative)

sphealey (2855) | more than 2 years ago | (#38253230)

And I think the answer to that will be, it was the carriers that decided what functions to enable. And the carriers were exempted from all electronic spying restrictions by the FISA extension of 2008 (aka absolve AT&T bill).


even if it does NOTHING... (4, Insightful)

RyuuzakiTetsuya (195424) | more than 2 years ago | (#38252794)

the problem is transparency.

If not Carrier IQ what next? What information are they gathering? What's the performance cost with this thing running in the background?

Somewhere in the back of my head Richard M. Stallman is laughing(and eating foot fungus).

Software freedom is the solution. (5, Insightful)

jbn-o (555068) | more than 2 years ago | (#38253280)

As I'm sure you know: Without complete corresponding source code to all of the software running on a phone, you'll never know the answer to those questions.

RMS knew the solution to this problem before the problem became widespread (as he often does) and he got the solution right early on: this is a social problem, not a technological problem. The solution is software freedom for all computer users for all the software they run.

Sadly, the Carrier IQ debacle is unlikely to propel people to see this solution. The problem is too weak in its urgency because Carrier IQ's (or any other workalike) privacy violations are merely annoying or scary. Privacy violations usually don't kill or maim anyone. Also, the affected audience has low market value: the general public. When proprietary software used in internal medical devices fails and kills someone, there will be another opportunity to talk of software freedom as a social solution to be taken seriously. And, for a time, people will be more receptive to the idea that all computer users deserve software freedom. People seem to have no problem hiring professionals in other fields they don't understand (plumbers, doctors, lawyers, mechanics, builders) so it's not far-fetched to expect the public to hire computer programmers to inspect and modify programs on their behalf.

Re:Software freedom is the solution. (0)

Anonymous Coward | more than 2 years ago | (#38253448)

The trouble is that his solution is purely theoretical. If the working of all software and hardware were free and open, then in theory people could check it and everything would be checked.

But most people are incapable of checking it, fewer care, and there's far too much software and hardware constantly being created to allow anyone to keep track.

This, among other reasons... (1)

Anonymous Coward | more than 2 years ago | (#38252818)

Is why I still use a "dumb" phone and keep my landline. I was originally concerned about hacks and privacy invasion from outside threats. The Windows experience has proven that no publicly networked device can be safe from threats. But the providers can get away with this shit, even more than the gangsters.

Should have got a blackberry... (-1)

Anonymous Coward | more than 2 years ago | (#38252834)

Maybe this clusterfuck is big enough to point out to users the security risks of the android & iphone platform.

When you have your entire life accessible from your smartphone, you need your smartphone to be audited & certified. Go buy a blackberry: []

Re:Should have got a blackberry... (3, Insightful)

MachDelta (704883) | more than 2 years ago | (#38252908)

Yes, because Blackberry has never handed over the keys to BBM when a nation-state has demanded them...

Re:Should have got a blackberry... (4, Interesting)

MyFirstNameIsPaul (1552283) | more than 2 years ago | (#38253060)

True, but you can install any app you want on a BlackBerry, including ones that allow users to use their own keys. You can even get BES for free and run your own mailserver with your own keys. I realize RIM has fallen behind in many areas, but I have to say I am quite disappointed that practically none of the major tech blogs has discussed the fact that Carrier IQ is not only not installed on BlackBerry devices, but it is a violation of RIM agreements for a carrier to install this app on a phone. From RIM support forum: []

RIM can attest that it does not pre-install the CarrierIQ application on BlackBerry smartphones and has never done so. Furthermore, RIM does not authorize its carrier partners to install the CarrierIQ application on BlackBerry smartphones before sales or distribution and has never done so. RIM also did not develop or commission the development of the CarrierIQ application, nor is RIM involved in any way in the testing, promotion, or distribution of the CarrierIQ application.

Re:Should have got a blackberry... (0)

Anonymous Coward | more than 2 years ago | (#38253384)

And if iPhones or Android phones are being sold in those countries then you can be sure that the data from them is being intercepted as well, otherwise the handsets would not be allowed in the country. Do not kid yourself.

Remember when Google so bravely stood up to China? Remember about three weeks later when was back up? What do you think happened?

Re:Should have got a blackberry... (2, Interesting)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#38253024)

" "RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution," the company said in a statement. "RIM also did not develop or commission the development of the CarrierIQ application, and has no involvement in the testing, promotion, or distribution of the app," the statement said"

I know that that statement makes me fully confident... "CIQ is not installed on Blackberry smartphones." is short, punchy, and sounds nice. Who wants to guess why their spokesweasel went with the above, instead?

Re:Should have got a blackberry... (0)

Anonymous Coward | more than 2 years ago | (#38253102)

Because they cannot guarantee no one installs it despite lacking authorisation?

Re:Should have got a blackberry... (2)

MyFirstNameIsPaul (1552283) | more than 2 years ago | (#38253110)

They stated even more than what you stated: they stated that not only is it not installed on the phones, but it isn't authorized to be installed by carrier partners. How is that not a stronger statement? Then they continued on to state that they have never had anything to do with Carrier IQ. I don't understand how you infer otherwise.

Re:Should have got a blackberry... (0)

Anonymous Coward | more than 2 years ago | (#38253322)

Because they didn't say no. They used a lot of words about what they don't do, but they never said flat out that CarrierIQ is not installed on BlackBerries. Just that they had no hand in it.

Re:Should have got a blackberry... (1)

Beriaru (954082) | more than 2 years ago | (#38253440)

Can you categorically say there's no horsecock porn in your computer after sending it to repair to the geek squad?

Re:Should have got a blackberry... (1)

lightknight (213164) | more than 2 years ago | (#38253466)

They're probably calling every carrier who offers their phones, and making sure they don't install it. RIM has had enough problems over the past few years, they don't need this one.

Wait (2)

M0j0_j0j0 (1250800) | more than 2 years ago | (#38252902)

But why is are not the Telecoms on the noise???? they are the ones using the weapon, CIQ is only the manufacturer!!!!

Re:Wait (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#38253150)

To go with an unfortunately appropriate analogy, CIQ is just a street-level heavy. Three of the largest telcomm corporations in the United States are Al Capone. The latter party is almost certainly the driving force behind the former party's crimes; but he's virtually untouchable and isn't exactly going to get his hands dirty to keep a lacky from getting thrown under the bus.

The carriers, while they almost certainly are up to their eyeballs in slime, have zillion-page 'contracts' with the people they are screwing, massive lobbying expertise, and quite possibly de facto or even de jure legal impunity when it comes to a little of the old wiretapping(just look at the, er, unimpressive consequences when their collaboration with the NSA was revealed...) CIQ, by contrast, is just a little coder shop somewhere, 6 years of history, not even the flimsiest of contracts with any phone users, and no obvious friends. Everybody who isn't their customers certainly has no reason not to want them gone, and even their customers would almost certainly rather switch spyware vendors(they've got plenty of options) than endure the PR hit of defending their present vendor...

Much as I'd love to watch CIQ's operations burned down with those responsible locked inside, I suspect that the focus on CIQ will drown out the (far more dire) fact that contemporary communications technology is running headlong into the dystopian future, and the world is crawling with upmarket spyware vendors who provide very similar products and services worldwide. CIQ was unlucky enough to land in hot water

Just a little while back, Etisalat was trojaning its blackberry customers [] with (poorly made) spyware from the wonderful people at SS8 [] . Guess who suffered no consequences whatsoever and is still merrily peddling "Lawful intercept solutions"?

Laws needed to ensure opt-out (1)

whoever57 (658626) | more than 2 years ago | (#38252920)

Let's assume that the carriers put a clause in their agreements that authorizes them to collect and analyze all data. What happens if all carriers do this with all phones? If the only option is to not carry a phone, is there really an option?

That's why this needs to end up with a law that requires carriers to provide a real opt-out.

Re:Laws needed to ensure opt-out (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#38253044)

"Opt-out" is basically CYA bullshit. The notion that what amounts to 'consent through cluelessness' could possibly be valid makes a mockery of the idea of a contract. There's a reason why "opt-out" is so popular with various sorts of scumbags trying to avoid real control over their abuse of 'consumers'...

Re:Laws needed to ensure opt-out (4, Insightful)

Fri13 (963421) | more than 2 years ago | (#38253188)

We do not need Opt-Out, we need Opt-In.

Such features, options, possibilities etc should be OPT-IN. If someone has problems with their carrier network. Then they can turn diagnostic tool ON and report it.

Universal Wind. (4, Informative)

Ostracus (1354233) | more than 2 years ago | (#38252940)

Skeptics find flaws in Carrier IQ application analysis []

As I posted in another forum, the court of public opinion isn't in complete agreement.

Re:Universal Wind. (1)

flimflammer (956759) | more than 2 years ago | (#38253186)

I wish I had mod points for you.

Re:Universal Wind. (1)

Anonymous Coward | more than 2 years ago | (#38253256)

It's called peer review, and is an essential component of real science. Why should we be surprised by this? If you would have RTFL correctly, you would see that these 'skeptics' are unable to disprove Eckhart's claims because CIQ is not exactly forthcoming with information. The only factual basis for these counterclaims is the disassembly of several installed instances: "what he found was a large, powerful program with a lot of capabilities". Ever tried to disassemble a large program and infer all its inner workings?

Moreover, the dispute seems to be on CIQ's transmission capabilities only, not its logging capacity. The peers seem to agree that "We need more awareness of what it can do and the ability to opt out of it".

I particularly like this gem, from CIQ CEO: "'It's the operator that determines what data is collected". What operator? Oh, he means the network operator, not the phone operator...

Where are skilled slashdotters? (1)

Fri13 (963421) | more than 2 years ago | (#38252956)

Where are those skilled network hackers who reads and comments to slashdot, and who would do tests does CarrierIQ send data over network?

Would it be possible to test with WLAN sniffing? Collectin data from specific period, like one week and check what it actually brings up?

Re:Where are skilled slashdotters? (2)

Em Adespoton (792954) | more than 2 years ago | (#38253486)

To test, I think you'd have to set up your own cell, as this doesn't use the wifi network. People with their own personal cell tower to test with probably work for or with the carriers, and so are under NDA WRT the whole thing. About the only thing that could be done is a custom android build with this installed that would spit out the data before it was handed over to the radio. As the carriers have already stated that they use it to monitor QoS, there are likely trigger conditions that will cause the data to be sent... kind of like sending MS or Apple your crash logs. The fact that the end user is NOT alerted that anything is being sent is the real issue. Likely the carriers figure that it's their network and their device data that's at issue here, and they don't really care about personal info for the task at hand, so they've never considered the gross privacy violations that the system potentially enables.

Or they've been mandated to install it.

Don't forget about the Government (0)

7-Vodka (195504) | more than 2 years ago | (#38252982)

Let's not forget about the incredible risk brave whistleblowers took on to let us know that the federal government is copying ALL internet an phone traffic and keeping information on ALL US citizens without anonymizing ANYTHING.

They've likely served all of your service providers and google, yahoo etc with thousands of secret letters that force them to divulge information on YOU and also compell them on pain of prison, not to divulge the existence of the letters. These letters can be served to anyone, a financial institution, a pharmacy, a drug company, your employer, your doctor, your LAWYER, your old priest. They can be served in person or electronically by the hundreds.

The federal government can declare a US CITIZEN an enemy combatant without any oversight, deprive him or her of all their constitutional rights and even KILL them without due process on foreign OR US soil. What if someday soon they chose to do this to people who disagreed with them politically?

Don't forget the most inciduous enemy.
Vote for Ron Paul or someone who agrees with the same policies. Don't vote for the status quo, the above is now the status quo.
End the FED.

Re:Don't forget about the Government (1)

7-Vodka (195504) | more than 2 years ago | (#38252996)

Sorry, insidious.

Re:Don't forget about the Government (0)

Anonymous Coward | more than 2 years ago | (#38253244)

No problem. Echelon corrected it too.

Re:Don't forget about the Government (1)

shentino (1139071) | more than 2 years ago | (#38253430)

Doe v. Ashcroft overturned the NSL provisions already.

what about costs? (1)

s2r (461076) | more than 2 years ago | (#38252998)

If CIQ is found guilty what would happen with the extra costs people paid while sending all that information without its knowledge?

T-Mobile? (0)

Anonymous Coward | more than 2 years ago | (#38253010)

So it looks like T-Mobile is the only "good" carrier here that doesn't install such spyware.

Lets see the other carriers burn for this because it's pretty much all their fault for installing this potentially illegal software.

Re:T-Mobile? (1)

Tacvek (948259) | more than 2 years ago | (#38253146)

What about Verizon wireless? Or did you exclude them for other reasons?

Re:T-Mobile? (3, Informative)

517714 (762276) | more than 2 years ago | (#38253424)

Nope! [] "T-Mobile utilizes the Carrier IQ diagnostic tool to troubleshoot device and network performance with the goal of enhancing network reliability and our customers' experience. T-Mobile does not use this diagnostic tool to obtain the content of text, email or voice messages, or the specific destinations of a customers' Internet activity, nor is the tool used for marketing purposes."

Verizon, C Spire, MetroPCS, and US Cellular are the only US carriers currently denying Carrier IQ is used on their systems.

If you're not doing anything illegal.... (1)

ra9869 (709653) | more than 2 years ago | (#38253016)

Sad to say, but this probably falls under what is a reasonable expectation of privacy. I'd expect this to be covered deep down in a EULA somewhere. Honestly, folks, what do you expect? Haven't you been listening to anything? Did you read your EULA? We'll be indignant for a week or two and then go back to worrying about what the Kardashians are doing (via our smartphones, of course). Remember, if you are not doing anything illegal, then you don't have anything to worry about!

After All teh Rest (0)

Anonymous Coward | more than 2 years ago | (#38253034)

Absolutely the worst. After PROMIS, Echelon, all the trojans, worms, loggers, loaders, spam, commercial datamining, geolocation, auto-celltracking, the end of Magnas Cartae, Civil Rights, The Universal Declaration of Human Rights, The Geneva Convention and its multiples, The Nurenberg Trials, ... and all the rest.

How shocking!. Shocking!

Ah, just hang the CEOs, marketdrones, white-collar collaborators in general, and their financiers up by their thumbs. Tar and feather them, Then Send them to Texas. Fair's fair.

The failed federal government. (0)

Anonymous Coward | more than 2 years ago | (#38253240)

Is the reason any company would think they could get away with this.

Re:The failed federal government. (1)

lightknight (213164) | more than 2 years ago | (#38253500)

Then it may be time to remind them that they cannot. ;-)

Why would the feds object? (1)

sphealey (2855) | more than 2 years ago | (#38253250)

>> It is an utterly appalling invasion of privacy with immense potential for
>> manipulation and privacy theft that requires immediate federal intervention.'"

Why would the Federal Gov't intervene? Seems like a capability tailor-made for use in surveillance by three-letter agencies.


Re:Why would the feds object? (1)

lightknight (213164) | more than 2 years ago | (#38253528)

Were I a lawyer, I'd be looking at fraud...messages sent to and from people's phones without their authorization, silently jacking up people's phone bills (not everyone has unlimited data/messaging/talk). And were I Congress, I'd consider it under my jurisdiction because of their favorite clause in the constitution, the interstate commerce clause...someone is going to buy something, even if it's a ringtone, on one of those phones, and chances are the ringtone company is out of state, ergo it's interstate commerce, ergo "Congress must regulate it."

I'll be in the other room, drinking. Thinking like this always depresses me. That it's getting easier to do so is a sure sign that the pills aren't working anymore...^_^

How unexpected is this, really? (4, Insightful)

damn_registrars (1103043) | more than 2 years ago | (#38253260)

After all, your carrier already knows what numbers you are communicating with, how often, for how long, and when. They know the text of the messages you send, as well. The only difference is now there is a company who you are not directly paying who is also watching what you're up to. I'm not saying I approve of it, but it really isn't that big of a change form my perspective. If your carrier just sold your calling records to someone, would it be this much of an issue?

Ultimately, any carrier that doesn't already have this kind of detailed information on every one of their customers is at the least irresponsible and more likely idiotic - and even more likely soon out of business. Even for the "unlimited" plans out there, it is still worthwhile for the companies to watch what is going on in order to properly position themselves for future changes in consumer and business phone use.

Join the Classaction Suit! (1)

joocemann (1273720) | more than 2 years ago | (#38253292)

This is a link to the attorneys that are representing the national class action lawsuit. []

You agreed to this in the contract. (-1)

Anonymous Coward | more than 2 years ago | (#38253404)

You agreed to all of this in that contract you signed for service.
Go away.

Having your device help the network provider is common. Your router does it and so does your smart phone. Whether you should trust the network provider or not is a completely different question.

This certainly doesn't have any more to do with wiretap laws than when AT&T listens into all your phone calls - since they can. Network providers are better because of tools like these.

Your ISP has the ability to listen in on almost all your web traffic too and that traffic is not legally protected anywhere near as much as voice traffic over cell and landlines. THAT'S what we should be pissed off about. Warrant-less ISP traffic monitoring.

Hot Coffee = Above the Law (1)

CuteSteveJobs (1343851) | more than 2 years ago | (#38253540)

Yes, they may have violated wiretapping law but I bet no one goes to jail and if there is a fine, it doesn't dent their profits. But these guys not only are above the law. They write it. There is a HBO Documentary called Hot Coffee I recommend. You remember the McDonald's coffee case? An old lady who bought a cup of coffee, recklessly drove off with it between her legs suing for $2M?

Turns out there is a whole other side to these stories. In her case the coffee really was too hot (scalding temperature), and the photos of her burns are really bad! Not superficial; I mean bad! She was in the parking lot *parked* when it happened, and she was a passenger. She had asked for was to cover medical costs of treating the burns, but McDonalds brushed her off. It was a jury that awarded the figure because there had been 700 other burn cases and McDonalds had done nothing. An arrogant McDonalds manager said "700? pfffft... surprised it isn't more." She settled for less than the awarded amount. They made her sign a gag order.

And after that they badmouthed her with other big companies to lobby successfully for 'tort reform' using this case. Sounds like a great idea until it happens to you. This really limits the ability of the public to hold corporations to account. So, they are above criminal law (corporations may be people, but you can't jail them) and above civil law thanks to tort reform.

What about the EU? (2)

Gravis Zero (934156) | more than 2 years ago | (#38253566)

we know that the EU is giving facebook flack for their privacy issues, so what do you think they are going to do to Carrier IQ?

i get the feeling that in a couple months we will see the a headline about Carrier IQ going under.

Load More Comments
