When Eckhardt originally posted his discovery, Carrier IQ's attorney, Joseph J. Dullea, threatened him with a cease-and-desist letter: "Your actions constitute copyright infringement. … The consequences of copyright infringement include statutory damages of between $750 and $30,000 per work at the discretion of the court, and damages of up to $150,000 per work for willful infringement." After the Electronic Frontier Foundation went to bat for Eckhardt, Carrier IQ backed off.
Andrew Coward, Carrier IQ's director of marketing, told CNNMoney in an interview, "We're as surprised as anybody to see all that information flowing."
Senator Al Franken (D-MN) has written a letter to Carrier IQ wanting some answers. Read it here.Coward insisted that the Carrier IQ software was not responsible for the logging of keystrokes and other user data. He said the program does not need to log that kind of information to serve its purpose of transmitting network diagnostic data to the phone's carrier.Instead, Coward said the logging was happening at the operating system level, likely as a result of add-on software installed by the handset manufacturers. But he couldn't say for sure."We don't know enough at this point -- it's a very good question," Coward said....Spokesmen from HTC and Samsung both told CNNMoney that carriers forced them to install the program.The wireless providers that have acknowledged using Carrier IQ -- AT&T (T, Fortune 500), Sprint (S, Fortune 500) and T-Mobile -- are all deflecting questions about the software's detailed logging to Carrier IQ. Which, in turn, is pointing back to the manufacturers' implementations of its software and saying that's where the problem lies.
In an editorial, Enough is Enough, Paul Venezia of IT trade publication InfoWorld revealed to his readers what Carrier IQ's website said about its data-gathering software:
Quite a difference from Carrier IQ's "shocked" reaction to CNN about how carriers use their product.IQ Insight Experience Manager uses data directly from the mobile phone itself to give a precise view of how users interact with both their phones and the services delivered through them, even if the phone is not communicating with the network. ... Identify exactly how your customers interact with services and which ones they use. See which content they consume, even offline.
Carrier IQ bragged to Wired magazine about the treasure trove of data their software collects on users.
What can you do? Complain to your carrier, if it's AT&T, Sprint or T-Mobile and demand specific answers about why your phone is logging this information (as alleged), which is far in excess of that necessary to verify proper operation of their services and ask if that log is being sent to them every day, as alleged. If not, then ask them why it is occupying your phone's memory. Turning off the phone supposedly deletes the information, although the application starts collecting it again when turned back on, but at least if your phone is stolen, fewer of your habits will be exposed to a thief if s/he happens to also be a hacker.
UPDATE: A friend of AKSARBENT's called Sprint to complain about Carrier IQ and was told that the video exposing the keystroke logging software was "doctored." She or he was also told that nothing was logged, that Sprint couldn't remove the software because it was "hard-wired" into the phone and that if the phone fell into the wrong hands that the "firewall" would prevent any mischief. (This was after the call was escalated to a "technical support" representative.) Oh, and the rep referred the Sprint customer to Carrier IQ's website.
No comments:
Post a Comment