Pirate Things / Carrier IQ with Possible illegal Wiretapping
Carrier IQ Overview

Carrier IQ, a company that aims to provide solutions to cellular carriers about their customers phones, or other devices has now entered into a court battle. The Class Action relates to "collecting private information," and "intercepting text messages without permission," among many other angles mentioned openly on the web. The mobile software Carrier IQ, aims to help provide diagnostic information about cellular carrier customers' phones. Dan Rosenberg, security consultant, says that Carrier IQ does not record any keystrokes to send back to the carrier, according to CNET.

The Class Action handled by Hagens Berman currently targeting HTC, and Samsung at the U.S. District Court for the Eastern District of Missouri.

In mid-November, software developer Trevor Eckhart published a video blog illustrating the operation of the CIQ software recording keystrokes, including information sent to secure websites using HTTPS security protocols used in e-commerce and other security-sensitive sites. After Eckhart published his discovery and documents he found on CIQ’s website, CIQ accused him of copyright violations and threatened legal actions unless he capitulated to the company’s demands. The Electronic Frontier Foundation, a public-interest digital rights watchdog stepped in to defend Eckhart and CIQ later apologized to Eckhart and rescinded its demands. -- Hagens Berman

This mobile software, Carrier IQ for cellular carriers leaves open many doors relating to the legality of what contracts may be issued to a customer dealing with privacy. Trevor Eckhart pointed out that Sprint does not indicate how the information Carrier IQ collects is handled.

Sprint is known to collect carrier IQ data because users have the application running reporting to them, but have no privacy policy, retention policy, or public information on what they use the data for.

In West Virginia (disclosure: Journal Five is based in West Virginia), Sprint and possibly other cullular carriers, according to Eckhart's Sprint policy screening would be in direct violation by using Carrier IQ if Bill 281 was in-affect. Making it a crime to put software such as Carrier IQ on customers' mobile devices without their knowledge or consent.

A response from Carrier IQ on their website.

While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools. The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools. The information gathered by Carrier IQ is done so for the exclusive use of that customer, and Carrier IQ does not sell personal subscriber information to 3rdparties. The information derived from devices is encrypted and secured within our customer’s network or in our audited and customer-approved facilities.

http://www.carrieriq.com/Media_Alert_User_Experience_Matters_11_16_11.pdf
http://www.hbsslaw.com/newsroom/?nid=2143
http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/
http://www.legis.state.wv.us/Bill_Status/bills_text.cfm?billdoc=SB281%20SUB1.htm&yr=2011&sesstype=RS&i=281
http://news.cnet.com/8301-31921_3-57335715-281/how-carrier-iq-was-wrongly-accused-of-keylogging/
http://www.computerworld.com/s/article/9222378/Carrier_IQ_HTC_Samsung_hit_with_class_action_lawsuits

© 2020-2022 Pirate Things || Freedom, privacy, balance. || tips: 304-512-0659 (currently not accepting email, please use text/voicemail) || Email: [email protected] || About/Donate || Facebook page, Twitter, YouTube