So much misunderstanding around Carrier IQ →
BGR:
Federal investigators have launched a probe in order to examine Carrier IQ’s smartphone software, which tracks a range of activity and sends certain data to wireless carriers without users’ knowledge. Carrier IQ executives met with officials from both the Federal Trade Commission and the Federal Communications Commuission on Tuesday, The Washington Post reports. “We are complying with all investigations at this time as we have nothing to hide,” said Carrier IQ representative Mira Woods. “We have been completely transparent through this process.”
This is crazy. Of course phones have the ability to track and transmit personal messages and other activity. If they didn’t they couldn’t possibly work. They’re telecommunication devices with near-desktop computing power after all. Carrier IQ simply provides a debugging tool that helps capture all kinds of metrics and other information. Such logging is absolutely necessary to building a functional product.
Now, the trick is to turn off those abilities - or better yet, remove them altogether - when the hardware ships.
And I think that’s where Carrier IQ was stupid. Their software reports the telemetry back to Carrier IQ servers directly. And then they forward the requested info on to the carrier or whoever purchased the service. So, Carrier IQ hasn’t really committed the original sin here - that’s on the carriers who configure the Carrier IQ software to capture all of that personal info - but they’re definitely accomplices who aided and abetted.
What I don’t get is why they don’t seem to offer at least two versions of their software:
- Full-fledged, unabridged logging capabilities of every phone activity. Great for prototypes and pre-release hardware undergoing final stages of testing.
- Limited logging capabilities that only report on generic phone activity. Suitable for real-world use in helping resolve customer problems without compromising their privacy.
Throw in a 12 page terms of use license with PARAGRAPHS OF ALL CAPS TEXT that clearly explains which version is used where and then Carrier IQ would be in a much better position to defend themselves.
If a phone manufacturer (or carrier with access to source code/firmware) isn’t using Carrier IQ, I can still guarantee you that they have the technological capabilities to perform the exact same kind of logging and transmission. They simply have to turn it off before putting it in the customer’s hands.
