Forgot your password?
typodupeerror
Android Security Your Rights Online

Carrier IQ Relents, Apologizes 78

Posted by timothy
from the well-said-gentlemen dept.
symbolset writes "Update from an earlier story here, where Carrier IQ was pursuing a security researcher for pointing out privacy issues in an application alleged to track and record the activities of smartphone users. The company has relented, and retracted their Cease and Desist letter. In their press release [PDF] they say: 'As of today, we are withdrawing our cease and desist letter to Mr. Trevor Eckhart. We have reached out to Mr. Eckhart and the Electronic Frontier Foundation (EFF) to apologize. Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart. We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world.' Notch another win for the Streisand effect."
This discussion has been archived. No new comments can be posted.

Carrier IQ Relents, Apologizes

Comments Filter:
  • by Anonymous Coward on Thursday November 24, 2011 @03:02PM (#38160504)

    First Post

    How much of this was due to the slashdot publicity and EFF involvement

    Or was this all out of the goodness of their hearts?

    How many little guys are getting squashed because they dont get the publicity or cant get the support of a big organisation?

    • by AdamJS (2466928) on Thursday November 24, 2011 @03:11PM (#38160554)

      Probably almost entirely the EFF's utter thrashing of CIQ's request/demands.

    • Id say 0% due to slashdot, nerds are already pissed at them for it regardless of apology.
      • by Runaway1956 (1322357) on Thursday November 24, 2011 @04:45PM (#38161120) Homepage Journal

        Uhhhhmmmm - slashdot people may very well over rate their impact on things like this. But, 0%? Seriously? If some organization is engaged in shady operations, and those shady operations are exposed, the more eyes on them, the more nervous they get. At least, that's what I think. Don't discount the value of being slashdotted. Or, tweeted, or dug, or whatever. The more eyes, the better!

        • by artor3 (1344997)

          No, it's 0%. No one cares what a bunch of anarchist losers on Slashdot think. And even if they did, why apologize? Slashdotters will call for your death till the end of days for any slight, real or imagined. We'll still be seeing people get modded up for making jokes about CIQ's "rootkit" months from now. Just look around this thread. The company was falsely accused of making a rootkit, over-reacted, apologized, and you still get people insisting that heads roll for this.

          It's extremism one-upsmanship

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      That's my question.

      Dear EFF. I will happily donate another $100 this year if you announce intent to vigorously pursue total disbarment of the attorney that signed the letter from carrier IQ.

      Judging from the response, virtually none of the clients actions seemed at all questionable under even the vaguest attempt to examine things reasonably. Just like the former Mr. Jackson's doctor...just because their client *really really wanted* their services does not mean it was ethical (or lawful) for them to supply

      • by Anonymous Coward

        Why? What on earth did this attorney do that merits disbarment? Fire him, fine, whatever, but the fight for transparency and intellectual freedom is not waged with petty vendettas.

        • A lawyer shall not bring or defend a proceeding, or assert or controvert an issue therein, unless there is a basis in law and fact for doing so that is not frivolous.

          Well, we know this had no basis in law and fact. Now about frivolous:

          A lawyer's conduct is "frivolous" for purposes of this Rule if:

          (1) the lawyer knowingly advances a claim or defense that is unwarranted under existing law,
          except that the lawyer may advance such claim or defense if it can be supported by good faith argument for an extension, m

    • by ville (29367)

      Perhaps it was the fear of what happened to HBGary with Anonymous.

      // ville

    • We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world.'

      Keeping in mind that "free speech" means something different to them than it does to us.

    • by TheSpoom (715771)

      Carrier IQ would probably like nothing more than to be completely forgotten by the public, since that's not their market (the carriers are). Almost anything would be worth it to them to get Eckhart et al off their back.

    • by Caerdwyn (829058)

      >How much of this was due to the slashdot publicity and EFF involvement?

      EFF involvement: almost all of it. They've been doing some incredibly stupid stuff lately, but once in a while they still have the capability to do something right.

      Slashdot PR: don't kid yourself. Slashdot is irrelevant to just about anything other than DDoS'ing self-hosted websites. Face it, we're not that important.

  • by Anonymous Coward on Thursday November 24, 2011 @03:04PM (#38160518)

    'Sorry' is the most devalued word in the corporate world today :-/

  • by dogsbreath (730413) on Thursday November 24, 2011 @03:55PM (#38160856)

    Any subscribed service with a 2-way tethered user device such as cell phones, dsl / cable boxes, and cable/dsl/digital television will have embedded information gathering and remote update/control software almost guaranteed.

    Much of it is strictly for service metrics, diagnostics and predictive problem avoidance. Some of it is used as an interactive problem solving tool for tier 1 support. You might want to look at www.motive.com as an example company.

    If desired though, these products usually have the capability for being very invasive. eg: TV set top boxes can record all kinds of info about your viewing habits: every button push on the remote can be recorded, effectively recording much about your viewing habits.

    It's an old story: there are legitimate and desirable uses for these tools but they are all capable of misuse. Even when not abused, our access to privacy and anonymity is severely eroded from what it was even 20 years ago.

    Benign? Maybe. Food for thought anyways.

    • Good thing my N900 is clean!
      AFAIK, the only thing it has is a stupid tool that sends an opt-in text to nokia on first boot with a sim card. Not great, but easily disabled and nowhere near as invasive.

    • by PReDiToR (687141)

      If desired though, these products usually have the capability for being very invasive. eg: TV set top boxes can record all kinds of info about your viewing habits: every button push on the remote can be recorded, effectively recording much about your viewing habits.

      I've always assumed this was the case, which is why I make a point of pushing the mute button every time the commercials start.
      I will point out that I'm in the UK though; I couldn't afford the power to recharge the remote's batteries if I were to follow this strategy in the USofA.

      • by dogsbreath (730413) on Friday November 25, 2011 @09:12AM (#38165050)

        I believe there is some legislation brewing in Canada to keep commercial audio levels the same as programs. Muting is still the best option for that annoyance but killing the audio on your remote doesn't stop the ability to gather info.

        Your stb is able to record and report every button push but that doesn't mean the service provider either wants or gathers the info. Mostly they want to know about network quality and whether or not you really did watch that adult pay per view that you are denying ever since your wife caught it on the bill.

        Nonetheless, we are now bound in a tracking web by the very nature of the services we use and it isn't necessarily because there is some evil plan or because big brother wants to watch us, although these are possibilities.

        It's just the way the stuff works. Dumb landline phones and 56k audio modems are pretty simple and do not require a provider control presence on the device. If you draw out a block diagram of the overall system, it is reasonable to draw a border between subscriber side and network side with the phones and modems on the subscriber side. Sub purchases and owns the device, and is responsible for everything on his/her side of the nid (the point where the phone line enters the location).

        Cell phones, stbs, and dsl/cable modems are different. You may think you bought the phone and you own it but not really. Major parts of it are only licensed to you. Further, if you can still draw that border it has moved with the DSL modem or stb on the network side. The sub only owns the local network and even that is getting invaded with TR69 derivatives (service provider can configure your home network remotely).

        The service providers see the home devices as part of the network because things like routers are complex and difficult to manage through conversation with the subscriber, and because the devices cause problems which are expensive to remedy. Misconfigure your home router and your IPTV may die. How is tier 1 going to fix it without rolling a truck? There is a legitimate impetus to bind your home network with the provider's control structure but it also ties the user to a sticky information web. The same system that gives the provider access to maintain your network also gives access to how you use your service.

        The cell phone is murkier than your landline broadband because everything is in one device. There is no physical separation between the service provider piece and the subscriber's side; there are only information boundaries. It's OK to gather network quality info but not personal info. Not everything is that black and white though. Is it OK to gather stats on how often the settings menu is used? How about how often the "YouTube" app is invoked?

        These information boundaries are only respected because of laws and organizations such as the EFF. Oh, and it just may be that no one has had the need or desire to graze on a particular set of data yet.

        Sigh: even without CarrierIQ and like services, our smartphones bind us into the info/tracking web. No need for "AirMiles" cards. Every purchase a user makes is tracked forever by the App store. And that nifty app that maps provider 3G coverage also sends tidbits off to some developer geek's server without even a nod to privacy laws. Anyways, the user is in Canada and the dev is in China or Greece or Russia or where ever. Which laws apply?

        Caveat emptor.

  • by Qubit (100461) on Thursday November 24, 2011 @03:59PM (#38160882) Homepage Journal

    No, really.

    This is why the EFF is so important -- because they have the resources and know-how to stand up for the Hackers, the Security Researchers, the Makers, the Professors, and even the lowly Undergraduates.

    The EFF didn't just get results here, they effectively Pimp-slapped the company....with knowledge.

    So before you go out on Black Friday to blow a few hundred on electronic toys..err...valuable tools for your job, go give the EFF $20 dollars. Heck, give them something like $65 and they'll even send you a sweet T-Shirt.

    What are you waiting for? Think about it: You're a geek and don't get to pimp-slap anyone. Live vicariously through the EFF -- strike a blow against Censorship.

    http://eff.org/donate [eff.org]

  • by Anonymous Coward on Thursday November 24, 2011 @04:00PM (#38160892)

    The apology letter looks sound to me. I don't see any reason why we should be second-guessing their intentions. There is nothing ambiguous here.

    It says at the very end, "We welcome feedback on our products and understand that Mr. Eckhart and other developers like him play an important role by raising questions about the complicated and technical aspects of the mobile ecosystem."

    These people really sound like fair players, people who are listening, people who are concerned, and who are trying to do a good job. They aren't silencing discussion, and they aren't showing themselves to be anything other than fair.

    • The apology is of course after they tried to bludgeon the exposer of their data collection service. They wanted to rely on anonymity to continue the hidden data collection service with the mobile community none wiser. They got caught, the reacted badly and have to do some PR repair. But their service and business model remains intact. They were of course apologizing for their actions not their business. Well that's halfway there I guess.

  • by Nom du Keyboard (633989) on Thursday November 24, 2011 @04:29PM (#38161040)
    1: How can I determine if this rootkit crapware is on my Android phone?

    2: How can I remove it?

    3: How can I sue Carrier IQ for invasion of privacy and anything else that good lawyer can think of?
  • by Shoten (260439) on Thursday November 24, 2011 @08:58PM (#38162522)

    Dear CarrierIQ,

    It's good that you've recognized that the security researcher in question had no illicit intent in mind, and was actually working for the good of the general public. Very nice, and definitely the high road. But...

    It's clear that not only did you unapolgetically and unreservedly produce a product with the explict, baked-in and horrific capacity to spy on the activities of millions of people (with no distinction between adults and minors, many of whom also have smartphones these days), but you also intended to use brutish, irresponsible tactics to muzzle a person who called you out on it.

    So the lesson you need to take away from this is not that pushing the envelope and then apologizing gets you off the hook. The real lesson you need to learn is that, from this point onwards, when I see the brand name "CarrierIQ" before me, my brain will automatically and reflexively replace the phrase "PIG-FUCKING ASSHOLES". And I'm sure I'm not the only ones who feel that way, you scumbag pieces of shit. Fuck you all. I wish nothing more than that the carriers who are your customer base will be ashamed to buy your product, and that you will go out of business.

    Clean up your product and make it about..and only about...what you say your goals are as a company, and after half a decade most of the people who feel like I do (including me) will come around and actually see "CarrierIQ" when we read "CarrierIQ". That's the cost of what you have done, and the real lesson you should take away from this.

    • by njinsa (1363489)
      Word!

Things equal to nothing else are equal to each other.

Working...