Carrier IQ Relents, Apologizes 78
symbolset writes "Update from an earlier story here, where Carrier IQ was pursuing a security researcher for pointing out privacy issues in an application alleged to track and record the activities of smartphone users. The company has relented, and retracted their Cease and Desist letter. In their press release [PDF] they say: 'As of today, we are withdrawing our cease and desist letter to Mr. Trevor Eckhart. We have reached out to Mr.
Eckhart and the Electronic Frontier Foundation (EFF) to apologize. Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart. We sincerely appreciate and respect EFF's work
on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world.' Notch another win for the Streisand effect."
How much of this was out of their heartfelt goodne (Score:5, Insightful)
First Post
How much of this was due to the slashdot publicity and EFF involvement
Or was this all out of the goodness of their hearts?
How many little guys are getting squashed because they dont get the publicity or cant get the support of a big organisation?
Re:How much of this was out of their heartfelt goo (Score:5, Insightful)
Probably almost entirely the EFF's utter thrashing of CIQ's request/demands.
Re:How much of this was out of their heartfelt goo (Score:5, Insightful)
The EFF is a great organisation
Where would we be without them
Donate https://www.eff.org/deeplinks/2011/11/double-your-impact-take-eff-mission-challenge with dollar for dollar matching by the Brin Wojcicki Foundation until december 31st
I've sent mine in
Mod parent up! (Score:5, Interesting)
The EFF is a great organisation
Where would we be without them
Donate https://www.eff.org/deeplinks/2011/11/double-your-impact-take-eff-mission-challenge [eff.org] with dollar for dollar matching by the Brin Wojcicki Foundation until december 31st
I've sent mine in
Re:How much of this was out of their heartfelt goo (Score:5, Informative)
The EFF is a great organisation
Where would we be without them
Donate https://www.eff.org/deeplinks/2011/11/double-your-impact-take-eff-mission-challenge [eff.org] with dollar for dollar matching by the Brin Wojcicki Foundation until december 31st
I've sent mine in
Note that the "Brin" in Brin Wojcicki is none other than Sergey Brin from Google. I think that speaks volumes, the cofounder of Google is giving half a million dollars of his personal fortune to the EFF. What other corporate entity would side with the EFF on any matter?
Re: (Score:3)
Now, you hush up, youngster! You're going to cause some of those Apple and Microsoft phanbois to have apoplectic fits and seizures!
More seriously, I badmouth Google a little bit, now and then. But, you're perfectly right. There aren't a lot of corporations funding the EFF. Nice find!
Re:How much of this was out of their heartfelt goo (Score:4, Informative)
Note that the "Brin" in Brin Wojcicki is none other than Sergey Brin from Google. I think that speaks volumes, the cofounder of Google is giving half a million dollars of his personal fortune to the EFF. What other corporate entity would side with the EFF on any matter?
Actually, both Apple [matchinggifts.com] and Microsoft [matchinggifts.com] match donations to EFF made by their employees (up to $10k per employee for Apple, and up to $12k for MS). Granted, this is nowhere near as all-inclusive as Brin's program, but if you count matching donations as "siding with", well...
Re:How much of this was out of their heartfelt goo (Score:4, Funny)
Actually, both Apple [matchinggifts.com] and Microsoft [matchinggifts.com] match donations to EFF made by their employees (up to $10k per employee for Apple, and up to $12k for MS). Granted, this is nowhere near as all-inclusive as Brin's program, but if you count matching donations as "siding with", well...
Right, that's how they catch the traitors from within. Clever!
Re:How much of this was out of their heartfelt goo (Score:4, Insightful)
Just to add though, that's a reflection on Brin, not Google.
Re: (Score:3)
But let's also have a little respect for Carrier IQ, it takes balls to make this kind of turnaround...
Re: (Score:1)
But let's also have a little respect for Carrier IQ, it takes balls to make this kind of turnaround...
or a fear that they are about to be dumped by all their customers due to the negative publicity.
Re: (Score:2)
Re:How much of this was out of their heartfelt goo (Score:4, Interesting)
Uhhhhmmmm - slashdot people may very well over rate their impact on things like this. But, 0%? Seriously? If some organization is engaged in shady operations, and those shady operations are exposed, the more eyes on them, the more nervous they get. At least, that's what I think. Don't discount the value of being slashdotted. Or, tweeted, or dug, or whatever. The more eyes, the better!
Re: (Score:1)
No, it's 0%. No one cares what a bunch of anarchist losers on Slashdot think. And even if they did, why apologize? Slashdotters will call for your death till the end of days for any slight, real or imagined. We'll still be seeing people get modded up for making jokes about CIQ's "rootkit" months from now. Just look around this thread. The company was falsely accused of making a rootkit, over-reacted, apologized, and you still get people insisting that heads roll for this.
It's extremism one-upsmanship
Re: (Score:2)
Re: (Score:3, Insightful)
That's my question.
Dear EFF. I will happily donate another $100 this year if you announce intent to vigorously pursue total disbarment of the attorney that signed the letter from carrier IQ.
Judging from the response, virtually none of the clients actions seemed at all questionable under even the vaguest attempt to examine things reasonably. Just like the former Mr. Jackson's doctor...just because their client *really really wanted* their services does not mean it was ethical (or lawful) for them to supply
Re: (Score:2)
Why? What on earth did this attorney do that merits disbarment? Fire him, fine, whatever, but the fight for transparency and intellectual freedom is not waged with petty vendettas.
What the ABA says (Score:3)
Well, we know this had no basis in law and fact. Now about frivolous:
Re: (Score:3)
Perhaps it was the fear of what happened to HBGary with Anonymous.
Re: (Score:2)
We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world.'
Keeping in mind that "free speech" means something different to them than it does to us.
Re: (Score:2)
Carrier IQ would probably like nothing more than to be completely forgotten by the public, since that's not their market (the carriers are). Almost anything would be worth it to them to get Eckhart et al off their back.
Re: (Score:1)
I believe it's the carriers who install it (hence 'CarrierIQ') not the phone mfr, BICBW
Re: (Score:2)
>How much of this was due to the slashdot publicity and EFF involvement?
EFF involvement: almost all of it. They've been doing some incredibly stupid stuff lately, but once in a while they still have the capability to do something right.
Slashdot PR: don't kid yourself. Slashdot is irrelevant to just about anything other than DDoS'ing self-hosted websites. Face it, we're not that important.
Does it end with IQ? (Score:5, Insightful)
'Sorry' is the most devalued word in the corporate world today :-/
Re:Does it end with IQ? (Score:5, Insightful)
Corporations can't feel remorse or make decisions.
The person who decided to go after Eckhart should be the one to say "sorry". Hiding behind the corporate logo makes the apology empty.
Re:Does it end with IQ? (Score:4, Insightful)
But corporations are people too ! ;-)
http://en.wikipedia.org/wiki/Corporate_personhood [wikipedia.org]
Re:Does it end with IQ? (Score:5, Insightful)
But corporations are people too ! ;-)
I understood the joke, but I'l pretend I didn't in order to say:
I will believe it when I see a corporation going to jail or in the death row. :-)
Re: (Score:2)
Whoo-
dammit!
Re: (Score:3)
Corporations can't feel remorse or make decisions.
The person who decided to go after Eckhart should be the one to say "sorry". Hiding behind the corporate logo makes the apology empty.
True, but I find that the case is more often that whoever it is that makes the decisions for these emotionless machines gets to blame some (or a few) individual(s) for whatever it is that is done in the name of the corporation, which can then go about business as usual.
http://en.wikipedia.org/wiki/List_of_corporate_scandals [wikipedia.org]
Re:Does it end with IQ? (Score:4, Interesting)
Most likely there were multiple people. This was an institutional act, and the institution is taking responsibility. Generally having people take responsibility is a way for institutions to scapegoat and duck the structural problems. So I couldn't disagree more. Who cares about going after some director who gave the order?
Re: (Score:2)
The apology came from the CEO [eff.org]. They just didn't sign the press release, because you don't sign press releases.
Re: (Score:2)
Technically, only the CEO should be the one to apologize for something like this.
I guess the lawyer who initially sent the letter, or the person in charge of the PR department, could apologize for it, but ultimately, as a consumer I could never trust fully that an underling wasn't ordered by someone above him/her to take the blame for an higher-up's decision.
Re: (Score:1)
Agreed. I think Carrier IQ deserves a little credit, no matter
why they back tracked.
Re: (Score:2)
It sounded far more like a real apology than most corporate apologies. It admits they were wrong, which most corporations never do, and actually says "sorry", which they often avoid too. I give them cred for this.
Re: (Score:2)
I don't believe that it was ever included in CyanogenMod. Which is largely the point of it being open. One can easily flash a custom firmware that removes whatever silliness the carrier is bundling.
Not only cell phones... (Score:5, Insightful)
Any subscribed service with a 2-way tethered user device such as cell phones, dsl / cable boxes, and cable/dsl/digital television will have embedded information gathering and remote update/control software almost guaranteed.
Much of it is strictly for service metrics, diagnostics and predictive problem avoidance. Some of it is used as an interactive problem solving tool for tier 1 support. You might want to look at www.motive.com as an example company.
If desired though, these products usually have the capability for being very invasive. eg: TV set top boxes can record all kinds of info about your viewing habits: every button push on the remote can be recorded, effectively recording much about your viewing habits.
It's an old story: there are legitimate and desirable uses for these tools but they are all capable of misuse. Even when not abused, our access to privacy and anonymity is severely eroded from what it was even 20 years ago.
Benign? Maybe. Food for thought anyways.
Re: (Score:2)
Good thing my N900 is clean!
AFAIK, the only thing it has is a stupid tool that sends an opt-in text to nokia on first boot with a sim card. Not great, but easily disabled and nowhere near as invasive.
Re: (Score:2)
er . . . you are replying while intoxicated?
Re: (Score:2)
If desired though, these products usually have the capability for being very invasive. eg: TV set top boxes can record all kinds of info about your viewing habits: every button push on the remote can be recorded, effectively recording much about your viewing habits.
I've always assumed this was the case, which is why I make a point of pushing the mute button every time the commercials start.
I will point out that I'm in the UK though; I couldn't afford the power to recharge the remote's batteries if I were to follow this strategy in the USofA.
Re:Not only cell phones... (Score:4, Interesting)
I believe there is some legislation brewing in Canada to keep commercial audio levels the same as programs. Muting is still the best option for that annoyance but killing the audio on your remote doesn't stop the ability to gather info.
Your stb is able to record and report every button push but that doesn't mean the service provider either wants or gathers the info. Mostly they want to know about network quality and whether or not you really did watch that adult pay per view that you are denying ever since your wife caught it on the bill.
Nonetheless, we are now bound in a tracking web by the very nature of the services we use and it isn't necessarily because there is some evil plan or because big brother wants to watch us, although these are possibilities.
It's just the way the stuff works. Dumb landline phones and 56k audio modems are pretty simple and do not require a provider control presence on the device. If you draw out a block diagram of the overall system, it is reasonable to draw a border between subscriber side and network side with the phones and modems on the subscriber side. Sub purchases and owns the device, and is responsible for everything on his/her side of the nid (the point where the phone line enters the location).
Cell phones, stbs, and dsl/cable modems are different. You may think you bought the phone and you own it but not really. Major parts of it are only licensed to you. Further, if you can still draw that border it has moved with the DSL modem or stb on the network side. The sub only owns the local network and even that is getting invaded with TR69 derivatives (service provider can configure your home network remotely).
The service providers see the home devices as part of the network because things like routers are complex and difficult to manage through conversation with the subscriber, and because the devices cause problems which are expensive to remedy. Misconfigure your home router and your IPTV may die. How is tier 1 going to fix it without rolling a truck? There is a legitimate impetus to bind your home network with the provider's control structure but it also ties the user to a sticky information web. The same system that gives the provider access to maintain your network also gives access to how you use your service.
The cell phone is murkier than your landline broadband because everything is in one device. There is no physical separation between the service provider piece and the subscriber's side; there are only information boundaries. It's OK to gather network quality info but not personal info. Not everything is that black and white though. Is it OK to gather stats on how often the settings menu is used? How about how often the "YouTube" app is invoked?
These information boundaries are only respected because of laws and organizations such as the EFF. Oh, and it just may be that no one has had the need or desire to graze on a particular set of data yet.
Sigh: even without CarrierIQ and like services, our smartphones bind us into the info/tracking web. No need for "AirMiles" cards. Every purchase a user makes is tracked forever by the App store. And that nifty app that maps provider 3G coverage also sends tidbits off to some developer geek's server without even a nod to privacy laws. Anyways, the user is in Canada and the dev is in China or Greece or Russia or where ever. Which laws apply?
Caveat emptor.
The EFF got results. GO GIVE THEM MONEY! (Score:5, Insightful)
No, really.
This is why the EFF is so important -- because they have the resources and know-how to stand up for the Hackers, the Security Researchers, the Makers, the Professors, and even the lowly Undergraduates.
The EFF didn't just get results here, they effectively Pimp-slapped the company....with knowledge.
So before you go out on Black Friday to blow a few hundred on electronic toys..err...valuable tools for your job, go give the EFF $20 dollars. Heck, give them something like $65 and they'll even send you a sweet T-Shirt.
What are you waiting for? Think about it: You're a geek and don't get to pimp-slap anyone. Live vicariously through the EFF -- strike a blow against Censorship.
http://eff.org/donate [eff.org]
Re:The EFF got results. GO GIVE THEM MONEY! (Score:5, Interesting)
http://eff.org/donate [eff.org]
And for the remainder of 2011, they seem to have some sort of drive for someone to match the donation, doubling it.
https://www.eff.org/deeplinks/2011/11/double-your-impact-take-eff-mission-challenge [eff.org]
Now seems like a good time to donate. I would, if I had any money of my own.
The Apology Looks Sound to Me (Score:4, Funny)
The apology letter looks sound to me. I don't see any reason why we should be second-guessing their intentions. There is nothing ambiguous here.
It says at the very end, "We welcome feedback on our products and understand that Mr. Eckhart and other developers like him play an important role by raising questions about the complicated and technical aspects of the mobile ecosystem."
These people really sound like fair players, people who are listening, people who are concerned, and who are trying to do a good job. They aren't silencing discussion, and they aren't showing themselves to be anything other than fair.
Re: (Score:2)
The apology is of course after they tried to bludgeon the exposer of their data collection service. They wanted to rely on anonymity to continue the hidden data collection service with the mobile community none wiser. They got caught, the reacted badly and have to do some PR repair. But their service and business model remains intact. They were of course apologizing for their actions not their business. Well that's halfway there I guess.
3 Questions (Score:3)
2: How can I remove it?
3: How can I sue Carrier IQ for invasion of privacy and anything else that good lawyer can think of?
Re:3 Questions (Score:5, Informative)
1/2. The guy who discovered it wrote an app that will detect CIQ (among other things), though you need to have root for it to work. It'll also remove it for you if you donate a dollar. Alternatively, use a ROM that has it removed.
http://forum.xda-developers.com/showthread.php?t=1247108 [xda-developers.com]
Re: (Score:2)
Re:3 Questions (Score:4, Funny)
3: How can I sue Carrier IQ for invasion of privacy and anything else that good lawyer can think of?
First, you need $50,000 for the lawyer.
Re: (Score:2)
Then you join Italian telecommunications security expert Adamo Bove, Greek telecommunications expert Costas Tsalikidis or Deborah Jeane Palfrey list.
Re: (Score:1)
In this case, it looks like someone in the company pressed the "release the lawyers" button, and when the feedback came back to the company from the EFF, other people of the "Ack! What did you do?!?!?" camp got involved, instructed the lawyers to kill the injunction, and crafted an apology.
Re:Snotty (Score:4, Informative)
Since it was me who wrote that, I suppose I should reply. The existence of the Streisand effect is well-known but should be more publicized. Lawyers are just not good at shutting people up. The blowback from unleashing the lawyers on people can have far more disastrous consequences than making a mistake and fixing it - it can scuttle a whole company that has unquestionably good parts as well as one that's being questioned. I think it's important that responsible people understand that because it saves everybody a lot of trouble and outrage, it saves the jobs and products unrelated to the issue.
I think CarrierIQ press release is brilliantly done. I have no doubt they'll use more care to guard privacy and engage the public openly when there are questions from now on. And I think the world's going to forgive and forget, mostly.
Lighten up, Francis.
Re: (Score:2)
They should use the term in an episode of The Good Wife.
Then wait for Barbara to complain.
The irony would be, delicious
The other lesson for CarrierIQ to remember... (Score:5, Informative)
Dear CarrierIQ,
It's good that you've recognized that the security researcher in question had no illicit intent in mind, and was actually working for the good of the general public. Very nice, and definitely the high road. But...
It's clear that not only did you unapolgetically and unreservedly produce a product with the explict, baked-in and horrific capacity to spy on the activities of millions of people (with no distinction between adults and minors, many of whom also have smartphones these days), but you also intended to use brutish, irresponsible tactics to muzzle a person who called you out on it.
So the lesson you need to take away from this is not that pushing the envelope and then apologizing gets you off the hook. The real lesson you need to learn is that, from this point onwards, when I see the brand name "CarrierIQ" before me, my brain will automatically and reflexively replace the phrase "PIG-FUCKING ASSHOLES". And I'm sure I'm not the only ones who feel that way, you scumbag pieces of shit. Fuck you all. I wish nothing more than that the carriers who are your customer base will be ashamed to buy your product, and that you will go out of business.
Clean up your product and make it about..and only about...what you say your goals are as a company, and after half a decade most of the people who feel like I do (including me) will come around and actually see "CarrierIQ" when we read "CarrierIQ". That's the cost of what you have done, and the real lesson you should take away from this.
Re: (Score:1)
Re: (Score:1)
Dear CarrierIQ,
Smartphone consumers never read the Terms of Service agreements (or seldom) and the wording buried deep within the agreement will make oblique reference to collection of data for various purposes. But no one would assume that that wording would refer to constant tracking of consumer behavior including location and keystrokes etc.. No one would agree to that nor have their children exposed to that.
It is not a question of if a system is hackable, but when it will occur, or what good or bad use