Carrier IQ Drama Continues 244
alphadogg writes "A Cornell University professor is calling the controversial Carrier IQ smartphone software revelations a privacy disaster. 'This is my worst nightmare,' says Stephen Wicker, a professor of electrical and computer engineering at Cornell. 'As a professor who studies electronic security, this is everything that I have been working against for the last 10 years. It is an utterly appalling invasion of privacy with immense potential for manipulation and privacy theft that requires immediate federal intervention.'" Read on for a grab-bag of other news about the ongoing story of Carrier IQ's spyware.
Federal intervention is already on the menu; new submitter mitcheli writes "Following the video from Trevor Eckhart on Youtube after the filing of the Cease and Desist letter and subsequent reply by the EFF and apology letter (as reported on Slashdot), Senator Franken of the Subcommittee on Privacy Technology and the Law asks some rather pointed questions." Franken has more reason, apparently, to look into this than might legislators in other countries; an anonymous reader submits news that Cambridge researchers have found the software to be confined to (or at least only confirmed in) American customers' phones. From their report: "We performed an analysis on our dataset of 5572 Android smartphones that volunteers from all over the world helped us create. From those 5572 devices, only 21 were found to be running the software, all of them in the US and Puerto Rico. The affected carriers we observed were AT&T, Boost Mobile and Sprint.
We found no evidence of the Carrier IQ software running on Android devices in any other country."
Another anonymous reader suggests that "Apart from anything else, the fundamental mistake that Carrier IQ made was attempting to silence a developer using a heavy-handed legal threat. Certainly this was the tipping point in terms of bring the whole incident to the public's attention."
Like apparently begets like; reader adeelarshad82 writes "Not surprisingly, the Carrier IQ controversy has resulted in some legal action. Class-action lawsuits have been filed in California and Missouri that accuse Carrier IQ, as well as Samsung and HTC, of violating federal wiretap laws. The California case was filed on behalf of four smartphone users with HTC and Samsung devices and accuses the companies of violating the Federal Wiretap Act, which prohibits the unauthorized interception or illegal use of electronic communications, and California's Unfair Business Practice Act."
Finally, GMGruman writes with the cautionary note that Carrier IQ and Facebook pose "the least of your privacy threats": "[S]o far these forms of monitoring anonymize the data, so an individual's actual privacy is not invaded. And while people fret over these potential invasions, a more pernicious privacy invasion is under way, one that monitors actual individuals and then uses that information to try to direct their behavior. For example, car insurers give monitoring boxes to customers to track their driving behavior and offer a discount if it is 'good.' Of course, the flip side is higher rates or no coverage if the black box decides you are "bad." And, as this blog post points out, this is just one of many such 'Big Brother corporation' efforts out there that give significant power to insurers and others who have a history of abusing personal information, such as for redlining and coverage denial."
Analytics for Mobiles (Score:3, Interesting)
And after all, Carrier IQ was just Google Analytics to mobiles. I can just hope that people start the same kind of uproar once they realize how much Google is spying them. If it's not allowed on mobiles, I don't see why it should be allowed on our computers and internet. Maybe there's still some hope in humankind.
Re:Analytics for Mobiles (Score:5, Insightful)
Re: (Score:3)
There are conflicting reports about it actually sending data vs not sending.
Re: (Score:2)
the story "Usually coupled with a lot of FUD" has been circling the facebooks, g+s and reddits for about a week(?) now.
Mass media have also gotten attention to it, I saw it on the news yesterday on a b side channel..
What I still can't fathom is why apple was shipping it "disabled" by default.... misplaced bits?
Re: (Score:3)
Apple has already released what they used to use it for (it was removed in iOS5 except for a few stray bits that no longer function which are to be removed in future updates). It was used to collect anonymous usage data, but only if the user opted to turn on the Diagnostic usage. It was set up that way on purpose.
Re: (Score:3)
Re: (Score:3)
And also:
http://www.msnbc.msn.com/id/45527898/ns/technology_and_science-wireless/ [msn.com]
Re:Analytics for Mobiles (Score:5, Interesting)
Something that hasn't been brought up is: Who is paying for transmitting the data from your handset to CarrierIQ?
Re: (Score:3)
Re: (Score:3, Insightful)
Secondly, somebody actually disassembled the damn thing:
> Rosenberg told CNET. His reverse-engineering showed that "there is no code in Carrier IQ that actually records keystrokes f
Re: (Score:2)
Re:Analytics for Mobiles (Score:5, Insightful)
Nice troll, but the vanilla Android devices (Nexus line) don't ship with the CarrierIQ software, which means that either the handset manufacturers or, much more likely given the US-centric focus, the carriers are responsible for installing it.
Re:Analytics for Mobiles (Score:5, Insightful)
the vanilla Android devices (Nexus line) don't ship with the CarrierIQ software, which means that either the handset manufacturers or, much more likely given the US-centric focus, the carriers are responsible for installing it.
...Which is a very good point. Google gives not only end users but also manufacturers and carriers relatively free reign over Android phones. Apple retains much more control over the iPhone.
While it's easy to see how Apple's strategy can hurt power users, Google's strategy can hurt users also.
Re: (Score:2, Insightful)
Freedom can hurt people, yes. Freedom also lets you install vanilla android (or a community flavor, or whatever). The only problem with that might be some kind of warranty violation--but again, that is an evil of the manufacturer or carrier. Not Google.
AT&T can still violate the privacy of your iPhone. So can Apple. Google _cannot_ because (theoretically) you could check for and remove such violations. Is that done? Well, maybe or maybe not. But that's still better than Apple where it's impossible.
Re: (Score:2)
One AC calling another an idiot. I'd say the score is tied.
Re:Analytics for Mobiles (Score:4, Interesting)
the vanilla Android devices (Nexus line) don't ship with the CarrierIQ software, which means that either the handset manufacturers or, much more likely given the US-centric focus, the carriers are responsible for installing it.
...Which is a very good point. Google gives not only end users but also manufacturers and carriers relatively free reign over Android phones. Apple retains much more control over the iPhone.
While it's easy to see how Apple's strategy can hurt power users, Google's strategy can hurt users also.
Between iOS and Android, you're just trading one bucket of problems for another. Siri will find you a dentist if you tell it you broke a tooth and point you to the nearest escort agency if you're looking for one, but it won't help you if you need to renew your birth control prescription refilled. If you tell it you've been raped, it blithely replies, "Really!"
Apple and Wolfram Alpha can say what they like about the service's beta status; the likeliest reason for this is that they didn't want to touch one aspect of societal behaviour because it might upset parents and affect sales to teens.
Google errs on the other side, empowering handset providers, allowing them to indulge their baser instincts when it comes to how they view customers on their networks. For telcos, the customer is the commodity.
In both cases, corporate entities feel entitled to decide what we are allowed to know about them and what they are allowed to know about us. The contrast between the two couldn't be stronger.
In fairness, this is a common human failing. When it's my information at stake, we call it privacy. When it's someone else's, we call it secrecy [imagicity.com].
The only way to square this circle is to remove the dichotomy altogether. Paradoxically, the only way we can be sure that others aren't abusing our private data is through transparency, which requires less, not more, privacy. In the end, the best we can hope for is a kind of neo-Victorianism, in which we are more willing to accept polite behaviour at face value and overlook all but the more egregious failings. Ultimately, we will have to learn to accept that we are all no better than we should be.
I have no faith whatsoever that American society will be able to accomplish this. The Protestant ethic of probity and respect has long since been extinguished in favour of a mix of fundamentalist, moralistic witch-hunts and ugly prurience.
Re:Analytics for Mobiles (Score:5, Insightful)
You've got it mixed up. The "transparency" is for the corporations and government who exist because we as a society allow them to. Corporations exist because governments allow them to exist and governments exist because we allow them to.
People get privacy. Every level of organization above the family gets transparency. Let me say it again: Privacy is for human beings. Transparency is for organizational entities that are not human.
If you breathe, you get privacy. If you exist because of a piece of paper, such as a corporation or government, you get transparency. That's the way it's supposed to work. When we start to assign metaphysical meaning to these paper entities, via fallacies such as patriotism and the "free market" then we get into all sorts of trouble. We think we can't expect transparency from our government because "we're patriotic and our government can do no wrong". We say we can't expect transparency from corporations because "corporations are persons and they have the rights of persons". We can see how quickly such notions can totally fuck things up.
We have heard a lot from the tea party saying "government needs to fear the people" and just because it's nothing more than a slogan to them doesn't mean they're not right. Just the same, corporations need to fear the people, maybe even more than governments because of the special benefits they have been given by society. I say, it's best to make sure we understand that both governments and corporations only exist to the extent that we allow and we have every right to demand transparency from both. Of course, people who would misuse the special benefits we have given them hate the notion of transparency and hate the notion that governments and corporations are ultimately answerable to the people (and not just people as consumers, by the way). That's why you're seeing the wildly over-the-top response to the anti-corporate message of Occupy Wall Street. Because if people figure out that we don't have to allow corporations to fuck with our lives then all hell could break lose and some very wealthy and powerful people might be made very uncomfortable.
I don't know where you got the idea that transparency requires less privacy for people, but it's a very dangerous and very wrong notion. You really need to re-think this.
Re: (Score:2)
Wow. Someone's getting mileage out of their Word a Day calendar.
No, someone is making use of 4 years of post-secondary education in a 'useless' English degree programme.
Re: (Score:3)
Re: (Score:2)
By "responsible" you need to mean that the carriers asked the manufacturer to install, enable and configure (to a carrier defined list of settings) Carrier IQ on a device and that the manufacturer agreed to do so.
I know it's not as exciting as thinking carriers just we
Re: (Score:2)
There is a quote or comment somewhere (cant find it) from someone who said something like "I work/worked for an android OEM and AT&T basically said 'install CarrierIQ or we wont sell the product'". I may have gotten the details wrong because I cant find or remember the exact quote/comment but the gist of it is that its the carriers that are insisting on this and the handset makers have no choice but to comply.
Re: (Score:3, Interesting)
Re: (Score:3)
That applies to all smart phones, not just Android.
I'd say Android provides more freedom for the user and developer than the iPhone or any of the other default phone operating systems (not sure about Windows phones). You can add non-market software to them without jailbreaking them. You can't do that with the iPhone or (last I heard) a Blackberry.
Any of them are going to come with crap the manufacturer wants on there, and likely prevents you from uninstalling it as best they can. The carriers are worse,
You can put anything on iPhone without a jailbreak (Score:5, Informative)
You can put anything on iPhone without a jailbreak
You just have to pay for a developer's license and enroll your phone.
What you don't get is the ability to to put any software you want on other people's phones by letting them download your application from your web site, you have to go through iTunes for that, and doing that requires Apple to approve your application. But when we get to that point, we've stopped talking about developer freedom and started talking about entrepreneurial freedom, which is something completely different.
PS: iPhones don't come with carrier crap installed; that's one of the reasons Apple didn't initially partner with Verizon; the other two reasons were the Qualcomm patent tax on CDMA hardware, and Verizon not wanting to set up a Visual Voice Mail service that met Apple's requirements.
PPS: All of the projects for running Linux on phones are only going to get somewhere if they break signature verification in the boot loaders, and the baseband software runs on a separate chip, rather than on the same chip as applications. That lets out a lot of smartphones (e.g. anything running a Qualcomm Snapdragon CPU). If they try to go ahead on those phones anyway, men in suits will show up citing the Code of Federal Regulations, 47, Section 2.944 covering Software Defined Radio.
-- Terry
Re: (Score:3)
A good chunk of developer freedom is tied up in distribution.
If you're allowed to develop, but not distribute, then your freedom as a developer has been compromised. Consider the various free applications available from the Cedega app installer - there's no entrepreneurial angle there.
Concerning the PS, yes, you're right. Apple is likely the one exception, since they're really the only ones who can get away with it.
Concerning the PPS, I'm honestly not expecting non-corporate Linux distros to "get anywhere
Re: (Score:3, Interesting)
A good chunk of developer freedom is tied up in distribution.
If you're allowed to develop, but not distribute, then your freedom as a developer has been compromised. Consider the various free applications available from the Cedega app installer - there's no entrepreneurial angle there.
There would be nothing from stopping you distributing your code for an iOS app. In order for your "users" to install it though, they would need to pay the $99 fee for a developer license or be jailbroken. Your right as a developer to distribute software is still there, not very conveniently though but there none the less.
Re:You can put anything on iPhone without a jailbr (Score:4, Insightful)
A good chunk of developer freedom is tied up in distribution.
If you're allowed to develop, but not distribute, then your freedom as a developer has been compromised. Consider the various free applications available from the Cedega app installer - there's no entrepreneurial angle there.
There would be nothing from stopping you distributing your code for an iOS app. In order for your "users" to install it though, they would need to pay the $99 fee for a developer license or be jailbroken. Your right as a developer to distribute software is still there, not very conveniently though but there none the less.
Not really, at least not in any meaningful sense. Just like how copyright law allows you to make duplicates of copyrighted material for personal use ... but denies you the right to acquire the tools needed to do that in most cases. A right that you have but do not have the power to exercise is not a right but is, in the end, a privilege. On that may be revoked at any time.
Re: (Score:2)
That applies to all smart phones, not just Android.
Nope.
The carriers are worse, so if you bought a phone with a carrier bundle, you've got all kinds of crap on there you likely don't want. The base OS of the phone doesn't really matter - Android, iOS, BlackberryOS etc. all have crap added to them that you'd probably rather not have.
Would you clarify what AT&T added to my iPhone that I'd rather not have?
Re: (Score:2)
You're right. It's been a while since my iPhone hit the asphalt at 75mph.
There was crap on my iPhone I didn't want and couldn't remove, but Apple put it there. My main point was about the software freedom angle anyway.
Re:Analytics for Mobiles (Score:5, Funny)
A contract?
Re:Analytics for Mobiles (Score:5, Insightful)
That might be so, but it doesn't change the fact that it's only Android devices where it's enabled by default.
That's probably because the carriers are not able to enable it in iOS. So Apple - the only manufacturer of iOS devices - doesn't want it enabled in their phone, and the carriers are not able to do this. Android is more open, so either the phone manufacturers like Samsung and HTC can install it, or the carriers. So it's true, but it's only true because of the open nature of Android.
Re: (Score:2)
It would be interesting to see if CarrierIQ was installed on Android / iOS phones from some of the more 'repressive' regimes like China, India or Middle Eastern countries.
Re: (Score:3)
Wow. Not true and debunked. You may certainly go to MacRumors to start a FUD war, but please have more respect for (what used to be) a technical forum.
Re: (Score:3)
I'm interested. Can you give some details of the debunking? You seem to know something, and it would be nice if you shared it.
Re: (Score:2)
But as other have pointed out, the article says it's the carriers who have installed it on the Android phones, along with the "enhanced" shells and crap that insist on.
But Apple doesn't allow the carriers to do that, so guess who installed Carrier IQ on your phone, regardless as to whether it's enabled by default or not.
That is to say, it's not enabled in THIS version of iOS. But of course Apple can enable it in the next update if they choose. After all, they didn't tell you it was on your phone in the firs
Re: (Score:2)
Re: (Score:2)
Whether it was included or enabled was purely the manufacturer's design ...
I believe the article at the register included a quote from HTC, saying they installed it at the behest of the carriers, on the phones they were manufacturing for those carriers.
Re:Analytics for Mobiles (Score:5, Informative)
Isn't it interesting that the only OS that sent the info out by default was Android? iPhone didn't. While they were there too, Carrier IQ was disabled by default.
So interesting as the fact that only Noth America seems to have Carrier IQ on their Android devices...
And after all, Carrier IQ was just Google Analytics to mobiles. [...]
Google Analytics ANALyses every keystroke on your computer? Because Carrier IQ receives every dialer keystroke on the device. [xda-developers.com]
(I'm not saving Google's face here)
Re:Analytics for Mobiles (Score:4, Informative)
Your quote says "receives" but your link says "logs". We still don't know what happens to those logs. There may be no privacy problem here other than potential availability to malware.
Yes, that is important, and yes the logs should be stopped. But you are asserting something we don't know is true.
Re: (Score:2, Insightful)
Isn't it interesting that the only OS that has Carrier IQ on every single device, supplied by the OS developer, is iOS?
See, it works both ways. Now how about we stop turning this into a retarded smartphone manufacturer fanboy flamewar and throw stones at Carrier IQ and the carriers that support them, which is where they belong?
Re: (Score:3, Insightful)
As a Linux fan through and through for fourteen years and counting I am endlessly surprised at the android circle jerk. Linux's customers are smart people who choose to use Linux, and linux distro providers work to supply them with what they want. Apple's customers are (probably also) smart people who don't want to care how a computer works (for good or bad) or customers with money to burn. Still, apple work to give them what they want . Microsoft's customers are people who want to get a job done with stand
Re:Analytics for Mobiles (Score:4, Informative)
Re:Analytics for Mobiles (Score:5, Insightful)
Re:Analytics for Mobiles (Score:4, Informative)
How Carrier IQ was wrongly accused of keylogging [cnet.com]
Re: (Score:2)
Um, there was a video which showed how keystrokes are logged to a file as they are being entered. It's still an open question whether said log file is transmitted anywhere after it has been logged - and the linked article seems to say that it's not - but why log it, then?
Re: (Score:2)
Maybe the indented audience was UI designers?
Re:Analytics for Mobiles (Score:5, Interesting)
So on the one hand we have a security researcher being quoted in the news and we are going on his word that he disassembled the software and found no evidence that it was capturing keystrokes. His credentials are that he discovered vulnerabilities in Linux.
On the other hand we have a video of an active android developer who originally found the CarrierIQ software showing via the Android debugger that when he presses a key on his Android device that key gets passed to and processed by Carrier IQ's running process, even though the key in question is a softkey used by a different application (the numbers on the phone dialler for instance which no app should have any business reading).
Sorry but so far I'm sceptical about the CNN article. Maybe someone can debunk exactly what's going on in the video which was posted then the CNN article and the security researcher's claims would be more valid. They have the burden of proof at this point.
Re:Analytics for Mobiles (Score:4, Informative)
Encrypted data, however, is a different thing entirely. Encrypted data is more akin to carrying a letter around this city in a sealed envelope. There IS an expectation of privacy as to the contents of that letter; you put it in an envelope so that the guy sitting next to you on the train can't read it. Now, I know that Google does analyze the content of encrypted emails, but you are using their service, so this should again be expected. If I were to write something on paper while sitting in a Google office, I would have a very different expectation of privacy; it should be expected that they are able to monitor what happens on their own service (or building, in this analogy).
CIQ, however, effectively breaks all of our expectations of privacy. In this analogy, even if you locked yourself in your bedroom, made sure nobody was around, wrote the letter, and then sealed it in a light-proof envelope, CIQ would still know what you wrote on that letter. They would know because THEY WATCHED YOU WRITING IT. While you were writing that letter and taking all the proper measures to keep it private, they had a camera over your shoulder watching as your pen scribbled across the page. It was never disclosed to you that this camera was here. Now, they are defending themselves by saying that we cannot prove that the camera was actually transmitting the data back home, but we know for a fact that it was there and it was recording data. This is why a keylogger is a whole new level of privacy violation; it violates the sanctity of the physical device you are working on. This is what makes it orders of magnitude worse than anything in Marc Zuckerberg's wildest dreams. This is also why keyloggers are almost universally criminal. To compare it to Google Analytics belies a fundamental misunderstanding of the tech at hand. There is a relevant exchange in Pulp Fiction:
Vincent: I didn't say it's the same thing, I said it's the same ballpark.
Jules; Ain't no fuckin' ballpark neither! It ain't the same fuckin' league, it ain't even the same fuckin' sport!
While these characters were talking about something different, the same principle applies. Not only are Google Analytics not the same ball park, they ain't even the same fuckin' sport. The difference in magnitude is astonishing, and making such ill-fitting comparisons only diminishes the affront to decency that this software poses.
Wrong (Score:5, Informative)
Wrong. Apple install it by default and even obfuscate the files.
Wrong yourself, or at least misleading - The carrier IQ that Apple ships with does not record anything at all by default, and even if you could figure out how to enable it records only a tiny bit of data, no keystrokes or SMS for example...
Nor do they obfuscate anything (unless you call shipping with it off a form of obfuscation).
Re: (Score:3)
Carrier IQ is installed on every iPhone device, stock, or carrier shipped.
And it is disabled by default, not supported in iOS5, and will be removed in a future iOS5 update.
Re: (Score:2)
I didn't "miss" anything else as I wasn't discussing anything else. Go defend Apple with someone who cares.
questions (Score:5, Interesting)
Very good question from the senator:
Does Carrier IQ believe that its actions comply with the Computer Fraud and Abuse Act (18 U.S.C. Â 1030)? Why?
That's the kind of question you don't want to be asked. People don't ask that way if they don't already have an opinion. Basically, he wants to see them dig their own grave, and enjoy it.
That's good news. Let's see if they spring the lobby machine into overdrive and try to get the issue "lost" in sub-comittees and extended deadlines.
Re:questions (Score:4, Insightful)
I have a question for the senator:
Does the Computer Fraud and Abuse Act comply with the Constitution?
Re: (Score:2)
I have never been so happy as to have a shit-stirrer of Al Franken's quality in our government. I think we need more cynical comedians in politics, just because they have some of the most eloquent BS detectors in the world. Murray/Akroyd 2012!
Re: (Score:2)
I have never been so happy as to have a shit-stirrer of Al Franken's quality in our government. I think we need more cynical comedians in politics, just because they have some of the most eloquent BS detectors in the world. Murray/Akroyd 2012!
Indeed. Better comedians than clowns.
Re:questions (Score:5, Informative)
And I think the answer to that will be, it was the carriers that decided what functions to enable. And the carriers were exempted from all electronic spying restrictions by the FISA extension of 2008 (aka absolve AT&T bill).
sPh
Re: (Score:2)
And I think the answer to that will be, it was the carriers that decided what functions to enable. And the carriers were exempted from all electronic spying restrictions by the FISA extension of 2008 (aka absolve AT&T bill).
My understanding is that the information flows directly back to Carrier IQ.
And that would be why they're fucked.
Re: (Score:2)
Not a big fan of Franken, but he seems to be quite clued on Technological issues.
Look at the list of co-sponsors for ProtectIP.
even if it does NOTHING... (Score:5, Insightful)
the problem is transparency.
If not Carrier IQ what next? What information are they gathering? What's the performance cost with this thing running in the background?
Somewhere in the back of my head Richard M. Stallman is laughing(and eating foot fungus).
Software freedom is the solution. (Score:5, Insightful)
As I'm sure you know: Without complete corresponding source code to all of the software running on a phone, you'll never know the answer to those questions.
RMS knew the solution to this problem before the problem became widespread (as he often does) and he got the solution right early on: this is a social problem, not a technological problem. The solution is software freedom for all computer users for all the software they run.
Sadly, the Carrier IQ debacle is unlikely to propel people to see this solution. The problem is too weak in its urgency because Carrier IQ's (or any other workalike) privacy violations are merely annoying or scary. Privacy violations usually don't kill or maim anyone. Also, the affected audience has low market value: the general public. When proprietary software used in internal medical devices fails and kills someone, there will be another opportunity to talk of software freedom as a social solution to be taken seriously. And, for a time, people will be more receptive to the idea that all computer users deserve software freedom. People seem to have no problem hiring professionals in other fields they don't understand (plumbers, doctors, lawyers, mechanics, builders) so it's not far-fetched to expect the public to hire computer programmers to inspect and modify programs on their behalf.
Re: (Score:3)
As I'm sure you know: Without complete corresponding source code to all of the software running on a phone, you'll never know the answer to those questions.
It's worse than that.... even with complete source code you won't know the answer, because (a) you're not smart enough and/or you don't have enough time to analyze the thousands of pages of source code of all the software you run, and (b) even if you did, you have no way to guarantee that the source code you analyzed is the same as what is actually running on the phone, and (c) even if you had a way to guarantee that, you have no way to guarantee that there isn't other software running on the phone that you
Re:Software freedom is the solution. (Score:5, Insightful)
So it really boils down to trust -- at some point you have to either trust your cell phone provider not to screw you, or stop using a cell phone
I don't see it that way. I have complete faith that my mobile provider will try to screw me, just like my ISP. A phone is just like any other equipment you connect to the Internet - you just consider networks that you do not control as hostile and go from there.
Re: (Score:3, Interesting)
Access to source isn't necessarily a red herring, although you are right the bigger issue is trust. But source opens up markets for trust.
If you/someone you trust had access to the source of all the software on your phone/device you could use trusted services that compare your phone's software (binaries) to a trusted compile. (Trusted binaries could be provided by proprietary software creators, but I'd rather not trust the software creators and have it independently compiled by a company whose business is s
Wait (Score:2)
Re:Wait (Score:5, Insightful)
The carriers, while they almost certainly are up to their eyeballs in slime, have zillion-page 'contracts' with the people they are screwing, massive lobbying expertise, and quite possibly de facto or even de jure legal impunity when it comes to a little of the old wiretapping(just look at the, er, unimpressive consequences when their collaboration with the NSA was revealed...) CIQ, by contrast, is just a little coder shop somewhere, 6 years of history, not even the flimsiest of contracts with any phone users, and no obvious friends. Everybody who isn't their customers certainly has no reason not to want them gone, and even their customers would almost certainly rather switch spyware vendors(they've got plenty of options) than endure the PR hit of defending their present vendor...
Much as I'd love to watch CIQ's operations burned down with those responsible locked inside, I suspect that the focus on CIQ will drown out the (far more dire) fact that contemporary communications technology is running headlong into the dystopian future, and the world is crawling with upmarket spyware vendors who provide very similar products and services worldwide. CIQ was unlucky enough to land in hot water
Just a little while back, Etisalat was trojaning its blackberry customers [blackberry.com] with (poorly made) spyware from the wonderful people at SS8 [ss8.com]. Guess who suffered no consequences whatsoever and is still merrily peddling "Lawful intercept solutions"?
Laws needed to ensure opt-out (Score:2)
Let's assume that the carriers put a clause in their agreements that authorizes them to collect and analyze all data. What happens if all carriers do this with all phones? If the only option is to not carry a phone, is there really an option?
That's why this needs to end up with a law that requires carriers to provide a real opt-out.
Re: (Score:2)
Re:Laws needed to ensure opt-out (Score:4, Insightful)
We do not need Opt-Out, we need Opt-In.
Such features, options, possibilities etc should be OPT-IN. If someone has problems with their carrier network. Then they can turn diagnostic tool ON and report it.
Universal Wind. (Score:5, Informative)
Skeptics find flaws in Carrier IQ application analysis [networkworld.com]
As I posted in another forum, the court of public opinion isn't in complete agreement.
Re: (Score:2)
I wish I had mod points for you.
Why would the feds object? (Score:2)
>> It is an utterly appalling invasion of privacy with immense potential for
>> manipulation and privacy theft that requires immediate federal intervention.'"
Why would the Federal Gov't intervene? Seems like a capability tailor-made for use in surveillance by three-letter agencies.
sPh
Re: (Score:2)
Were I a lawyer, I'd be looking at fraud...messages sent to and from people's phones without their authorization, silently jacking up people's phone bills (not everyone has unlimited data/messaging/talk). And were I Congress, I'd consider it under my jurisdiction because of their favorite clause in the constitution, the interstate commerce clause...someone is going to buy something, even if it's a ringtone, on one of those phones, and chances are the ringtone company is out of state, ergo it's interstate co
How unexpected is this, really? (Score:5, Insightful)
Ultimately, any carrier that doesn't already have this kind of detailed information on every one of their customers is at the least irresponsible and more likely idiotic - and even more likely soon out of business. Even for the "unlimited" plans out there, it is still worthwhile for the companies to watch what is going on in order to properly position themselves for future changes in consumer and business phone use.
Re:How unexpected is this, really? (Score:5, Insightful)
While this is true, the part I find most disturbing about CarrierIQ is its capture of HTTPS request details and traffic over Wifi, neither of which would be available to the carrier otherwise. Yes, meta data related to calls are logged... carriers are in fact required to do so for a number of reasons (billing, mediation, audits, and servicing subpoenas, etc.) However, I do not subscribe to a data plan and any traffic I send over a Wifi connection should be between me, the Wifi router, and the remote machines I am connected to, particularly when using "secure" protocols like HTTPS.
Join the Classaction Suit! (Score:2)
This is a link to the attorneys that are representing the national class action lawsuit.
http://www.hbsslaw.com/ciq/ [hbsslaw.com]
Hot Coffee = Above the Law (Score:2)
Yes, they may have violated wiretapping law but I bet no one goes to jail and if there is a fine, it doesn't dent their profits. But these guys not only are above the law. They write it. There is a HBO Documentary called Hot Coffee I recommend. You remember the McDonald's coffee case? An old lady who bought a cup of coffee, recklessly drove off with it between her legs suing for $2M?
Turns out there is a whole other side to these stories. In her case the coffee really was too hot (scalding temperature), a
What about the EU? (Score:2)
we know that the EU is giving facebook flack for their privacy issues, so what do you think they are going to do to Carrier IQ?
i get the feeling that in a couple months we will see the a headline about Carrier IQ going under.
Re: (Score:2)
The EU will do nothing, since no cellphone has been found with CarrierIQ running outside of the US.
Carrier IQ has now infected Canada (Score:2)
It's not just happening in the US. All the major carriers in Canada had initially denied having Carrier IQ on their phones (Rogers/Bell/Telus) but it has recently been found on the Rogers LG Phoenix.
http://mobilesyrup.com/2011/12/02/uh-oh-carrier-iq-found-on-the-rogers-lg-phoenix/ [mobilesyrup.com]
Why blame Carrier IQ? (Score:3, Insightful)
IMO people who demonize CIQ are missing the target. You should demonize the companies who employed CIQ technology to spy on their customers.
The only thing CIQ is guilty of is being a for-profit company in a capitalist society. Where there is demand (AT&T, HTC, Samsung, Motorola) there will be supply (CIQ). Just like the spam issue.
If you don't existinguish the demand by penalizing CIQ's customers, perhaps through legislature, CIQ 2.0 will be incorporated in no time and you better believe the next root kit will be a lot harder to detect.
AB
Re:Should have got a blackberry... (Score:4, Insightful)
Yes, because Blackberry has never handed over the keys to BBM when a nation-state has demanded them...
Re:Should have got a blackberry... (Score:5, Interesting)
True, but you can install any app you want on a BlackBerry, including ones that allow users to use their own keys. You can even get BES for free and run your own mailserver with your own keys. I realize RIM has fallen behind in many areas, but I have to say I am quite disappointed that practically none of the major tech blogs has discussed the fact that Carrier IQ is not only not installed on BlackBerry devices, but it is a violation of RIM agreements for a carrier to install this app on a phone. From RIM support forum: [blackberry.com]
Re: (Score:3, Interesting)
I know that that statement makes me fully confident... "CIQ is not installed on Blackberry smartphones." is short, punchy, and
Re: (Score:3)
Re: (Score:2)
It's pretty clear that the phrase above is not an unequivocal no.
Equivocation is a neat trick and it seems to work much of the time. It clearly worked on you!
Re: (Score:2)
Again, I will request that you directly point out the weakness in their statement to disprove your apparent lack of reading comprehension.
The BlackBerry platform allows anyone to install any app they want on their phones, and BES admins can also install anything they want. If RIM were to state "Carrier IQ is not installed on BlackBerry smartphones," they would probably be wrong. So the only thing they can state is that they do not install the software; they do not authorize their carrier partners to insta
Re: (Score:2)
Re: (Score:2)
They're probably calling every carrier who offers their phones, and making sure they don't install it. RIM has had enough problems over the past few years, they don't need this one.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Doe v. Ashcroft overturned the NSL provisions already.
Re: (Score:2)
What about Verizon wireless? Or did you exclude them for other reasons?
Re:T-Mobile? (Score:4, Informative)
Nope! [pcmag.com] "T-Mobile utilizes the Carrier IQ diagnostic tool to troubleshoot device and network performance with the goal of enhancing network reliability and our customers' experience. T-Mobile does not use this diagnostic tool to obtain the content of text, email or voice messages, or the specific destinations of a customers' Internet activity, nor is the tool used for marketing purposes."
Verizon, C Spire, MetroPCS, and US Cellular are the only US carriers currently denying Carrier IQ is used on their systems.
Re: (Score:3)
Re: (Score:2)
Is some CIA agent in Tangiers using Slashdot as a communication outpost
Admittedly, that wouldn't be that bad of an idea, since nobody reads Slashdot any more any ways.
Re: (Score:2)
Who says the two possibilities are mutually exclusive?
Re: (Score:2)
To test, I think you'd have to set up your own cell, as this doesn't use the wifi network. People with their own personal cell tower to test with probably work for or with the carriers, and so are under NDA WRT the whole thing. About the only thing that could be done is a custom android build with this installed that would spit out the data before it was handed over to the radio. As the carriers have already stated that they use it to monitor QoS, there are likely trigger conditions that will cause the d
Re:Where are skilled slashdotters? (Score:4, Informative)
To test, I think you'd have to set up your own cell, as this doesn't use the wifi network. People with their own personal cell tower to test with probably work for or with the carriers, and so are under NDA WRT the whole thing.
Such a thing is called a microcell and can be purchased by the public.
Re: (Score:2)
Then it may be time to remind them that they cannot. ;-)
Re: (Score:3)
The Windows experience has proven that no publicly networked device can be safe from threats.
Ah, Slashdot. You never fail to disappoint.