Carrier IQ Responds To FBI Drama, EFF Wants More Information 140
New submitter realized writes "Yesterday Carrier IQ released a report (PDF) which tries to answer some questions about how their system operates. Also, after reports of the FBI using Carrier IQ data, the company responded by saying, 'Carrier IQ has never provided any data to the FBI. If approached by a law enforcement agency, we would refer them to the network operators.' Additionally, the EFF just released a report which says they believe keystroke data 'is in fact being inadvertently transmitted to some third parties,' but they would like to study carrier profiles to verify information."
Reader Trailrunner7 adds that Carrier IQ's report indicates "under some limited circumstances its software will log the contents of SMS messages sent to a user's phone, but that that the contents of those messages would not be human readable. Instead, they would be in an encoded form that could not be decoded without special software and the carriers don't have access to the contents of the messages either. The company said it has worked on a fix for the bug, which affected devices running the embedded version of the Carrier IQ agent."
The more you know... (Score:2, Interesting)
http://en.wikipedia.org/wiki/COINTELPRO [wikipedia.org]
http://en.wikipedia.org/wiki/Citizens'_Commission_to_Investigate_the_FBI [wikipedia.org]
I suspect COINTELPRO has been updated and perfected by now.
No secret decoder ring here! (Score:5, Interesting)
Instead, they would be in an encoded form that could not be decoded without special software and the carriers don't have access to the contents of the messages either.
Yeah, first they say they don't sniff your traffic, then they say this, then that, then they pull the "not without our secret magic decoder ring" argument. If they are working with government agencies to use this software (and it may not be the FBI), they wouldn't even have the ability to admit to it- those kinds of agreements require the company to deny everything in perpetuity.
First thing this new year, I'm migrating my phone over to cyanogenmod. I'd do it now, but I just don't have the time.
Carriers should make the service heat maps avail (Score:5, Interesting)
I read the CIQ pdf, and the part I was most impressed with was the service quality heatmaps. It would be great if the carriers made (or were required to make) this data available. This would make it much easier to evaluate a carrier in your actual area. Instead the carriers just release vague maps that show that nearly the entire US is green. Clearly they have the data.
Google got slammed, but not CarrierIQ? (Score:5, Interesting)
One thing that's bothered me about all this:
Google's street-view car inadvertently logs SSID broadcasts, which are transmitted in the clear. They 'fess up and get washed and hung out to dry. Threats from governments, demands that they turn over the data, investigations galore.
CarrierIQ sends your text messages and keypresses and location information (including your typed passwords) to various third parties including the FBI and carriers... and nothing. A handful of small entities are "seeking suit" against the company.
Where's the outrage? You'd think that CarrierIQ only affects geeks.
Re:"A fix for the bug"? (Score:1, Interesting)
It's not spyware. Carriers want info on how people use their phones so that they can fix bugs and make better phones. It's no different from software that occasionally reports home with usage statistics. Everyone does it, and it's a good thing. The only problem is that a few OEMs and carriers disabled the user's ability to opt out.
CarrierIQ makes a legal, useful, morally-sound product. Some companies go on to use that product in a legal, useful, but less moral manner. But some asshole of a security researcher figured out (correctly!) that he'd get way more hits on his webpage if he accused them of making a rootkit and keylogger. And now all the innocent, hardworking developers at this small business will be out on the streets, because the rage-a-holics want something to scream about, and the media is more than happy to manufacture controversy if it means good ratings.
So congrats. You're going to destroy the lives of some innocent people over the tiniest of slights. I'm sure you're very proud.
Re:Google got slammed, but not CarrierIQ? (Score:4, Interesting)
Only in the form of OS logs for crash reports
Neither CarrierIQ or the Carriers have business in knowing what apps I'm using, whether they crash or not (the PDF says it reports context switches between apps, this is an INSANE invasion of my privacy) - except the crapware written by the Carriers themselves, which I need or want none of.
The whole "case" against CIQ is hugely overblown by media sources looking for ratings and people who desperately want something to be outraged over.
They were largely responsible for the "case" against themselves - if they worked with the researcher instead of using lawyers to threaten him, there would be no case. They should have been sensitive enough to know that there's a very fine line between what they make and a real spyware - and be aware of the possibility that EFF might join the fray before their lawyer sent that threaten letter.