Carrier IQ doth protest too much; shouldst really quit the incriminating denials

'Spying' and 'making spyware' are not the same thing, but aren't that different, either

Carrier IQ went on the record again yesterday with VentureBeat to try to clear from its name the assumption Carrier IQ is providing data about the activities of end users to the FBI.

Since Carrier IQ and the remarkably comprehensive smartphone-monitoring app it provides to cell-phone carriers was outed as collector of detailed usage, performance and location data on more than 100 million phones worldwide, the company has been intent on correcting the record.

Unfortunately for Carrier IQ, people are really, really interested in to what extent their phone providers are spying on them, as are members of Congress and European regulatory bodies.

A site called MuckRock even put in a Freedom of Information Request to the FBI asking what Carrier IQ-collected data it was being provided to use in its investigations.

The FBI has been promiscuous in its use of loopholes and signing privilegesin the Electronic Communications Privacy Act of 1986 that allow it to demand some information about personal cell phone accounts from the carriers, without having to get a warrant first.

Almost all the major carriers (and Google) have admitted having received requests from the feds; Google admitted how many and how often it acceded; the rest said nothing.

MuckRock's FOIA request asking whether data collected by Carrier IQ software was part of those investigations was rejected.

"The material you requested is located in an investigative file which is exempt from disclosure pursuant to 5 U.S.C. Section 552(b)(7)(A)…[which exempts] “ records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information… could reasonably be expected to interfere with enforcement proceedings…" – FBI response to MuckRock FOIA request, Dec. 7, 2011

If you insist on splitting hairs, at least don't argue over how evenly to do it

Yesterday, despite publishing a report describing in detail how it works with cell-phone carriers, how the carriers define what information Carrier IQ software should collect and, in fact, collect it, Carrier IQ PR people were trying to spin the FBI thing to make clear that, whatever the carriers or FBI are doing, Carrier IQ is not to blame.

"Carrier IQ has never provided any data to the FBI," a company spokesperson told VentureBeat in an email.

Of course not. That was the point of the report Carrier IQ issued and all its protests that it doesn't make spyware – it makes software that is remarkably effective at collecting information that would be the envy of most spyware developers, and sells that to carriers.

Carrier IQ the company doesn't collect all the data the Carrier IQ software collects. The carriers get it directly.

If the FBI is getting any of that information, it's the carriers, not Carrier IQ, that is passing it over.

Carrier IQ is not directly to blame, though it's not entirely innocent, either.

'Not to blame' and Completely Innocent do not mean the same thing

Everyone also realizes "spyware" is a loaded and subjective term.

"Monitoring software" installed and controlled by a friendly IT person who tells the end users he or she is keeping an eye on their Internet activity during work hours to help avoid "malware" and "security issues" doesn't quite qualify as spyware.

The same app doing the same thing without telling the end users, from the point of view of the end users, is definitely spyware.

Carrier IQ the company can't wiggle out of accusations that it makes software that can be used for covert monitoring and surveillance.

It doesn't and shouldn't take the blame if carriers or the FBI misuses that ability.

That doesn't mean there shouldn't be some regulation on the use of that kind of intrusive monitoring – a requirement that the end user be notified, for example.

Nor does it mean people will forgive or accept Carrier IQ as innocent of any intrusion into their privacy.

Smith & Wesson is not to blame for murders committed using guns it manufactures. But it can't escape some attenuation of guilt for having made it so efficiently and easily possible.

Gun manufacturers compensate by funding lobbyists and political campaigns to keep regulators from blaming them too explicitly or shutting them down because of the way some people use their products.

They don't use all their energy claiming they weren't involved in any way in crimes committed using their products.

Carrier IQ isn't to blame for invasions of privacy using its software, but it's not completely innocent, either.

It needs to stop pretending its intentions and its achievements are unsullied by obvious misuses of its products and just accept that it builds software that does well something most people resent having done at all.

Carrier IQ can't spin itself out of that implication any more than the carriers can. It just has to learn to live with the resentment of 100 million cell-phone users.

Luckily, it doesn't have to monitor all the angry texts they send each other about it.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.
ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon