December 13, 2011, 9:53 AM — Maybe that smart phone in your pocket is a little too smart.
Earlier this month during the big Carrier IQ kerfuffle I asked whether its diagnostic software, which can secretly record many things you do on your phone and transmit that data back to your telecom carrier, made your phone more vulnerable to hackers.
Today’s burning question: Does CIQ’s software make you more vulnerable to law enforcement? The answer appears to be yes.
The FBI’s response – or nonresponse, as it turns out – speaks volumes. The service declined to answer, citing the following exemption under US Code:
The material you requested is located in an investigative file which is exempt from disclosure pursuant to 5 U.S.C. Section 552(b)(7)(A)…[which exempts] “ records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information… could reasonably be expected to interfere with enforcement proceedings…”
Well then. I take that answer as a “yes.” Not only is the CIQ data used by the FBI, it appears to be relevant to at least one case that’s underway right now. (Brad McCarty at The Next Web posits another possibility – that the Feds can’t turn over information because of the pending FTC and Senate investigations of Carrier IQ. But that would still imply the FBI has received data from the CIQ software.)
In any case, this does not exactly jibe with the arguments CIQ has been pushing – most recently and explicitly in conversations with John Paczkowski at AllThingsD – that its software captures only diagnostic information, not keystrokes or other content. In fact, Carrier IQ CEO Larry Lenhart says his company has been approached by law enforcement for use in tracking alleged criminals, and CIQ has rejected them: