Lenhart: We have been approached by law enforcement about using our technology, and every time it’s happened, we’ve determined that that’s not an appropriate use of it. A lot of data that we capture is historical, so if you really want to find out where somebody is and what they’re doing, our technology isn’t going to give you that. Remember, this is diagnostic data. And we don’t share it with anyone.
He adds, when pressed, that if CIQ were approached with a legal order, it would punt to the carriers, since it’s their data not CIQ’s.
After bungling its initial response to the controversy – to the point of trying to silence Android security researcher Trevor Eckhart by threatening to sue him – CIQ has been much more forthcoming about what its software can and can’t do. Independent security researchers like Dan Rosenberg have confirmed CIQ’s statements, at least in terms of the phone he tested.
CIQ has published yet another explanation of what data its software could collect if asked, and how it got on those 140 million+ handsets. The 19-page document goes into painful detail about the metrics CIQ gathers; the bits the Feds would most likely be interested in would be the identities of others contacted by the target of its investigation, the target’s physical location, and the URLs of the Web sites he or she visited – all data that the wireless company would presumably already have access to without CIQ's help.
So… if CIQ software only captures diagnostic data, why would the Feds be using it? Have the G-men suddenly gone into the smartphone troubleshooting business? I think not. We’re still left with too many questions and not enough answers.
UPDATE: Got an email response from Carrier IQ spokesperson Mira Wood, who must be wanting her life back right about now. She writes:
Carrier IQ has never provided any data to the FBI. If approached by a law enforcement agency, we would refer them to the network operators because the diagnostic data collected belongs to them and not Carrier IQ. Carrier IQ's data is not designed to address the special needs of law enforcement. The diagnostic data that we capture is mostly historical and won't reveal where somebody is and what they are doing on a real-time basis.
She confirms that the wireless carriers have plenty of other tools at their disposal for tracking location of users and other data, and don't need CIQ's software for that.