FAQ: Behind the Carrier IQ rookit controversy

Critics say Carrier IQ software surreptitiously gathers personal data from phones; Vendor, carriers say only service-related data is tracked

By , Computerworld |  Security, Carrier IQ

Verizon, Research in Motion and Nokia each say they don't use the software in their phones. All three say reports suggesting otherwise are incorrect. There have been several reports that Carrier IQ software has been found on Apple iPhones as well. iPhone hacker chpwn blogged about discovering Carrier IQ on several models "up through and including iOS 5"-based devices. However, the software appears to be easier to disable on the iPhone than on other devices, according to chpwn. Apple has neither confirmed nor denied the reports. The company did not immediately respond to a request for comment.

Is use of the Carrier IQ software on mobile phones legal?

You can safely bet that's a question a lot of lawyers are studying the legality of the software at this moment. In a letter addressed to Larry Lenhart, president and CEO of Carrier IQ today, U.S. Sen. Al Franken (D-Minn) said that use of the software may violate the U.S. Electronic Communications Privacy Act (ECPA) and the Computer Fraud and Abuse Act.

Meanwhile, the Electronic Privacy Information Center today briefly noted that the use of Carrier IQ's software to log data may constitute an "unlawful intercept" of data under the ECPA. In comments made to Forbes , former Justice Department prosecutor Paul Ohm said that the use of the software could be grounds for class action lawsuits based on federal wiretapping laws.

How has Carrier IQ responded to the complaints?

When Eckhart first published the report, the company threatened to sue him for breach of copyright. (Eckhart used publicly available training materials from Carrier IQ's site for his research. He later posted copies of those training materials on mirror sites). The company also asked him to withdraw his findings, say they were incorrect, and apologize to the company. After the Electronic Frontier Foundation intervened on Eckhart's behalf, Carrier IQ withdrew its threat and its CEO personally apologized to the researcher.

In a statement, Carrier IQ maintained that its software does not record keystroke, does not support user tracking and does not inspect data communications, according to a story in Forbes. The Carrier IQ site was down this afternoon.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness