• by Wendy Davis , Staff Writer @wendyndavis, December 9, 2011

Google chairman Eric Schmidt wants it known that the company is no fan of Carrier IQ, the company that was recently accused of distributing software capable of logging keystrokes on mobile devices.

“We certainly don’t work with them,” he reportedly said at conference on Thursday at the Hague. Schmidt also called Carrier IQ a “keylogger” -- though whether that's fair is a question that seems to divide observers.

Two weeks ago, researcher Trevor Eckhart posted a video showing how Carrier IQ's software logged a Google search he did on an HTC phone -- even though he used HTTPS encryption.

But others are defending Carrier IQ -- at least on accusations that it spied on users. Researcher Dan Rosenberg said on Pastebin there was no evidence that Carrier IQ transmitted data back to the carriers. “Carrier IQ does a lot of bad things. It's a potential risk to user privacy, and users should be given the ability to opt out of it,” he posted. “But people need to recognize that there's a big difference between recording events like keystrokes and HTTPS URLs to a debugging buffer (which is pretty bad by itself), and actually collecting, storing, and transmitting this data to carriers (which doesn't happen).”

For its part, Carrier IQ denies snooping on users.

Regardless, the very existence of software capable of logging users' keystrokes raises plenty of questions, including whether any outside parties are able to access information that the software can collect.

In some ways, the whole dust-up is reminiscent of a controversy earlier this year about iPhone location tracking. This spring, security researchers Alasdair Allan and Pete Warden reported that all iPhones log users' locations -- raising the possibility that anyone who came upon a lost or stolen iPhones could learn which physical locations the owner had visited and when.

Whether or not Apple, Carrier IQ or other companies intentionally threatened users' privacy, the controversies about hidden programs raise the same obvious question: Why does the public continually have to learn of potential privacy problems from independent researchers, rather than the companies who created and marketed the products?