Commentary

House Democrats: Carrier IQ Software Could Pose 'Significant' Privacy Threat

Carrier IQ still can't shake the controversy that erupted last month, after  researcher Trevor Eckhart posted a video showing how the company's software can log keystrokes.

From Dec. 1 through today, the once obscure company has been named as a defendant in at least 58 federal lawsuits. Lawmakers like Sen. Al Franken (D-Minn.) have called out the company -- and its telecom partners -- for potentially logging and transmitting information about people's mobile Web activity.

And this week, three Democrats on the House Energy and Commerce Committee requested a hearing about telecom companies' ability to use Carrier IQ's software to collect data about consumers. “Although consumers know little if anything about this software, it could represent a significant threat to privacy,” Reps Henry Waxman (D-Calif.), Diane DeGette (D-Colo.) and G.K. Butterfield (D-N.C.) state in a letter to the committee's Republican leadership.

“Data collection and transmission by Carrier IQ and similar software is widespread,” the letter continues. “Even if consumers know about the threat to their privacy, they have little practical recourse because most device users have no ability to delete the data collection and transmission software from their phones.”

For its part, Carrier IQ recently issued a report acknowledging that its software sometimes logs the contents of messages, but said that the data is encoded. Carrier IQ characterized the logging as a bug. “In some unique circumstances, such as when a user receives an SMS during a call, or during a simultaneous data session, SMS messages may have unintentionally been included in the... traffic that is collected by the IQ Agent,” the company said in its paper. Those messages, Carrier IQ added, “are not human readable,” according to Carrier IQ.

That was a significant change from Carrier IQ's initial reaction -- an attack on Eckhart. Last November, after Eckhart first published initial research about the company along with its training manuals, it threatened to sue him for copyright infringement. The digital rights group Electronic Frontier Foundation got involved and Carrier IQ backed off, but didn't at the time acknowledge any potential problems with its software.

Shortly afterward, Eckhart followed up on his initial report by posting the keystroke-logging clip, and sparking the company's ongoing woes.

Next story loading loading..