Friday, December 16, 2011

Sprint Orders Removal of Carrier IQ

According to Geek.com Sprint has ordered OEMs remove Carrier IQ from all of its devices. Carrier IQ, which is an intelligence gathering, and diagnostics program that helps cellular carriers obtain various information about their customers' mobile devices. Included, but not limited to most used applications, how much memory the applications are using, call dropping, and any other metrics the cellular carrier may implement. However there has been lawsuits filed against HTC, and Samsung regarding the usage of Carrier IQ, that it was allegedly recording private information on the mobile device, and transmitting the private information.

The lawsuit filed followed with:
In mid-November, software developer Trevor Eckhart published a video blog illustrating the operation of the CIQ software recording keystrokes, including information sent to secure websites using HTTPS security protocols used in e-commerce and other security-sensitive sites. After Eckhart published his discovery and documents he found on CIQ’s website, CIQ accused him of copyright violations and threatened legal actions unless he capitulated to the company’s demands. The Electronic Frontier Foundation, a public-interest digital rights watchdog stepped in to defend Eckhart and CIQ later apologized to Eckhart and rescinded its demands. -- Hagens Berman

December 12, 2011 a document was released in response (PDF below) about the usage of Carrier IQ, and what cellular carriers may implement. It goes on to state that the data collected may vary depending on the agreements made by that Network Operator to the customer. 

Tutorials have surfaced revealing forcible ways to remove Carrier IQ from a mobile device on a customer's demand, while Sprint (at the time of writing this) have said they will be removing the software. Verizon spokesman Jeffry Nelson said they do not utilize Carrier IQ, however there are still other cellular carriers unaccounted for. AT&T has been noted to use the mobile intelligence and diagnostics program on a select number of devices, including their own called Mark The Spot. Mark The Spot, unlike Carrier IQ may be downloaded by the customer's choice, according to Phone Arena.

Carrier IQ, AT&T, Sprint, Samsung, and HTC have been discussing the usage and reach of the mobile software. U.S. Senator of Minnesota, Al Franken said he was "still very troubled by what's going on," according to Bloomberg.







To read further about the discussion (with documents) visit Bloomberg's article, http://www.bloomberg.com/news/2011-12-16/carrier-iq-response-on-privacy-falls-short-u-s-senators-say.html.



Posted by at No comments:
Links to this post
Labels:

Friday, December 2, 2011

Carrier IQ with Possible illegal Wiretapping

Carrier IQ Overview
Carrier IQ, a company that aims to provide solutions to cellular carriers about their customers phones, or other devices has now entered into a court battle. The Class Action relates to "collecting private information," and "intercepting text messages without permission," among many other angles mentioned openly on the web. The mobile software Carrier IQ, aims to help provide diagnostic information about cellular carrier customers' phones. Dan Rosenberg, security consultant, says that Carrier IQ does not record any keystrokes to send back to the carrier, according to CNET.

The Class Action handled by Hagens Berman currently targeting HTC, and Samsung at the U.S. District Court for the Eastern District of Missouri.

In mid-November, software developer Trevor Eckhart published a video blog illustrating the operation of the CIQ software recording keystrokes, including information sent to secure websites using HTTPS security protocols used in e-commerce and other security-sensitive sites. After Eckhart published his discovery and documents he found on CIQ’s website, CIQ accused him of copyright violations and threatened legal actions unless he capitulated to the company’s demands. The Electronic Frontier Foundation, a public-interest digital rights watchdog stepped in to defend Eckhart and CIQ later apologized to Eckhart and rescinded its demands. -- Hagens Berman

This mobile software, Carrier IQ for cellular carriers leaves open many doors relating to the legality of what contracts may be issued to a customer dealing with privacy. Trevor Eckhart pointed out that Sprint does not indicate how the information Carrier IQ collects is handled.

Sprint is known to collect carrier IQ data because users have the application running reporting to them, but have no privacy policy, retention policy, or public information on what they use the data for.



In West Virginia (disclosure: Journal Five is based in West Virginia), Sprint and possibly other cullular carriers, according to Eckhart's Sprint policy screening would be in direct violation by using Carrier IQ if Bill 281 was in-affect. Making it a crime to put software such as Carrier IQ on customers' mobile devices without their knowledge or consent.

A response from Carrier IQ on their website.

While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools. The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools. The information gathered by Carrier IQ is done so for the exclusive use of that customer, and Carrier IQ does not sell personal subscriber information to 3rdparties. The information derived from devices is encrypted and secured within our customer’s network or in our audited and customer-approved facilities.


http://www.carrieriq.com/Media_Alert_User_Experience_Matters_11_16_11.pdf
http://www.hbsslaw.com/newsroom/?nid=2143
http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/
http://www.legis.state.wv.us/Bill_Status/bills_text.cfm?billdoc=SB281%20SUB1.htm&yr=2011&sesstype=RS&i=281
http://news.cnet.com/8301-31921_3-57335715-281/how-carrier-iq-was-wrongly-accused-of-keylogging/
http://www.computerworld.com/s/article/9222378/Carrier_IQ_HTC_Samsung_hit_with_class_action_lawsuits



Posted by at No comments:
Links to this post
Labels:
Subscribe to: Posts (Atom)