Carrier IQ

From SI410
Revision as of 03:54, 15 December 2011 by Tkdavis (Talk | contribs) (General Ethical Issues)

Jump to: navigation, search
Carrier IQ Logo
Carrier IQ is a provider of mobile service intelligence solutions to the wireless industry [1]. Carrier IQ has analytic software embedded in millions of devices, giving wireless carriers and handset manufacturers insight into customers' actions on their wireless devices including keystrokes, geographical location, and web useage. Among Carrier IQ's customers are Sprint, AT&T, and T-Mobile, three of the nation's four largest wireless carriers [2].

Function

Carrier IQ works by tracking metrics from a device and sending the information to its customers [3]. Metrics are information points from the mobile devices, including dropped calls, sets of data that relate to a usage history of the device, an end user's interaction with the device, and interaction with the device comprises the end user's pressing of keys on the device[4]. According to the patent;
Qualifying characteristics may include device type, such as manufacturer and model, available memory and battery life, the type of applications resident on the device, the geographical location of the device, usage statistics, including those that characterize a user's interaction with a device, and the profile of the customer. The data collection profile is then provided to the SQC on the target wireless devices.[4]
The data is then logged and sent to customers such as wireless carriers. The data collected is intended to be used to improve things like coverage, battery life, and other user experiences. The presence of Carrier IQ on a phone depends on a carrier, and not the operating system[5].

Ethical Issues

Carrier IQ Diagram

Press Release and Blog Post

On November 23, 2011, Carrier IQ sent out a press release in response to 17-minute video posted on YouTube and a post to androidsecuritytest.com by security researcher named Trevor Eckhart [6]. The press release stated that they did not provide tracking tools, record keystrokes, inspect or report on the content of your communications, such as the content of emails and SMSs, or sell any information to outside parties [7]. It stated that Carrier IQ software instead makes your phone work better by identifying dropped calls and poor service, identifies problems that impede a phone’s battery life, and makes customer service quicker, more accurate, and more efficient. The claims by Eckhart were that the software worked in ways that users of mobile devices were unaware of. He stated that Carrier IQ could work by being completely hidden to the user [8]. Metrics can be called getting information when a user installs or opens an application, he stated, and information can be when a user browses a webpage, or CarrierIQ can log keypresses made on that webpage.[8]. The software does not have an opt out feature when used with some carriers such as Sprint. Eckhart stated at the end of his writeup, “The only way to remove Carrier IQ is with advanced skills. If you choose to void your warranty and unlock your bootloader you can (mostly) remove Carrier IQ”.[8]

In a follow up response on December 1, 2011, Carrier IQ conceded that their software does keep a log of some phone activity. However, they maintained that the data is kept for debugging purposes only, and that no personal data is recorded or stored[9]. Regardless of whether or not Carrier IQ uses the information stored by its software, storing so much information on a phone is poor security practice. For example, a stolen phone could hold a lot of personal information that, although Carrier IQ may not use, a malicious hacker could easily find and take advantage of. Other researchers have stated that the information Carrier IQ collects is clearly just for diagnostic purposes, but what information is collected can also vary from carrier to carrier [10].

Recent FBI Involvement

The FBI disclosed on the weekend of December 10, 2011 that it uses data gathered from Carrier IQ sources [11]. Michael Morisy from Muckrock.com used a Freedom of Information Act request to see if the FBI had relevant records with Carrier IQ. The response from the FBI was that it could not reveal their usage of Carrier IQ due to interference with pending or prospective law enforcement proceedings [11]. Their response means one of two things, explained by Muckruck's Morisy:
"What is still unclear is whether the FBI used Carrier IQ's software in its own investigations, whether it is currently investigating Carrier IQ, or whether it is some combination of both."
[11]. This means that the FBI could be using Carrier IQ's technology to track users of mobile devices, which would be a ethical problem if Carrier IQ did not reveal to users of the software that they allowed this to happen.

General Ethical Issues

Ethical issues arise when the software invades a person's privacy without their full knowledge and consent of it occurring. If the software could track, record keystrokes, and report on content of communications on mobile devices, it should be made known to users what the software is capable of. In addition, there should be a way that users can opt out of being tracked. Ethical behavior on the side of Carrier IQ would be informing the users of the capabilities, and only using the information that they say the will, and use it to make the devices better. Another possible implication could arise if Carrier IQ sold users' information to third parties without the knowledge of the owners of the devices. A major point stressed in Eckhart's video is that users are generally unaware of the existence or function of this software on their phones. This raises another ethical issue, regarding who is responsible for the security of the information logged onto the phone. Since users are not made aware of this software, ethically either Carrier IQ or its customers should implement better security to protect such data.

An additional question raised from this issue is how carriers' collection of data is regulated, and by whom.

See Also

References

  1. http://www.carrieriq.com/index.htm
  2. http://www.pcmag.com/article2/0,2817,2397141,00.asp
  3. http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/
  4. 4.0 4.1 http://www.faqs.org/patents/app/20110106942
  5. http://www.pcworld.com/article/245907/googles_schmidt_slams_carrier_iq.html
  6. http://www.huffingtonpost.com/2011/11/30/carrier-iq-trevor-eckhart_n_1120727.html
  7. http://www.carrieriq.com/company/PR.EckhartStatement.pdf
  8. 8.0 8.1 8.2 http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/
  9. http://allthingsd.com/20111201/carrier-iq-speaks-our-software-monitors-service-messages-ignores-other-data/
  10. http://www.pcworld.com/article/245492/carrier_iqs_cell_phone_snooping_overstated.html
  11. 11.0 11.1 11.2 http://boingboing.net/2011/12/12/fbi-says-it-uses-carrier-iq-fo.html?utm_source=dlvr.it&utm_medium=twitter&dlvrit=36761
Retrieved from "http://si410wiki.sites.uofmhosting.net/index.php?title=Carrier_IQ&oldid=9211"