[LINK] SMH: 'Software revelation fuels privacy fear'

Roger Clarke Roger.Clarke at xamax.com.au
Mon Dec 5 10:04:32 AEDT 2011 

Software revelation fuels privacy fear
Jordan Robertson, Peter Svensson
December 5, 2011
The Sydney Morning Herald (Business Pages)
http://www.smh.com.au/business/software-revelation-fuels-privacy-fear-20111204-1odky.html

TECHNOLOGY bloggers are asking if our mobile phones are spying on us 
after a security researcher said a piece of software hidden on 
millions of phones was recording virtually everything people do with 
them.

Amid a broad outcry, a US senator, Al Franken, is calling for an 
investigation. A class-action lawsuit has been filed against the 
software's maker, Carrier IQ, of Mountain View, California.

The software, which Carrier IQ says is used on about 150 million 
mobile devices, appears relatively innocuous. It does watch what 
owners of Sprint Nextel Corp and AT&T smartphones do with them, 
including what people type and the numbers they dial.

But it does not seem to transmit every keystroke to the company. 
Instead, it kicks into action when there is a problem - such as a 
call that does not go through - and lets the company know.

''It is software that is developed in partnership with carriers with 
the intent to improve network performance. As far as we can tell, it 
meets this description in execution,'' said Tim Wyatt, the principal 
engineer at Lookout, a mobile phone security company.

''In line with our privacy policy, we solely use CIQ software data to 
improve wireless network and service performance,'' AT&T said.

Carrier IQ says the data its software gathers is stored by the phone 
companies or at Carrier IQ's facilities. It does not sell the data to 
third parties.

Phone companies, of course, are already custodians of a wealth of 
private information, including whom you call, where you surf and what 
your text messages say.

The brouhaha started a few weeks ago, when a programmer, Trevor 
Eckhart, documented Carrier IQ's workings with videos on his blog.

The software company threatened him with a lawsuit if he did not take 
the information down.

A civil liberty group, the Electronic Frontier Foundation, took on Mr 
Eckhart's case and the company backed down. Mr Eckhart posted another 
video this week, showing Carrier IQ's software logging keystrokes on 
an HTC EVO 3D from Sprint, a mobile phone network.

A privacy worry is what kind of data Carrier IQ is retaining. A 
Carrier IQ vice-president, Andrew Coward, said the software did not 
record every keystroke or send information about all of them back to 
the company.

The only keystrokes it cared about were specific administrative 
commands, including those instructing the software to phone ''home''. 
The rest it discarded, Mr Coward said.

''We never expected to need the content of SMS messages, so we didn't 
code for it,'' he said.
Apple said it has stopped supporting Carrier IQ in most of its 
products. Separately, the company came under fire last year over 
location-tracking features of the iPhone and made a software change 
to keep data on users' movements for less time.

For now, there is no easy way to remove the Carrier IQ software from 
phones without unsanctioned third-party software. Mr Coward said it 
was ''too early to tell'' whether the company would make any 
substantial changes to the software because of the uproar.

Associated Press


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list