Privacy as the Third Rail, Act the First
Welcome to the underside of the bus, CarrierIQ:
“The reports we have seen about Verizon using Carrier IQ are false,” Verizon spokeswoman Debi Lewis wrote in an email to The Register.
In his own email, Nokia spokesman Mark Durrant wrote: “Further to your piece, CarrierIQ does not ship products for any Nokia devices, so reports that they have been found on Nokia phones are wrong.”
A statement from RIM, reported by IDG News, was even more categorical.
"RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution," the company said in a statement. "RIM also did not develop or commission the development of the CarrierIQ application, and has no involvement in the testing, promotion, or distribution of the app.”
Everyone but Sprint is running as fast and as far from this turkey as they can. Customers get twitchy, but Enterprise customers (big companies and the Government) get extra super crazy twitchy about this. It's a cold dead certainty that Fortune 100 company IT Security organizations are being asked pointed questions about whether their employees are being monitored, and whether the corporation's data is safe. It's a cold dead certainty that those IT Security organizations are asking very, very pointy questions to their cell phone providers.
The market is fixing this, and fast.
Privacy as the Third Rail, Act the Second
It's not just corporations who are asking pointed questions:
So riddle me this ECPAman, if CarrierIQ has violated one or more of these statutes, would that make AT&T, Verizon, Sprint, et al unindited co-conspirators? Want to bet long odds that that very question hasn't been discussed in the office of the Verizon General Counsel?
Senator and former late-night funnyman Al Franken has called on Carrier IQ to explain why its diagnostic software, buried in the bowels of 141 million smartphones, isn't a massive violation of US wiretap laws.
In a letter sent to Larry Lenhart, CEO and president of the Mountain View, California-based software maker, Franken expressed concern the software may run afoul of the Electronic Communications Privacy Act, which forbids the monitoring of communications without the users’ consent, and the Computer Fraud and Abuse Act.
Like I said, the market seems to be fixing this at warp speed, but there's a whole can of hurt waiting in this for someone.
Privacy as the Third Rail, Act the Third
The mobile phone spyware incident is becoming as filled with flavor as a jar of Vegemite:
It seems that the CarrierIQ spyware runs on iPhones, too, although at this rate it will be a mystery how it got installed on 140 Million devices when none of the manufacturers and none of the carriers have anything to do with it ...
The row has Australian carriers putting as much distance between themselves and Carrier IQ as they can, as quickly as they can. Telstra’s Craig Middleton hit the Twittersphere today: “Telstra does not use it. We only use customer data for connecting calls and billing for services”.
The carrier’s New Zealand subsidiary Telstra Clear made a similar, but shorter statement.
Wrapping up the Australian carrier scene, both Optus and Vodafone told News.com.au that Carrier IQ’s software isn’t in use in this country; Vodafone has made the same statement for New Zealand, as has Telecom New Zealand.
I keep telling them, and they keep not listening, vol XCDXII:
FBI Bigwig: Three cities got hacked through Internet-connected SCADA controllers:
Speaking at the Flemings Cyber Security conference in London, [FBI Deputy Assistant Director] Michael Welch said the hackers could theoretically have dumped sewage into a lake or shut off the power to a shopping mall.Now this could just be the Fed.Gov hyping something to get more budget. However, it's more than plausible. So here's the important question: which is more of a threat - hackers taking down the power grid, or the government taking more power? But don't worry, McGruff the CyberCrime Dog is on it:
"We just had a circumstance where we had three cities, one of them a major city within the US, where you had several hackers that had made their way into SCADA systems within the city," Welch said.
Nobody ever said that Internet Security wasn't messy ...
AT&T and T-Mobile apparently aren't running from it, either.
ReplyDeletehttp://gizmodo.com/5864444/att-sprint-and-t+mobile-all-fess-up-to-using-carrier-iq
So far, I haven't seen any good evidence that what Verizon has said is untrue, though that could change.
Lots of weasel wording in those denials.
ReplyDeleteThere are LOTS of meetings and discussions of what bloatware goes on a phone and who gets paid for it. Carrier IQ wouldn't be on any of them unless the cell carrier knew about it.
Can't argue with either of you. What's interesting is that these companies PR departments know that this is toxic.
ReplyDeleteThey may be blowing the response - PR departments do this all the time - but they know that it's toxic.
I called, since I have AT&T service, and they didn't 'know' if my phone had it... yeah, right...
ReplyDeleteOldNFO, I guarantee you that there's someone at AT&T who's tracking how many calls like yours are coming in.
ReplyDelete"It seems that the CarrierIQ spyware runs on iPhones, too"
ReplyDeleteApple says that the CarrierIQ thing is disabled in iOS5. Even in iOS4, apparently it's relatively easy to disable on an iPhone.
What I find more interesting is that some quarters are describing the CarrierIQ software as a rootkit, a term with very different connotations from "spyware".
Also, the sharks are circling: there's already at least one class-action lawsuit filed against CarrierIQ.
Damn, I picked the wrong week to stop sniffing glue.
ReplyDeleteYou're not joking about security staffs having some pretty intense discussions.
More interesting and frightening reading:
ReplyDeletehttp://www.networkworld.com/news/2011/120211-cornell-carrieriq-253696.html
I begin to suspect that CarrierIQ may not still be in business by this time next year.
Wolfwalker, I saw that. Not sure that their biggest problem is some Cornell Prof, but yeah, you have to wonder if they're going to be around.
ReplyDelete