The controversy over the nature of Carrier IQ’s phone-monitoring application is deepning, with Minnesota Senator Al Franken demanding answers over what the company is doing with the information it collects. Carrier IQ’s code is apparently on millions of devices, and is known to be currently used by at least one manufacturer, HTC, and two carriers, AT&T and Sprint.
Apple chimed in, and says it used Carrier IQ in “most” of its pre-iOS 5 products. It says the code will be removed completely in a future software update, and the submission of diagnostic data is opt-in.
Franken asks Carrier IQ to provide details on what exactly the software records, where the data is transmitted to, and whether or not protections are in place to protect the security of those affected. He is also calling upon the company to give consumers a method of opting out of the process.
“This news underscores the need for Congress to act swiftly to protect the location information and private, sensitive information of consumers”, he says. “Right now, Carrier IQ has a lot of questions to answer”.
Since the story came to a head over the past week, several companies have come forth to clarify their position on Carrier IQ. Verizon has denied the use completely in any of its smart devices, while Sprint and AT&T both admitted to use of the software.
The biggest question remains as to what exactly Carrier IQ is doing. While the researcher — Trevor Eckhart — makes claims of keylogging, at no time does he actually prove what is being sent. This is crucial to the entire story. If this software is just sending behavior, it’s no different from the data many of us agree to opt-in to for those “customer experience” surveys. If its actually sending content, that’s completely different.
Here’s the thing, as John Graham-Cumming puts it: “What isn’t delved into is what the application does with the information. Without that it’s not possible to tell if there’s something really scary going on or not”. And that’s very important, because if we don’t know this, it sounds a lot like Chicken Little.
[UPDATE: A Carrier IQ executive gave All Things D's John Paczkowski more information on what the software captures and transmits--and says it doesn't involve any personally-identifiable information. Just data on issues such as dropped calls.]