Carrier IQ: any worse than the networks?

A parable.

There is a company that is monitoring you.

It has access to every text message you send and receive, to every phone-call, to your emails and web-browsing.

And do you know what really sucks: you’re paying these guys.

Who are they? The FBI, Carrier IQ… no,

it’s your cellphone network.

The recent furore over Carrier IQ seems to have confused the ability to access data with the intent to access data. It’s unavoidable that cellphone networks have the ability to access your data. How else would they send it to you? Sure, they have lots of measures in place to stop it being readable to their employees, but just as they put those measures in, they could remove them. It’s the nature of their business to deal with your data and you trust them to deal with it responsibly, you trust that they don’t intend to access your personal data.

Carrier IQ is software sanctioned (perhaps even commissioned) by the networks and manufacturers. It has the ability to access your personal data – most notably through keylogging – but no-one has shown it has the intent to access your personal data. Indeed the detailed technical analysis of the app by 3rd parties has shown, on the contrary, Carrier IQ do their best not to access your data. They collect stats on behalf of the networks to help with troubleshooting and quickly drop any other data they pick up so it is never sent to their servers. Carrier IQ can best be thought of as an outsourced network-optimization department, they’re not owned by the networks, but they might as well be. So why trust them any less than the networks?

The protection of civil liberties is a duty we share, it is only right that companies such as Carrier IQ should be scrutinised. If, however, they can show they do deal responsibly with your data (and the same goes for ISPs, cell networks and even the postal service) then they should be allowed to get on with their job. If we didn’t trust anyone to handle our data there would be no internet.

Note: OpenSignalMaps is not affiliated with Carrier IQ. There is no keylogging in OpenSignalMaps.

This entry was posted in Open Signal Maps community and tagged , . Bookmark the permalink.

2 Responses to Carrier IQ: any worse than the networks?

  1. While I agree that mobile phone network already have access to a wide variety of information, the case of the Carrier IQ application is a bit different. Security researchers have seen that HTTPS sessions are opened and queries are logged in clear. Most users expect that encrypted data transmissions are not inspected. While this is mostly true for the networks, sitting at the source and inspecting these transmissions goes too far and has nothing to do with improving network quality.

  2. Joe Smith says:

    Where do I start? There were multiple problems with Carrier IQ:
    (1) The carriers were not upfront about it being installed on phones.
    (2) You could not disable/uninstall it without rooting your phone (and potentially voiding your warranty).
    (3) It had the permissions to access pretty much anything on your phone. There was no privacy policy so you pretty much had to just “trust it” not to abuse its privileges.
    (4) Carrier IQ already had deals in the works to harvest more and more data (like the partnership with nielson).
    (5) The stories kept changing. Everyone was blaming each other (the carriers, the phone manufacturers and carrier IQ). Even Eric Schmidt called it spyware.
    (6) They were harvesting data even when you aren’t connected to the specific network (http/https urls over wifi).
    (6) When I get a new phone, I am not signing a lease or rental agreement. I buy it. I understand that carriers may have access to the data traveling over their network (though when you make a phone call, you don’t expect the carrier to be automatically listening and transcribing the call – why do we allow anything less for our data privacy?), but largely anything outside that is out of bounds. It is my phone and I should be in control of what I want to share (and what I don’t), just like I cando with any other computer I own.

Leave a Reply