People are worried that their wireless carriers are monitoring all the activity on smart phones to spy on them and do who knows what. For years everyone thought this was just a conspiracy theory, but now a security researcher has thrown a little bit of reality onto the fire.
In mid-November, security researcher Trevor Eckhart published a report accusing Carrier IQ of installing malware on more than 140 million mobile phones worldwide. This software runs in the background and apparently records keystrokes as the user does everything from dialing a phone number to browsing a website. Eckhart posted a video on YouTube showing the software running in the background on an HTC Android phone and capturing information. The video proves this is not a figment of someone’s imagination.
Since that time a firestorm has emerged while Carrier IQ, phone manufacturers and telecom carriers have denied everything. Everyone claims that the purpose of this software is to help carriers improve the service they give to customers. Both AT&T and Sprint confirmed that handsets on their networks include the software, while Verizon says they do not use the software. T-Mobile has admitted using it too. Apple says its not in iOS 5, but there is a simple way to turn it off in the older versions. The handset manufacturers say they only install the software if a carrier asks them to do it. I find it funny that the network in the US that seems to offer the best service does not use this software.
The controversy is continuing as the US Congress is now demanding to understand Carrier IQ’s business practices and what exactly this software does. With all the recent privacy legislation discussions this is coming at a time when government and the public are demanding clear answers.
You might ask, what’s the big deal with all this? Companies have been tracking our habits for years. Every time you search in a browser, Google or Microsoft have a log of what you did. Google, Microsoft and Facebook use your preferences and habits to show you targeted ads. And do you remember the big Apple controversy last April when the iPhone was tracking people’s locations? Why is this any different?
The search engines claim that search information is anonymous when stored. Its purpose is to improve the search algorithms used to return results to us. When you go to a website, your session is logged, but only your IP address, browser information and some information about your operating system is captured. The same type of thing happens when you accept a cookie on your system. Certain information is stored to make it easier when you visit that site again.
The difference with the Carrier IQ controversy is that the software is capturing keystrokes and all activity on a phone – who you call, what you search for, what you type into your phone, everything. This sounds like a key logger that gets loaded onto a computer and sends my keystrokes to someone with nefarious intent. Someone knows everything you do. This is exactly what virus and malware writers do, so they can steal financial account and other personal information. That’s quite a bit different from knowing that I’m at a certain IP address and I’m using a Chrome browser.
If I give up some of my privacy, I want to know what I’m giving up and why. If I use location services on a smart phone to help me navigate a city, I want to opt in for that service, if I feel it benefits me. You always give up something to get something, but I want to have a choice in the process. As Trevor Eckhardt showed in his video, his HTC phone lets him opt in or out of certain services. If I understand that my information is tracked and I choose that because I find the benefits outweigh the detriments, that’s fine.
If my personal information is stored in a database, it should be encrypted and only used for purposes I understand and condone. If I have an Amazon account, for example, I trust that my personal information is encrypted and only I can access it. I give up my information, so that it’s convenient when I make a purchase later. I understand that and I made the choice.
We shall see how the Carrier IQ situation plays out, but this again brings the issue of data privacy and security into the forefront. Too much of our personal information is captured and stored. Some of it is anonymous with the goal of improving service, but more and more seems to be captured without our knowledge. Industry and lawmakers must be very clear about privacy policies and how our information is used. Without this, we continue to be potential victims of identity theft and data breaches.
Benjamin Franklin famously said, “Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.” Giving up my personal information to obtain a little convenience is fine if I understand it’s happening and how that information is used and stored. Having it done without my knowledge violates my trust and rights.
Photo credit IvanWalsh.com