1 Comment

Summary:

Several days into the Carrier IQ story — which raised privacy concerns around software that claims to be an innocent diagnostics tool — an…

Carrier IQ

Several days into the Carrier IQ story — which raised privacy concerns around software that claims to be an innocent diagnostics tool — and some handset makers and at least a few carriers are scrambling to clear their names of any CarrierIQ association, although the discussion is unlikely to end here.

This story was updated throughout the day as more companies denied or acknowledged involvement with Carrier IQ’s software.

Nokia (NYSE: NOK) has confirmed that it does not ship any devices with CarrierIQ on it because the Carrier IQ service does not work on Nokia’s platforms, as per this statement it emailed us:

“Nokia is aware of inaccurate reports which state that software from CarrierIQ has been found on Nokia devices. CarrierIQ does not ship products for any Nokia devices, so these reports are wrong.”

Ditto the three Nexus devices developed by Google (NSDQ: GOOG), two with Samsung and one with HTC, as well as the first Xoom tablet from Motorola (NYSE: MMI), according to The Verge, which credits an “extremely reliable source” with the info.

With people still unclear about what, really, is being used by this diagnostics software — which Carrier IQ has repeatedly said (those are two links) has to do with optimizing network performance, not collecting user data — some carriers look like they are also trying to make clear that they do not have any association with the company.

Telefonica (NYSE: TEF) operator O2 has told us that it “doesn’t collect” any information via Carrier IQ. Vodafone (NYSE: VOD) UK tells us the same. And while we are still waiting to hear back from questions we’ve put to Vodafone Group and France Telecom (NYSE: FTE) on their positions, in the U.S., Verizon has also confirmed to The Verge that it is not carrying Carrier IQ on any of its devices.

When we asked O2 if it used any other diagnostics tools, the spokesperson took the explanation a step further for us: “In principle, no,” she told us in an email, implying that it’s an issue for handset makers, not carriers: “That would be a question for handset manufacturers.”

A spokesperson for Vodafone has come back to us to say that it does not use Carrier IQ in any of its businesses, and does not use any other software like it, and it adheres strictly to privacy regulations in the jurisdictions where it operates.

France Telecom has also told us the same, noting that regardless of whether Carrier IQ has been loaded on to any of the devices on its network, Orange does not validate it, or any diagnostic services similar to it, so it and other related services do not work. This is worth considering when looking how many devices, or deals, Carrier IQ has: who uses this software if not the operator?

Later in the day, Sprint and HTC came clean on their use of the software, with HTC saying that Sprint (NYSE: S) required it on its handsets and Sprint saying that it doesn’t track personal information with the software.

Research in Motion (NSDQ: RIMM) has also sent us a statement essentially washing their hands completely of this story:

“RIM is aware of a recent claim by a security researcher that an application called ‘Carrier IQ’ is installed on mobile devices from multiple vendors without the knowledge or consent of the device users. RIM does not pre-install the Carrier IQ app on BlackBerry smartphones or authorize its carrier partners to install the Carrier IQ app before sales or distribution. RIM also did not develop or commission the development of the Carrier IQ application, and has no involvement in the testing, promotion, or distribution of the app. RIM will continue to investigate reports and speculation related to Carrier IQ.”

AT&T (NYSE: T) acknowledged using the software to Computerworld, but said that it only did so in a manner consistent with its privacy policies.

And Apple (NSDQ: AAPL) confirmed reports that traces of Carrier IQ had been found in iOS by telling AllThingsD that “We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.”

If you look at Carrier IQ’s recent press releases, it has announced deals with carriers (including Vodafone Portugal in 2009 this was just a trial that has now ended, says Vodafone), as well as with vendors like Huawei and NEC. There are surely others that will exist under NDAs, considering the number of devices that Carrier IQ claims are covered by its diagnostics software (over 141 million and counting).

While we wait to see if others revelations come out around this story — they could include more details about what it is that is picked up from devices, how it is used, and what other companies are involved in this practice — it is important to emphasize that there has so far been nothing to prove that this software is actually linked to anything other than what it says it does.

The one big exception, of course, is the video that kicked off this whole discussion, which shows keystrokes being logged, which seems to contradict Carrier IQ’s claims it does not log keystrokes. The company has not explained what this video is otherwise showing, if not a keystroke.

Whatever the answer, given the general level of sensitivity that people have around privacy and mobile usage, it’s no surprise to see this story continuing to pick up steam with people wanting full disclosure.

What seems clear is that that there are other more obvious ways that carriers can control how users surf on their networks.

That was the subject of recent regulatory moves in Europe, in fact, where in the UK Ofcom, per a European directive, has spelled out how operators will have to come clean to users about whether and how they throttle connections to certain mobile services and sites to keep traffic flowing smoothly — and if carriers don’t do this satisfactorily themselves, Ofcom will show them the way a little more forcefully.

  1. What we know from the video is that the software appears to log pretty much every action on a device. CIQ say they don’t collect any personal information but that appears to be patently false. Even if we take what CIQ to be true, the central question is where does the filtering take place? Does the phone send all the information it collects back to a third party server, which then filters the information (which seems to be a clear violation of Federal wire tapping laws) or does the phone itself filter out what information is sent? At the very least, CIQ has the potential to track and monitor every single handset that it is installed on.

    Share

Comments have been disabled for this post