Blog Post

Samsung And HTC Hit By Wiretapping Lawsuit Over Tracking Software [UPDATED]

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

The swirling controversy over a company that reportedly installed tracking software on users’ mobile phones has already produced its first two lawsuits. On Thursday, plaintiffs sued the company, Carrier IQ, and phone makers HTC and Samsung for violating a federal wiretapping statute.

The class action lawsuits, filed in Chicago and St. Louis, seek hundreds of million of dollars on behalf of all US residents who had mobile phones containing the software. The lawsuits were brought on the basis of the Federal Wiretap Act, a law that forbids intercepting “oral, wire or electronic communications” and provides penalties of $100 per day for every violation that takes place.

The details of the Carrier IQ incident are still emerging but the controversy was set off when a security researcher released a YouTube (NSDQ: GOOG) video that purportedly showed the company’s software recording phone users’ keystrokes and encrypted communications. Carrier IQ initially claimed that the software was simply to help carriers provide better service and threatened to sue the researcher who made the allegations.

The issue became a full-blown scandal
yesterday when Senator Al Franken (D-Minn) sent a letter to Carrier IQ asking for details about the software and the company’s business practices.

Meanwhile, the technology press reported on a chaotic series of statements and denials as companies like Sprint and Nokia sought to clarify their role in the affair.

The lawsuits for now target only the two phone makers and Carrier IQ, not any of the carriers, but this could change in the coming days (see UPDATE below). These type of lawsuits are typically filed very soon after privacy incidents by law firms who specialize in class actions and keep templates and a roster of potential plaintiffs at hand.

In the St. Louis lawsuit against HTC, the heart of the allegations are as follows:

Plaintiff, Erin Janek owns an HTC Android phone using the Sprint (NYSE: S) network. At all relevant times Plaintiff used her phone to electronically send over her cell phone network various types of private data. This data was not readily accessible to the general public. She did not know that Defendants were surreptitiously monitoring and collecting this data, nor did she give them permission to do so.

The fallout of this incident could be enormous on both a privacy and a financial level. Unlike other privacy lawsuits in which the nature of the damage can be difficult to quantify, the existence of the wiretap sets out very specific penalties which mean the phone companies could be on the hook for potentially enormous liability.

The story is also playing out in Germany where the data regulator has sent a letter to Apple (NSDQ: AAPL), one of the companies that put Carrier IQ code into its devices, requesting further information on the matter. Apple has said it will stop incorporating Carrier IQ software into iOS and related devices. (see more via Bloomberg)

Carrier IQ is a small company and appears to be still shaping its crisis response strategy. In the last few days, it has received hundreds of new consumer ratings on Google reviews that give it an average of one star.

UPDATE: By late Friday, a new trio of law firms claimed they filed another class action in Delaware. This one also names Apple and Motorola (NYSE: MMI) as well as the carriers Sprint, AT&T (NYSE: T) and T-Mobile. Other filings will no doubt pop up in coming days as more class action lawyers jockey to get a piece of the action. The name of the game for the law firms is to be first to court because the early birds typically get the lion’s share of the attorney fees that are included if a settlement is reached.

: Federal court records on Monday morning show that at least eight cases have now been filed against Carrier IQ, including several in California and one in Florida. This number does include the Delaware cases cited above which have yet to appear in the records.

For more on Carrier IQ’s role in shaping the mobile market, see Tom Krazit’s “Why Both You And Carrier IQ Are Pawns In The Fight For Mobile Data

Class Action against Carrier IQ_ HTC
var docstoc_docid=”106453596″;var docstoc_title=”Class Action against Carrier IQ_ HTC”;var docstoc_urltitle=”Class Action against Carrier IQ_ HTC”;

10 Responses to “Samsung And HTC Hit By Wiretapping Lawsuit Over Tracking Software [UPDATED]”

  1. All the companies have to do now is update that wonderful content in the privacy policy and terms of use that nobody reads and just checks the box.  The companies get away with this because the mass audience want to just get the app and are not caring what they sign away with the little check box. We have lose the common sense rules that we lived by for decades.

  2. Edward King

    It amazes me that so many people think what they say on their phone is important to anyone else.  Get a grip folks, you are not that dam important and never will be.  Unless you are a high up criminal (like Barney Frank) or a spy, nobody cares what you say and will not waste time listening to and analyzing what you do say.  Just another bunch of lawyers convincing the sheeple they will get a lot of money for them.  Guess what, the lawyers are the only ones that make money on 99% of these so called “class action suits).  And everybody chips in to pay them.  You are not worth snooping ah, get a life.

  3. Narg are you an exec at the phone company that was caught red handed?   Threatening consumers with higher bills?  Grow up!

    Carrier IQ already admits they are recording all your keystrokes, they even claim that in their marketing materials. know the software saves every detail in your phone, encrypts it and then phones home, and uploads this decret data (all of your passwords and credit card numbers) into their data center which BTW are running Windows servers which are full of holes and 0-day exploits.  Wake up!  Hackers already have penetrated Carrier IQs data center more than once, and walked off with millions of customer records / details.  The Neilson company is already buying all your information and has been for months.If there is someone out there with a bit of extra money oh about $1,000,000 they should put up a bounty to whoever posts the databases stored in Carrier IQ datacenter onto the net.  It’s time we show everyone what was stolen from them due to greed and corruption of the corporations.

  4. Get ready for you cell phone bill to go up!!!!!   Lawyers are filing these lawsuits, not users.  And so much for making your use more enjoyable and better to use, now the cell phone companies won’t have a clue how you use the phone so they’ll make stuff that doesn’t work for you now.  I’d like to slap that idiot who did the video on this stuff to begin with.  What an idiot.

  5. Carriers like t-mobile, sprint, etc. are equally complicit in the Carrier IQ scandal and are equally complicit. Not to mention of software that exists in the wild that is similar to Carrier IQ.

    What I believe needs to be done is for the government to put into place laws that require that”simple” opt-in/opt-out options be required for such software. The operative word of course being simple. 

  6. Class Action is all good and well, and we might all get $3.50 in 5 years when the legal system has finished with it, but it doesn’t solve the problem of the millions of devices out there running it – are OEMs and Carriers going to provide a way to disable it unless the user opts in? Somehow I suspect they’re going to simply stop adding it to new phones (as Apple is now doing) and leave the existing handsets as they are and hope the press get some other hot topic to chase (after all, a patch costs money and if people are locked in a contract why does the carrier care?).

    The fact that T-Mobile won’t even tell users which phones are running it – though the list that some users have got from CSRs includes a number of Android and Blackberry models. The only handsets that seems to be clear of the problem are Windows Phone (eg Radar or Titan or Focus) and some Nokia models where Carrier IQ don’t have a version of their software available… I was planning to move from Android to Windows Phone at my next upgrade anyway (the more I play with the 7.5/Mango version the more I like it) so I might just take the hit and do it sooner rather than later for the peace of mind

    • Just because they remove the “Carrier IQ” naming does not mean the carriers aren’t going to continue to monitor how the smartphones are being used. They don’t really do it to spy on you. The carriers just want to make as much profit as possible. If the carriers can get you to spend 1% less bandwidth, they make $1 Billion more in profit.

      • I don’t mind carriers making a buck, but there are ways and means to do it – and hopefully shining a light on this is going to mean that the tools they use to do it have less privacy implications, and hopefully take less battery and bandwidth of their own. I have no issue with them logging errors and reporting them back… but I do have a problem if the package of data they send back (a) comes out of my bandwidth allowance (if I’m on a fixed plan) or (b) includes any private (including employer confidential) information…

        • They aren’t snooping on your personal info. They are just monitoring what type of apps you use, how much bandwidth those use, what type of things you do in the mobile browser, how much streaming video, VOIP, video-conferencing, etc. Each feature can cost them millions of dollars, so they try to adapt to that and maximize their profits. For example they may shape packets, throttle bandwidth for certain usage, they may increase bandwidth concentration at certain geographical areas, they may increase peak bandwidth availability, they may sell more or less of a certain type of device if they measure that it consumes more bandwidth or lets them make more profits somehow. Carriers make tons of money selling services that people don’t actually use. They don’t want you to use the bandwidth that you pay for.

          • Charbax, what apps I use and what I look at in the browser, that is *by definition*, my personal info. If they are tracking this information without my consent, that is snooping.
            The question that remains unanswered is if the tracking was aggregate and anonymous, or if identifying data was included. If the defendants can demonstrate that it was not linked to users’ identities, they have a decent chance of fighting this case. If, instead, the data is linked to users, they may get eaten alive. And they will deserve it.