March 1st, 2012
(EndTheLie) – Just weeks ago Trevor Eckhart, a security researcher and Android operating system developer, discovered a mysterious process running in the background of his Android-based device.
This program turned out to by Carrier IQ, or CIQ, and specifically the IQ Agent which is installed on mobile devices from all major carriers before they reach the consumer, totaling some 150 million phones, mostly in the United States.
The software is billed as a diagnostic tool which allows cellphone carriers to “better understand how mobile devices interact with and perform on their network,” according to an official Carrier IQ document which attempts to dispel what they bill as rumors and unfounded concerns of consumers and researchers.
The document is somewhat opaque and esoteric for those of us not familiar with the terminology and technology at work in these highly complex systems but some of it is quite easy to understand.
In the second paragraph of the introduction we read, “We want to thank Trevor Eckhart for sharing his findings with us through a working session that helped us to identify some of the issues highlighted in this report.”
This gives the impression that Carrier IQ was happy to see the findings of Eckhart and what he uncovered, but this is far from reality.
Eckhart discovered that the software was integrated with Android at the deepest levels and was able to monitor, record, and transmit even the most private data and interactions with the device.
He alleged that it could monitor every single individual keystroke and every interaction with the screen for that matter, along with encrypted internet browsing sessions and searches, GPS data, network data, battery data, among other pieces of information which many people would likely like to keep private.
Instead of praising Eckhart and working closely with him as the introductory paragraph might have you believe, Carrier IQ sued Eckhart for copyright infringement because he made publicly available training materials accessible to interested parties, where otherwise they might not have been able to find them on the Carrier IQ website.
The Electronic Frontier Foundation, or EFF, stepped in on Eckhart’s behalf and countered their frivolous legal threat – clearly intended to silence Eckhart and stifle his research – after which Carrier IQ withdrew their threat entirely.
The EFF has produced a simplified, but not dumbed-down, explanation of Carrier IQ and how exactly it operates, which you can read here.
For those who are interested in learning more about this program, which is likely active on your device if you own a smartphone, this brief article is an absolute must read.
Carrier IQ continues to maintain their innocence and claim that the software does not record keystrokes (and thus the content of every email, text message, or anything else you might type), but Eckhart’s research shows otherwise.
The second video released by Eckhart (seen here) clearly shows the software doing things that Carrier IQ claims it does not, along with others who seek to defend this technology and the erosion of privacy in the digital age.
As a result of Eckhart’s findings, lawsuits have been filed against Carrier IQ, HTC, Samsung, Apple, AT&T, Sprint Nextel, T-Mobile, and Motorola, alleging that it breaches the Federal Wiretap Act, Stored Electronic Communications Act, and the Computer Fraud and Abuse Act.
Despite the company’s insistence to the contrary, the suit alleges that, “[i]n addition to collecting device and service-related data, Carrier IQ’s software can collect data about a user’s location, application use, Web browsing habits, videos watched, texts read and even the keys they press.”
The establishment media has come to the aid of their corporate cronies, citing so-called experts who “debunked” Eckhart’s findings.
Declan McCullagh, chief political correspondent for CNET (which is owned by CBS Interactive and is thus part of the “big six”) and Dan Rosenberg, a supposed security expert allegedly debunked Eckhart’s findings although their evidence is hardly compelling.
“The application does not record and transmit keystroke data back to carriers,” Rosenberg said, adding that after reverse-engineering the software he found that, “there is no code in Carrier IQ that actually records keystrokes for data collection purposes.”
What is his proof? Well, nothing other than CNET’s claim that Rosenberg “analyzed the assembly language code with a debugger that allowed him to look under the hood.”
We are simply supposed to believe this because he has discovered security vulnerabilities in various systems in the past, after all no one has ever misrepresented the truth for monetary compensation, right?
They also point to another “well-known security expert” named Rebecca Bace who claims that Carrier IQ gave her access to the company’s engineers and internal documents.
“I’m comfortable that the designers and implementers expended a great deal of discipline in focusing on the espoused goals of the software–to serve as a diagnostic aid for assuring quality of service and experience for mobile carriers,” Bace said.
That’s all well and good but the proof is in the pudding and here they’re just telling us that they have pudding somewhere – you just don’t get to see it or verify the veracity of the existence of the pudding.
After all, they’re the experts and we’re just supposed to take their word for it. I guess they missed the appeal to authority fallacy in their studies – or lack thereof – of logic.
Carrier IQ doesn’t even seem to be able to keep the story straight, with their Vice President Andrew Coward claiming that his statement in Wired was a misquote in which he said the software could read text messages.
However, during the interview he did clearly say that carriers are able to collect data which would be able to determine the exact person who is using the phone, what programs they are running, when they charge the battery, what calls they make and where, etc.
His statements are hardly reassuring, even if the claim that the Carrier IQ software does not function as a keylogger is true, which is hardly clear at this stage.
Coward and Carrier IQ have found themselves in a bit of an imbroglio, with Coward saying, “One of the lessons we’ve had from this … clearly we should not have done that cease and desist.”
“What may have been the right response three or four years ago may not be the right response for now and … and we apologized … we did not expect that we would need to be so open and transparent about everything… We recognized as the crisis kind of developed that that was required for us to clear our name. That was a huge learning process,” Coward told CNET.
I find it absolutely astounding that he apparently thinks they would never have to be open and transparent about what their software is collecting and for what purposes.
I guess Coward never thought that it would be discovered and exposed in the first place, so no contingency plan had been created to deal with the massive fallout which we are now witnessing.
When asked about their competitors, Coward said that they only offer over-the-air downloadable software, whereas the Carrier IQ software is embedded into the device to make it not only hard to detect but nearly impossible for any regular user to remove or control.
It gets even more interesting when we consider the fact that Coward (who was identified by The Washington Post as the senior vice president for marketing, a different title than what was given by CNET) revealed, “This week Carrier IQ sought meetings with the FTC and FCC to educate the two agencies … and answer any and all questions,” while adding that he was “not aware of an official investigation.”
Meanwhile, anonymous FTC officials said that they were conducting an inquiry into Carrier IQ and a spokeswoman for the FTC would not confirm or deny an investigation.
However, a public relations contractor for Carrier IQ named Mira Woods told The Washington Post in an email, “We are complying with all investigations at this time as we have nothing to hide … We have been completely transparent through this process.”
Later Woods requested that “investigations” be changed to “inquiries” likely because the statement implies that there are indeed investigations going on currently with which they are complying.
Woods said, “We sought the meetings with the FCC and FTC in the interest of transparency and full disclosure,” thereby claiming that they sought out the meetings and thus were not an investigation.
In an official statement issued later in the day, Carrier IQ said, “This week Carrier IQ sought meetings with the FTC and FCC to educate the two agencies about the functionality of its software and answer any and all questions. Although Congressman Edward J. Markey (D-Mass.), co-Chairman of the Bi-Partisan Congressional Privacy Caucus, has asked the Federal Trade Commission (FTC) to investigate the practices of Carrier IQ, we are not aware of an official investigation into Carrier IQ at this time.”
The situation gets even more interesting and complex when we consider the Federal Bureau of Investigations (FBI) and their involvement in this debacle.
When Michael Morisy, a reporter for MuckRock News, filed a Freedom of Information Act (FOIA) request for “manuals, documents or other written guidance used to access or analyze data” which was obtained through any Carrier IQ program, the FBI denied the request because it was considered “law enforcement records.”
In response to Morisy’s request, the FBI wrote, “The information you requested is located in an investigative file which is exempt from disclosure.”
Paul Bresson, spokesman for the FBI, would not comment – meaning he would neither confirm nor deny, which in itself is a tacit confirmation – on if an investigation into Carrier IQ was ongoing or if they were utilizing the software for surveillance purposes of their own.
For anyone remotely familiar with issues like this, the words “plausible deniability” leap to mind.
In addressing the FBI’s connection to Carrier IQ, the company said that the data gathered by the software are “not designed for law enforcement agencies and to our knowledge [have] never been used by law enforcement agencies.”
However, this means little to nothing in today’s America in which the PATRIOT Act can gag anyone from speaking of the warrants or investigations conducted by the federal government.
Even if they had knowingly handed over data to the FBI or DHS, or perhaps built the software for that purpose from day one, they likely would be prevented from ever confirming that fact or even hinting at it.
In another statement Carrier IQ claimed, “Carrier IQ [has] no rights to the data gathered and [has] not passed data to third parties. Should a law enforcement agency request data from us, we would refer them to the network operators. To date and to our knowledge we have received no such requests.”
Once again, if they had received such requests, it is very likely the case that they wouldn’t be able to speak about it.
It is clear that it is not the innocent diagnostics tool they would like to make it out to be, as the official responses from some companies have shown.
In an official statement, Sprint said, “We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc. using this tool.”
The wording of this statement does, however, imply that the software is capable of doing these things, they just “do not and cannot” view it themselves.
Apple’s statement is most interesting, as they clearly indicate that the software is not only capable of recording keystrokes, but also is capable of recording messages or other personal information.
“We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages, or any other personal information for diagnostic data and have no plans to ever do so,” the statement said.
The details surrounding Carrier IQ are still quite fuzzy at this point but it is clear that it is not just a diagnostic tool collecting anonymous information to make our user experience better.
Like so much Big Brother technology, it is billed under one purpose and yet is capable of so much more.
Another trend we see repeating here is the constant contradictions, confusion, and misinformation or even disinformation pumped out by the establishment media and their “experts.”
I will continue to follow this story and write future articles about it as more information becomes available and a more clear picture of what this is really up to begins to emerge.
Suffice it to say, I’m not ignorant or naïve enough to think that this isn’t being used to collect private, sensitive data from millions of devices across the United States which is then funneled to centralized government databases.
It would be nice to think this wasn’t the case but I would have to throw out literally everything I have learned in my research, all of which is based in irrefutable facts which one has to either delusionally refuse to pay attention to the information or accept as a reality of the global police state control grid under which we currently live.
Source: End the Lie