There have been a number of news stories lately-even making the Brian Williams Nightly News, that suggests wireless operators are collecting all sorts of personal information about everything a subscriber is doing with their smartphones, typically from a company called Carrier IQ. And what are operators doing with such information? Does it invade our privacy?
There is always some kind of embedded monitoring software on all smartphones that’s placed there either by the operator or an approved third party. This software is monitoring the state of the phone, calling history and information about where and when dropped calls happen.
The operators use the information they get back from subscribers’ devices to learn where dropped calls occur most frequently. Analysis of the information that is collected by operators lets them determine when bottlenecks happen or when a specific application behaves poorly. Overall, the operator wants to deliver high quality of service that leads to higher customer satisfaction.
I believe in security and privacy as much or more than most, but I also realize there are things that a mobile operator must know in order to bill the customer properly and improve the quality of the network. And there are things that the device manufacturer must know to help fix problems and build better, more reliable devices in the future.
For example, if the wireless operator didn’t keep track of the number you’re calling and the length of the call, then the operator couldn’t figure out if the minutes you are consuming against your plan and provide a detailed bill each month showing you exactly what telephone numbers you called and how much you were supposed to pay. Likewise, if the operator didn’t log when there was a dropped call and where it happened, they wouldn’t be able to fix it.
Yes, there is some monitoring that we have to allow in order for the operator to provide the best network services possible. The real issue regarding privacy here is to ensure that no one else can get access to your personal information without either your approval or from a court order. Everyone by now knows that most of your personal information and behavior can be discovered under court order, e.g. cell phone records, time stamps from use of tollways, photos when using an ATM and going through security at the airport.
What we don’t expect is that this information is made public or is obtained by others for inappropriate use such as identity fraud or marketing purposes.
Carrier IQ and other similar firms don’t collect information and then use it against anyone or sell to a third party. Their embedded software monitors performance of the handset and behavior of the network and then forwards summary information without passing on the user’s identity.
Carriers, Phone Vendors Have No Interest in Gathering Personal Data
The software doesn’t pass on the content of the failed message or dropped calls. It just passes on the network and handset diagnostics around the dropped call or failed message. The information is placed into an encrypted database from which analysis and inquiry can be made. Furthermore, none of this information is ever sold to third parties.
Operators can look at where dropped calls are happening and the time of day and then install additional equipment to prevent or at least lower the incidence of those dropped calls. I’ve seen “low signal strength” on my handset in some locations. Later on, I all of a sudden notice that “high signal strength” at that same location once improvements were made in the network.
According to Dan Rosenberg, an independent security researcher, “Since the beginning of the media frenzy over Carrier IQ, I have repeatedly stated that based on my knowledge of the software, claims that keystrokes, SMS bodies, email bodies and other data of this nature are being collected are erroneous.”
Manufacturers are able to analyze how the devices are performing, such as what applications are more prevalent and how much of the different resources in the phone are being used. They can then improve power management and determine how to improve the handset so the user experience is better.
So, the next time you see a segment on Brian Williams Nightly News or read a piece stating that performance and behavior of smartphones is being monitored, you should think, “Of course they are monitoring the performance and behavior in my smartphone! How else are they going to fix it when it doesn’t work?”
Wireless operators and handset manufacturers don’t want or need to gather information about what you’re doing unless there is either a court order or a terrorist threat. They simply want to build great smartphones and offer the best network quality of service possible.
The next time you see the FBI is able to stop someone from doing something to interrupt the safety and lives of U.S. citizens or in drug trafficking, you’ll likely be thrilled that their devices have monitoring software and the ability for the network operator to track phones when under a court order or in the interests of national security.
At the same time, we have to make sure that such monitoring is kept confidential for the 99.9 percent of people like you and me who simply want to enjoy the benefits of owning and using a mobile device.