The troubles for mobile software vendor Carrier IQ continue mounting as the lawsuits roll in and lawmakers and regulators ask questions. The startup few had ever heard of before last week has been named in at least eight lawsuits over its monitoring software that has been found installed in millions of smartphones worldwide.
One of the lawsuits filed Dec. 1 in United States District Court for the Eastern District of Missouri named HTC and Carrier IQ as defendants and accused them of unlawfully intercepting communications from private mobile phones, smartphones and handsets.
Another lawsuit filed in District Court for the Northern District of California named HTC, Samsung and Carrier IQ as defendants. Both lawsuits accused the companies of violating the Federal Wiretap Act, which can result in damages of $100 a day per violation.
The California lawsuit also said the tracking software is in violation of California’s Unfair Business Practice Act. Other lawsuits filed in Delaware and California named Apple, Motorola, Sprint, AT&T and T-Mobile. A Delaware suit sought to block carriers and phone makers from using the software.
The St. Louis suit claims the defendants “intercepted, recorded and collected information concerning the substance, purport or meaning of the electronic communications transmitted without the authorization of the parties to those communications.”
System administrator Trevor Eckhart published a report in late November accusing the software startup of installing software onto smartphones that allowed phone manufacturers and carriers to keep track of key presses, browsing history, SMS logs and location data without the user’s knowledge or permission. Carrier IQ’s software runs in the background and is very difficult to remove, according to Eckhart.
“I have serious concerns about the Carrier IQ software and whether it is secretly collecting users’ personal information, such as the content of text messages,” Rep. Edward Markey, D-Mass., said in a statement that accompanied the letter he wrote to the Federal Trade Commission requesting an investigation into the company.
Carrier IQ has denied the worst of the claims, claiming the software delivers metrics and aggregated data to operators to help improve services and does not collect personal information about users. “We measure and summarize performance of the device to assist Operators in delivering better service,” Carrier IQ said in a statement, noting that the software makes the phone “better” by delivering intelligence that operators can use to provide “optimal service efficiency.”
The software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video, according to Carrier IQ.
Carrier IQ Faces Lawsuits, Government Scrutiny Over Mobile Data Monitoring
title=Carrier IQ ‘Vigorously’ Denies Wiretap Law Violation}
“For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen,” the company stated.
It also “vigorously” disagreed with claims that it violates wiretap laws. The actual information gathered by the software is determined by the carriers, and none of the information is ever sent to Carrier IQ, the company said.
“While I understand and acknowledge the legitimate need for diagnostics software on smartphones, the data that Carrier IQ’s software appears to be logging is alarming,” Sen. Al Franken, D-Minn., said in a statement. Franken wrote to the phone vendors and carriers to find out “exactly why they feel the need to install this software on their devices and what they’re doing with the information they’re gathering.”
Apple said it included Carrier IQ in earlier versions of the iPhone but dropped it from iOS 5 and has not collected any personal information. Google has said the software doesn’t exist on the Android phones under its control, but may exist on Android devices from other manufacturers. Research In Motion and Nokia have denied loading the software on their phones.
AT&T, Sprint, HTC, Samsung and T-Mobile have admitted some of their phones use the software. HTC and Samsung claimed they installed the software at the request of the carriers. AT&T and Sprint said the software is just a diagnostic tool to collect network and device data that is used for service and quality assurance purposes and denied any privacy violations.
Security researcher Dan Rosenberg wrote on Pastebin that Carrier IQ doesn’t actually record keystrokes for data collection. “There’s a big difference between ‘look, it does something when I press a key’ and ‘it’s sending all my keystrokes to the carrier!'” he wrote.
European regulators are investigating Carrier IQ’s monitoring software to determine if mobile phone vendors and carriers are violating consumer privacy. The United Kingdom’s Information Commissioner’s Office said it will contact mobile phone operators to find out whether Carrier IQ or similar software is installed on U.K. customers’ handsets. If the software exists, ICO wants the carriers to explain what steps are being taken to ensure privacy is not compromised, according to the ICO.
“Being open and up-front with customers about how their personal data is being used is fundamental to maintaining their trust,” the ICO said.
Germany’s Bavarian State Office for Data Protection has also sent a letter to Apple to clarify how the company had used the Carrier IQ software in the iPhone.