US Senator demands answers from Carrier IQ
Al Franken calls smartphone tracker on the carpet
Senator and former late-night funnyman Al Franken has called on Carrier IQ to explain why its diagnostic software, buried in the bowels of 141 million smartphones, isn't a massive violation of US wiretap laws.
In a letter sent to Larry Lenhart, CEO and president of the Mountain View, California-based software maker, Franken expressed concern the software may run afoul of the Electronic Communications Privacy Act, which forbids the monitoring of communications without the users’ consent, and the Computer Fraud and Abuse Act. The letter was sent after a 25-year-old Android app developer published evidence that Carrier IQ software may secretly log end users' key taps and text messages.
“It appears that this software runs automatically every time you turn your phone on,” wrote Franken, who is the chairman of the Subcommittee on Privacy Technology and the Law. “It appears that an average user would have no way to know that this software is running – and that when that user finds out, he or she will have no reasonable means to remove or stop it.”
Prior to the posting of a YouTube video by developer Trevor Eckhart, Carrier IQ representatives said their software didn't log specific key strokes or read the contents of messages. They have yet to square those claims against Eckhart's demonstration, in which he used
a packet sniffer debugging logs to show the software monitoring every alphanumeric key pressed on his HTC EVO handset, even when entered into webpages encrypted with the SSL, or secure sockets layer, protocol.
The Register has asked Carrier IQ representatives for additional comment, and the request still stands. In the meantime, here's Franken's letter:
Next page: Dear Mr. Lenhart,
Ex-comedian, most serious man in congress.
I don't know if I should be more impressed with Al Franken (and I am) or suprised that the conventional political class can't do much in comparison.
For British readers: don't you wish someone had written a letter like this to start their investigation of the Phorm trials?
Not sure about responding to the letter
...they *might* get away with ignoring it or lying (I don't know) but it's not a good idea. I don't *think* either act would be considered illegal, but it would probably just piss of Frankin and co to the point where they call a formal hearing on the matter.
That last bit is the real power of an Al Frankin (or, rather, his sub-committee) in this situation. They can subpoena (i.e. legally compel) the Carrier IQ folks in to attend a hearing, under oath and threat of perjury charges if they lie, in which their only protection not to answer questions truthfully is the 5th Amendment (an Article of our Constitution which protects citizens from being forced to testify against themselves).
For more info around Congress' power to subpoena and the legal background on it this link is pretty good:
I hope this expands to the carriers - the real culprits here. Yes, they have the legal authority to monitor their network, but they can do that already without putting a rootkit on *your* phone.
From the video:
1) CarrierIQ logs form data submitted over HTTPS pages (i.e. bank passwords)
2) It logs traffic sent over *your* WIFI network
3) It continues logging and possibly reporting back to the carrier even after you cancel your service
These have nothing to do with legal monitoring that the carriers are allowed to do. This has everything to do with wiretapping - which means someone needs to go to jail, if found to be true.