3 min read

Carrier IQ, Carriers, Manufacturers Hit With Wiretap Lawsuits

U.S. and European officials also demand answers about who's using Carrier IQ's smartphone monitoring software and exactly which types of information they're tracking.
10 Companies Driving Mobile Security
10 Companies Driving Mobile Security
(click image for larger view and for slideshow)
Still, it's likely that Carrier IQ hasn't broken any federal wiretapping laws. According to attorney Mark Rasch, a former Department of Justice computer crime investigator and prosecutor who's now director of cybersecurity and privacy consulting at CSC, federal wiretapping laws provide carriers with broad latitude--including the ability to listen to calls made on their infrastructure--for the purposes of quality control.

That's been the crux of Carrier IQ's public defense: it legally can't be violating wiretapping laws, because those laws provide an exemption for companies such as itself, which function as an agent of the carriers. In other words, Carrier IQ is providing software at the carriers' and manufacturers' request for their handsets, and collecting only data that they specify. Furthermore, it doesn't share a carrier's data with any of its other customers. (The company's wording, however, leaves open the possibility that law enforcement agencies have access to the data it collects, but there would be little the company could do about that.)

Exactly what information does Carrier IQ collect? Senator Al Franken (D-Minn.) last week wrote to the company, requesting detailed answers to that question by December 14. Similarly, Rep. Edward Markey (D-Mass.) last week requested that the FTC investigate Carrier IQ to ensure it hadn't engaged in unfair or deceptive practices. "Consumers and families need to understand who is siphoning off and storing their personal information every time they use their smartphone," wrote Markey in a letter to FTC chairman Jon Leibowitz.

Regulators abroad have said they will also be questioning Carrier IQ and its customers. So far, European privacy regulators in Belgium, France, Germany, Ireland, Italy, and the United Kingdom have said that they're investigating if or how mobile operators inside their countries use Carrier IQ.

Vodafone and Orange have already denied using the software. As noted by PCWorld, Vodafone Portugal in 2009 announced that it was using Carrier IQ. But a Vodafone spokesperson has said that report was erroneous.

Last week, Apple acknowledged that some of its products use Carrier IQ, but it plans to discontinue that practice. "We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update," Apple said in an emailed statement last week.

In response, Germany's Bavarian State Authority for Data Protection has already contacted Apple seeking more information about how it works--or has worked--with Carrier IQ, reported Bloomberg.

In the United Kingdom, meanwhile, the Information Commissioner's Office (ICO), which is responsible for enforcing the European Data Protection Act, said it will query the country's mobile phone manufacturers and carriers about their use of Carrier IQ. "Being open and upfront with customers about how their personal data is being used is fundamental to maintaining their trust. It is obviously also vital that mobile manufacturers and operators comply with the Data Protection Act," said an ICO spokesman via email.

For the 15th consecutive year, InformationWeek is conducting its U.S. IT Salary Survey. Upon completion of the survey, you will be eligible to enter a contest for prizes including a Bravia HDTV or iPad 2, and get a link to download our report once it is published. Take the survey now. Survey ends Jan. 20.