Given the software has been demonstrated to collect certain keystrokes, intercept SMS messages, and even record information in browsers that should be encrypted, it is easy to see how Internet privacy issues are raised. As Mathew Schwartz wrote Thursday, these actions might run afoul of wire tap laws as well.
Senator Franken has asked Carrier IQ to respond to a series of questions, and then ever so politely ended the letter with "I appreciate your prompt attention to this matter." Translated into English that means "you need to drop whatever you are doing and respond to this letter or face a Senatorial subpoena."
[Carrier IQ is an insane breach of enterprise trust, says IT leader Jonathan Feldman. See what he says must change, in Carrier IQ: Mobile App Crap Must Stop. ]
To make sure Carrier IQ understands this is not the usual government inquiry, Franken writes that the logging and transmitting of data "may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a serous matter."
The letter goes on to pose a number of questions, like are user's locations logged, is the content of inbound and outbound emails and SMS messages logged, are search queries logged, etc.?
Senator Franken wants to know what is transmitted off of the phone to carriers, Carrier IQ's servers, phone manufacturers, operating system providers, or third parties.
The deadline for answering this letter is December 14. Depending on what the answers are, Carrier IQ may satisfy the senate committee, but I don't think there are any answers that will satisfy users. At this point, what carrier or manufacturer would still want this software on their phones?