Over the last month or two, I have been highly critical of CarrierIQ and the sneaky way they gather smart-phone user information without informing the user they are doing so, much less providing an opt-out choice.
CarrierIQ has taken a lot of heat from a lot of places over this. Now, they are defending themselves: in the name of fairness, I think it is important to bring this defense to your attention.
The full document can be read here.
In the first few lines. they thank Trevor Eckhart for “for sharing his findings with us”. That is quite a change from their initial response, when they threatened to sue him if he continued to expose their practices…until the Electronic Frontier Foundation stood up for him, that is. It’s nice to see that, deep down inside, they are really swell guys and gals who care…
Reading ‘between the lines’, here are a few excerpts from CarrierIQ’s statement:
“…Carrier IQ software automatically passes the hardware serial number and the subscriber serial number (e.g. IMEI/IMSI) to the Network Operator who can then match to their customer records…”
i.e. CarrierIQ matches the phone and user information in their database, making it possible to identify individual user’s phone habits as opposed to just collecting ‘anonymous operational data’ that could be used to analyze network performance without compromising user privacy.
* * *
“Q. “Why is my battery only lasting 3 hours and my phone keeps crashing?”
A. Because you have loaded a new application abcxyz and this is draining the battery quickly and making your phone unstable.”
i.e. CarrierIQ monitors what applications are on your phone.
* * *
“Q. “Why does my phone drop calls when I drive on Interstate 80?”
A. It looks like you were dropping calls between exit 34 and exit 35 and we are upgrading our towers to improve performance at that section of the highway.”
i.e. CarrierIQ records your location with respect to phone usage.
* * *
“The Carrier IQ software installed on the mobile device is called the IQ Agent.
. . .
The IQ Agent has been implemented on feature phones, smart phones, data modems and tablets.”
Nice to know… I guess I’ll pass on that tablet computer and put my IT guys to hacking the modem: if it is doing what the smart phones are doing, it’s time for a jail-break!
* * *
“In typical deployments, the IQ Agent uploads diagnostic data once per day, at a time when the device is not being used.
. . .
Network Operators who are Carrier IQ customers do not charge consumers for this upload nor does it show up as usage of consumer data plans.”
In other words, you are not given any clue that one corporation is beaming data from your phone or tablet and selling it to another corporation. Nice!
Well, at least they don’t make you pay for it…
* * *
” [Preload] version of the IQ Agent cannot typically be deleted by an end user but only gathers and forwards metrics from the device if it is enabled with a profile …”
* * *
“Network Operators typically prefer the embedded version of the software as it provides the most comprehensive diagnostic set. This embedded information is used to understand which control signals are passed between the mobile device and the handset…”
Again, the emphasis is mine.
* * *
I think this ought to be sufficient for a Q.E.D. – but the document goes on:
“Network Operators and handset manufacturers determine whether and how they deploy Carrier IQ software and what metrics that software will gather and forward to the Network Operator.”
Translation: “All of your data is belongs to us, you puny little humans! Mu-ha-haaaaa!!!!!”
OK, let’s not go overboard here.
Let’s be fair!
Carrier IQ suggests that they themselves do not make the call about just how much data to collect about you – they will only collect and pass on the data which their customers, the Network Operators and handset manufacturers, will pay them to collect about you!
* * *
“An embedded version of the IQ Agent cannot be deleted by consumers through any method provided by Carrier IQ.”
Is there an echo in here? Mu-ha-haaaaa!!!!
* * *
“A new profile can be downloaded to a mobile device when it periodically checks-in with the network server. After receiving the new profile from the network server, the device will begin gathering the metrics and pre-processing according to these instructions.”
Translation: you complain – we’ll ferret out your secrets!
* * *
And that is just the first half of the document…
In the rest of the document, to the best of my reading, they assure us they are working on a ‘fix’ that would make it less possible for us to find and remove the IQ Agent, they admit to (at times) collecting SMS messages (but that was a mistake and they don’t do it any more), collecting phone call data, URL information, collecting keystroke data (but only under ‘specific conditions’ and when the ‘collector’ wants it – not for themselves, not at all….plus it’s not ‘on purpose’, just a by-product of other functions), and so on.
And then there is IQ Insight… This is the bit that collects all the location information: letting ‘operators’ to really drill down through your data!
Oh – and they say they only sell your information once…
But, don’t take my word for it: I am sure my reading of this document is highly flawed and imperfect, as what they say in their ‘conclusion’ does not, in my never-humble-opinion, match up fully with what they say in the body of the text. Obviously, it must be my understanding which is flawed.
It would be much better if you were to read the document for yourself and form your own opinion about CarrierIQ’s most illuminating explanations.
And, if these do not send you screaming for a throw-away phone, I have this lovely medieval bridge in Prague I’d love to sell you!