Phone ‘rootkit’ maker Carrier IQ may have violated U.S. federal wiretap law in millions of cases

“A piece of keystroke-sniffing software called Carrier IQ has been embedded so deeply in millions of HTC and Samsung-built Android devices that it’s tough to spot and nearly impossible to remove, as 25-year old Connecticut systems administrator Trevor Eckhart revealed in a video Tuesday,” Andy Greenberg reports for Forbes.

“That’s not just creepy, says Paul Ohm, a former Justice Department prosecutor and law professor at the University of Colorado Law School. He thinks it’s also likely grounds for a class action lawsuit based on a federal wiretapping law,” Greenberg reports. “‘If CarrierIQ has gotten the handset manufactures to install secret software that records keystrokes intended for text messaging and the Internet and are sending some of that information back somewhere, this is very likely a federal wiretap.’ he says. ‘And that gives the people wiretapped the right to sue and provides for significant monetary damages.'”

“Carrier IQ captures every keystroke on a device as well as location and other data, and potentially makes that data available to Carrier IQ’s customers,” Greenberg reports. “Eckhart has found the application on Samsung, HTC, Nokia and RIM devices, and Carrier IQ claims on its website that it has installed the program on more than 140 million handsets.”

Greenberg reports, “Nokia and RIM have both denied installing the software on any of their handsets… Class action lawsuits have now been filed against Carrier IQ, HTC, and Samsung.”

Read more in the full article here.

[Thanks to MacDailyNews Reader “Harry B.” for the heads up.]

Related articles:
Carrier IQ is misunderstood, not evil – December 3, 2011
U.S. Congress Democrat Markey calls for FTC investigation of Carrier IQ software – December 3, 2011
Apple will remove Carrier IQ; how to block it on your iPhone now – December 2, 2011
U.S. Senator Al Franken wants answers from companies who install Carrier IQ software on smartphones – December 1, 2011
Senator Al Franken! Paging Senator Al Franken! – December 1, 2011
Video shows secret software on millions of Android, BlackBerry, and Nokia phones logging everything you do – November 30, 2011

21 Comments

  1. If Samsung thinks that Apple is a thorn in it’s side, wait until they get hit with class-action lawsuits from end users!

    Oh boy, this is going to be fun to watch!

    1. Class actions agains NOrtel and Lucent resulted in Billions of dollars worth of damages, of which I and the other people got less than ten dollars each and the lawyers got a percentage that turned out to be in the hundreds of millions.

  2. “If CarrierIQ has gotten the handset manufactures to install secret software … this is very likely a federal wiretap.”

    NO, Paul Ohm, law professor!

    It should read: “this is very likely a wiretap.” (omit “federal”).

    The point is that it’s not federal, i.e. not done by the government, but by a private corporation.

  3. Here is a post from the Forbes article.
    “cbsharpe 1 day ago
    @hscotth – I did a little bit of research and found some detailed information about the CarrierIQ’s Patent of US 6167358 (A). OTHMER KONSTANTIN, which is a inventor / Founder of carrier IQ

    If you were not sure about the video, why not check out the patent summary? It explains what it is and how it works and it looks like they are “transmitting our black box data to different servers around the nation”

    “A system and method for monitoring the operation of a plurality of computer-based systems connected to a server, each computer-based system having a microprocessor that executes one or more software applications is provided wherein a separate programmable nub gathers information about the computer-based system to generate black box data, the black box information is communicated over a communications link to a server upon the occurrence of a predetermined triggering event and the black box data is processed to generate data that is used to monitor the operation of the plurality of computer-based systems connected to the server. An apparatus residing on a computer-based system for remotely monitoring the computer-based system is also provided.”

    Patent Source: http://worldwide.espacenet.com/publicationDetails/biblio?CC=US&NR=6167358&KC=&FT=E&locale=en_EP

    1. No, Apple never did any key logging. Apple has no interest in this data.

      It I Goorgle that wants rape you of all your private data an pimp it to the next scum marketing company.

    2. Was carrier iQ running on apple phones? YES

      However, if you do your research carefully, you will find 2 things: 1, it was restricted just like any other “app” would be. That is, it was limited in what it could collect.

      2. Apple has already begun the removal process.

      3. It will be gone by the next update of iOS

  4. This is antenna gate all over again, at least on iOS. It just makes sense for mobile devices (and computers) to monitor and report back anonymous usage information so vendors can improve their products. For example, my phone should report when and where it drops a call so the network provider can aggregate reports and figure out where to spend capital for network improvements.

    On iOS, Apple has clearly stated that the information is anonymous and they don’t capture keystrokes or record text messages, etc. iPhone and iPad make the reported information transparently available to the user. You can see exactly what is being sent (Settings > General > About > Diagnostics & Usage > Diagnostics & Usage Data) and confirm for yourself that it’s just stuff like whether the phone is connected to wifi, turning airplane mode on and off, etc. It’s good for Apple engineers to know how the product is used. Apple asked permission when you set up the phone and you can turn off reporting at any time. It’s completely transparent and open.

    On Android, I think the situation is different. No single company is responsible for the Android product in any particular device. And there are no promises about what is and isn’t reported, and there may or may not be notice to the user or a way to turn it on and off.

    1. I have looked at the “Diagnostics & Usage Data” in the past, and it was no different than lately, it appears to be just what Apple says, diagnostics data. No idea what it looks like on Android. Apple’s “pesky and pokey review process” may again have saved iPhone users, just saying’.

    2. The video of an EVO running Android shows Carrier IQ logging the contents of text messages and IDs and passwords from HTTPS web pages. The latter would be like when you log into your bank account. Your “secure” login information is being sent off across the net to who knows who, and we don’t even know if it’s encrypted or how it’s stored or used. Good luck with that. I’ll never touch an Android phone.

  5. I received my $18 settlement check as a result of a class action lawsuit against American Express overcharging for foreign currency exchange. It took a while – I stopped using AE over 15 years ago. Really.

    1. These settlements for tiny amounts—tens of millions of dollars spread over millions of claimants—just atomize the settlement fund, effectively casting riches into the void. The only benefactors of this travesty of justice are — the lawyers. A Shakespeare quote comes to mind.

  6. Class action lawsuits are simply a way for law firms to print money. Lawyers find something they can litigate. Find one person who has been damaged who will act as the representative of the class. Then, if they can get the class certified, and they win (or settle), the lawyers make millions while the people injured get practically nothing.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.