Security

Sprint Puts Carrier IQ on Hold but Doesn’t Hang Up

In a response to privacy concerns over controversial software made by Carrier IQ, wireless provider Sprint has announced it will disable the data collection tool on its handsets.

Carrier IQ software is designed to be installed in handsets to give wireless carriers information about how their networks are being used. However, a 17-minute video uploaded to YouTube by security researcher Trevor Eckhart recently demonstrated that Carrier IQ software could be used to obtain highly personal information from mobile phones, prompting an uproar in the media and letters from Sen. Al Franken (D-Minn.) to Carrier IQ, phone makers and wireless providers in which he demanded to know details of how Carrier IQ software works.

In a response to Franken’s concerns, Sprint maintained that at any given time, only about 1.3 million phones are “tasked” to collect data, and of those, about 30,000 respond to queries from Sprint staff.

The information collected isn’t used to profile customers to better provide targeted ads, Sprint asserted, and was not used to look into e-mails, keystrokes, messages or other personal information.

Still, the company announced Friday that after weighing customer concerns it would no longer use Carrier IQ software in its devices.

Samsung and HTC also responded to Franken stating that they use the Carrier IQ software but do not use it to collect any data.

Sprint and Carrier IQ did not respond to our requests for further comment.

Who’s Responsible?

Sprint wasn’t the only company to respond to the negative press surrounding the data collection tool — Carrier IQ rose to defend itself, as well. On its own, the software doesn’t record data such as keystrokes, Carrier IQ has said. That function must be triggered by the mobile provider.

“Carrier IQ is really just a service provider; I think the fundamental responsibility lies with the carriers who have the direct relationship with the customer and who the customer trusts with their information,” Justin Brookman, director of the Consumer Privacy Project at the Center for Democracy and Technology, told the E-Commerce Times.

Carrier IQ’s software was intended to deliver diagnostic data that could help improve customer service regarding flaws such as dropped calls, the company said. Obtaining that information straight from the mobile source, rather than customer surveys or other means of data collection more open to misinterpretation or false responses, is much more efficient, it added.

“Though it’s not entirely clear, it sounds like the purposes for which the carriers were using CarrierIQ were relatively benign. That said, as a consumer, I’m not sure I necessarily want someone collecting and retaining lots more data about me without my knowledge even if it’s for a totally worthwhile purpose,” said Brookman.

Sprint’s Stance

“Even though there’s still a lot of data and questions out there that have to be sorted through, that decision is to be expected. There’s enough coverage in the media and there’s enough privacy advocates looking at it that unless you find it’s very valuable to your business, you’re probably better off now dropping it and deflecting the media and consumer attention towards another product,” Andrew Storms, director of security operations for nCircle, told the E-Commerce Times.

“At issue is the inability for people and the government to keep up with the pace of technology and innovation. What’s needed is transparency — letting users know what’s happening on their devices, and awareness — helping end users and government understand the need for collecting information. On top of that, there’s a need for safeguard to ensure there are no abuses of either the collection systems or the data,” Larry Walsh, President of the 2112 Group, told the E-Commerce Times.

Carrier IQ asserted in its response to Franken that it has been transparent and cooperative through investigations and will continue to be. However, Sprint said the service would be disabled rather than stripped completely from the phone, perhaps leaving the option open to continue using the service after sufficient investigations.

“They’re doing the safe thing here and saying let’s wait it out, but that kind of data has real value for a manufacturer. When it’s all said and done, there’s probably still going to be a Carrier IQ out there, but a little toned down,” said Storms.

1 Comment

  • I was under the impression that Sprint is in fact removing CIQ from users phones. Since it’s baked into the OS, the easiest way for this to be done on a wide scale to help the non-tech users, would be an OS update. They have already instructed the manufactures to remove CIQ from the OS.

    That said, removal and rollout of an OS update that affects some 26 million users on various phones and OS’s isnt something that will just happen overnight. My guess is, that once CIQ removal is finished for each phone the updates will be done in stages to ensure they dont bog down their network with updates.

    If this isnt fast enough for you, one could always DL the ADK, root and remove it oneself. Or opt for a custom ROM that has already removed it.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

E-Commerce Times Channels