Carrier IQ Response on Privacy Falls Short, U.S. Senators Say

Carrier IQ Response on Privacy Falls Short, Senators Say
“It appears that Carrier IQ has been receiving the contents of a number of text messages -- even though they had told the public that they did not,” Senator Al Franken, who chairs a Senate subcommittee on privacy, said in a statement yesterday. Photo: Saul Loeb/AFP/Getty Images

Carrier IQ Inc. failed to adequately answer questions regarding the data that the company’s software captures from mobile phone users and shares with wireless providers, two U.S. senators said.

Al Franken, a Minnesota Democrat, said he was “still very troubled by what’s going on” after reviewing information submitted this week by the Mountain View, California-based company and by mobile carriers including AT&T Inc. and Sprint Nextel Corp.

“It appears that Carrier IQ has been receiving the contents of a number of text messages -- even though they had told the public that they did not,” Franken, who chairs a Senate subcommittee on privacy, said in a statement yesterday. “I’m also bothered by the software’s ability to capture the contents of our online searches -- even when users wish to encrypt them. So there are still many questions to be answered here and things that need to be fixed.”

Carrier IQ is at the center of a growing controversy over how mobile-phone user data is collected and the extent to which users’ privacy may be jeopardized. European privacy regulators started investigating the company’s software after a security researcher posted a 17-minute YouTube video Nov. 28 detailing data logs collected by Carrier IQ and showing keys pressed and features activated by a phone user.

“We appreciate subcommittee chairman Franken’s continued interest in protecting consumer privacy and look forward to our ongoing dialogue with the Senator to answer his additional questions,” Andrew Coward, Carrier IQ’s vice president of marketing, said in a statement late yesterday.

Letters Released

Aides from the office of Senator Christopher Coons, a Democrat from Delaware, met with company executives this week, Ian Koski, a spokesman for Coons, said in an interview.

“Carrier IQ has been very responsive to our questions,” Koski said. “But we do have other questions. We hope and expect that this meeting is the first of several constructive conversations to get answers to the questions the senator has and the public deserves to know.”

Franken’s office released letters yesterday from Carrier IQ, AT&T, Sprint, HTC Corp. and Samsung Telecommunications America sent in response to the senator’s questions. All the letters were dated Dec. 14.

Carrier IQ said that it had found a bug in its software that allowed some text messages to be collected. The messages were “not human readable,” the company said in its letter. The company also said it doesn’t gather or transmit the contents of e-mails, keystrokes or any details from mobile phone users’ address books. The software does allow the collection of URLs, which could include online search histories, Carrier IQ said.

‘Transparent’ Notice

AT&T, the nation’s largest second-largest wireless operator, said Carrier IQ software is integrated and active on 11 of its consumer mobile devices. That represents 1 percent of the handsets on AT&T’s wireless network, or about 900,000 devices, with 575,000 of them collecting and reporting service performance information, the Dallas-based company said in its letter to Franken.

“We know well that personal data and privacy are of paramount concern to our customers,” Tim McKone, AT&T’s senior vice president federal relations. “We strive to provide transparent, easy-to-understand notice to our customers concerning the information we collect and how we use it.”

Sprint, the third-largest U.S. wireless provider, said Carrier IQ software is installed on about 26 million of the company’s devices and that the application doesn’t gather data unless directed by Sprint, according to the Overland Park, Kansas-based company’s letter to Franken.

Network Performance

AT&T and Sprint said they use data gathered by Carrier IQ software to monitor network performance, including dropped calls and Internet service outages. The carriers said they receive customer location data and don’t collect the contents of e-mails or text messages, keystroke data, the contents of user’s search queries, or the names and contact information from user’s address books.

AT&T said it doesn’t collect the URLs of websites that customers visit, while Sprint said that it does. The companies said they believe customers are informed about the data collection through licensing agreements.

Samsung Telecommunications America, based in Richardson, Texas, listed 35 devices that have Carrier IQ software installed and said it has sold 25 million phones to wireless providers that had the application pre-installed, according to its letter. The company, a unit of Suwon, South Korea-based Samsung Electronics Co., said it doesn’t receive any data from Carrier IQ’s software.

HTC, a Taoyuan, Taiwan-based handset maker that was the biggest seller of smartphones in the U.S. in the third quarter, said about 6.3 million of its devices carry the software. The company doesn’t receive any Carrier IQ data, according to HTC’s letter to Franken.

Before it's here, it's on the Bloomberg Terminal. LEARN MORE