Jump to content

Carrier IQ

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 128.135.68.186 (talk) at 18:49, 3 December 2011 (Rootkit wiretapping controversy). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Carrier IQ, Inc.
Company typePrivate
IndustryMobile telecommunications
PredecessorCore Mobility company
Founded2005
FounderKonstantin Othmer[1][2][3]
Headquarters,
United States
Number of locations
London
Malaysia
ProductsEmbedded diagnostic software
ServicesMobile analytics services
Websitewww.carrieriq.com

Carrier IQ is a privately-owned mobile software company founded in 2005 and based in Mountain View, California. It provides mobile analytics services for smartphones to the wireless industry. The company states that its software is deployed in over 150 million devices worldwide.[4][5]

The company notes:

Carrier IQ is unique in the wireless industry because we are the only company embedding diagnostic software in millions of subscribers’ phones. And, we are the only ones who add the "IQ" or smarts to the data. This is actionable intelligence – information and analysis you can use to identify problems and more importantly, solve them. And, we are a proven leader with millions of handsets deployed with Carrier IQ software inside.[6]

History

The company was founded by Konstantin Othmer and is a spin-off from his Core Mobility company. Through its Mobile Service Intelligence Platform (MSIP) its software "aggregates, analyzes, and delivers data to wireless carriers and device manufacturers. This information proves a valuable resource for these businesses to understand the quality of service their customers experience."[1]

On January 27, 2009, the CEO Mark Quinlivan announced it had received $20 million Series C financing from Intel Capital, and Presidio Ventures, a Sumitomo Corporation Company.[7]

On February 9, 2009, it announced a partnership with Huawei Technologies to develop a "new range of datacards that will provide improved feedback on the mobile broadband user experience."[8]

On June 17, 2009 it had TiE selected as a TiE50 "One of the Hottest Global Emerging Companies."[9]

On June 16, 2010 Bridgescale Partners announced $12 million in Series D financing for the company.[10]

On October 18, 2010 VisionMobile announced Carrier IQ had joined the "100 Million Club" with its software installed on 100 million phones.[11]

On August 31, 2011, Operating Partner at Mohr Davidow Ventures Larry Lenhart was named CEO. The announcement noted that in the second quarter of 2011 Carrier IQ passed the petabyte milestone in processed analytics data.[12]

On October 19, 2011, Carrier IQ and third party vendor Nielsen Company announced a partnership on analyzing data.[13]

On October 27, 2011, IDC named Carrier IQ "Innovative Business Analytics Company Under $100M"[14]

On November 12, 2011, Trevor Eckhart published a report indicating that Carrier IQ software was capable of recording user keystrokes.

Rootkit wiretapping controversy

On November 12, 2011, Torrington, Connecticut researcher Trevor Eckhart claimed in a post on androidsecuirtytest.com[15] that Carrier IQ was logging information such as location without notifying users or allowing them to opt out,[16] and that the information tracked included detailed keystroke logs,[17] potentially violating US Federal law.[18] Carrier IQ on November 16, 2011, sent Eckhart a cease and desist letter claiming that he was in copyright infringement by posting Carrier IQ training documents on his website and also making "false allegations."[19][20] Eckhart sought and received the backing of user rights advocacy group Electronic Frontier Foundation.

On November 23, 2011, Carrier IQ backed down and apologized.[21] In the statement of apology, Carrier IQ denied allegations of keystroke logging and other forms of tracking, and offered to work with the EFF.[22]

On November 28, 2011, Eckhart published a you tube video that he claims shows Carrier IQ software in the act of logging, as plain text, a variety of keystrokes. Included in the demonstration were clear-text captures of passwords to otherwise secure websites, and activities performed when the cellular network was disabled.[23] However, although the video shows capture of the keystrokes, the demonstration also shows that the data is being transmitted outside the device and directly to Carrier IQ. Carrier IQ responded with the statement, "The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools."[24][25] A datasheet for a product called Experience Manager on Carrier IQ's public website clearly states carriers can "Capture a vast array of experience data including screen transitions, button presses, service interactions and anomalies".[26]

If the claims by Eckhart are true, the process of sending usage data is in conflict with Carrier IQ's own privacy policy which states: "When Carrier IQ's products are deployed, data gathering is done in a way where the end user is informed or involved." [27]

On December 1, 2011 Carrier IQ issued a "clarification" to its November 23 statements: "While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen...As a condition of its contracts with operators, Carrier IQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers’ networks or in our audited and customer-approved facilities...Carrier IQ acts as an agent for the operators. Each implementation is different and the diagnostic information actually gathered is determined by our customers – the mobile operators. Carrier IQ does not gather any other data from devices. Carrier IQ is the consumer advocate to the mobile operator, explaining what works and what does not work. Three of the main complaints we hear from mobile device users are (1) dropped calls, (2) poor customer service, and (3) having to constantly recharge the device. Our software allows operators to figure out why problems are occurring, why calls are dropped, and how to extend the life of the battery. When a user calls to complain about a problem, our software helps operators’ customer service to more quickly identify the specific issue with the phone."[28]

There has been debate whether Carrier IQ software actually sends the collected data in real time or if it is stored on the phone and only get read out later. The company clearly states that its software is able to provide real time data on their web page: "Carrier IQ’s Mobile Service Intelligence solution eliminates guesswork by automatically providing accurate, real-time data direct from the source – your customers' handsets." (bold font added) [29]



Distribution

On December 1, 2011, AT&T, Sprint and T-Mobile confirmed it was on their phones. Sprint said, "We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool...The information collected is not sold and we don't provide a direct feed of this data to anyone outside of Sprint." Verizon was the only of the four biggest U.S. firms to say it was not installed on their phones.[30]

Apple, HTC and Samsung said the software was installed on their phones. Apple said it had quit supporting the application in iOS 5. It said, "With any diagnostic data sent to Apple, customers must actively opt-in to share this information...We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so." It said it would scrub the software from phones in some future release.[31] HTC (whose Android phone was the subject of Eckhart's video) said, it was required on its devices by a "number of U.S. carriers." It added "It is important to note that HTC is not a customer or partner of Carrier IQ and does not receive data from the application, the company, or carriers that partner with Carrier IQ."[30]

Nokia and Research in Motion said it categorically was not authorized for their phones.[30] However, this does not prevent mobile carriers from installing it after the phone is manufactured.

According to the company's website the software is also installed on NEC mobile devices.[32] and the company has a partnership with Vodafone Portugal.[33]

Although the phone manufacturers and carriers by and large say the software is strictly used to monitor its phone systems and not to be used by third parties, a press release on October 19, 2011 touted a partnership with Nielsen Company. The press release said, "Together, they will deliver critical insights into the consumer experience of mobile phone and tablet users worldwide, which adhere to Nielsen’s measurement science and privacy standards. This alliance will leverage Carrier IQ's technology platform to gather actionable intelligence on the performance of mobile devices and networks."[34]

Government response

On December 1, 2011, Senator Al Franken, chairman of the United States Senate Judiciary Subcommittee on Privacy, Technology and the Law sent a letter to Lenhart asking for answers to 11 questions and asking whether the company was in violation of the Electronic Communications Privacy Act, including the federal wiretap statute (18 U.S.C. § 2511 et seq.), the pen register statute (18 USC § 3121 et seq.), and the Stored Communications Act (18 U.S.C. § 2701 et seq.)and the Computer Fraud and Abuse Act (18 U.S.C. § 1030).[35]

Board of Directors

Its board of directors in November 2011 are:[36]

References

  1. ^ a b Carrier IQ, Inc., PrivCo.com
  2. ^ Konstantin Othmer, Our Team, Seraph Group
  3. ^ US 6167358, Othmer, Konstantin & Derossi, Chris, "System and method for remotely monitoring a plurality of computer-based systems", published December 26, 2000 
  4. ^ Carrier IQ Named as an Innovative Business Analytics Company Under $100M to Watch, Mountain View, CA, October 27, 2011
  5. ^ Carrier IQ apologizes, drops threat to security researcher, by Stephen Shankland, 2011/11/25, CNET News.com
  6. ^ "Overview". Carrier IQ. Retrieved 2011-12-02.
  7. ^ http://www.carrieriq.com/company/PR.CIQ-SeriesC.2009-01-27.pdf
  8. ^ http://www.carrieriq.com/company/PR.CIQ-Huawei.2009-02-09.pdf
  9. ^ http://www.carrieriq.com/company/PR.TieConRelease2009.090617.pdf
  10. ^ http://www.carrieriq.com/company/PR.CarrierIQandBridgescalePartners.20100616.pdf
  11. ^ http://www.carrieriq.com/company/PR.100M_VisionMobile_FINAL_10_18_10.pdf
  12. ^ http://www.carrieriq.com/company/PR.LarryLenhartCEO.pdf
  13. ^ http://www.carrieriq.com/company/PR.Nielsen_CIQ_News_Release_Oct_19_2011.pdf
  14. ^ http://www.carrieriq.com/company/PR.IDC_Names_Innovative_Companies_FINAL_10_27_11.led.pdf
  15. ^ http://androidsecuritytest.com
  16. ^ How much of your phone is yours?, By: Russell Holly, 2011/11/15, Geek.com
  17. ^ Researcher’s Video Shows Secret Software on Millions of Phones Logging Everything, By David Kravets, 2011/11/29, Wired
  18. ^ Andy Greenberg (2011/11/30). "Phone 'Rootkit' Maker Carrier IQ May Have Violated Wiretap Law In Millions Of Cases". Forbes. Retrieved 2011-12-02. {{cite web}}: Check date values in: |date= (help)
  19. ^ https://www.eff.org/sites/default/files/eckhart_cease_desist_demand_redacted.pdf
  20. ^ Carrier IQ Tries to Censor Research With Baseless Legal Threat, By Marcia Hofmann, 2011/11/21, EFF.org
  21. ^ Carrier IQ Drops Empty Legal Threat, Apologizes to Security Researcher, By Marcia Hofmann, 2011/11/23, EFF.org
  22. ^ Carrier IQ Press Statement, November 23, 2011, (Carrier IQ official response to incident)
  23. ^ BUSTED! Secret app on millions of phones logs key taps, By Dan Goodin, 30th November 2011 - The Register
  24. ^ Carrier IQ ‘Wiretap’ Debacle: Much Ado About Something?,By Matt Peckham, December 1, 2011, (questions about transmission), Techland - TIME.com
  25. ^ "'Secret' app installed on millions of Android phones reads your messages | Mail Online". Dailymail.co.uk. 2nd December 2011. Retrieved 2011-12-02. {{cite web}}: Check date values in: |date= (help)
  26. ^ IQ Insight Experience Manager, Product Overview (PDF:2009), Carrier IQ
  27. ^ http://www.carrieriq.com/company/privacy.htm
  28. ^ http://www.carrieriq.com/company/PR.CIQ_Press_Statement_DEC_1_11.pdf
  29. ^ http://www.carrieriq.com/overview/index.htm
  30. ^ a b c Jaikumar Vijayan (December 1, 2011). "AT&T, Sprint confirm use of Carrier IQ software on handsets". Computerworld.com. Retrieved 2011-12-02.
  31. ^ "How to turn off Carrier IQ on your iPhone - iPad/iPhone - Macworld UK". Macworld.co.uk. 2011-12-02. Retrieved 2011-12-02.
  32. ^ NEC and Carrier IQ Announce Global Partner, February 17, 2009, Carrier IQ
  33. ^ News Release: Vodafone Portugal Pioneers Innovative Mobile Broadband Experience Management Architecture Using Carrier IQ Technology, July 31, 2009, Carrier IQ
  34. ^ Nielsen and Carrier IQ Form Global Alliance to Measure Mobile Service Quality,October 19, 2011, Carrier IQ
  35. ^ http://franken.senate.gov/?p=press_release&id=1868
  36. ^ "Board of Directors". Carrier IQ. Retrieved 2011-12-02.
Rootkit wiretapping controversy