Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Lawmakers seek hearing on Carrier IQ privacy issues

Rep. Henry Waxman, two other lawmakers still have questions

The Carrier IQ privacy controversy shows little signs of letting up, as three lawmakers today called for a Congressional hearing on the implications raised by the use of the company's software by wireless carriers.

Reps. Henry Waxman (D-CA), G.K Butterfield (D-NC) and Diana DeGette (D-CO) sent an open letter ( download PDF ) to Rep. Fred Upton (R-MI), chairman of the House Energy and Commerce Committee, asking for an investigation of the data collection and transmission capabilities of Carrier IQ's software and similar products.

The letter, sent to Upton and two other subcommittee chairs, also asked Congress to find out whether Android phones were sold with security problems that would have exacerbated the problems caused by Carrier IQ's software.

"Data collection and transmission by Carrier IQ and similar software is widespread, and consumers appear to have little knowledge and even less control over the practice," the three lawmakers wrote. "There continue to be many unanswered questions about the handling of this data and the extent to which its collection, analysis, and transmission pose legitimate privacy concerns for the American public."

The Carrier IQ controversy erupted in late November, after independent security researcher Trevor Eckhart published a report showing how Carrier IQ's software could be used by wireless carriers to capture detailed information from Android-powered mobile devices, iPhones and other smartphones.

Eckhart's disclosure ignited a firestorm of concern and criticism from multiple quarters -- especially when it became clear that the software had been quietly installed on millions of handsets, had been collecting information without notice and was hard to remove.

Several wireless service providers and handset makers, including AT&T, Sprint, Apple, HTC and Samsung admitted to installing the software in their mobile devices and were promptly hit with lawsuits alleging violation of federal wiretap laws.

Sprint later disclosed that it had installed Carrier IQ software on 26 million handsets and had been using it since 2006, while AT&T said it had the software running on close to a million devices. Sprint in December announced it would disable the software on its handsets following the lead of Apple, which said it would remove the software from its iPhones.

Carrier IQ itself has maintained from the outset that its software is designed purely to collect information that can help wireless carriers improve network and device performance. The company has denied Eckhart's claims that its software can be used for keylogging purposes and has insisted that claims the software was used for intrusive data gathering are misplaced.

In today's letter, the lawmakers said that several questions remain unanswered.

"What are the data collection, analysis, and transmission capabilities of Carrier IQ and similar software, and what privacy protections are built into the software?" the letter said. "Were Android phones sold with security flaws that could have exacerbated privacy concerns related to Carrier IQ and other software and, if so, have these flaws been addressed? "

The trio also asked for an investigation into the disclosure practices of carriers and device manufacturers and of the security and privacy risks associated with the data collection and transmission enabled by Carrier IQ and similar software tools.

"Before last month, even the most technically savvy customers may not have been aware of the presence of this software and of its capacity for transmitting sensitive information," the lawmakers wrote. Even if they had been aware, they would not have been able to remove the software.

A Carrier IQ spokeswoman today said the company has already provided extensive details on the capabilities of its software to members of Congress and their staff. "We look forward to answering any further questions that may arise," she said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com .

Read more about privacy in Computerworld's Privacy Topic Center.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Apple, Carrier, CA Technologies, etwork, Fred, HTC, Samsung, Sprint, Topic
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Carrier IQ, consumer electronics, government, Gov't Legislation/Regulation, privacy, Regulation, security, smartphones
Latest Blog Posts
Whitepapers
  • Oracle BPM Suite 11g: BPM without Barriers
    Over the years vendor specialists built tools to simplify a subset of the overall complex process like workflow, or enterprise application integration. Business process management suite software introduced the promise of a comprehensive solution to manage all enterprise processes and to do so with greater efficiency. Read on.
    Learn more »
  • Why Hackers have Turned to Malicious JavaScript Attacks
    Website attacks have become a serious business proposition. In the past, hackers may have infected websites to gain notoriety or just to prove they could—but today, it’s all about the money. Reaching unsuspecting users through the web is easy and effective. Hackers now use sophisticated techniques—like injecting inline JavaScript—to spread malware through the web. Learn about the threat of malicious JavaScript attacks, and how they work. Understand how cybercriminals make money with these types of attacks and why IT managers should be vigilant.
    Learn more »
  • New Mobility Requires a New Network Strategy
    Computing has gone through several major transitions through the ages, each of which raised the value of the network and dramatically lowered the cost of computing. In the years after its birth in the mainframe era, the computing industry shifted to client/server and then Internet computing. Today, we are beginning yet another major computing revolution: the shift to mobile computing. This revolution already allows us to carry mini computers, called “smartphones,” in our pockets. This shift will drive down the cost of computing even further and drive up the value of the network, forever changing its role in organisations. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.