A Cornell University professor is calling the controversial Carrier IQ smartphone software revelations a privacy disaster.
"This is my worst nightmare," says Stephen Wicker, a professor of electrical and computer engineering at Cornell. "As a professor who studies electronic security, this is everything that I have been working against for the last 10 years. It is an utterly appalling invasion of privacy with immense potential for manipulation and privacy theft that requires immediate federal intervention.
"Carrier IQ claims that the collected data is 'anonymized.' Let's give this a moment's thought -- about all that it deserves. How hard would it be to 'de-anonymize' a pile of text messages between me and my wife? My mother? My children? Banking IDs with passwords?"
A controversy over smartphone privacy has reignited this week following a coder's recent post detailing how a hidden software application on Android-based HTC phones can collect a range of information about the user's activities. The client program is from a venture-funded company called Carrier IQ out of Mountain View, Calif. It created software, dubbed by one security researcher as a classic rootkit, to collect a variety of "operational" data about the phone's usage, ostensibly to let carriers identify radio, performance and usage problems and correct them. Carrier IQ yesterday again denied that its embedded smartphone application records, stores or transmits personal user information such as SMS messages, email and the like.
Throughout the week carriers and phone makers have acknowledged their use of Carrier IQ software or distanced themselves from it. Apple said it no longer uses the software in its devices, as of its delivery of iOS 5. AT&T, Sprint, HTC and Samsung have confirmed their use of the software, while Verizon, Nokia and RIM have said they do not use it.
Wicker, who is the author of the book "Cellular Convergence and the Death of Privacy," to be published by Oxford University Press at the end of 2012, warns, "Since Carrier IQ tracks keystrokes, it has the potential to capture passwords and banking data that are normally encrypted prior to transmission through the cellular network. From a privacy perspective, what's appalling is Carrier IQ runs in the background -- most users will not know it's there -- and if those users do manage to detect the program, they cannot opt out.
"When combined with the concept of cellular convergence -- ever increasing numbers of information processing tasks performed on the cellular platform -- Carrier IQ stands out as an immense threat to individual privacy."
Wicker has been outspoken before about carrier and smartphone privacy issues. In April, he chimed in regarding controversy over revelations that iPhones, iPads and other Apple iOS devices track your whereabouts: "It is vitally important to recognize that cellular telephony is a surveillance technology, and that unless we openly discuss this surveillance capability and craft appropriate legal and technological limits to that capability, we may lose some or all of the social benefits of this technology, as well as a significant piece of ourselves. Most people don't understand that we're selling our privacy to have these devices."
Circle Bob on Google+
Read more about anti-malware in Network World's Anti-malware section.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.