Beleaguered software vendor Carrier IQ has again denied that its embedded smartphone application records, stores or transmits personal user information such as SMS messages, email and the like.
The company said it was "updating" its Nov. 23 statement, posted on its website after a video and blogposts by systems administrator Trevor Eckhart purportedly showed that the CIQ application was logging keystrokes and SMS message contents. Eckhart's account of the application's inner workings has sparked a firestorm of denunciation and outrage, despite the fact his analysis has received almost no peer review.
But the Nov. 23 statement, labeled "Media Alert," is actually announcing that the company had withdrawn the cease-and-desist letter it had sent Eckhart, threatening legal action. That alert lists, in bullet points, assertions that the company's software does not do the things Eckhart claims it does.
The newest statement, and the company's only public response to the mounting controversy in the past week, adds little that's new.
Carrier IQ issued the new statement "to clarify misinformation" about the "functionality" of its software, which is installed on a range of mobile handsets at the request of carriers, such as Sprint in the U.S. It seems unlikely the latest statement, the company's only public response to the mounting controversy in a week, will add much clarity.
"While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video," according to the new statement. "For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen."
"Having examined the Carrier IQ implementation it is my opinion that allegations of keystroke collection or other surveillance of mobile device user's content are erroneous," Bace is quoted as saying. The barebones assertion is likely to raise far more questions than it's intended to answer.
Also new is the company's public denial that it has violated federal wiretap laws: "We vigorously disagree with these assertions."
The statement also again implies that the company's carrier customers are the ones who are responsible for securing and protecting the information they request via the Carrier IQ software: "Consumers have a trusted relationship with Operators and expect their personal information and privacy to be respected."
Here's the full "updated" statement from Carrier IQ.
Carrier IQ Updates Statement: Operators Use Carrier IQ Software Only to Diagnose Operational Problems on Networks and Mobile Devices
Mountain View, CA - December 1, 2011 - To clarify misinformation on the functionality of Carrier IQ software, the company is updating its statement from November 23rd 2011 as follows:
We measure and summarize performance of the device to assist Operators in delivering better service.
While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.
"Having examined the Carrier IQ implementation it is my opinion that allegations of keystroke collection or other surveillance of mobile device user's content are erroneous," asserts Rebecca Bace of Infidel Inc. a respected security expert.
Privacy is protected. Consumers have a trusted relationship with Operators and expect their personal information and privacy to be respected. As a condition of its contracts with Operators, CIQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers' networks or in our audited and customer-approved facilities.
Carrier IQ is aware of various commentators alleging Carrier IQ has violated wiretap laws and we vigorously disagree with these assertions.
Our software makes your phone better by delivering intelligence on the performance of mobile devices and networks to help the Operators provide optimal service efficiency. We are deployed by leading Operators to monitor and analyze the performance of their services and mobile devices to ensure the system (network and handsets) works to optimal efficiency.
Operators want to provide better service to their customers, and information from the device and about the network is critical for them to do this. While in-network tools deliver information such as the location of calls and call quality, they do not provide information on the most important aspect of the service - the mobile device itself.
Carrier IQ acts as an agent for the Operators. Each implementation is different and the diagnostic information actually gathered is determined by our customers - the mobile Operators. Carrier IQ does not gather any other data from devices.
CIQ is the consumer advocate to the mobile operator, explaining what works and what does not work. Three of the main complaints we hear from mobile device users are (1) dropped calls, (2) poor customer service, and (3) having to constantly recharge the device. Our software allows Operators to figure out why problems are occurring, why calls are dropped, and how to extend the life of the battery. When a user calls to complain about a problem, our software helps Operators' customer service more quickly identify the specific issue with the phone.
John Cox covers wireless networking and mobile computing for Network World. Twitter: http://twitter.com/johnwcoxnww Email: email@example.com Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed
Read more about anti-malware in Network World's Anti-malware section.