The Carrier IQ privacy controversy shows little signs of letting up, as three lawmakers today called for a Congressional hearing on the implications raised by the use of the company's software by wireless carriers.
Reps. Henry Waxman (D-CA), G.K Butterfield (D-NC) and Diana DeGette (D-CO) sent an open letter ( download PDF ) to Rep. Fred Upton (R-MI), chairman of the House Energy and Commerce Committee, asking for an investigation of the data collection and transmission capabilities of Carrier IQ's software and similar products.
The letter, sent to Upton and two other subcommittee chairs, also asked Congress to find out whether Android phones were sold with security problems that would have exacerbated the problems caused by Carrier IQ's software.
"Data collection and transmission by Carrier IQ and similar software is widespread, and consumers appear to have little knowledge and even less control over the practice," the three lawmakers wrote. "There continue to be many unanswered questions about the handling of this data and the extent to which its collection, analysis, and transmission pose legitimate privacy concerns for the American public."
The Carrier IQ controversy erupted in late November, after independent security researcher Trevor Eckhart published a report showing how Carrier IQ's software could be used by wireless carriers to capture detailed information from Android-powered mobile devices, iPhones and other smartphones.
Eckhart's disclosure ignited a firestorm of concern and criticism from multiple quarters -- especially when it became clear that the software had been quietly installed on millions of handsets, had been collecting information without notice and was hard to remove.
Several wireless service providers and handset makers, including AT&T, Sprint, Apple, HTC and Samsung admitted to installing the software in their mobile devices and were promptly hit with lawsuits alleging violation of federal wiretap laws.
Sprint later disclosed that it had installed Carrier IQ software on 26 million handsets and had been using it since 2006, while AT&T said it had the software running on close to a million devices. Sprint in December announced it would disable the software on its handsets following the lead of Apple, which said it would remove the software from its iPhones.
Carrier IQ itself has maintained from the outset that its software is designed purely to collect information that can help wireless carriers improve network and device performance. The company has denied Eckhart's claims that its software can be used for keylogging purposes and has insisted that claims the software was used for intrusive data gathering are misplaced.
In today's letter, the lawmakers said that several questions remain unanswered.
"What are the data collection, analysis, and transmission capabilities of Carrier IQ and similar software, and what privacy protections are built into the software?" the letter said. "Were Android phones sold with security flaws that could have exacerbated privacy concerns related to Carrier IQ and other software and, if so, have these flaws been addressed? "
The trio also asked for an investigation into the disclosure practices of carriers and device manufacturers and of the security and privacy risks associated with the data collection and transmission enabled by Carrier IQ and similar software tools.
"Before last month, even the most technically savvy customers may not have been aware of the presence of this software and of its capacity for transmitting sensitive information," the lawmakers wrote. Even if they had been aware, they would not have been able to remove the software.
A Carrier IQ spokeswoman today said the company has already provided extensive details on the capabilities of its software to members of Congress and their staff. "We look forward to answering any further questions that may arise," she said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org .
Read more about privacy in Computerworld's Privacy Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.