Speculation regarding the U.S. Federal Bureau of Investigation’s ties with troubled cellphone software firm Carrier IQ was sparked recently by the bureau’s rejection of a request made under the Freedom of Information Act.
The request aimed to uncover what records and information the bureau has on CarrierIQ.
The request was made by Michael Morisy of the Muckrock blog.
Muckrock describes itself as an open government tool powered by state and federal freedom of information (FOI) laws.
The FBI’s response to Morisy’s request, signed by David Hardy of the bureau’s records management division, stated the records were exempt from disclosure pursuant to the U.S. Code part 5 U.S.C. 552(b)(7)(A).
Morisy has 60 days from the date the FBI’s letter was signed to file an appeal.
What the FBI Said
5 U.S.C. 552(b)(7)(A) exempts from disclosure records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information “could reasonably be expected to interfere with enforcement proceedings,” Hardy wrote.
The records pertaining to Morisy’s request, according to Hardy, are law enforcement records, and there’s a pending or prospective law enforcement proceeding relevant to those records. Releasing the information in those records, he concluded, could reasonably be expected to interfere with the enforcement proceedings.
Open Wide And Say ‘Aaaah’
“It appears that the FBI is investigating Carrier IQ rather than using the software for their monitoring,” Darren Hayes, CIS program chair at Pace University, told TechNewsWorld.
The company’s “probably being investigated for violating the Wiretap Act under the Electronic Communications Privacy Act of 1986,” Hayes added.
The Electronic Communications Privacy Act of 1986 protects wire, oral and electronic communications while they are being made, are in transit, or when they’re stored on computers.
“Given the allegations that [Carrier IQ] violates privacy illegally, a criminal investigation on it shouldn’t be a stretch,” Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld.
However, the FBI probably “haven’t yet determined whether to file charges yet and may choose not to, depending on what they find,” said Enderle.
The FBI did not respond to requests for further comment for this story.
What’s the Fuss?
Speculation about an FBI probe is only the latest development in Carrier IQ’s short and hectic life under the media spotlight.
News that the company’s technology might be violating consumers’ privacy burst into the news earlier this month when hacker Trevor Eckhart alleged that the company was selling a rootkit to carriers.
Depending on how it’s deployed, Carrier IQ’s software lets carriers drill down into a great deal of usagey data, including what keys a consumer hit on a device’s keypad.
The ensuing brawl drew in the Electronic Frontier Foundation as well as Consumer Watchdog, and it also triggered Senator Al Franken to demand Carrier IQ answer a series of questions about its business and its product.
Key Logging and Carrier IQ
Google chairman Eric Schmidt has publicly accused Carrier IQ of offering a keylogger. Keyloggers are programs that capture all keystrokes on the device on which they’ve been installed.
Keystroke logging “is particularly invasive and illegal,” Pace University’s Hayes remarked.
Google and Apple probably get similar information through their smartphone apps, but “what seems to be different in this case is that consumers have had no ability to opt out of this invasive monitoring,” Hayes pointed out.
In Defense of Carrier IQ
Carrier IQ has contended it doesn’t capture the content of data on mobile devices.
“Our software does not record, store or transmit the contents of SMS messages, emails, photographs, audio or video,” Andrew Coward, vice president of marketing at Carrier IQ, told TechNewsWorld. For example, “We know which applications are draining your battery but do not capture the screen,” he explained.
More importantly, the carrier bears the responsibility for data collected.
“What’ s actually gathered, stored and transmitted to the carrier is determined by [its] end-user agreement with the consumer,” Coward said.
Carrier IQ creates a customized profile of its software according to instructions from carriers, who determine what data they need.
That software “must be used in compliance with the laws of the applicable jurisdiction, including those laws that apply to privacy,” Coward said.
The real problem isn’t that carriers may use Carrier IQ’s technology but that they didn’t ask consumers’ permission to capture data or disclose the use of that technology, Enderle stated.
“It doesn’t matter if the technology’s used beneficially any more than it matters if someone breaks into your house to vacuum your carpets,” Enderle pointed out. “The law requires that you give your permission.”