A few days ago news came out about a company called "Carrier IQ" installing data on phones that will report usage to carriers to improve service. Initially, it was reported that this software was a keystroke logger, which would have been nearly as bad as this, but apparently it doesn't actually track keystroke. What's a keystroke logger? Well, it's a pretty common way to get access to information. Essentially, it tracks every since keystroke you make while typing and stores it as well as the software you're using. So, if you get this type of software onto the computer of, say, a business competitor, you can get access to all the information related to a given product. You'd have to get it on the right computer and you'd probably get some information you don't care about. How would this impact you as a user? Well, if it had been on there, basically every single email, text, website or instant message would have been logged and sent to whatever company cared about it.
In the video above a developer walks through the functions of Carrier IQ on an HTC device. It appears, in this case, that CIQ can, in fact, operate as a key logger. However, there are some additional points of concern with this bit of software. First it reads a great deal of information from incoming and outgoing data. It's indicated that SMS information goes to CIQ BEFORE the user is notified that an SMS has come through. An additional point of concern is the fact that CIQ is able to get information from HTTPS, at least over WiFi. This should be a serious concern as the point of HTTPS, the stuff your bank data is sent with, is supposed to be encrypted and is the safest way to handle data.
I checked my phone and it's not on the Samsung Galaxy. If you rooted your phone, then you are safe. Otherwise you should be aware your location and other data may be set to your phone manufacturer or your service provider.
Richard Stallman, the founder of GNU/Linux license, noted that these types of applications are created when users aren't able to actively see what's going on with software. It's a loss of control over your data that is really the danger here. I agree with Stallman, but don't go as far, that we need to have more transparency with the software that we use. Users should be able to have more control over what is going on with the devices they purchase. Users should be outraged that data can be tracked with no method of stopping the tracking. This is a huge invasion of our privacy and these companies should be fined heavily for this.
I have no reason to trust Carrier IQ or any company that uses this software. I'm disappointed in HTC. Apple does have it in some of the earlier versions of iOS, however it only operated during diagnostic mode. It has also been indicated that, unlike what the video claims, that this software isn't on Nokia devices.
Al Franken has called for Carrier IQ to explain how this software works and what it does. I think there needs to be a call for something a step farther and that is a patch to allow users to turn off the program and remove it as soon as possible.
As consumers we need to be aware of the fact that companies are trying to use software and technology to control and track our behavior. Currently we still feel outraged by this and at times feel that we should be reaping the benefit of firms collecting our data. However, unless something changes this will become the norm and we won't feel like our privacy is being invaded. It will become, that's how it's always been.
Further Reading:
http://arstechnica.com/tech-policy/news/2011/12/carrier-iq-hit-with-privacy-lawsuits-as-more-security-researchers-weigh-in.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss
http://www.androidcentral.com/carrieriq-qa
No comments:
Post a Comment