Barely Legally

Confessions of a Moot Court Bailiff

Rosenberg on Carrier IQ

Remember a couple of weeks ago, when the news over Carrier IQ was that they sent meaningless cease and desist orders and threatened legal action against a guy who was researching their software? The EFF stepped in to defend free speech and liberty pretty much like Superman, except their underwear goes inside their pants. It was kind of a feel-good moment for everyone. Then came the horror stories about what this software was doing, and on how many millions of phones it was installed.

140 million installs? It knows what I’m texting and to whom? The world went crazy enough when Apple was just logging the location of cell towers on my iPhone. Now that you’re telling me that Carrier IQ knows what web sites I’m on, we can pretty much expect western civilization to collapse immediately. Somebody start the lawsuits!

All hope is not lost, however. Security researcher Dan Rosenberg is here with some good news:

Since the beginning of the media frenzy over CarrierIQ, I have repeatedly stated that based on my knowledge of the software, claims that keystrokes, SMS bodies, email bodies, and other data of this nature are being collected are erroneous. I have also stated that to satisfy users, it’s important that there be increased visibility into what data is actually being collected on these devices. This post represents my findings on how CarrierIQ works, and what data it is capable of collecting.

The rest of his post is actually pretty reassuring. They’re collecting a lot of metrics, and there are some surprising ones, but the contents of your dirty text messages are safe. Which is good, because mine are pretty dirty.