Carrier IQ's Andrew Coward wouldn't directly address allegations when we spoke to him this morning, but the company's being a bit clearer now: it's just issued a press release that doesn't quite admit that its tracking software logs personal data, but does claim that the software "does not record, store or transmit the contents of SMS messages, email, photographs, audio or video." Needless to say, that's very important, and it's backed up by the testimony of security researcher (and author, and former NSA employee) Rebecca Bace, who believes that neither keystroke collection nor surveillance are occurring in the Carrier IQ software. We've printed the full statement below.
Carrier IQ also spoke to AllThingsD, and admitted that the contents of Trevor Eckhart's video — if not his conclusions — are accurate, too. "The software receives a huge amount of information from the operating system, but just because it receives it doesn't mean that it's being used to gather intelligence about the user or passed along to the carrier," Coward told the publication. He added that the software does indeed log website URLs, the time when SMS messages come in, phone numbers attached to them, and a variety of other data. According to the company, carriers solely determine what data is collected, how long it is stored and more, although such decisions are also allegedly subject to carriers' end-user agreements. The real question now is exactly what carriers like Sprint are doing with the versions of Carrier IQ they have installed — and what carriers like Verizon are doing with their own tracking software.
Carrier IQ Updates Statement: Operators Use Carrier IQ Software Only to Diagnose Operational Problems on Networks and Mobile Devices
To clarify misinformation on the functionality of Carrier IQ software, the company is updating its statement from November 23rd 2011 as follows:
We measure and summarize performance of the device to assist Operators in delivering better service.
While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.
"Having examined the Carrier IQ implementation it is my opinion that allegations of keystroke collection or other surveillance of mobile device user's content are erroneous," asserts Rebecca Bace of Infidel Inc. a respected security expert.
Privacy is protected. Consumers have a trusted relationship with Operators and expect their personal information and privacy to be respected. As a condition of its contracts with Operators, CIQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers' networks or in our audited and customer-approved facilities.
Carrier IQ is aware of various commentators alleging Carrier IQ has violated wiretap laws and we vigorously disagree with these assertions.
Our software makes your phone better by delivering intelligence on the performance of mobile devices and networks to help the Operators provide optimal service efficiency. We are deployed by leading Operators to monitor and analyze the performance of their services and mobile devices to ensure the system (network and handsets) works to optimal efficiency. Operators want to provide better service to their customers, and information from the device and about the network is critical for them to do this. While in-network tools deliver information such as the location of calls and call quality, they do not provide information on the most important aspect of the service - the mobile device itself.
Carrier IQ acts as an agent for the Operators. Each implementation is different and the diagnostic information actually gathered is determined by our customers – the mobile Operators. Carrier IQ does not gather any other data from devices.
CIQ is the consumer advocate to the mobile operator, explaining what works and what does not work. Three of the main complaints we hear from mobile device users are (1) dropped calls, (2) poor customer service, and (3) having to constantly recharge the device. Our software allows Operators to figure out why problems are occurring, why calls are dropped, and how to extend the life of the battery. When a user calls to complain about a problem, our software helps Operators’ customer service more quickly identify the specific issue with the phone.