Are You Being Tracked? 8 Ways Your Privacy Is Being Eroded Online and Off
In a recent hearing before the Senate Judiciary Committee, Sen. Al Franken reminded his fellow Americans, “People have a fundamental right to control their private information.” At the hearing, Franken raised an alarm about Carrier IQ’s software, CIQ.
Few people have ever heard about CIQ. Running under the app functions, CIQ doesn't require the user’s consent (or knowledge) to operate. On Android phones, it can track a user’s keystrokes, record telephone calls, store text messages, track location and more. Most troubling, it is difficult to impossible to disable.
Carrier IQ, located in Mountain View, CA, was founded in 2005 and is backed by a group of venture capitalists. Its software is installed on about 150 million wireless devices offered through AT&T, HTC, Nokia, RIM (BlackBerry), Samsung, Sprint and Verizon Wireless. It runs on a variety of operating systems, including the Apple OS and Google’s Android (but not on Microsoft Windows).
At the hearing, Sen. Franken questioned FBI director Robert Muller about the FBI’s use of CIQ software. Muller assured the senator that FBI agents “neither sought nor obtained any information” from Carrier IQ.
Following Muller’s Senate testimony, Andrew Coward, Carrier IQ’s VP of marketing, told the Associated Press that the FBI is the only law enforcement agency to contact them for data. The FBI has yet to issue a follow-up “clarification.”
CIQ is emblematic of a growing number of ongoing battles that delineate the boundary of what, in the digital age, is personal, private life and information. In this era of 0s and 1s, of globalization and instantaneous communications, what it means to be a person seems to be both expanding and contracting. The battle over personal privacy is as old as the nation and as contemporary as the latest tech innovation. Eight fronts in this battle delineate personal privacy in the digital age.
The Carrier IQ controversy exposed the long-festering problem of the Unique Device Identifiers (UDID), 40-digit-long strings of letters and numbers that distinguish one device from another. Most troubling, it cannot be blocked or removed by a user. (A report by the Electronic Freedom Foundation details how CIQ works.)
Sen. Franken’s hearing took place a few weeks after Trevor Eckhart, a security researcher, exposed the extent of information accessible by the CIQ software; Eckhart works for a firm that is a potential rival to Carrier IQ. Nevertheless, his findings are disturbing.
According to the company, its software is designed to improve mobile communications. CIQ is used to help businesses with GPS tracking of mobile devices and coordinate employee travel. The company initially denied there was anything suspicious about its software. Further analysis revealed a bug that allowed SMS messages to be captured.
Making matters worse, Carrier IQ attempted to silence Eckhart with a cease-and-desist letter, demanding he replace his analysis with a statement disavowing his research. Bowing to online pressure, the company withdrew the letter.
In the wake of the mounting scandal, most of the nation’s leading wireless providers are modifying how they implement CIQ. (For an excellent recap of the controversy and a status report on which carriers and phones employ CIQ, check out Brad Molen’s article in Engadget.)
Carrier IQ is not the only company being challenged over alleged tracking. Earlier this year, two suits were filed challenging Apple over how it collects and exploits data gathered from users of its mobile devices. (See #5 below.) In addition, comScore, the online analytics firm, is being sued for allegedly collecting Social Security numbers, credit card numbers, passwords, and other data from unsuspecting consumers. Its software allegedly “modifies a computer’s firewall settings, redirects Internet traffic, and can be upgraded and controlled remotely.”