"What’s more, the company is demanding that Eckhart inform Carrier IQ of the names of all persons to which Eckhart has forwarded the training material. The company also wants Eckhart to send “written retractions” to everybody who has viewed his research in hard copy or on the web."
It is the way with lawyers. They yell at everyone, and anyone who doesn't sit down they roll back and figure out what to do next. The eff link was pretty good on this.
So its 'sane' in the sense that their livelyhood is being threatened and they are fighting back, however their business model is reprehensible so the question becomes whether or not a phone/carrier can use this press to differentiate by advertising "no carrier iq surveillance"
Of course the underlying issue is differentiation and value. Specifically, wireless carriers despise the idea of being data pipe suppliers. I first ran into this at my startup FreeGate when we were selling an appliance that let an ISP hook up a small business to the Internet and provide a better service experience (you could do service via the appliance and the customer didn't have to know anything about the Internet). Anyway, it was a great idea until ISPs realize that just selling cheap internet wasn't going to be sustainable for their business model, they had to sell web site hosting and email and other 'value add' services. Of course our box did all that and the ISP's offering was superfluous. Whoops, there goes one of your channels.
Carrier IQ's business is to collect and codify 'business intelligence' which the carrier can then resell at a markup to third parties. Things like 'this guy just came out of a dealership down the street before he walked into yours' level of details. That is very valuable to people who want to close a sale, its also pretty damn intrusive.
This is one of those places where Stallman's rants on 'free' software get a boost in legitimacy from the real world. Knowing exactly who is controlling the computers you own is serious 21st century business.
"Andrew Coward, Carrier IQ’s marketing manager, said in a telephone interview Tuesday that the company, not Eckhart, should be in “control” of the manuals."
When they jokingly told Andrew that "PR" stood for "Pernicious Reputation" they didn't think he'd take them seriously.
Wouldn't a simple opt-out be the best PR response to this kind of press.
Is this information classified as Customer Proprietary Network Information (CPNI) if so it is required to be optional for the customer, and would be handled by the provider not CIQ.
When CarrierIQ was dubbed one of the Fierce 15, they were working with seven of the top ten major OEM’s, as well as Verizon Wireless, AT&T, and Sprint. Currently, Trevor has found CarrierIQ in a number of Sprint phones, including HTC and Samsung Android devices. CarrierIQ is confirmed to be found on the iPhone or on feature phones, but Trevor has found RIM’s Blackberry handsets and several Nokia devices with CarrierIQ on board as well.
But that was a passing mention and I haven't found anywhere else to back up that claim.
I doubt the iPhone uses this, but don't kid yourself, it has the ability to monitor everything you do on that phone.
From a practical standpoint, manufacturers and service providers want that ability. But it's how they intend to use the information that counts. Nobody has proven to me so far that it's entirely benign.
When you say "it has the ability to monitor everything", do you mean that it would be entirely possible for Apple to build something into their phones to do this if they chose, or that they have already done it?
The first one of those is clearly true - Apple has control over hardware and software and could put pretty much anything they wanted in there to track your activity.
The second one is, to my knowledge, pure speculation. Apart from their anonymous stats - that you are able to opt out of - I've seen nothing to suggest that anything similar to this on iPhone.
You asked for proof that the data is correctly and securely used. That is what cannot be proved, regardless of your trust in the company or lack thereof.
Carriers don't have access to the source code AFAIK, correct me if I'm wrong but they can only change the "cellular" part of the phone (baseband, carrier packages, etc).
You don't need access to the full code of the OS, just enough to write kernel drivers. Once your code is running at ring0, you can rootkit away. I wonder how similar iPhone kernel development is compared to Mac OSX?
I think Apple actually customizes the firmware packages for each carrier since they maintain separate versions for ATT/Verizon for each iPhone model...
I don't even have an iPhone nowadays, I'm just curious. :)
That doesn't seem to be the case when I've looked into the firmware updates. The reason they have different iPhones for ATT and Verizon is they are using completely different radio systems. The firmware updates aren't carrier specific or else the online jailbreaking guides (many include ipsw checksum) wouldn't work in different countries.
Since what CarrierIQ is doing is considered illegal in many countries I'm fairly sure Apple wouldn't want to open themselves up to that type of liability.
It doesn't use this, but if you check the diagnostic dumps in iOS5 (it's buried somewhere in settings) you'll see it gathers pretty much simillar data (I've seen battery status, app installation, free space etc. in there).
What remains to be seen if any of that data is sent to Apple if you opt out of "diagnostic data" sending.
I base my personal guess of "no" on the fact that Carrier IQ is currently advertising several job openings that ask for deep knowledge of Android internals, and zero job openings requiring similar iOS experience.
Of course, the possibility remains open that Apple simply implemented something similar in-house.
I'm all against spying on people, but I cannot help but notice the sensationalist slant of the article. After all, I believe the main problem is not the botched reaction of the "rootkit" company, but the mobile operators who put it to use on their own paying customers.
Anyway, the simlock-free/unsubsidized Google's Galaxy Nexus just got another bit sexier for me.
More importantly, this destroys my trust in OEMs, such as HTC. That, in response to inquiries about the inclusion of CarrierIQ rootkit, HTC's PR rep only said "Uhm err uhhh, ask your carrier".
Why should I need to ask the carrier? You signed the APK (CarrierIQ application) bundles with your certificate, HTC.
Ok, devil's advocate here - Carrier IQ are bad, and are making themselves look worse, and the carriers are complicit in all of this, but... Sharing the manuals is still copyright violation, and Eckhart can have the same effect, while being legally protected, by writing about them and using (clearly) fair use quotes from the manuals.
The EFF says Eckhart’s posting of the files is protected by fair use under the Copyright Act for criticism, commentary, news reporting and research [...]
The issue with using quotes is that Carrier IQ would just claim they are out of context and dismiss his findings thus. By posting the unmodified manuals everyone can verify it easily.
I'm perplexed how anyone could believe iOS is somehow different simply because Apple doesn't need to purchase a "rootkit" from a third party like CarrierIQ.
Apple, a hardware company, is well-suited to write their own "rootkit" in-house. They no doubt have their own techniques for getting the same information that CarrierIQ gathers.
To think Apple is not interested in the same information about their customers just seems incredibly naive or like some kind of cognitive dissonance.
If anything I would imagine Apple has set the bar for how much "intelligence" can be collected on its customers and the carriers are basically playing catch up.
To think Apple is not interested in the same information about their customers just seems incredibly naive or like some kind of cognitive dissonance.
Actually I think there's definitely room for argument there. Apple may be be interested, sure - but unlike Google, they don't have an imperative to collect and sell that information. Google and Apple, for the millionth time, have different business models. Apple takes money from people who buy its devices and software. Google takes money from advertisers. Both are focused on getting the people who give them money, to give them more money. So while Apple certainly could collect and sell this information, they actually have a choice. If Google didn't collect and sell this information, someone interested in a minority-shareholder lawsuit could argue that they were leaving money on the table and doing a disservice to their shareholder.
Apple is one of the most profitable companies in the world right now, and on top of that a company whose corporate culture rejects stuff like Carrier IQ. Google is in a position where they could conceivably be sued for not implementing something like this, and is a company whose corporate culture prizes data, data, data and endless analysis.
It is 100% plausible that one of these companies would implement a Carrier IQ style of rootkit, and the other would not.
There's a very active iOS jailbreak community who should be able to confirm/deny this. They'd know by now how often iOS phones phone home, and what data they send
There is also a very active Android community, and they're just finding out so I wouldn't be so sure. From a structural perspective, it would also make more sense if any of their own statistical software lived in the iOS itself, while the nature of android (specifically the google/mfg divide) that would drive this information collecting into an app to in that ecosystem.
Insane.