Questions you should ask now that Carrier IQ has become a ‘gate’

• Reprints

Shown at left is a Samsung Infuse 4G smartphone and at right is an HP Veer 4G smartphone in San Francisco, Monday, May 9, 2011. (AP Photo/Eric Risberg)

Updated: December 2, 2011 5:14PM

It took about two weeks for the situation with Carrier IQ to fully blossom into a full-blown, “-gate” suffix-scale scandal. But blossom it has. It turns out that millions of smartphones have a hidden piece of tracking software on it, built by a company called Carrier IQ. The worse news is that this secret app -- discovered, publicized, and demonstrated with smoking-gun clarity by security researcher Trevor Eckhart for almost two months, though the full scale of the problem was hardly appreciated -- potentially has access to more or less everything that happens on your phone. In some incarnations, the app is even logging the contents of your text messages and web activity and sending data to the remote servers of the company that created it.

The worster news is that Carrier IQ (which by any definition of the term is a broadly-enabled keylogger and piece of spyware) was pre-installed on these phones with the express intent of the phone makers and carriers. There’s simply no way to remove it because whether you like it or not, it’s “meant” to be there.

Not since the Hollywood Madam scandal -- you know, that lone isolated incident in which dozens of high-profile men in politics, entertainment and business were apparently paying tens of thousands of dollars to a high-class escort service for, er, escorting services of a high-class nature -- have so many cellphones been scrutinized so closely for incriminating data. Though Carrier IQ was first documented on Android devices, the software has been found everywhere. The Apple community’s initial reaction of “Well, sure, you have to put up with that kind of crap when you buy an Android phone, don’t you?” was quickly stifled when a few Carrier IQ droppings were found on iPhones going back three generations of iOS. iPhone jailbreaking wiz Grant Paul has been doing stellar work in examining the iOS implementation and believes that the software doesn’t seem to log any data and doesn’t load at all if the user has opted not to enable the iPhone’s built-in “Send diagnostic information automatically” feature.

At this stage, it’s easier to describe the phones that don’t have Carrier IQ installed than the ones that do. Verizon has scrambled to assure its customers that it’s never used the Carrier IQ software, as has Nokia. (Fab. But do you have a different app that accomplishes the same things, folks? . . . Folks?)

The software hasn’t been found on any Windows Mobile 7 phones. Nilay Patel of TheVerge.com reports (citing an unnamed source) that it’s not present on any Google-branded Android phones and isn’t on the XOOM tablet, either.

The story’s still developing and what two months ago appeared to be (sadly) a familiar case of a single handset maker on a single carrier collecting more personal information than what seems prudent could wind up redefining the relationship between providers and users. It’s going to be tough to determine the exact purpose of this app and the damages (or even the possible benefits) it delivers to its unwitting users without frank and open disclosure from Carrier IQ, the handset makers, and the carriers, all of whom contributed to this ridiculous breach of consumer trust.

Did I say “possible benefits”? Sure, and I’m not just talking about the $1.82 credit you might receive after the inevitable class-action suit is won and the lawyers have been paid. All phones need to have some way of diagnosing its own problems, either as a method of telling the network that a nearby cell tower is playing up, as a way for the carrier to fine-tune and balance traffic to ensure that each of its users gets the best possible voice and data experiences, or as a way for a customer service rep to figure out what’s wrong with your phone when you contact the carrier for support.

Noted. But since the story broke, hundreds of researchers have been examining this app closely in all of its implementations and only a fool would dismiss the possibility that some of these carriers are using Carrier IQ to mine marketing data. Only an optimist would dismiss the possibility that somewhere in the world, there lurks a criminal enterprise that’s willing to work just a little harder to intercept this information than Carrier IQ is working to protect it.

Don’t expect Frankness and Openness to happen without regulatory agencies getting involved, however. What does Carrier IQ (the company) have to say about this? Well, after trying to intimidate Eckbart into retracting his report -- and they pursued that tack so aggressively that he was forced to seek legal defense from the Electronic Frontier Foundation -- the company posted a terse, four-paragraph press release on their site that more or less boasts of the durability and accuracy and craftsmanship of the fine guns they make, and then insists that whatever a government or rebel force decides to do with them after the point of sale isn’t their responsibility.

What kinds of data can be collected from consumers and how it can be used is escalating up the threat ladder as though it were wearing rocket boots. Industries are swerving closer and closer to that definitive moment where they’re going to have to regulate themselves before the government steps in and does it for them.

Part of the problem is the sheer volume of data that can be mined from even the simplest software or service, and all of the ways that it can be exploited. Trying to establish a company’s true privacy policy via its published policies and click-through agreements is like trying to establish whether or not a difficult six-year-old child has brushed his teeth before bedtime, via a simple yes-or-no question.

Here’s the questionnaire I’d be sending to the maker of every device or software I’d ever consider using.

SECTION ONE of THIRTEEN: Location information.

Does this thing track my location? How finely-tuned is the data? Is it going by WiFi, GPS, or my own input?

If it’s collecting my location data, where is it stored? On the device only, or is it sent out to a server? Whose server? Under what circumstances? Is this data backed up to a hidden file on my desktop?

Is this location data stored on the device securely? Is it being sent to the server securely?

Can I opt out of this data collection?

How long does the device or your server hold on to this data? Minutes? Hours? Days? Weeks? Months? Indefinitely?

Will you hand over historical information to law enforcement, if requested? A trade organization? To the attorney of a suitably-motivated and well-financed individual who’s suing me?

Is this location information personally-identifiable (“Andy Ihnatko”)? Non-identifiable (a randomly-generated but persistent user ID that doesn’t identify me but which could be associated with my true identity by a sufficiently shrewd piece of code)? Or is it anonymized (I’m identified solely by a one-time hash)?

Is the unique identifier of the device itself granted this same level of anonymity or non-anonymity?

For what purpose is my location data being collected? For troubleshooting my device and your network problems? Is this data being collected and transmitted all the time, or only when this feature is activated? Can it be activated without my knowledge or involvement? Would it be used for troubleshooting a problem I’m having with this device (so there’s a personal upside) or to help figure out why there are so many dropped calls in your part of town (so at least I’m giving up a little privacy to make the network function better for everybody)?

Is my location data being used for marketing purposes? If so, your own? Strictly your partners’?

Is this data also available to the apps I’ve installed on the device? Are your partners and those apps constricted by the terms of the same legally-binding agreement you’ve established with me?

Are you delivering aggregate info (“the 7,852,281 subscribers who have red hair, a post-doctorate education, and are big fans of professional hockey”), anonymized info (“a user who makes between $500,000 and $750,000 a year [aside: oh, Andy, always the dreamer] and who has purchased a movie ticket with his phone within the past three weeks”) or personal info (“Andy Ihnatko. Do feel free to link that with the profiles that other marketing companies have built about this guy”)?

Regardless of the data you’re collecting: what happens if a company with access to my information is sold to another company, or goes out of business? Does the owner of the first company’s assets inherit my information, and are they constricted by the same terms as the original?

And here we’re just talking about location info.

What we need, I think, is an industry consortium -- with the FTC standing behind it, tapping a large baseball bat into the palm of its hand ominously -- that defines and polices a simple set of codes akin to the ones that precede movies and television programs. The eight-screenfuls of text that you must click through and agree to before using a new device are useless. Nobody reads them carefully and even if they did, the actual meaning of these terms is deliberately obscured.

Don’t do away with the legalese. In this economy I’m happy that anybody can find decent, regular work, even if they’re getting paid to write this kind of nonsense. But precede it with a single page with a simple panel of codes.

“A1, J3, W3” - “Okay, that means that it can collect keystrokes, but only for diagnostic purposes and only with my express approval during an actual service session; it collects location information and hands it off to apps such as Yelp or TomTom that request it; personal data is occasionally sent to the company servers, but it’s fully anonymized and not retained for more than 24 hours. I’m cool with that. I accept.”

The entertainment ratings system has its pluses and minuses. But at this stage, it’s sophisticated enough that within the first ten seconds of a movie on HBO, I can tell at a glance that not only does this episode of “Boardwalk Empire” have nudity...it’s the good kind, not the dull, clinical type. I proceed as a happy, engaged, and informed consumer.

If such a boon to humanity can help TV and movie viewers, why can’t it be applied to help to inform the public of the increasing dangers to their privacy, to develop a consistent and unambiguous language, and to aid enforcement of policies that companies pretend to hold dear? It’s put up or shut up time.