What Is Carrier IQ?

Trevor Eckhart’s report on Carrier IQ:

From training documents found we get an insight to the Carrier IQ Portal. Devices are displayed to the portal operator by individual phone Equipment ID and Subscriber IDs. The “portal administrator” can put devices into categories and see devices in California that have dropped calls at 5pm.

The down side to all of this is the “portal administrator” is also able to “task” a single phone with a profile containing any combinations of metric and trigger. From leaked training documents we can see that portal operators can view and task metrics by equipment ID, subscriber ID, and more. So instead of seeing dropped calls in California, they now know “Joe Anyone’s” location at any given time, what he is running on his device, keys being pressed, applications being used.

From what I can see, Eckhart’s picture of exactly how Carrier IQ works is incomplete. But I’m pretty sure he’s onto something here. The best-case scenario he paints is still rather alarming. The worst-case scenario is that people working at your phone carrier, using Carrier IQ’s portal software, can watch what you’re doing on your phone as you do it.

Eckhart’s report clearly touched a nerve at Carrier IQ. They sent him this preposterous cease-and-desist order (PDF), which you really need to read to believe. Eckhart, with legal support from the EFF, stood his ground and forced Carrier IQ to retract the cease-and-desist.

Wednesday, 30 November 2011