Trevor Eckhart’s report on Carrier IQ:
From training documents found we get an insight to the Carrier IQ
Portal. Devices are displayed to the portal operator by
individual phone Equipment ID and Subscriber IDs. The “portal
administrator” can put devices into categories and see devices
in California that have dropped calls at 5pm.
The down side to all of this is the “portal administrator” is
also able to “task” a single phone with a profile containing
any combinations of metric and trigger. From leaked training
documents we can see that portal operators can view and task
metrics by equipment ID, subscriber ID, and more. So instead of
seeing dropped calls in California, they now know “Joe
Anyone’s” location at any given time, what he is running on
his device, keys being pressed, applications being used.
From what I can see, Eckhart’s picture of exactly how Carrier IQ works is incomplete. But I’m pretty sure he’s onto something here. The best-case scenario he paints is still rather alarming. The worst-case scenario is that people working at your phone carrier, using Carrier IQ’s portal software, can watch what you’re doing on your phone as you do it.
Eckhart’s report clearly touched a nerve at Carrier IQ. They sent him this preposterous cease-and-desist order (PDF), which you really need to read to believe. Eckhart, with legal support from the EFF, stood his ground and forced Carrier IQ to retract the cease-and-desist.
★ Wednesday, 30 November 2011