Volume X

Issue : 7: December 8, 2011

• The FCA Holds Business Methods May be Patentable in Amazon.com Ruling
• B.C. Supreme Court Grants Injunction against Domain Operation and Transfer
• Carrier IQ Smart Phone Diagnostic Tool May Pose Serious Privacy Risk
• CIRA Domain Name Decision Broadens Scope of Bad Faith
• Assange Appeals to Supreme Court to Avoid Extradition

Home > Volume X > Issue 7: December 8, 2011 > Carrier IQ Smart Phone Diagnostic Tool May Pose Serious Privacy Risk

Carrier IQ Smart Phone Diagnostic Tool May Pose Serious Privacy Risk

A piece of software installed as a diagnostic tool on many US smart phones, has come under scrutiny for active and potential privacy breaches associated with its use.  Carrier IQ makes software which logs all activity on certain Android and Apple smart phones offered by of AT&T, Sprint Nextel and others; which it purports is used solely as a diagnostic tool.  Trevor Eckhart posted a 17 minute YouTube video which purports to show how the Carrier IQ software logs every keystroke, website URL and other private user information; and also how it is hidden from users, operates without any user consent and will not turn off even if a user makes a specific request to do so.  Given how easily Mr. Eckhart is able to retrieve the Carrier IQ logged data from his phone for display in the video; in addition to the possibility that Carrier IQ or the network operator is collecting this data, there could be a risk that other third parties may be able to tap into this data source of passwords, usage patterns, personal information, and valuable business information.  

Following the interest generated by the video: US Senator Al Franken issued a demand letter to Carrier IQ to explain what it collects and how it is used; US Representative Edward Markey has petitioned the Federal Telecommunications Commission to investigate whether Carrier IQ has violated user privacy rights, and a breach privacy suit has been filed in the US District Court for the Northern District of California.  

In its YouTube response and press release, Carrier IQ claims that the diagnostic tool it has created is used solely for network and device optimization.  Other commentators have noted that the fears might be overblown.

In the Canadian context, Canadian network operators deny that the software operates on its networks.  Given the Canadian Guidelines for Privacy and Online Behavioural Advertising, issued December 6, 2011 by the Canadian Privacy Commissioner, should the Carrier IQ data be used for directed online advertising purposes, it would clearly be not compliant with the consent and opt-out guidance, and would likely be otherwise non-compliant with PIPEDA.

For further commentary, please visit:  
http://www.edition.cnn.com/2011/12/02/tech/mobile/carrier-iq-reactions/ 

Or, visit:  
http://www.theglobeandmail.com/news/technology/mobile-technology/us-congressman-calls-for-privacy-rights-probe-of-controversial-carrier-iq/article2258512/ 

For the Canadian Guidelines for Privacy and Online Behavioural Advertising, visit: http://www.priv.gc.ca/information/guide/2011/gl_ba_1112_e.pdf