In the last few weeks, there have been reports about how smartphone users’ data could be quietly gathered and used by companies via software from a company called Carrier IQ. Sen. Al Franken (D-Minn.), chairman of the subcommittee on Privacy, Technology and the Law of the Senate Judiciary Committee, wrote to Carrier IQ demanding answers about how this technology affects cellphone users’ privacy. European officials are investigating the company for possible privacy violations. Carrier IQ spoke with the Wall Street Journal’s All Things D about its software.
Now, MIT Technology Review speaks with Jonathan Zittrain, a Harvard Law School professor and cofounder of the Berkman Center for Internet and Society, who suggests that cellphone carriers allow users to see what data their phones are sending and to whom — to add an audit function in cellphones:
“The auditing function can be implemented by Apple and by handset makers through Android. Make it part of the ‘About’ tab. And it would show with whom the phone has been communicating and the sorts of things it has been sending,” [Zittrain said.]
Zittrain raised the idea in an interview following a controversy over software developed by a small company called Carrier IQ. Installed on at least 140 million phones, the software is designed to operate in the background and send performance data from handsets to telecom carriers, allowing carriers to diagnose dropped calls and obtain other network information. […]
[Carrier IQ] says the details of the implementation were up to handset makers and that its product didn’t “record, store, or transmit” personal information. That stance has been backed up by some researchers who have nonetheless called for tighter control over what the software can do and—echoing Zittrain’s proposal—for more visibility for end users. […]
There is no easy way for users to disable or remove the tool, which runs behind the scenes regardless of what the user is doing on the phone. But some handset makers, including HTC, have said they are exploring whether to allow consumers to opt out of data collection by Carrier IQ. And a security company, Bitdefender, last weekend released an app that can detect whether Carrier IQ is running on a phone. Another company, Whisper Systems, already offers Android apps that can help keep track of what different apps are up to on a device.
Catalin Cosoi, head of online threats at Bitdefender, however, says that inserting the Carrier IQ auditing function would have to be done at the operating system level, to which application developers do not have access. It would require a tweak by Apple to its iOS operating system, or by handset makers and networks using Android and other operating systems.
Until that happens, Cosoi adds, users have one other way to check what their smart phones are sending out: they can connect the phone to a laptop or PC running a traffic-sniffing program, such as Wireshark. But this is a fairly technical procedure, not the kind of simple function that users have come to expect on their phones.