Recently, there have been reports about how smartphone users’ data could be quietly gathered and used by companies via service called Carrier IQ. Now, Sen. Al Franken (D-Minn.), chairman of the subcommittee on Privacy, Technology and the Law of the Senate Judiciary Committee, has written to Carrier IQ demanding answers about how this technology affects cellphone users’ privacy.
Franken noted that, “Earlier this week, a researcher confirmed that software developed by Carrier IQ was logging and potentially transmitting the sensitive information of consumers, including” information such as “the phone numbers they dial,” “the contents of text messages they receive,” “the URLs of the websites they visit,” “the contents of their online search queries,” and “the location of the customer using the smartphone—even when the customer has expressly denied permission for an app that is currently running to access his or her location.”
Franken wrote to Carrier IQ President and CEO Larry Lenhart, saying:
It appears that [your company’s] software runs automatically every time you turn your phone on. It also appears that an average user would have no way to know that this software is running—and that when that user finds out, he or she will have no reasonable means to remove or stop it. […]
I understand the need to provide usage and diagnostic information to carriers. I also understand that carriers can modify Carrier IQ’s software. But it appears that Carrier IQ’s software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics—including who they are calling, the contents of the texts they are receiving, the contents of their searches, and the websites they visit.
These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.
I ask that you provide answers to the following questions by December 14, 2011.
(1) Does Carrier IQ software log users’ location?
(2) What other data does Carrier IQ software log? […]
(5) If Carrier IQ receives this data, does it subsequently share it with third parties? With whom does it share this data? What data is shared?
(6) Will Carrier IQ allow users to stop any logging and transmission of this data? […]
(8) Has Carrier IQ disclosed this data to federal or state law enforcement? […]
(10) Does Carrier IQ believe that its actions comply with the Electronic Communications Privacy Act, including the federal wiretap statute (18 U.S.C. § 2511 et seq.), the pen register statute (18 USC § 3121 et seq.), and the Stored Communications Act (18 U.S.C. § 2701 et seq.)?
(11) Does Carrier IQ believe that its actions comply with the Computer Fraud and Abuse Act (18 U.S.C. § 1030)? Why?