December 14, the deadline Senator Al Franken gave to answer his questions about Carrier IQ, came and went. Now the responses are public. Franken also questioned FBI director Robert Mueller in the Senate Judiciary Committee about the FBI’s collection of information specifically obtained from Carrier IQ’s software. Thankfully, Franken was not satisfied by the answers he received in either inquiry. From Franken’s press release, which includes companies’ responses,
“I appreciate the responses I received, but I’m still very troubled by what’s going on,” said Sen. Franken. “People have a fundamental right to control their private information. After reading the companies’ responses, I’m still concerned that this right is not being respected. The average user of any device equipped with Carrier IQ software has no way of knowing that this software is running, what information it is getting, and who it is giving it to—and that’s a problem.”
There’s a big problem of specificity in how the media reported Trevor Eckhart’s (XDA Recognized Developer, TrevE’s) research. And now, anyone who wants the issue minimized is exploiting that lack of specification of what people mean when they say “Carrier IQ” to avoid saying anything damning. For example, look for the clarity in Mueller’s initial response, where the FBI “neither sought nor obtained any information from Carrier IQ”–the company–in this video:
When Franken pressed on, trying to clarify the question, it was abundantly obvious how unpracticed Mueller was at using “Carrier IQ“ to mean the software. Of course, the assertion that the FBI never sought information from Carrier IQ, the company, isn’t true. Andrew Coward, Carrier IQ’s VP of Marketing, told The Associated Press that the FBI is the only law enforcement agency to contact them for data. It’s a discrepancy that will probably be excused by the semantic ambiguities of “sought”.
The EFF posted an article about the lack of clarity in reporting about Carrier IQ, identifying four different meanings of “Carrier IQ”. It should be standard reading for anyone making inquiries into the Carrier IQ issue. I personally feel that Carrier IQ themselves are responsible for much of the confusion. Instead of giving words like “IQ Agent”, which is their software’s name, they gave words like “metrics” and “profile”, which require a working understanding of their software. Eyes glaze over as people read technical explanations, and they give up, deciding to just say, “Carrier IQ”.
Responsibility is perpetually deferred using this ambiguity. Carrier IQ says the data belongs to the carriers. The carriers have the software installed by the manufacturers. The manufacturers say they’re simply following instructions from the carriers. The carriers say the data is aggregated by Carrier IQ. Carrier IQ says they send the data to the carriers. Nobody shares the information with anyone else. And the FBI never sought or obtained information from Carrier IQ. Except they did. And they didn’t. Maybe.
Examine Sprint’s response to Franken’s seventh question, “Has your company disclosed this data to federal or state law enforcement?”
Sprint has not disclosed Carrier IQ data to federal or state law enforcement.
The ambiguity even here is dangerous. Does this response mean they don’t share data collected by the software on individual phones? Does it mean they don’t share the aggregated data from Carrier IQ, the company? Does it mean they don’t share the kind of data collected by IQ Agent? Does it mean they don’t tell law enforcement what they know about Carrier IQ, the company?
Franken has every reason to be dissatisfied with these answers. I implore members of the media and their readers to do their part in clarifying the issue in their articles, and by demanding clarifications in their interviews.___________________