This article intends to extrapolate the implications of egzthunder1’s article on Carrier IQ, and to comment on the responses by Carrier IQ, HTC, and Sprint, given in Russell Holly’s article on Geek.com.
The point–short, sweet, and at the beginning of the article–is that we do not get to choose whether this information is collected. Or who sees it. Authorized employees only? Marketing and polling firms? Law enforcement? All rhetorical questions, because we don’t know.
To be clear, the “information” I’m talking about are the Android intents logged by Carrier IQ, discovered by TrevE, which include your location, when you open an app and what app you open, what media you play and when you play it, when you receive an SMS, when you receive a call, when your screen turns off or on, and what keys you press in your phone dialer.
Assuming the best, these companies want to know every detail about you so that they can update services to bring you the best products possible. Note, however, that there is no log to show that the best product possible is one in which data about me is not collected.
If this data collection means little to you, think about this: If Google’s vision of Android@Home comes true, these companies will know when you eat, when you sleep, when your house is empty. They will know when you buy food by your refrigerator temperature, when and how you cook that food, and when you wash the dishes. They will know how long you spend in each room of your house, based on when you flip the light switch. And so on. That’s only the uses Google presented at Google I/O 2011.
Nevermind the very real possibility of exploits that would give criminals all this information. And still assuming the best, it’s not that we think Sprint employees would rob us based on all that information. The question is, who needs information like that, anyway? And who needs all the information currently gathered? Nobody with good intentions. While each of these companies may have good intentions, that’s still the impression. It’s also not that I think I, personally, would be incriminated by that data. It’s simply my life. Mine. No company has any excuse for stealing that. No matter the reason.
So I find it interesting that each company’s response blames someone else as an excuse for our data being collected. Carrier IQ says they provide a service that collects data, and what is done with that data is up to the manufacturers and carriers. HTC says they put it on their phones because the carriers tell them to. Sprint says it’s on their phones because we, their customers, obligate them to do so. And if there’s one certainty in any blame game, it’s that blame is used to minimize your own guilt.
Carrier IQ, you sound like J. Robert Oppenheimer on the day Hiroshima was bombed. HTC, if you refused to let it on your phones, you may get less money from carriers, but at least you won’t betray the people who want so desperately to fall in love with your work. (Though, based on your implementation of HTCLogger and TellHTC, I doubt you have the heartstrings to pull.) And Sprint, do not blame us. Not when you don’t give us the option to opt out. We gave you no obligation, because we gave you no permission.
Here is a list of options you have to begin regaining our trust, in order from most to least acceptable:
1) Discontinue automatic data collection and publicly apologize for abusing your customers.
2) Give us full–and I mean full–development access to our devices, including proprietary source codes, so we may offer people the best alternatives to your invasion of privacy.
3) Publicly disclose every single customer you sold our information to, what you sold them, and give us the names and business addresses of every person with access, current or past, to your Carrier IQ Portal.
4) Publicly disclose all the information gathered, in detail, and explain the exact methods used to keep our data anonymous. Oh, and make it anonymous, whether we opt in or not.*
5) Adopt a policy that allows anyone who cites privacy concerns to terminate their contract, no matter how far they are into the contract term, without any fees or payments outside what is owed up to that point.
*This won’t really score any brownie points with us. It’s simply the bare minimum of what you should be doing already, and are not. Don’t bother pointing at the fine print on the service and purchase agreements. I found my grandfather’s magnifying glass to read it. You didn’t list all the information you gather, let alone in detail. Nor did you explain your methods for keeping the information anonymous. And based on the training manuals downloaded from the Carrier IQ site, “anonymous” simply isn’t the word for it. Not even you should know whose data it is.___________________