Security, Privacy and Media Response: Carrier IQ and Subsequent Fear-mongering
Dec 6, 2011 10:06 AM –
The latest ‘scare’ in a growing line of recent privacy outrages is the one involving Carrier IQ. Now, the problem of writing about Carrier IQ is that the semi-official line of the swelling Android Community seems to change every few hours. The original discovery published on 28th November 2011, by Systems Administrator Trevor Eckhart, alerted the world to Carrier IQ and what their analytical monitoring software actually does. The Android Community media went from writing pointedly worried “Who are they?” articles with links to Eckhart’s YouTube video to a raft of “Is YOUR phone INFECTED?” pieces that initially seemed to offer very little and mean even less. This progressed extremely quickly to U.S. government, with Sen. Al Franken demanding an investigation and answers.
Carrier IQ were quite quick off the mark; hastily arranged boardroom meetings probably, spilt coffee and stern instructions to their Marketing department, which resulted in them insisting this was a carrier issue and certainly not a privacy risk. In the meantime, the Android community quickly found ways of knowing if Carrier IQ was on your phone, whether you should remove it or not and ways to remove it if it was. Cyanogenmod, creators of one of the most popular alternative ROMs for rooted phones were also quick to point out that Carrier IQ wasn’t included in their software. The story still has time to run yet I feel, with investigations ongoing and legalities being stoutly explored in different parts of the world. The pond gets even cloudier with research such as this, which suggests that things might not be as bad as they were initially touted.
The problem as I see it is not what this software does, but the fact users haven’t been appropriately asked permission. I do not know the in-and-outs of the technology, but when a new ROM activation asks you if they can monitor your usage to help improve their services, this has to be a similar principal doesn’t it? It makes me wonder how much it actually matters. Sure, permission should have been granted, but I’d be keen to find out how user experience actually differs between someone who has Carrier IQ toolkit on their device and someone who doesn’t. If it’s contributing to operators analysing usage to help improve future services- how bad is that really?
I worry that such ‘scares’ (as they seem to be often labelled) simply become a tool for technology writers to fill column after column of content, much of which doesn’t really conclude anything and only results in the Android Community exploding with confused rage about something only a few people understand. The Carrier IQ affair is certainly not the first case of privacy being flouted, and I doubt it will be the last.
Remember back in the spring when it was reported that iPhones and many Androids tracking, feeding back and storing location data? The Carrier IQ story just seems to be the latest in a long line of these scares, and certainly contribute to any number of potentially underhand practices within the mobile space. I started to notice stirrings of unscrupulousness when Android 2.2 (Froyo) came along. The smarter task management capabilities of the Android 2.2 meant that the brash “Task Killer” apps became pretty much redundant, yet they continued to be peddled, often as a ‘must-have’ and ‘essential’ app, perhaps unwittingly propagated by the wider Android community. In a platform that screams open-platform honesty, it was a bit grating to find out these paid apps were not actually required on your phone.
Looking at this objectively, there is a great deal of traction for technology writers when it comes to security fears; look at the thousands of articles written about Facebook and other social networks and how they deal with user privacy. Now, it would seem, at the slightest sniff of a privacy concern, the tech community goes crazy with guesswork; semi-paranoia-inducing, fear-mongering pieces that actually mean very little but provide to induce perpetual worry in users… and, of course, get lots of page hits.
As far as Carrier IQ, and many, many of other similar scares is concerned, there seems to be far more smoke than there is fire. There are more questions than answers and a great deal more fear inducement than is actually necessary. I mean, what is the worst that can happen to a user who has Carrier IQ on their phone? Besides being affronted that they didn’t ask you if it was OK in the first place, probably very little.