[From Dave Farber's IP] On the other hand, Carrier IQ may *not* have violated wiretap law in millions of cases. Dan Rosenberg said that he has reverse-engineered Carrier IQ and found "no evidence that they are collecting anything more than what they've publicly claimed: anonymized metrics data." He found "no code in CarrierIQ that actually records keystrokes for data collection purposes." See: http://pastebin.com/aiYNmYVz John Graham-Cumming also is unconvinced: "If you watch the 'security researcher's' video you'll find that nowhere does he make the claim that content that the application sees is leaving the device... At no point does he enter a debugger and look inside the CarrierIQ application, and at no point does he run a network sniffer and look at what data is being transmitted to CarrierIQ." http://blog.jgc.org/2011/11/getting-little-tired-of-security.html Sprint said today that "we do not and cannot look at the contents of messages, photos, videos, etc., using this tool," which is a pretty broad denial: http://news.cnet.com/8301-31921_3-57335110-281 I hope that IPers remember the panic earlier this year when Samsung was falsely accused of installing key loggers on laptops. Network World, which ran the article, ended up deleting it and saying, in a lovely passive voice, that "an apology has been issued": http://news.cnet.com/8301-31921_3-20049259-281.html If Carrier IQ is transmitting keystrokes or the contents of communications, I'll be the first to call them on it. But, as far as I know after watching the video, nobody has demonstrated that's what the software actually does. ------------------------------