Carrier IQ May Have Violated Wiretap Law In Millions Of Cases

Declan McCullagh declan at
Thu Dec 1 05:45:00 PST 2011

  [From Dave Farber's IP]

On the other hand, Carrier IQ may *not* have violated wiretap law in
millions of cases.

Dan Rosenberg said that he has reverse-engineered Carrier IQ and found "no
evidence that they are collecting anything more than what they've publicly
claimed: anonymized metrics data." He found "no code in CarrierIQ that
actually records keystrokes for data collection purposes." See:

John Graham-Cumming also is unconvinced:
"If you watch the 'security researcher's' video you'll find that nowhere
does he make the claim that content that the application sees is leaving
the device... At no point does he enter a debugger and look inside the
CarrierIQ application, and at no point does he run a network sniffer and
look at what data is being transmitted to CarrierIQ."

Sprint said today that "we do not and cannot look at the contents of
messages, photos, videos, etc., using this tool," which is a pretty broad

I hope that IPers remember the panic earlier this year when Samsung was
falsely accused of installing key loggers on laptops. Network World, which
ran the article, ended up deleting it and saying, in a lovely passive voice,
that "an apology has been issued":

If Carrier IQ is transmitting keystrokes or the contents of communications,
I'll be the first to call them on it. But, as far as I know after watching
the video, nobody has demonstrated that's what the software actually does.


More information about the cypherpunks-legacy mailing list