Not only has Carrier IQ admitted to having a bug that could unintentionally track text messages — the company had maintained during the debacle that the program only tracked metrics like dropped calls and battery life, not keystrokes — but speculation of whether the FBI may use such information has emerged.
SlashGear reports that Muckrock filed a Freedom of Information Act request to the FBI and received a response that neither confirms nor denies the agency’s use of information collected by the program in investigations but it is a response that has raised eyebrows:
The Muckrock FOIA request asked the FBI for “manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ.” In response, the FBI denied any disclosures stating that any information it revealed could jeopardize ongoing investigations. Muckrock is seeking to appeal the FBI’s decision.
Although the FBI’s statement doesn’t confirm that it has indeed been scanning the data collected by Carrier IQ in any of its law enforcement proceedings, it appears that they do have something on file that could either affect current legal cases involving the use of the data or affect the current investigation of Carrier IQ.
Forbes reports that the FBI denied the FOIA request because it “could reasonably be expected to interfere with law enforcement proceedings.”
At the same time, Carrier IQ has finally admitted that in some capacity, the software does log messages, which it had denied before. Slashgear obtained a Carrier IQ FAQ document that stated a flaw in the software could inadvertently allow it to track things like text messages.
Here’s what Carrier IQ said:
“Carrier IQ has discovered that, due to this bug, in some unique circumstances, such as a when a user receives an SMS during a call, or during a simultaneous data session, SMS messages may have unintentionally been included in the layer 3 signaling traffic that is collected by the IQ Agent. These messages were encoded and embedded in layer 3 signaling traffic and are not human readable.”
“Carrier IQ has never intentionally captured or transmitted keystrokes and is not aware of any circumstances where this has occurred” the company concludes, reiterating that it “is not a keylogger and no customer has asked Carrier IQ to capture key strokes.”
Slashgear goes on to report Carrier IQ as stating the potential for leaks that would cause privacy issues in these cases is slim. Read the full document for Understanding Carrier IQ Technology here.
Uproar over Carrier IQ emerged in late November when Trevor Eckhart posted on his blog two videos detailing how the program he found on an HTC smartphone was able to track several functions on the phone and was difficult to remove. After that, several smartphone providers admitted to using the program on their phones but only for performance tracking of the device. Even with Carrier IQ trying to assuage the privacy concerns of smartphone users, the software developer along with several phone providers have been issued a class action lawsuit for violating the Federal Wiretap Act, the Stored Electronic Communications Act and the Federal Computer Fraud and Abuse Act.