The Carrier IQ kerfluffle that came to light after a researcher, Trevor Eckhart, revealed some really spooky snooping took a wicked turn. Andy Greenberg reports:
A piece of keystroke-sniffing software called Carrier IQ has been embedded so deeply in millions of Nokia, Android, and RIM devices that it’s tough to spot and nearly impossible to remove, as 25-year old Connecticut systems administrator Trevor Eckhart revealed in a video Tuesday.
That’s not just creepy, says Paul Ohm, a former Justice Department prosecutor and law professor at the University of Colorado Law School. He thinks it’s also likely grounds for a class action lawsuit based on a federal wiretapping law.
The Mountain View, California-based firm is really getting a lot of bad press since Trevor Eckhart published his findings. First they threatened to sue him – until EFF jumped in to defend him and made them see the errors of their way. Now this. Watch the video and be … appalled… offended… furious:
Somewhat ironically, Carrier IQ’s most recent tweet, on November 21, was “Understanding the experience of the mobile user.” I guess they meant really, really, really, REALLY understanding the experience.
But not everyone agrees with Professor Ohm’s opinion that Carrier IQ could be facing a criminal wiretap charge or massive class action lawsuit. In a post on Pastebin today, security researcher Dan Rosenberg writes, in part:
After reverse engineering CarrierIQ myself, I have seen no evidence that they are collecting anything more than what they’ve publicly claimed: anonymized metrics data. There’s a big difference between “look, it does something when I press a key” and “it’s sending all my keystrokes to the carrier!”.
In response, Professor Ohm tweeted
Wiretap only if one “acquires” content, so maybe a defense, but “anonymized metrics data” may be content.
I guess we’ll have to wait to see if federal prosecutors charge the firm. What’s more certain is that at least some lawyers will rush to file a civil suit.