“It is vitally important to recognize that cellular telephony is a surveillance technology, and that unless we openly discuss this surveillance capability and craft appropriate legal and technological limits to that capability, we may lose some or all of the social benefits of this technology, as well as a significant piece of ourselves. Most people don’t understand that we’re selling our privacy to have these devices.” — Stephen Wicker, Cornell
What is startling about that statement is not what it implies, but that it gets stated so rarely, never in mainstream media, and in this instance, referring to an preinstalled Android app that runs in stealth mode without users knowledge, that it took so long to be made.
Wicker is writing about a particularly vile piece of what I call slimeware1 that has been shipped on various cell phones primarily in North America. To the best of my knowledge, it first came to light in August of this year and caused an absolute lack of concern amongst shiny junk users, who if they offered any kind of response at all, was generally along the lines of “stop being paranoid”. Wicker disagrees. From the same article –
“This is my worst nightmare,” says Stephen Wicker, a professor of electrical and computer engineering at Cornell. “As a professor who studies electronic security, this is everything that I have been working against for the last 10 years. It is an utterly appalling invasion of privacy with immense potential for manipulation and privacy theft that requires immediate federal intervention.”
“Carrier IQ claims that the collected data is ‘anonymized.’ Let’s give this a moment’s thought — about all that it deserves. How hard would it be to ‘de-anonymize’ a pile of text messages between me and my wife? My mother? My children? Banking IDs with passwords?”
Indeed. What does a Russian kid living the good life working for the Bratva care about your identity anyway if he has your banking credentials? The company responsible for this slimeware is Carrier IQ –
Carrier IQ is the leading provider of Mobile Service Intelligence Solutions to the Wireless Industry. As the only embedded analytics company to support millions of devices simultaneously, we give Wireless Carriers and Handset Manufacturers unprecedented insight into their customers mobile experience.
No shit. While logging every keystroke and movement is not unprecedented in general, it is unprecedented as a stealth default installed product, toeing the line of legality, on products purchased in good faith by consumers. Consumers are not informed of its presence, nor presented with an opt out option. The product is effectively hidden and can only be detected by folks with a fair degree of tech nous and who know what it is they are looking for in the first place. Despite protestations to the contrary from Carrier IQ, labeling this product as a trojan and a rootkit is entirely appropriate. A good overview of what Carrier IQ actually does, by Trevor Eckhart who has done most of the hardwork picking this slimeware to bits, can be read here.
What makes Carrier IQ so insidious is that it renders all of your secured communications irrelevent – it effectively hooks directly into your user processes. What this means in practice is that though your communications may be over secure and encrypted tunnels, it is listening to your data before it is encrypted, and after it arrives and is decrypted. It is capturing everything as raw, human readable text. Including all your user IDs and passwords. In plain text. Precisely what this capability has to do with improving cell network performance for consumers remains a mystery. Call me stoopid, but I can’t even begin to imagine how it could possibly be relevant.
The fallout from Eckhart’s disclosures was routine and predictable. Carrier IQ immediately initiated legal threats against him (.pdf of cease and desist letter) And just as quickly backed down when the EFF came to his aid (.pdf of response to cease and desist). This has been followed by the equally routine denials, excuses and pleas of pure innocence –
In an interview last week, Carrier IQ VP of Marketing Andrew Coward rejected claims the software posed a privacy threat because it never captured key presses.
“Our technology is not real time,” he said at the time. “It’s not constantly reporting back. It’s gathering information up and is usually transmitted in small doses.”
Coward went on to say that Carrier IQ was a diagnostic tool designed to give network carriers and device manufacturers detailed information about the causes of dropped calls and other performance issues.
And the current press release (.pdf) has deceptive wording similarly pleading innocence –
“Having examined the Carrier IQ implementation, it is my opinion that allegations of keystroke collection or other surveillance of mobile device user’s content are erroneous,” asserts Rebecca Bace of Infidel, Inc., a respected security expert.
Note the wording – that they don’t “collect” doesn’t mean it’s not captured in real time, which is what Eckhart has demonstrated. At this point and in this version the data is briefly cached and expires.
Evidently these excuses are good enough for The Register –
More than 48 hours after a software developer posted evidence Carrier IQ monitored the key taps on more than 141 million smartphones, a company official has come forward to rebut the disturbing allegations. And he’s provided enough technical detail to convince The Register the diagnostics software doesn’t represent a privacy threat to handset owners.
Yes, Carrier IQ is a vast digital fishing net that sees geographic locations and the contents of text messages and search queries swimming inside the phones the software monitors, the company’s VP of marketing, Andrew Coward, said in an extensive interview. But except in rare circumstances, that data is dumped out of a phone’s internal memory almost as quickly as it goes in.
– but they’re simply not good enough for me. This functionality built into Carrier IQ does not simply happen by “accident”. Programmers don’t work for free. They also work from predefined project scopes. This key logging and snooping functionality exists because the project architects at Carrier IQ specified it should. Telling me that the captured data only exists briefly in a volatile cache only tells me that nothing is done with the data – YET. And the question of why this functionality has been built in has not been addressed in any way. There is no assurance a future update won’t start pumping it all back to Homeland Security or the FBI or whatever other panty sniffer that wants to pay for it. To quote Bruce Schneier –
It is poor civic hygiene to install technologies that could someday facilitate a police state.
Pleas of innocence are hollow from an industry that is absolutely amoral and more than happy to prostitute itself to anyone that has the cash. The precedents are endless. The Wall Street Journal recently wrote an article on the security industry – and how it is equally as interested in providing products that compromise private citizens’ security, and the revamped Wikileaks is publishing a far more exhaustive study. Amongst abuses of this technology by despotic regimes, there are also the additional crises of this technology facilitating the loss of confidence in certificate authorities and SSL itself. And then there is the strange saga of HBGary Federal (and much more). In fact, privacy abuse is shaping up to be the boom industry of the 21st century.
These technologies cannot be trivialised. Carrier IQ is very much a part of the diseased culture of all digital technology. These technologies facilitate the detention, torture and murder of countless individuals in places such as China, Iran and Syria, to name a few, and all uniformly, as Carrier IQ, plead innocence – and are fully aware they are not. Western investors grow fat on torture and abuse of private citizens – this industry needs far more than just the regulation that Wicker is calling for. It needs full accountability – for complicity in crimes against humanity. Real punishment for real crime. This needs to happen and it needs to happen yesterday.
1 – Surreptitious software that technically is not illegal, but functionally does nothing of benefit to the user, usually by tracking your usage patterns and movements, stealing private data, or hijacking your search and browsing results. I also refer to people who make and use this kind of software as “panty sniffers” – they know what they are doing is wrong and they go to inordinate lenghths to conceal what they are doing out of shame.