Hot Docs: Mobile software maker sued for logging keystrokes, texts

December 8, 2011

Phone spyElectronic privacy has been a major story in the past few years, as information becomes increasingly digitized.

Scores of lawsuits have, of course, followed revelations of varying levels of privacy infringement, for lack of a better term.

The level of invasion of privacy alleged in a recent round of lawsuits, though, is almost unprecedented.

The defendant in all of these suits, Carrier IQ (CIQ), is being charged with collecting a wide array of user data through its Mobile Intelligences software.

Users of what?

Cellular telephones, smartphones, tablets, and ereaders.

What kind of data?

Keystrokes, button presses, search engine queries, URLs visited, apps used, numbers dials, photos, calls made, location data, text messages (including the body of the message, as well as the identity of the recipient/sender), and pretty much any other personal data that ever graces your mobile device.

To top it off, the data is unencrypted and viewable simply by reading the software’s command log (not a difficult task for anyone with a moderate level of technical expertise).

In addition, there doesn’t seem to be any way to turn off or otherwise disable this software, at least not without modifying the firmware and voiding the device’s warranty.

And finally, the software does not inform the user of its activities, and naturally also doesn’t obtain user consent.

This software and its activities were made public just a few weeks ago by 25-year-old systems administrator Trevor Eckhart via a series of YouTube videos.

This revelation has sparked the abovementioned flurry of class actions, and this lawsuit is one of them.

Hot Doc: Steiner v. Carrier IQ Inc.

Source: Thomson Reuters News & Insight – National Litigation

As anyone who has been following this story can tell you, the facts aren’t all in as to what CIQ’s software does – just that it exists, it collects data, and it’s ostensibly used for the purpose of analytics.

Just how much and what kind of data is collected has been disputed, which may leave some to speculate whether these class action lawsuits are premature.

Here’s a hint: they aren’t.

You don’t need to have conclusive evidence of wrongdoing before filing a lawsuit; you just need to know that there’s a very high probability that you’ll be able to get what you need through discovery.

Moreover, in class action litigation, the earlier you file, the higher your success rate, so it should come as no surprise that so many suits have been filed so quickly without a lot of hard evidence.

Eckhart’s YouTube videos are pretty convincing, though, and they have gotten at least two U.S. Senators (Al Franken (D-MN) and Richard Blumenthal (D-CT)) and a Congressman (Edward Markey (D-MA)) demanding explanations from CIQ’s president and CEO.

In light of the heavy fire that CIQ has come under, many have pointed out that CIQ is not entirely to blame.

This is actually correct.

Not because the breadth of data collected (or potentially collectable) isn’t illegal – it clearly is – but because the data is collected for wireless carriers and mobile phone manufacturers.

Naturally, this has not escaped the notice of the class action litigators, many of whom have added Apple, HTC, Samsung, Motorola, AT&T, Sprint, and T-Mobile to their suits as defendants.

As mentioned earlier, this issue is still young.

As it matures, thanks to the many class action lawsuits, we’ll be sure to discover the full extent and nature of CIQ’s software, including which manufacturers and carriers are playing a part.

Lastly, as I’m sure you’re tired of hearing (because I’m certainly tired of saying it), this incident strongly demonstrates the need for Congressional action on privacy taking into account the technological advances of the past 25 years.