Tag Archives: carrieriq

Carrier IQ’s Opt-Out Data Collection Patent

ZDNet writes here about an Carrier IQ patent that outlines keylogging and ability to target individual devices . Which is interesting. But Carrier IQ owns a dozen patents, including this one, which to me is much more interesting. This patent indicates what Carrier IQ software could do—not what it does—but it is revealing nonetheless:

A communication device and a data server record and collect events and event-related data to create an activity record. A user of the communication device may request that events and related data be recorded and collected using a configuration option on the communication device or through an interaction with the data server. Data are grouped into data sets and uploaded to the data server either automatically or upon user approval. The data server uses the uploaded data to create an activity record which the user may access through a website. The user uploads additional data which are associated with the activity record. In some instances, the data server embeds a link pointing to the additional data in an entry in the activity record corresponding to an event associated with the additional data.

Basically this patent offers a way for a “user”—which could be either the user of the device or the service—to have a record of everything they do:

image

While most of the patent is clearly about a product that would create a ‘lifestream’ for the user—where they can access all the things they’ve done with the device, including photos etc, in one tidy presentation, there’s clearly more to it than that. Buried in the patent are indications that it could do all this without the user asking it to. It’s paragraph 0023 which I think is most interesting:

A user of a mobile device requests that events and event-related data be collected by a data server and data collection begins. Alternately, data collection may be a default setting which is turned off only when the device user requests that data collection not occur. In yet another embodiment, a request from a server can initiate, pause, or stop data collection. The mobile device is configured to record events performed by the mobile device as well as event-related data. Typical events that the mobile device records include making or receiving a phone call; sending or receiving a message, including text, audio, photograph, video, email and multimedia messages; recorded voice data, voice messages, taking a photograph; recording the device’s location; receiving and playing an FM or satellite radio broadcast; connecting to an 802.11 or Bluetooth access point; and using other device applications. The data most often related to an event include at least one of: the time, date and location of an event. However, other event-related data include a filename, a mobile device number (MDN) and a contact name. Commonly, the mobile device records events and provides a time, date and location stamp for each event. The events and event-related data can be recorded in sequence and can be stored on the mobile device.

This seems to suggest that

  • basically all activity on the phone can be logged
  • the software can be turned on by default
  • the software can be turned on and off from the server

All this information would be grouped together and uploaded either with the user’s permission or without it:

[0025] The mobile devices may be configured to store one or more data sets and upload the data sets to the data server. In one embodiment, the data sets are uploaded automatically without user intervention, while in other embodiments the mobile device presents a query to the user beforehand. When the mobile device is ready to upload one or more sessions to the data server, a pop-up screen or dialog may appear and present the user with various options. Three such options include (1) delete session, (2) defer and ask again and (3) upload now. The user interface may present the query every time a session is ready to upload, or the user may be permitted to select multiple sessions for deletion, a later reminder or upload all at once. In another embodiments, the uploading of sessions may occur automatically without user intervention. Uploads may also be configured to occur when the user is less likely to be using the device.

This point—about the option to collect such data without the user’s say-so—is confirmed in [0030]:

Although typically the device and the server do not record, upload and collect data unless the user requests it, in other embodiments the communication device and the server automatically record, upload and collect data until the user affirmatively requests otherwise.

And in [0046]:

In embodiments where participation in the data collection services is the default configuration for a mobile device (e.g., an “opt-out” model), it is not necessary to receive a request from a user prior to recording data.

An ‘opt-out’ model is hard to visualize if this is a product that is a user-centric lifestream.

While patents only tell part of the story, there’s no evidence of any such consumer-facing product on Carrier IQ’s website, so one has to assume these capabilities have been, or could be, wrapped into their carrier-centric services. In that sense, I think there’s plenty of interest in here.

Carrier IQ Bits and Pieces

Some background about Carrier IQ before the hullabaloo started.

  • People had found about this before
  • Some in the industry questioned why such an expensive solution for a relatively simple problem
  • Data was available to ‘market researchers’
  • Software was installed on modems too
  • A lot of carriers were involved

This is not new. Several people have pointed this out before. This from December 2010: xda-developers – View Single Post – **warning** you can get your phone to a unrecoverable state:

On whether or not it’s possible for Sprint to dig up data after a complete Odin wipe may be debatable, but I lean toward supporting the “yes, they can” side. Sprint has been, for – as far as I can tell – a while, since the Moment at least, been including Carrier IQ in Android ROMs. Carrier IQ – which you can get more info on here (browse around there) is highly invasive, to the level of being spyware. It tracks signal data, application usage, and much else – its services and libraries are tied deeply into the system, to the point that killing just the client (not the server) will destroy the battery meter.

And this, even earlier, from a potential rival: Carrier IQ: Mobile Service Intelligence ?’s – DeadZones.com. They point out that Carrier IQ is very expensive, and has raised a lot of money, for something that is supposedly very simple (finding dropout zones). Commenters point out the pitfalls (lower battery life, data in the hands of faceless corporations):

I did not give consent for this and see the use of such software unethical. I can see no positive effect this can have for the end user. I can see many scenarios in which these corporations could heinously profit from it, though.

Back in 2008, it could claim, according to Company 2008: FierceWireless, Fierce 15 – FierceWireless, that

Carrier IQ’s client list includes Sprint and Sierra Wireless. CEO Quinlivan says the firm works with at least seven of the top 10 major OEMs. Look for the firm to increase its scale in the coming year through more vendor and carrier deals.

Huawei is a customer, not only for handsets, but also for modems: Huawei to Embed Network Diagnostic Tools into 3G Modems in 2009 says:

Announcing the partnership, Carrier IQ CEO, Mark Quinlivan, said: “These new cards will make for smoother delivery of Mobile Data services, improvements in Customer Care services, identification of network coverage gaps and increased awareness of actual user behavior.”

This from Sept 2010 Carrier IQ Powers Android Platform with Mobile Service Intelligence makes clear a number of things.

Experience = behavior for Carrier IQ, so this is not just about logging dropouts:

On-device measurement of the mobile user experience is the key to better understanding user behavior and ultimately optimizing product offerings to match market demands.

This data was not just available to the telcos. The press release also includes an unlikely end-user:

Carrier IQ enables mobile operators, device manufacturers, application developers and market researchers to improve their offerings based on direct insight into the customer experience.

As of last year, 12 leading vendors were using Carrier IQ:

Deployed on over 90M devices from 12 leading vendors worldwide, Carrier IQ is the leading provider of Mobile Service Intelligence solutions that use mobile devices to provide detailed metrics in a highly secure environment.

Deconstructing Carrier IQ’s Press Release

I couldn’t find this press release on their website, and it’s a couple of weeks old, but I thought it worth deconstructing anyway. My comments in quotes. The rest is from the release. I don’t pretend to have got anything right here, but these might be the starting points for deeper questions.

Carrier IQ Says Measuring Mobile User Experience Does Matter! – MarketWatch:

MOUNTAIN VIEW, Calif., Nov 16, 2011 (BUSINESS WIRE) — Carrier IQ would like to clarify some recent press on how our product is used and the information that is gathered from smartphones and mobile devices.

Carrier IQ delivers Mobile Intelligence on the performance of mobile devices and networks to assist operators and device manufacturers in delivering high quality products and services to their customers. We do this by counting and measuring operational information in mobile devices — feature phones, smartphones and tablets.

operational information is a very vague term. And it’s clear from this comment that it’s not just smart phones that have the software installed. Feature phones and tablets also have it.

This information is used by our customers as a mission critical tool to improve the quality of the network, understand device issues and ultimately improve the user experience. Our software is embedded by device manufacturers along with other diagnostic tools and software prior to shipment.

It calls it a diagnostic tool, but most people’s understanding of a diagnostic tool is one that runs in diagnostic mode. This doesn’t. It runs all the time–even on WiFi and airplane mode. But this comment also hints that there are other tools and software installed by manufacturers too.

While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools.

‘Recording’ keystrokes could be as it looks, or it could be weasel language, given the fact that keystrokes are definitely logged. Logging could be considered different to recording in this context.

The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools.

But they clearly do, so is that a bug? Is the word deliver here key, as in not designed to deliver such information to certain parties?

The information gathered by Carrier IQ is done so for the exclusive use of that customer, and Carrier IQ does not sell personal subscriber information to 3rd parties.

This doesn’t really help. Not only was it not really the issue that Carrier IQ was selling the data–it was assumed the carrier would be, if anyone was–and the term personal subscriber information is quite possibly a weasel term, as personal has tended to mean to include the actual subscriber’s name. But we know now that even anonymized data can be mined so it is quickly connected to a specific person.

The information derived from devices is encrypted and secured within our customer’s network or in our audited and customer-approved facilities.

I don’t know enough about this, but I’m guessing these are weasel words too. The key word is within. It seems pretty clear that most if not all of the Carrier IQ data is in plain text, so presumably the encryption and securing is only when that data reaches the customer’s network (i.e. this doesn’t include the external network, but the customer’s own computer network.) It also makes clear that the data, whether encrypted or not, also resides within Carrier IQ’s systems.

Our customers have stringent policies and obligations on data collection and retention. Each customer is different and our technology is customized to their exacting needs and legal requirements.

Except that at  no point was any customer, as far as we know, actually asked whether they approved this data being collected about them. In fact, we don’t even know who those customers are in order to be able to verify this.

Carrier IQ enables a measurable impact on improving the quality and experience of our customer’s mobile networks and devices. Our business model and technology aligns exclusively with this goal.

Don’t get me started on the word ‘experience.’ It covers a multitude of sins and can mean more or less anything. My experience of call dropouts? Yes, sure, fix that. My experience of what services I use, how many times I enter my password, whether I’m buying something in Starbucks or Coffee Bean, how many people are in my address book etc. No. Not what I want you to log.

I think there’s another element at play here. Clearly the device manufacturers have allowed this to happen since the software is installed at the point of manufacturer. A carrier can use the service because whatever device their customer uses, they can be pretty confident that the Carrier IQ software is embedded. So one has to ask what data are being shared between carrier, Carrier IQ and manufacturer? And how does this work?

SOURCE: Carrier IQ