Security Vulnerabilities at All-time Highs for Mobile Devices
Mobile security recommendations for consumers and administrators.
Multiple sites are reporting that lawsuits have been filed in the Carrier IQ controversy. Mathew Schwartz at InformationWeek hedges his bets a bit by saying "at least three" suits have been filed, as if he expects more to emerge between when he finishes writing and when he hits the "send" button.
His piece identifies suits in the U.S. District Court for the Northern District of Illinois, a class action in federal court in Wilmington, Del., and a suit in the U.S. District Court for the Northern District of California. Computerworld focuses on the Delaware suit, including a link to the complaint.
As many sites reported last week, researcher Trevor Eckhart released information in the form of at least one video and posted written commentary claiming that Carrier IQ is collecting information about users' cellular activities and sending it to carriers. He explains how he believes this is being done.
Litigation - especially when it involves potential jury pools and touches on hot button issues such as privacy and mobile technology - runs parallel to the real world outside the courtroom. That's one of the reasons companies retain public relations firms. Talking Points Memo reports on "talking points" from Sprint-Nextel and T-Mobile on the Carrier IQ situation. The site notes that the Sprint document initially was posted on the SprintFeed site. Writes Carl Franzen at Talking Points Memo:
Most important for consumers, Sprint's document states that "Sprint uses the Carrier IQ data to only understand device performance on our network so we can understand when issues are occurringEven with Carrier IQ, Sprint does not and cannot look at or record contents of messages, photos, videos, etc. nor do we sell or provide a direct feed of Carrier IQ data to anyone outside of Sprint." (Emphasis original).
There is something nefarious-sounding about "talking points," as if organizing a coherent defense is in some way a tacit acknowledgement of the organizations' guilt. That of course isn't the case. While it is entirely possible that the companies were using the information for illegal or unethical purposes, a more nuanced reality is far more likely.
Wired and unwired carriers have a right - indeed, a responsibility - to watch the flow of data over their networks to ensure efficient and timely delivery to subscribers, to plan for future expansion and to help catch criminals and terrorists. The line where these legitimate requirements end and illegal activity begins is a dicey topic. Indeed, that line is not fully drawn yet. Uncertainty over this issue likely is at the heart of the Carrier IQ controversy. Other issues, such as disclosure requirements to subscribers and oversight over what is done with the collected data flow from that basic issue.