Connect with us

Hi, what are you looking for?



FBI: Carrier IQ FOIA Denial Not Proof Software is Being Used

The FBI is downplaying speculation that its denial of a request for records regarding its possible use of Carrier IQ’s software is proof-positive the agency is using the software’s data collection capabilities.

The FBI is downplaying speculation that its denial of a request for records regarding its possible use of Carrier IQ’s software is proof-positive the agency is using the software’s data collection capabilities.

Carrier IQ has been at the center of controversy since it security researcher Trevor Eckhart published findings in November that accused the software of collecting location, keystroke and SMS data from mobile users.

Michael Morisy, co-founder of, filed a Freedom of Information Act (FOIA) requesting “manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ.” The FBI responded to Morisy’s request in a letter stating: “…the records responsive to your request are law enforcement records; that there is a pending or prospective law enforcement proceeding relevant to these responsive records; and that the release of the information contained in these responsive records could reasonably be expected to interfere with the enforcement proceedings.”

In a blog post, Morisy contended that the FBI’s response indicates that “responsive records” exist, and while it is unclear whether the FBI uses Carrier IQ’s software in its own investigations, is investigating the company itself or both, “the response would seem to indicate at least the former, since the request was specifically for documents related directly to accessing and analyzing Carrier IQ data.”

In response to an inquiry from SecurityWeek, FBI spokesperson Bill Carter responded that the FBI has a long-standing policy not to discuss sources, methods or techniques utilized in its investigations.

“The story I saw speculates about the possibility that the FBI is utilizing this data logging program and cites a FOIA request denying their request for information,” he wrote in an email. “Under the FOIA, the FBI is required by law to divulge information from its files. However, there are exemptions under the law for release of information about investigative techniques, and any request for information about techniques utilized in our investigations would be denied as a standard response. The denial for information requested under FOIA should not be construed that we do or do not utilize this data logging program.”

On Dec. 12, Carrier IQ released a document entitled ‘Understanding Carrier IQ Technology’ outlining the ways carriers use its software and how it works. The company also confessed the existence of a bug in its software could lead to SMS messages “unintentionally” being included in layer 3 signaling traffic collected by the IQ agent under certain circumstances. The messages would be encoded and embedded in the signaling traffic however and could not be read by humans, according to the company.

The company is facing a number of lawsuits accusing it of privacy violations. Carrier IQ contends that its software is intended to only gather data to help diagnose operational problems on networks and devices.

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...


The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.