Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

FBI: Carrier IQ FOIA Denial Not Proof Software is Being Used

The FBI is downplaying speculation that its denial of a request for records regarding its possible use of Carrier IQ’s software is proof-positive the agency is using the software’s data collection capabilities.

The FBI is downplaying speculation that its denial of a request for records regarding its possible use of Carrier IQ’s software is proof-positive the agency is using the software’s data collection capabilities.

Carrier IQ has been at the center of controversy since it security researcher Trevor Eckhart published findings in November that accused the software of collecting location, keystroke and SMS data from mobile users.

Michael Morisy, co-founder of MuckRock.com, filed a Freedom of Information Act (FOIA) requesting “manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ.” The FBI responded to Morisy’s request in a letter stating: “…the records responsive to your request are law enforcement records; that there is a pending or prospective law enforcement proceeding relevant to these responsive records; and that the release of the information contained in these responsive records could reasonably be expected to interfere with the enforcement proceedings.”

In a blog post, Morisy contended that the FBI’s response indicates that “responsive records” exist, and while it is unclear whether the FBI uses Carrier IQ’s software in its own investigations, is investigating the company itself or both, “the response would seem to indicate at least the former, since the request was specifically for documents related directly to accessing and analyzing Carrier IQ data.”

In response to an inquiry from SecurityWeek, FBI spokesperson Bill Carter responded that the FBI has a long-standing policy not to discuss sources, methods or techniques utilized in its investigations.

“The story I saw speculates about the possibility that the FBI is utilizing this data logging program and cites a FOIA request denying their request for information,” he wrote in an email. “Under the FOIA, the FBI is required by law to divulge information from its files. However, there are exemptions under the law for release of information about investigative techniques, and any request for information about techniques utilized in our investigations would be denied as a standard response. The denial for information requested under FOIA should not be construed that we do or do not utilize this data logging program.”

On Dec. 12, Carrier IQ released a document entitled ‘Understanding Carrier IQ Technology’ outlining the ways carriers use its software and how it works. The company also confessed the existence of a bug in its software could lead to SMS messages “unintentionally” being included in layer 3 signaling traffic collected by the IQ agent under certain circumstances. The messages would be encoded and embedded in the signaling traffic however and could not be read by humans, according to the company.

The company is facing a number of lawsuits accusing it of privacy violations. Carrier IQ contends that its software is intended to only gather data to help diagnose operational problems on networks and devices.

Written By

Click to comment

Expert Insights

Related Content

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Privacy

Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.

Application Security

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...