The Carrier IQ scandal took an interesting turn yesterday on reports that the FBI had denied a Freedom of Information Act request for “manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ. The agency denied the request on the grounds that “records or information compiled for law enforcement purposes,” the disclosure of which “could reasonably be expected to interfere with enforcement proceedings” are exempt from FOIA requests.
In effect, the denial means that the FBI has data regarding Carrier IQ, though it does not say what kind data it has. Reactions around the internet have been quite strong, with most assuming that the information the FBI is withholding is data gathered from Carrier IQ on users. The wording both the request (filed by Michael Morisy of MuckRock) and of the denial is ambiguous, leaving open the possibility that what the FBI is withholding is not user data gathered from Carrier IQ, but data gathered as part of an investigation of Carrier IQ.
The level of data accessible to the Carrier IQ software that was recently found installed on a wide variety of smartphones has many people nervous. The app has access to a user’s location data, web traffic, keystrokes, web traffic, SMS messages, and a variety of other data. What has always been unclear, however, is what is done with the data gathered. Carriers such as Sprint, AT&T, and T-Mobile have admitted to using the software in their phones, but insisted that they have only ever used it to gather handset and network performance data. No one quite seems to know why the software collects other data - keystrokes, SMS messages, web traffic - nor what it does with it. Carrier IQ has insisted that such data is not sent to their servers either.
Though it is entirely plausible - maybe even likely - that the FBI denied the request because they are investigating Carrier IQ, it is equally plausible - and perhaps more likely - that they have used data gathered by Carrier IQ in the course of their investigations. This should not, however, be cause for the level of panic seen around the internet. The fact is, most organizations - from Google to Facebook to your local bank - will give law enforcement agencies all manner of information when presented with a warrant. Indeed, most of us have vast amounts of personal data out there on the internet where anybody with a computer and our name could find it, never mind a warrant. The fact that the FBI may be using data from Carrier IQ in investigations is no more evidence that Big Brother is watching than the fact that your bank will provide your records when served a warrant. The level of access Carrier IQ has to users’ phones without their knowledge is deeply unsettling, but one can hardly blame law enforcement agencies for making use of the tools that companies like Carrier IQ - and Google, and Facebook, and your gym, and a host of others - make available to them.
Meanwhile, Carrier IQ has released a nineteen-page report detailing what their software does and how it works.
Below are some of the strongest reactions to the news on Twitter: