Unless you’ve been, you know, doing things out in the real world, you’ve probably noticed that the Carrier IQ story is the hottest topic on the interwebs right now. The Verge has a running story stream with 13 related stories (as of 4pm CST), and venturing over to just about any other tech related news site will give you Carrier IQ overload, with companies confirming or denying that they use the service, Carrier IQ promising to release an official statement of what they do and don’t do, insightful commentary, and general fits of fear and anger (mainly in the comments).
Please note that this post does not intend to give you a full understanding of the whole Carrier IQ debacle. We highly recommend that you read The Verge’s story stream (seriously, it’s good and comprehensive) to fully educate yourself on the situation. What we will do is give you a brief overview of what we think Carrier IQ does and what we think the key underlying problems are.
So what is Carrier IQ?
Carrier IQ is a company that tracks an exorbitant amount of mobile user data at the request of carriers and phone manufacturers. Basically, Carrier IQ can track almost everything you do on your cell phone, even encrypted information, and even while your phone isn’t connected to a network. Creepy, right?
Sprint has recently gone on the record stating that they do in fact use the Carrier IQ service, and that the service is an integral part of the Sprint service, allowing the company to collect information that allows it to provide customers a better overall experience. According to Sprint, they are using Carrier IQ to determine when phones are performing poorly, be it with Sprint’s network or a bug in the phone’s software. Sprint uses this information to improve its cellular network and works with device manufacturers to push out bugfixes for their devices.
This is but one example of how companies can use data provided by Carrier IQ to deliver a better customer experience, but that’s not what people are afraid of and angry about.
So what are people so afraid and angry about?
It seems people are angry about three things.
First, Carrier IQ’s applications are opt-in by default and automatically run every time you turn on your smartphone. What’s worse is that there is no way to opt out of this service unless you root your phone and install a custom ROM that doesn’t have the software. We would likely not have heard of Carrier IQ if they simply would have prompted users to opt into their tracking program when we first activate and set up our Android devices like Google does in their set-up service.
The very fact that a program that has insanely high access to our personal unencrypted data without our knowledge is a serious faux-pas.
Secondly, though we have a good idea of what information is potentially at risk (seriously, almost everything – the permissions list for this app is ginormous), what we don’t yet know exactly how this information is being stored and whether our personal information is being kept safe.
In fact, these are two of the key points that prompted Minnesota Senator Al Franken to send Carrier IQ a nasty-gram demanding that they come clear on their business practices.
Finally, people are understandably a little peeved at the utter lack of transparency on the part of Carrier IQ. When it comes to potential violations of privacy, people want to know two things: what information is being tracked and how do I stop it. So far Carrier IQ has failed to provide a real answer to either of these questions, though they do promise an official statement is coming soon pending an independent testing of their service. Though this is a good move, as a positive opinion from an impartial third party will have a much higher impact on the consumer trusting the service in the future, it has the unfortunate side effect of creating a wave of distrust.
Yes, this is a very simple analysis of an extremely complex situation. Still, we can’t help but believe that the biggest snafus have been how Carrier IQ has handled the controversy, such as sending a cease and desist letter to the security researcher who found the service on his device (which they later rescinded with apologies), or stating that their service doesn’t track things that it clearly has access to in the permissions list.
The fix for this problem is very clear in everyone’s mind: tell us exactly what you’re tracking and allow us to opt-out if we so choose; better yet, don’t force us to opt-in by default. This would solve everyone’s problem with the service, and would allow Carrier IQ’s customers to get the information they need to better their service.
What do you guys think? Are we missing something here? Are you more angry about the Carrier IQ service in and of itself, or do you agree that it’s mostly been the way Carrier IQ has handled the fallout?