A recent discovery by a security researcher, Trevor Eckhart, created a media firestorm around the Mountain View, Calif. startup Carrier IQ. In a Youtube video, Eckhart details how the Carrier IQ software logs every text message, Google search, phone number and URL of visited websites on a variety of smartphones such as HTC and BlackBerry. This development put Carrier IQ under a microscope, and it raises new privacy concerns regarding the collection of personal data from consumers.
As it turns out, media outlets rushed to vilify Carrier IQ. Self-appointed “web police” slammed the company for violating federal laws. Even senators such as Al Franken jumped into the fray in requesting an explanation. While benign in nature, these allegations are misdirected and people must wait for more information before coming to a conclusion.
The most serious accusation that Carrier IQ faces is that its software records what people type without their knowledge. This claim, however, is unfounded as there is no evidence that Carrier IQ is capturing, recording or transmitting any sensitive user data. Dan Rosenberg, a world renowned security consultant, dug into the code and found no evidence in suggesting that.
The Carrier IQ software is intended to be used as a diagnostics and data-collection tool. The company itself makes no decisions on what data is collected. It only sells this software to cell phone carriers and allows them to decide which options to enable. Rather than vilifying Carrier IQ, customers must look to carriers for an explanation.
AT&T, Sprint and other major players must disclose to their customers what data is being collected and how that data is being used. Ultimately, carriers should make available an easy opt-out mechanism for people who do not want their data to be logged.
The issue of collecting data without customers’ knowledge lends itself to the bigger issue of privacy in an interconnected world. The proliferation of social media platforms alongside mobile technologies has blurred the line between what is public and what is private. If a user on Facebook neglects to change his or her privacy settings and posts sensitive information, then does it mean that this information is now in the public domain for anyone to use?
In most cases, companies provide their customers with a lengthy privacy agreement. However, most users simply press the “agree” button and skip over the details. This creates an environment in which companies are free to collect data as they see fit, and they are able to justify this with one or two lines in their hundred-page agreements.
Companies must exhibit more transparency to protect consumer interests. In no circumstances should companies collect sensitive personal data without user permission. Companies must also provide a detailed list of data that they collect from their customers and how they are being used.
In a constantly evolving technological world, data is the currency. The collection of this data, however, comes at a price, as private information might be made public.
Technology companies must work together with the public to come to a consensus on
redefining privacy.
Shi is an electrical and computer engineering junior.