During a recent interview with the Register, Carrier IQ VP of marketing Andrew Coward acknowledged that his company's mobile software logs keystrokes, intercepts text messages and gathers geographic data, but insisted that the overwhelming majority of this information is discarded almost as soon as it comes in, thereby posing virtually no threat to user privacy. To illustrate his point, Coward likened Carrier IQ's software to a giant fishing net:
"We're on a fishing boat out at sea and we're catching fish that are too small and they go back in. And they go back in for two reasons: One, the holes in the net don't catch small fish, i.e. the filtering, and/or the fish is the wrong type and it gets thrown out of the boat, hopefully while it's still alive."
According to Coward, Carrier IQ only retains text messages or keystroke patterns that carry proprietary tags. These tags identify all transmissions that could be used to populate analytic data, including some that may be considered sensitive. If a user drops a call, for instance, the system will note his or her location, and the numbers of each party. In other cases, the company may receive a special SMS (or "control message," as Coward describes it), which provides Carrier IQ with important diagnostic information (e.g., data on failed SMS transmissions). The company collects data on the number of successfully delivered texts and the phone numbers of users who send these texts, but the contents of an SMS, Coward insists, are "never stored and never transmitted."
Key taps, meanwhile, are monitored because certain sequences can trigger responses from the software. If a user is on the line with technical support, for example, he or she may be prompted to type in a code in order to upload diagnostic data to Carrier IQ's system. As with text messages, though, only earmarked keystroke sequences are copied. All the others -- including the keystroke patterns displayed in Eckhart's demo video -- are filtered out. According to the Register, Coward's claims have been corroborated by Android security researcher Dan Rosenberg, who reverse engineered Carrier IQ's software.
Detailed as Coward's arguments may be, the thrust of his defense rests upon Carrier IQ's earlier assertions that service providers retain ultimate control over consumer information. "The data that's being gathered is commissioned by the operators to be gathered," Coward explained. "It's under their control, albeit sometimes in our data center, sometimes in their data center. We have no rights to that data."
For more details, check out the Register's full report, linked below.