|The debacle with Sprint, AT&T and T-Mobile US over Carrier IQ’s phone monitoring software highlights the pitfalls and opportunities of recording user behaviour, controlling mobile broadband networks and working with personal data – a key enabler of the new digital economy and new telco business models. This is our analysis of the issues and key lessons. (December 2011, Executive Briefing Service)||
Below is an extract from the 15 page Telco 2.0 Report that can be downloaded in full in PDF format by members of the Telco 2.0 Executive Briefing service here. Non-members can subscribe here or for other enquiries, please email firstname.lastname@example.org / call +44 (0) 207 247 5003.To share this article easily, please click:
Telco 2.0 were talking to the World Economic Forum’s Re-thinking Personal Data project team - discussing the new white paper coming out for Davos which is all about putting the user in control of their personal data to unleash a new wave of innovation around this emerging asset – when we heard about the debacle with Carrier IQ.
Carrier IQ is a company which has reportedly been behind “invasive” software installed on some mobile phones, notably Android smartphones supplied by Sprint, AT&T and T-Mobile in the US. A widely-seen video by researcher Travis Eckhart shows the software apparently capturing keystrokes, website details and SMS’s sent and received on his device.
Travis Eckhardt's YouTube Video of Carrier IQ
Device vendors and operators around the world have been issuing statements of clarification or denial about their use of similar capabilities – although the careful wording of many press releases hints at the complexity of unravelling what is really in today’s smartphone software, who agreed to install it – and exactly how it is configured and used.
After a false start in which Carrier IQ (CIQ) tried to suppress some of Eckhart’s early findings with an injunction, it has belatedly embarked on a PR charm-offensive to salvage its reputation. We have also seen some more measured and probing analysis of the offending software’s capabilities, after a few days of shrill – and somewhat unfair - rhetoric.
What is known is that the company has embedded its products on around 150m shipped devices, although with wide variations in actual implementation and usage. It seems that most but not all of these devices have been smartphones, sold through operator channels as tailored variants rather than “vanilla” open-retail versions. In general, the software is intended to “improve the customer experience”, by reporting to the operator on various parameters, such as network coverage, failed connections and – most controversially – the user’s behaviour and application usage. Theoretically, this type of monitoring should help the operators fix holes in their networks, or diagnose other problems when the customer calls in for support. Other benefits are possible too - watching which applications are active can help identify which are hogging battery power, for example.
(It should be noted that this on-device monitoring concept is not new – a now-defunct company called IntuWave had a broadly similar solution for Symbian handsets as far back as 2003, while Nokia’s own “360” function also monitors user behaviour of its phones, but with permission. Apple has various reporting functions on its devices, but typically with user opt-out. It is also widely suspected that various security agencies have some smartphone surveillance capabilities).
The problem is that there is a fine line between “monitoring”, “diagnosis” and “surveillance”. The semantics tend to reflect the knowledge and permission of the user, as to what data is being collected and when, and for whom. There is also a distinction between collecting information, transmitting it, storing it and actually “mining” it – and whether it is anonymised or not.
In general, the installation of CIQ has been at the behest of specific operators customising phones sold to their subscribers – typically part of the software “stack” that might also include various additional apps or functionalities. The telcos tell their device suppliers to install the software either at the factory or further down the distribution chain and define “profiles” about what information they want to receive and when. A good analysis of the architecture is given by security analyst Dan Rosenberg .
Monitoring of user data is not an issue confined to handsets either – use of Deep Packet Inspection (DPI) capabilities for various use-cases in telco networks has been so controversial that some vendors now use euphemisms instead. The 3GPP standards body has now re-grouped and re-branded various policy and control technologies as the more benign-sounding “traffic detection function” (TDF). Various analytic solutions also exist for operators’ BSS/OSS systems – Telco 2.0 has long discussed the valuable information on subscribers collected by telcos, as well as the huge privacy issues surrounding its exploitation.
The recent Dutch implementation of some of the most draconian Net Neutrality laws in the world stemmed not from fears about the “purity” of the Internet, or even competition issues – but instead because the Dutch people resented the use of DPI to watch (and charge for) different applications in their Internet access data stream. It was the perceived invasion of privacy by KPN - perpetrated on one of the world’s most libertarian-minded populations – that was the trigger for discord. Previously telcos have fallen foul of similar concerns with the use of the notorious Phorm platform, used to deliver advertising based on an ISPs’ observations of their users’ web browsing behaviour.
It's important to understand what people are actually objecting to about CIQ. No-one's demonstrated that it sends back key-logger information. But they have demonstrated that it keeps everything it collects in a plain text file on the device in user-space. This means that any other application on the device can both read and write to it – and this is potentially very worrying, as explained in Appendix 1: An explanation of the technical risks.
Although arguably exaggerated, several unfortunate issues have compounded each other in this case, to raise the current CIQ debate to public prominence and outrage:
Carrier IQ’s mistakes
While it is possible to feel a degree of sympathy with the embattled people at Carrier IQ, who were ostensibly just providing a service the operators had asked for, we believe they have made two key errors:
Paranoia feeds the Media
The “fog of war”, industry panic and opportunism
Result = Industry Failure
The net result is that the Carrier IQ brand is now seen as “toxic” in the eyes of many in the industry, irrespective of the benefits that some of its capabilities bring.
More worrying perhaps has been the inability of the industry as a whole to deal with these issues without panicking and resorting to a playground farce of finger-pointing.
It is at best careless, and in some cases illegal to treat personal data without appropriate care, protection and respect. But it is downright irresponsible to collectively risk the chance to develop a useful, legitimate and valuable ‘Personal Information Economy’ (PIE), which would benefit consumers, telcos, and other players alike, for the sake of some relatively minor corporate tit-for-tat in the media.
This is why we think our research on this topic, and the work we’ve been contributing to at the World Economic Forum on ‘Rethinking Personal Data’ is so important, and why consumer groups, telcos and other industry players need to get fully engaged to develop and adopt workable principles and practices on personal data.
In terms of losers, the obvious one is Carrier IQ itself, which seems to have made several poor decisions and has been overwhelmed by events – even if it has been unfortunate in the manner that everything has blown up, perhaps beyond the level which is truly proportionate.
Certain operators (notably Sprint) are likely to be doing some serious back-pedalling here. Samsung and HTC, as leading Android vendors have some questions to answer, but are likely to pass the buck to the operators and Carrier IQ itself. Huawei is also an (announced) user of Carrier IQ, notably for its mobile broadband devices such as USB dongles. The press release from February 2011 shows a strong awareness of privacy issues, as well as the notion of opt-in from individual users. Given the company’s troubles in getting its network products accepted by security authorities in the US in particular, this association might be problematic.
One beneficiary of this is likely to be Apple. Apple knows that it “owns” the whole software stack, so does not need to get embroiled in ‘finger pointing’ such as is going on between operators, Samsung, HTC and Carrier IQ. Apple is also not keen on customising the software stack for operators, and his episode will give it another excuse to push back against operators which want to be able to perform customisation.
BlackBerry is perhaps in the same situation, while Nokia/Microsoft are in a good position to take the moral high ground as well. (All this assumes, of course, that they don’t also have privacy skeletons in their closets – although both Apple and Google have dealt with such issues – much better – in the past).
To read the note in full, including the following additional analysis...
Organisations, people and products referenced: 3GPP, Android, Apple, AT&T, BlackBerry, Carrier IQ, Electronic Frontier Foundation, Facebook, Google, HTC, Huawei, IntuWave, KPN, Microsoft, New Digital Economics, Nokia, Onavo, Openet, Phorm, Samsung, Sprint, Symbian, T-Mobile, Travis Eckhart, World Economic Forum (WEF).
Technologies and industry terms referenced: analytics, Deep Packet Inspection (DPI), Net Neutrality, personal data, smartphones, SMS, traffic detection function (TDF), WiFi.