There's speculation that the FBI may be using Carrier IQ's software based the bureau's refusal to supply information that may link back to the controversial "keylogger."
As reported by Forbes, Michael Morisy of Muckrock.com -- using the Freedom of Information Act has his foundation -- requested material from the FBI just after Trevor Eckhart's revealing video appeared on YouTube in November. The requested material included "manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ."
But the FBI wouldn't cough up the goods, citing an exemption to the Freedom of Information law for scenarios in which forking over documents "could reasonably be expected to interfere with law enforcement proceedings." Based on that, speculation has taken flight, insinuating that the FBI may be using the software for law enforcement tracking. The bureau may also merely be investigating Carrier IQ itself thanks to a push by the Senate, or be in the process of using Carrier IQ in an investigation.
On Tuesday Carrier IQ responded to the FBI speculation, stating that it has "never provided any data to the FBI. If approached by a law enforcement agency, we would refer them to the network operators because the diagnostic data collected belongs to them and not Carrier IQ." The company also said that data is "not designed to address the special needs of law enforcement. The diagnostic data that we capture is mostly historical and won’t reveal where somebody is and what they are doing on a real-time basis."
Carrier IQ also released a 19-page document, "Understanding Carrier IQ Technology" (PDF), on Tuesday that attempts to explain what Carrier IQ does and does not do. The report outlines the benefits of using Carrier IQ for manufacturers and wireless carriers, the latter of which depend on the software's diagnostic data to make sure their networks are running optimally. The document also defends Carrier IQ against Trevor Eckhart's findings while also presenting a breakdown of its method of collecting data.
"What is actually gathered by a Network Operator is based on their business requirements and the agreements they form with their consumers on data collection," the document reads. "We cannot comment on all handset manufacturer implementations of Android. Our investigation of Trevor Eckhart's video indicates that location, key presses, SMS and other information appears in log files as a result of debug messages from pre-production handset manufacturer software. Specifically it appears that the handset manufacturer software's debug capabilities remained "switched on" in devices sold to consumers."
But Carrier IQ's report also admits to an SMS bug in the software that can inadvertently collect text message data. The bug only existed in embedded versions of the software, and was addressed with an updated version.
"Carrier IQ has discovered that, due to this bug, in some unique circumstances, such as a when a user receives an SMS during a call, or during a simultaneous data session, SMS messages may have unintentionally been included in the layer 3 signaling traffic that is collected by the IQ Agent," the company said. "These messages were encoded and embedded in layer 3 signaling traffic and are not human readable."
"No multimedia messages (MMS), email, web, applications, photos, voice or video (or any content using the IP protocol) has been captured," Carrier IQ adds.