TPM continues the story of Carrier IQ and its little problem that’s affecting nearly 145 million handsets (estimate from a counter on Carrier IQ’s website) here, complete with lots of links.
On Monday, the company posted a document titled “Understanding Carrier IQ Technology” which states in its second paragraph:
We want to thank Trevor Eckhart for sharing his findings with us through a working session that helped us to identify some of the issues highlighted in this report. We also want to thank security researcher Dan Rosenberg for his thorough analysis and industry recommendations and the cooperation of Network Operators in assisting our investigations.
(I bet their lawyers made them say that.)
TPM adds further analysis of the report, including:
Carrier IQ admits that in some “unique circumstances” its software, called “IQ Agent,” contained “an unintended bug” that “unintentionally” captured and transmitted encoded SMS messages to its carrier customers, among whom are some of the nation’s largest wireless companies — Sprint, T-Mobile and AT&T.
A question for you geeks out there. Please explain “unintended bug” to me.
Separately, the FBI has responded to a Freedom of Information Act (FOIA) request by Michael Morisy of MuckRock thusly:
A recent FOIA request to the Federal Bureau of Investigation for “manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ” was met with a telling denial. In it, the FBI stated it did have responsive documents – but they were exempt under a provision that covers materials that, if disclosed, might reasonably interfere with an ongoing investigation.
This raises a few questions like: Who, what, when, where and why?
Later in the day, TPM posted about what it termed “an enormously helpful” clarification by the Electronic Frontier Foundation:
The post, by EFF Technology Projects Director Peter Eckersley, clarifies that the conflicting reports that have come from the company and independent security researchers regarding the full range of Carrier IQ’s capabilities have arisen because everyone isn’t referring to the same thing when they are referring to “Carrier IQ.”