News

Carrier IQ, Samsung and HTC Get Hit With Class Action Lawsuit That Could Cost Millions

61

Class action lawsuits serve a great purpose. The parties involved often aren’t looking for money (if they are, it isn’t a large sum at all). I like to think it’s used as a “target enhancer”, so to speak – bring some light to the situation at hand so that some real investigation can be carried out.

The big situation in the world of mobile as of late – Carrier IQ being accused of logging sensitive information and possibly transmitting it to themselves or third parties – has quickly turned into a firestorm for all parties involved.

A day after a United States senator asks Carrier IQ to answer questions regarding their service and the accusations that it greatly threatens user privacy, Carrier IQ and a couple of their partners have been hit with a class action lawsuit under grounds that they are violating the Federal Wiretap Act.

Alongside the firm – who Sprint, AT&T and T-Mobile are confirmed to be partnered with – HTC and Samsung have been included in the lawsuit. No other OEMs and no carriers have been pointed out despite the fact that many others use Carrier IQ.

Estimations suggest each party could be hit with hundreds of millions of dollars in penalties if they lose. This could prompt a more official investigation – maybe even a federal one – and it would force Carrier IQ to show the world what’s really going on inside our phones when they send data back off to carriers, OEMs and whoever else they may be in bed with. This is getting really interesting, folks. [PaidContent via Gizmodo]

Quentyn Kennemer
The "Google Phone" sounded too awesome to pass up, so I bought a G1. The rest is history. And yes, I know my name isn't Wilson.

Verizon Snaps Up More Spectrum in $3.6 Billion Sale

Previous article

Vector Unit Continues Water Racing Excellence with Shine Runner [Video]

Next article

You may also like

61 Comments

  1. Good, been waiting on this to happen. This Carrier IQ is BS. I don’t have anything to hide on my phone but I wouldn’t want anyone logging every keystroke I make on it either.

    1. i dont care if your the worlds largest cocaine dealer! even if you DID have stuff to hide stfo my phone!

      nexus FTW

    2. I do have lots of stuff to hide such as, credit cards information, password and pins belonging to my bank and other financial institution, personal email address, work email address, word related documentation that should only be seen by employeed and millitary info. That being said I do hope they get hit hard!!!!!

      1. Exactly.

  2. Wow… this is getting ugly.  

  3. Didn’t see this coming :)

  4. And not Apple? Why?

    1. because you can turn it off in iOS, however no one has dug deep enough to know if it is ACTUALLY off. I have my doubts.

      1. So do I. Some where in their they have got to have some snooping program in iOS. the same with Carrier IQ, no 1 dug deep enough about a year ago and trevor took the time to do it…low and behold we have got the worst equivalent of the government watching us thru wireless phones..lol

      2. They said that they “Stopped” in IOS 5 – which means that it might have been active in previous versions.

        Plus – I seriously doubt that Apple lacks the ability to turn it on or off remotely at a whim with as much control as they exert over their walled garden.

    2. Because Apple didn’t tell them to sue, and iSheep  can’t do anything without being told to.

  5. once again, Nexus lives on as the best choice :)

    1. Although it’s said that Verizon did not use CIQ, they still probably used a version of someone else’s tracking software on their smartphones.  
      Will be interesting to see if there are any other further delays with their Nexus release….it may give us a hint as to whether or not they intended to add it.

      As it is now, Mr. Jobs passed on Oct 5 2011 and out of respect Google and Samsung delayed their presentation a until the following week.  So we are almost 2 months out from that date and still no confirmed street date.!?

      1. Verizon said they don’t use anything similar

        1. i just find it hard to believe. i think in light of all this recent news verizon also needs to be investigated.

          because here’s the thing, what if an investigation turned something up. what would verizon say? my guess is it’s something stupid that just insults people’s intelligence:

          “duh well the we were asked if we tracked our customers. the program we used collected everything but gps data. we thought u meant location tracking. doi”

          or whatever stupid thing they use to justify lying.

          1. I suspect so too. The more reason to try and get the stock Android phone as possible.

  6. Can’t say that everyone didn’t see this coming. I bet HTC (and everyone involved) is shitting themselves at this point with all the incriminating evidence that has been circulating.

  7. All the carriers have some version of this in their handsets and have for a long, long time. Network Operations is such a huge cost for them that anything they can do to help keep it down they just do. Alternatively, collecting personal information to help in their marketing is where they always seem to get into trouble. It’s almost like a kid in the candy store where all the candy is free – they have a hard time saying no. All this personal usage information is there if they just enable it, and then they get caught.

  8. Has anyone actually confirmed that it is not on the NexusOne, Nexus S, or Galaxy Nexus?

    1. Yeah, it isn’t on the Xoom either.

  9. Cool I hope to get a check for a few cents because I was an HTC and Sprint user.

  10. I’m glad this is happening. I’m an HTC & Sprint user and regardless of whether they are actually accessing the information or not is irrelevant. They shouldn’t be able to have the ability.

  11. A penny for every violation.  Including each. And every. Single. L e t t e r  t y p e d.  Carrier IQ should not have been able to profit off of spying.

  12. It’s funny how this all blew up in their faces right after they tried to sue TrevE and make him apologize. That just sped the process right up.

    1. Trev: Hey guys I think I found something weird in the phones

      People: Keep looking into it! Carrier IQ: *Shit their onto us!* NO! STOP LOOKING DOUCHE, LAWSUIT, say your sorry! *That should shut him up!* Trev: ……. I really did find something didn’t I? EFF get these A-holes off me while I look into this. Carrier IQ: Damn! How did that backfire?

    2. I guarantee there is a battle in the board room trying to figure out who to blame.

      But I wonder, what would have happened if CIQ went the the usual way and just said, “hey Trev, how would you like 5 million bucks, a window office, and you work for us–make your own schedule, we don’t care.”

      I bet the next company on the spy roster will go that route.

  13. I’m really starting to come around on this.  When I saw the video – it was pretty damning.  However the video didn’t show the data it captured actually being transmitted.  

    Capturing keystrokes and events is part of any operating system.  Hell – hook into the Windows Event API and you’ll see it working on your own PC.

    The truth of what is really going on is still not clear – and until it is, I feel that a lot of people are jumping overboard here.

    1. The data they are collecting IS being transmitted.  Read their (Carrier IQ’s) November 16th Media Alert.  The question is how much of this data is being transmitted, and how it’s being used by the carriers (that’s how it’s being used, NOT what the carriers are using it for).

      http://www.carrieriq.com/Media_Alert_User_Experience_Matters_11_16_11.pdf

      And to clarify, the Windows API _responds_ to keystrokes, where as CarrierIQ _captures_ keystrokes intended for use by another application. Each action you perform is like mailing a letter. The OS is the mail man, the application in focus is the recipient, and CarrierIQ is the wierdo that reads other people’s mail.

      1. You imply that you know that ALL the data that was shown during the video was being transmitted to Carrier IQ.  What we were watching was debug information, not information crossing the wire.  To truly know what was being sent and where it was going you would need to watch the data on the wire; not the silly debug console.

        With that being said, having that information dumped to a debug log in a production environment in inexcusable.  It appears that they left their troubleshooting code in the production release.

        1. I never claimed knowledge that they were sending ALL data
          shown on the video.  Please re-read my
          post – second sentence.  What is
          perfectly clear to me, based upon their own media alert, is that the program captures information and is sending it along.  What’s not clear is exactly what they are sending.

           

          Yes, to know what is being sent you could use a packet
          sniffer, but that doesn’t necessarily reveal where the data ends up or exactly
          what it’s used for (the lawsuit discovery phase should bring that to light). 

           

          There are legitimate (albeit potentially legally
          questionable) technical rationale for debugging logs, and technical benefits to
          ensuring that the logger is up and running as much as possible.  But the obscurity of the applications
          presence, lack of transparency and the he-said she-said finger pointing and
          posturing has me suspicious that this is more than misplaced troubleshooting
          code.  Carriers say they are using the
          data to improve their network, but that could mean almost anything, from
          technical improvements to more effective monetization of their customer base.  IOW whether or not this is debug information
          as you suggest depends on where it goes and what it’s used for. 

  14. Why are they suing HTC and Samsung? I believe this only an issue in America, where everything is controlled by the telcos. You do realise if this was never put on the phones, the carriers would not stock HTC and Samsung devices

    1. Its not on my Galaxy S II.  T-Mobile stocks it.

      Or is it? One program showed nothing but then the VooDoo test shows a 270 score??

  15. How we know that software is there by carrier or maker?
    Shouldn´t the law suit include carriers like Sprint?

  16. well they get what they deserve. being shady and doing things dirty i hope they go under. carrier iq that is.

    and htc and samsung are stupid for using that. 

  17. I hope they get nailed to the wall!

    1. guilty until proven innocent?

      1. Of course. This is America after all.

        1. Preponderance of evidence is the standard in a civil case. 

  18. That’s the cost of doing business for them. The data they’ve gotten is more profitable than the fines they’ll pay, if any. And guess who pays for it? We do. And going forward they’ll put the info in our big multi-page contracts and we’ll stupidly sign right off on it.

    Custom ROMs are the way to go if you’re gonna stick with a smartphone.

  19. Score one for big red and moto!

  20. Class action or not, nothing will come of it till there’s some proof of any carrier or manufacturer stealing any personal data, no smart judge will find them in violation just because “it can” gather private information, so at this point it seems like a waste of effort.

  21. If you root your phone, chances are you can delete or disable the application.  I rooted my EVO 4G with Revolutionary and used Root Explorer to find all files containing “IQ”.  There were about 8 or so.  Then I simply added “.org” to their names.  I got a complaint notice from the system… something like “current services needs this application”, but I disregarded and rebooted.

    After the reboot, I checked my running apps and found that IQAgent was not running.  Yes!!!  So far, I’ve not had any problems calling, sending text, connecting via 3G or WiFi, browsing, downloading new apps from the marketplace or running existing apps.

    Rooting took care of this issue, but that shouldn’t have to be the case.  As others have pointed out, we should be given the option of accepting CIQ data capture, usage, etc.

    1. Nope, just rooting the phone and freezing the Carrier IQ apps will not completely disable it.  The Carrier IQ software, at least parts of it, are baked into kernel for the version of Android (manufacturer or carrier programmed for a specific carrier) that is on your phone.

      So, that means that there are some custom ROMS, that are based off a manufacturers released source code, that could possibly still have Carrier IQ software.

      Cyanogen has been the only one come forward and explicitly state that the Carrier IQ hooks are not in their version.

      I’m not averse to sending diagnostic data to the carrier, it can actually help them improve the network.  The problem with Carrier IQ is that it is writing too much too logs; some of which could be considered private information.  They need to clean that up and then notify the user when and exactly what they are going to transmit back to the carriers.  If you disagree with what it wants to send, then you should be able to opt-out of sending it.

      1. Every custom Rom for the EVO3d has it removed. It’s in every changelog. So CM isn’t the only Rom without CIQ. Treve , the dev who found the CIQ installed, maintains the Team Synergy Rom in the 3d section. His logging app came in my Eternity Rom . So cyanogen should thank him for finding it.

  22. Can someone explain what carrier iq is

    1. They are a company that was getting paid by Samsung, HTC, Sprint, and AT&T to put tracking software into our phones without telling the consumers anything. 

      Their excuse is that this information helped the manufacturers and the carriers determine what the problems were with their phone, but we’re mad because it’s a huge invasion of our privacy.

  23. good

  24. I think this leads back to a government agency.  

  25. I really want to know how much of our private information they were using. 

    I want Carrier IQ to go completely out of business, and I want the 4 other companies to have to pay millions for this.

  26. I’m gonna need a lot of popcorn

  27. I hate class action lawsuits. the only winner is the lawyer that laughs all the way to the bank. :-

    1. But the losers are the companys which is kind of the point, its more of a financial bitchslap then a consumer win.

    2. Class action lawsuits just line the pockets of the lawyers who litigate them.  If these actually come to fruition, I’ll be making sure I ‘Opt Out’ of class.

      Carrier IQ and similar software must be controlled, but it doesn’t have to be done by giving lawyers money.

      Also, the corps don’t care about the class action lawsuits.  I’m certain that the carriers considered their legal exposure prior to deciding to include Carrier IQ software on their phones and decided it was worth the expense.

  28. In a lot of ways I think carrierIQ is just a little pawn in all of this. Companies always seem to find these little itty bitty companies to write rootKits mainly because I’m guessing that when stuff like this gets out, its easier to throw the little company under the bus and deny all involvement. If a large player like at&t wrote the rootkit themselves, the blame would be squarely on them and it has the potential of a lawsuit that ends the company (hello arthur andersen consulting).

    So companies like sprint, at&t, apple, samsung, htc and all can say “we don’t do this or we don’t use it that way or we knew nothing about what carrierIQ was doing”. But I bet they all knew full well what the rootkit was all about.

  29. People will bitch about anything

  30. I’m sure once it will go to court they’ll say something about how things changed since 9/11 and how this info was neccessary to track terrorists etc and we’ll be just told that we have to except the new norm for privacy. Patriot Act FTW

    1. here is your tin foil hat…..

  31. Patriot Act FTW. Doncha know Carrier IQ is just a means to track them terrorists?

  32. If one company like carrierIQ can do it, then surely there must be others doing similar stuff.

    And what about ROM developers. Could some be having their own versions of such software where such data is being collected without disclosure/permission. Just a thought.

Leave a reply

Your email address will not be published. Required fields are marked *

More in News