23
Nov
image

Trevor Eckhart, a developer involved in uncovering a huge security vulnerability that affected several HTC devices, was recently threatened by Carrier IQ (CIQ), a company involved in gathering various forms of user data and sending it to carriers or manufacturers for analysis. For those who haven't  been following the story, here's what happened:

Trevor Eckhart found several training manuals on CIQ's website. These were publicly available. Trevor shared them with the community, explaining just how far-reaching CIQ's data collection practices are. At this point, CIQ became aware of the fact that sensitive information had been exposed, and pulled the files from their website.

When Eckhart kept sharing the information, CIQ got angry. The company sent Eckhart a cease and desist letter, and threatened legal action due to copyright infringement and defamation. Eckhart promptly contacted the Electronic Frontier Foundation, a foundation that seeks to defend individuals' rights in the digital world. The foundation agreed to help, and quickly confirmed what everyone was thinking – CIQ's claims and threats were totally unfounded, and would not hold up to law.

Today, CIQ withdrew their legal threat in a fax from CEO Larry Lenhart, apologizing "for any concern or trouble that our letter may have caused," and going so far as to offer the chance to discuss the issues Eckhart exposed:

In addition, we would welcome the opportunity to start a discussion with you about these issues that we believe will be helpful to us, to our customers and to customers that use mobile devices.

Looking to do a little more damage control, Carrier IQ even released a media alert to "clarify some recent press on how our product is used and the information that is gathered from smartphones and mobile devices."

In the end, it looks like Trevor's research and reporting was even more useful to the community than previously thought. CIQ's ensuing debacle drew plenty of attention to the company, and the larger issue, making data collection a topic on the tips of many users' tongues in recent days.

Source: EFF

Liam Spradlin
Liam loves Android, design, user experience, and travel. He doesn't love ill-proportioned letter forms, advertisements made entirely of stock photography, and writing biographical snippets.

  • Anonymoose

    CIQ is slimy. I am glad we have ROMs that do not have their tentacles baked in.

  • http://www.jaduncan.com James Duncan

    AKA: We thought we'd be able to bully this person into burying the bad PR regardless of the legal merits, but now they've got real lawyers on their side our utter lack of case will be exposed. Let's make a fluffy press release!

  • Skippy

    FCC, Congress and Htc will all deal with ciq. $ talks Happy Thanksgiving

  • Zaeem

    Bloody good job, Trev E.

  • Grammar Nazi

    Some even say that the vulnerability "AFFECTED several HTC devices..."

    • http://www.AndroidPolice.com Artem Russakovskii

      It's one of my pet peeves as well - fixed, thanks.

    • http://www.liamspradlin.com Liam Spradlin

      Of course. Good catch.

  • Honu

    Another Assholes's company ...

  • Justin

    Man I love the freakin EFF. Those people do so much good for the online community. This puts the EFF and organizations like them one the upper end of my list of things to be thankful for this Thanksgiving.

  • Tradeware

    treve great work.... let's just hope ya dont consider the offer that i think they wanna make u...

  • http://cyanogenmod.com ciwrl

    Just FYI, but the fluffy press release came _before_ TrevE was sent the C&D, so while its substance is still lacking, it has nothing to do with their withdrawal of the lawsuit; it just marks the first instance they acknowledge his comments and the news-blogs

  • Simon Belmont

    I'm glad that TrevE is in the clear. He never did anything wrong.

    Frankly, we should be able to opt out of this if we want to. It's our devices, and we should be able to control what's being collected in the background.

  • Tom

    Great job Trevor. Pieces of shit like Carrier IQ, their General Council Joesph J. Dullea and their CEO Larry Lenhart need to be exposed to the light of day. It's only when they are able to hide like the slime they are can they operate.

    Btw...Dullea and Lenhart, if you don't like what I said it's too f/n bad. I care more about the shit from my ass than I care about your feelings.

  • paxmos

    I know that nowdays "privacy violation" is a joke, but wonder if anyone will go after this company and manufacturers who allow this violation?

  • Johnny

    +1 to the EFF! Much thanks to them and to people like TrevE.

  • sanchanim

    I think the product would stand up to any kind of scrutiny. From my understanding the software helps carriers fix problems proactively and it does not do what Eckhart said it did. He has a right to free speech but it looks like he works for a rival company. makes you wonder!!!

Quantcast