Lawmakers Call for Official Hearing over Carrier IQ, Cellphone Security

  • Share
  • Read Later
Trevor Eckhart / YouTube

With all the concern and conversation surrounding the Stop Online Piracy Act (SOPA) these days, you’re forgiven if you forgot about Carrier IQ and the possibility that your cellphone contains hidden keystroke-tracking software monitoring every click. Washington lawmakers have forgotten nothing — in fact they’re pushing for an official investigation into the matter.

The Carrier IQ story broke just over a month ago, as systems administrator Trevor Eckhart revealed he’d discovered software on his Android HTC phone capable of registering every keystroke on the device. Cellphone manufacturers and carriers quickly distanced themselves from responsibility, and Sprint eventually disabled the software on its devices in response to the outcry. While other matters — chiefly the lack of new developments — have knocked this story off the radar, a letter to the Chairman of the House Energy and Commerce Committee Rep. Fred Upton (R-MI) suggests several members of Congress still want Carrier IQ investigated.

(MORE: Finger-Pointing, Denials and Confusion: Who Put Keystroke-Tracking Software On Your Phone, Anyway?)

The letter, sent by Representatives Henry Waxman (D-CA), Diana DeGette (D-CO) and G.J. Butterfield (D-NC), requests that the committee hold a hearing “as expeditiously as possible,” explaining that “there continue to be many unanswered questions about the handling of this data and the extent to which its collection, analysis, and transmission pose legitimate privacy concerns for the American public.” Waxman, DeGette and Butterfield suggest that such a hearing extends beyond Carrier IQ, worrying that “wireless carriers and device manufacturers that have not purchased Carrier IQ’s services may be collecting similar data internally, adding to the number of affected consumers.”

Of particular interest to the three House Democrats is security on Android devices, which Carrier IQ itself says was responsible for the keystroke logging:

Carrier lQ has denied the allegations that its software makes logging of keystrokes possible. Instead, the company argues that the third-party expert analysis revealed a vulnerability in Android devices that resulted in the logging of keystrokes in some phones. If true, these conclusions are also troubling. The Android vulnerability could have left this keystroke information available to third-party whose software had been installed on a user’s phone.

There’s been no response from Rep. Upton or the House Committee yet, but if this hearing happens, expect unsettling revelations about how private our mobile devices really are.

MORE: Is Carrier IQ the Devil, or Just Misunderstood?

Graeme McMillan is a reporter at TIME. Find him on Twitter at @Graemem or on Facebook at Facebook/Graeme.McMillan. You can also continue the discussion on TIME’s Facebook page and on Twitter at @TIME.