US senator calls for answers on phone 'snooping'

US Capitol building
Image caption Carrier IQ has been given two weeks to explain its actions by a US Senator

The maker of the smartphone software that triggered a snooping row has been called to account by a US Senator.

Senator Al Franken has written to Carrier IQ asking it to explain the "troubling"findings of security expert Trevor Eckhart.

Mr Eckhart claimed Carrier IQ software could log everything people did on their smartphones but did not ask for consent to record data.

Carrier IQ said its software helped diagnose faults, not spy on users.

Sensitive data

The row blew up afterMr Eckhart posted a video on YouTubethat he said showed Carrier IQ could record a user's location, keystrokes and the websites they visited.

Carrier IQ tried to silence Mr Eckhart with the threat of legal action but backed down following the intervention of the digital rights group the Electronic Frontier Foundation.

In a statement, Carrier IQ said its software did not record keystrokes but was a diagnostic tool used by operators to help pinpoint what caused network glitches.

In the letter Senator Franken sent to Carrier IQ, he asked the company to clarify what types of data its software captured and what was done with that information.

He wrote that, despite Carrier IQ's claims, some of the data being acquired had nothing to do with diagnostics. If Mr Eckhart's findings were borne out, he warned, Carrier IQ could have broken US law.

Image caption Mr Eckhart demonstrated his findings via a video on YouTube

"The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling," said Mr Franken in a statement.

"Carrier IQ has a lot of questions to answer," he said.

Carrier IQ has until 14 December to respond to the letter. Mr Franken wrote the letter in his capacity as chairman of the Senate subcommittee on privacy, technology and the law.

Key alert

In an interview with the All Things D website, Andrew Coward, head of marketing at Carrier IQ, explained what the company's software did.

He said the code listened for key presses to spot strings of numbers that triggered an alert. These alerts were linked to problems with a phone or a network.

Carrier IQ relayed the alert to operators, said Mr Coward, and discarded all the other data. It also logged some other information, such as location and cellphone tower data, to help spot when calls or texts went astray.

He said the decision to use Carrier IQ lay with mobile operators and it was up to them to decide what information was collected. Carrier IQ claims its software is deployed on more than 140 million devices.

The software has been found on Samsung handsets and some Android phones from HTC. Both said it was installed at the request of operators.

It has also been found on the iPhone 4. Apple said it had stopped using the software on the iPhone 4S and other devices running its iOS 5 system software.

US operators known to be using it include AT&T and Sprint.UK operators told The Guardian that they did not use the software.

Nokia and RIM have issued statements saying they do not let the software ship on their products.

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites