Sunday, December 4, 2011
Carrier IQ exposes the scant regard business has for consumer interests?
CIQ or Carrier IQ is preloaded software on your mobile phone either by your phone company or your handset manufacturer. It is loaded on million of phones because large telecoms and popular handset manufacturers use it. The software apparently is designed to help better the performance of telecom networks or handsets by tracking and recording low level information which it summarizes or logs for problem resolution. To do so it records key strokes, SMS messages, deciphers outgoing HTTPS streams and in a sense reads all the data one would like to keep private.
Were you as a consumer aware at any point in time of its functionality?
Were you aware that the permission to use this software was embedded in a User Agreement that you signed with the telecom company or with the manufacturer?
In both cases, the answer would perhaps have been a resolute No.
The prime reason is that User Agreements which you sign every time you use an application, services or digital products run in tens of pages and are written in legal jargon which does not allow a normal consumer to fully comprehend the implications of what is being agreed too. Most of these agreements are written to provide maximum protection for the service provider. All consumers should have a right to opt out of services such as these which affect their privacy whether in paid or free services. No services in reality free, as these supposedly free services, are funded by selling your actions or preferences to advertisers. Facebook is valued at 100 Billion US$? You ask yourself why?
I do not think that the intention of these service providers was to snoop on your phone and genuinely believe their action demonstrates how technical people like to better understand metrics to improve and manage services. Perhaps, most of the businesses which used the software did not even question how the product worked? But what if such a system was exploited by a malicious third party, government or telecom employee who figured out a way to use this tool for their benefit?
In any case it exposes how large corporations disassociate themselves and have scant regards for consumer privacy and security concerns. Its certainly not mandated in their policies and code of conduct beyond the mandatory regulatory and compliance requirements. We certainly do not want to be in a situation where billions of devices such as smartphones and tablets are shipped advertently or inadvertently with monitoring software without the user’s knowledge and explicit ability to opt in or out of such an arrangement while using the services
There have been too many such instances and I do believe it time for policy makers to adopt strict policies on the extent and methods which can be used to track user metrics and safeguard security and privacy concerns. Companies should self regulate themselves and their boards establish corporate policy on how customer data can be collected, processed, and stored. This should reflect on their decisions to buy or build metric collecting software for performance or advertising uses among others.