Case study: Carrier IQ
Key point:
Device manufacturers and software developers can be held liable for surreptitious collection of personal data on a mobile device even where the data is stored in the device and not transferred to third parties.
Background
Carrier IQ was a company that provided analytics software for mobile phone manufacturers and wireless carriers in the US.
In 2011, researchers Trevor Eckhart and Ashkan Soltani discovered Carrier IQ software living on Android smartphones and found that Carrier IQ had the ability to intrusively track user’s activities in a smartphone (including web pages visited, texts sent, even the keys pressed) and send it to a third parties. Shortly thereafter, Carrier IQ was reportedly discovered on Nokia Samsung, HTC, BlackBerry, and iPhone smartphones, drawing criticism from smartphone owners and privacy advocates. Eventually, it was estimated that around 150 million cellphones had Carrier IQ software installed, mainly in the US.
The installation of Carrier IQ was mandated by certain mobile carriers to monitor hardware and network performance with the goal of enhancing network reliability. Several carriers (including T-Mobile, Sprint and AT&T) argued that the software was not used to obtain user personal data.