Much hay has been made of the recent discovery of secret software embedded on smartphone devices sold by several US carriers over the past year. The software, intended for network diagnostics, is produced for the carriers by a company called Carrier IQ, and included on smartphone units by the various carriers after the actual telephones are produced.

By way of example, consider the film I, Robot. At one point in the film, a US Robotics technician accompanies Detective Spooner to the factory where the robots are produced. The robots at that point aren't yet programmed; they have a basic set of laws and that's all. The handsets companies like HTC and Samsung produce for the carriers are a lot like the robots at the factory: they don't yet have the firmware and software to make them complete, serviceable units. Carriers like AT&T order units from manufacturers, and each carrier loads each unit with the firmware and software the carrier chooses. Some carriers (notably AT&T, Sprint and T-Mobile) chose to subscribe to Carrier IQ's services, and so the Carrier IQ software was included in the programming provided by those carriers. The software provides value to carriers by sitting in the background and keeping meticulous records of the unit's network activities for the purpose of providing the carrier intelligence on handset and network performance.

This is where Android developer Trevor Eckhart comes in. Eckhart discovered that the Carrier IQ software was capturing enormous amounts of private information that, in reality, has nothing to do with network performance because the software continued to capture the data even while the unit was disconnected from the network -- including every keystroke typed into the unit. Eckhart filmed his discovery and published it to YouTube, where it received the attention of, among others, Carrier IQ's lawyers: Carrier IQ issued a cease and desist order against Eckhart, which was promptly challenged by the Electronic Frontier Foundation.

Carrier IQ later rescinded the order, but not before a media firestorm erupted over the privacy concerns raised by Eckhart's research. The tempest received the attention of Senator Al Franken (D-MN), Chairman of the House Judiciary Subcommittee on Privacy, who published a statement on the issue earlier this week.

"People have a fundamental right to control their private information. After reading the companies' responses, I'm still concerned that this right is not being respected. The average user of any device equipped with Carrier IQ software has no way of knowing that this software is running, what information it is getting, and who it is giving it to-and that's a problem. It appears that Carrier IQ has been receiving the contents of a number of text messages-even though they had told the public that they did not. I'm also bothered by the software's ability to capture the contents of our online searches-even when users wish to encrypt them. So there are still many questions to be answered here and things that need to be fixed."

What units have the software installed?

AT&T reported to Sen. Franken that the Carrier IQ software is "integrated and active" on the following Pantech devices: The Pursuit II, Breeze 3, P5000 (Link2) and Pocket; it is also active on the Sierra Wireless Shockwave, LG Thrill, the Avail and Z331 from ZTE, the SEMC Xperia Play, and Motorola's Atrix and Bravo. AT&T also notes the software is aboard the HTC Vivid, LG Nitro and Samsung Skyrocket, but wasn't activated due to performance issues.

Sprint reported to Sen. Franken only the manufacturers of devices upon which the software is installed: Audiovox, Franklin, HTC, Huawei, Kyocera, LG, Motorola, Novatel, Palmone, Samsung, Sanyo and Sierra Wireless.

Samsung provided a list of unit models, by carrier, upon which the carriers ordered the software installed: Sprint ordered the software on 28 models (all prefaced with "SPH" -- visit the Samsung link below for the full list); T-Mobile, 2 (T-989 and T-679); Cricket, 4 (all starting with SCH-R); and AT&T, 1 (SGH-i727).

HTC reported that Sprint had ordered the software placed upon its Snap, Touch Pro 2, Hero, Evo 4G, Evo Shift 4G, Evo 3D and Evo Design models. HTC confirmed the presence of the software on it's Vivid model offered by AT&T, and on the Amaze 4G available through T-Mobile.

Links to each response letter (in portable document format) appear at bottom. Responses from T-Mobile and Motorola were not yet available.

Bottom line: Should I freak out?

Probably not. I concur that the software's activity represents a massive privacy violation -- but ask yourself what the likelihood is of analysis of your traffic. Consider all of those phone models, and the numbers of those phones that have been sold: roughly 33 million Samsung and HTC units, with some 27 million units operating on the AT&T and Sprint networks -- all radioing in data once a day. Consider the volume of data involved -- and the effort it would take to organize and mine it all, assuming a company would wish to dedicate the resources ($$$) for such a Herculean task. If you're in doubt, here's a hint: AT&T probably isn't paying anybody to care about your OMG's and OMW's. But the great news here -- for us all -- is that the problem has been exposed, and consumers may end up benefiting from Senator Franken's efforts. After all, he's good enough, he's smart enough, and doggone it, people like him!

Links:
Carrier IQ
Trevor Eckhart's investigation of the Carrier IQ software
The Electronic Frontier Foundation's explanation
Sen. Franken's Statement on the CarrierIQ Debacle
AT&T's Response to Sen. Franken
Samsung's Response to Sen. Franken
Sprint's Response to Sen. Franken
HTC's Response to Sen. Franken