[kwlug-disc] CarrierIQ

Paul Nijjar paul_nijjar at yahoo.ca
Sat Dec 3 20:36:50 EST 2011 

On Sat, Dec 03, 2011 at 08:12:45PM -0500, Paul Nijjar wrote:
> 
> I think we all abstractly know we are being tracked, but this makes
> the situation uncomfortably explicit, and brings some of the
> implications of the new copyright and lawful access bills that are
> finally becoming law. 

The example I was thinking of has to do with Carrier IQ's draconian
Cease and Desist to Eckhart's investigations: 

https://www.eff.org/deeplinks/2011/11/carrieriq-censor-research-baseless-legal-threat

In addition to apologizing and redacting his DOCUMENTED RESEARCH,
Carrier IQ was going after Eckhart for mirroring Carrier IQ training
documents that he thought might be disappeared once the story got out.
Sure enough, the documents were disappeared, but Carrier IQ went after
Eckhart on the basis of copyright.

Now consider Bill C-11, in particular 30.63

http://www.parl.gc.ca/HousePublications/Publication.aspx?Docid=5144516&File=60#12

====
30.63 It is not an infringement of copyright for a person to reproduce
a work or other subject-matter for the sole purpose, with the consent
of the owner or administrator of a computer, computer system or
computer network, of assessing the vulnerability of the computer,
system or network or of correcting any security flaws.
====

Eckhart was arguably conducting security research, and he copied the
training materials for the sole purposes of assessing and correcting
security flaws (if you believe that tracking is a security flaw). But
he would not have been legally able to do so in Canada unless he got
the permission of Carrier IQ first. Do you think that Carrier IQ would
have given him this permission? Do you think any Canadian who finds
security flaws will have any protection under this legislation? 

By submitting these Cease and Desist letters, Carrier IQ is doing
exactly what one would expect of a company in a public relations
kerfuffle. 

> Canadian ISPs claim that they are not using
> CarrierIQ, but that does not mean they are avoiding analytics
> software.

A little more surfing reveals a report that Rogers had it installed
on one of their phones. (But according to Rogers it is inactive, and
if you can't trust Rogers who can you trust?)

http://mobilesyrup.com/2011/12/02/uh-oh-carrier-iq-found-on-the-rogers-lg-phoenix/

- Paul

-- 
http://pnijjar.freeshell.org

More information about the kwlug-disc mailing list