Carrier-IQ Tries To Sue TrevE

We may earn a commission for purchases made using our links.

Ok, gloves are off. If what CIQ wanted was a media storm, they got one. Yes, this is not my standard article where I try to start it up with a bit of a warm up to some regular story. This is a rather serious issue and one that will likely need your full support for your fellow community member and dev, XDA Recognized Developer TrevE. So, this is a petition to all of our readers, members, and followers to completely and absolutely blow this out of proportion. Retweet, cross post in social sites (reddit, digg, 4chan, slashdot, etc), post in your Facebook accounts. Do whatever you have to in order to support our fellow member. If you own blogs or are members of other communities such as RootzWiki, Android Central, Good and Evo, etc, please try to make sure that this gets to their Portals as well.

This goes beyond just a matter of online security and issues with a piece of software that collects our data. Right now, this just got down to a rather personal level, and why? Simply because the people over at Carrier-IQ do not know when to admit that they are wrong. I guess that by now, you are probably aware that I am tad worked up about this, but you cannot help to wonder why, so let me take a step back for a second and bring you some facts that are driving my writer’s rage this morning.

A few days ago, it seems that TrevE received a Cease and Desist letter from CIQ after the maelstrom that was caused by his findings which I spoke about in my previous article. Making a long story short, the article described how the CIQ software was installed on a large chunk of devices out in the market and that it was rather difficult to take out/turn off. Moreover, TrevE used the very accurate definition of rootkit for this software. The reason I say “very accurate” is because I have seen lots of comments from people saying that a rootkit by definition must be able to run code, which is not the case. A perfect example of a piece of software that was a rootkit was Sony’s software which came hidden in media like music CDs and movies and automatically installed itself in your computer if you played it. The only way to remove this thing (before Sony released the patch to uninstall it) was by formatting your computer. The software itself did not run any code but it installed itself silently in your computer and run hidden from sight. Again, the actual definition of rootkit can be found here, so if you are unsure of what it does or what it is, check the link. TrevE’s article went on to explain how the app works, what it collects, and most importantly, how to get rid of it.

The web exploded with comments and cross posts about this in a matter of a few days. After a few days, Carrier-IQ finally caught wind of this and decided to send the following letter to TrevE, where basically they are accusing him of using and redistributing copyrighted and confidential materials without authorization (aka piracy) and also they are demanding that he posts a public apology stating that all of his findings were essentially wrong and that he has nothing but good things to say about Carrier-IQ. The letter also goes on to say that he has about 24 hours to comply or else he would be sued by a large sum, which includes monetary damages, court fees, and other legal related costs. In case you are not sure why the short time frame, it is very clear… they wanted to ensure that TrevE did not have time to seek legal counsel. Luckily, TrevE had enough time to seek legal council from the EFF (Electronic Frontier Foundation), which immediately jumped to his aid.

So, as you can imagine, knowing that these scare tactics are pointless due to constitutional rights (First Amendment in the US also known as Free Speech world wide) protects him for the most part. On top of that, the allegations regarding copyright infringement are entirely baseless as well. Think about this, he did not hack into ciq’s website to obtain this information as it was freely listed and opened for everyone to see. Anyone (and I do mean anyone) with internet access and space in their hard drives would have been able to download all of the documents that TrevE used for his research. On top of that, IP protection laws allow the use of copyrighted materials if the intent of the use is for educational, news reporting, or criticism purposes, again rolling back to Freedom of Speech. This is not new, and in fact, there is a whole line of cases similar to this, which has made a few groups including the EFF, Harvard, Stanford, and a few others create a website with a nickname for this kind of activities. This is also known as chilling effects, where essentially bigger corporations act as “bullies” to try and silence people who discover flaws in their products by threatening people with legal means, such as C&D letters. All in all, the EFF backs TrevE completely and decided to send a letter back to CIQ, essentially telling them to shove their demands where the sun doesn’t shine. At this point, the battlefield is silent and CIQ has not said anything back yet.

Being fired up as I am, I decided to randomly search a bit on Google about data collection acts, laws, and such, and I came across something called the PIPEDA Act in Canada, the ECHR in Europe, and NPP in Australia. All of these basically encompass one rule (and of course, these are my own words): if you have no legal businesses with data collection, more than likely you cannot collect it. The NPP goes a few steps further and state that the user MUST know what is being collected, by whom, and who it is being shared with. I sincerely hope that Carrier-IQ’s practices fall under some realm of these laws, cause if they don’t, they are breaching laws at an international level and not simply Freedom of Speech. Quite frankly, I actually hope they are not following international regulatory guidelines after what they tried to do here.

Want even more? It seems that this thing has active elements baked in Sense and Touchwiz kernels as well, so even if you manage to remove the CIQ from your devices’ rom, you will most likely have parts of code belonging to this thing present in the kernels, all of which have root access. A snippet of code that I found laying around:

#define SDIO_TTY_DEV “sdio_tty_ciq_0 ”

#define SDIO_CIQ “sdio_ciq”

#define SDIO_TTY_DEV_TE ST “sdio_tty_ciq_t est_0″

#define TTY_CIQ_MODULE_ NAME “sdio_tty_ciq”

static int channel_name_to _id(char *name)

{

pr_info(TEST_MO DULE_NAME “%s: channel name %s

”,

func, name);

if (!strncmp(name, “SDIO_RPC_TEST” ,

strnlen(“SDIO_R PC_TEST”, CHANNEL_NAME_SI ZE)))

return SDIO_RPC;

else if (!strncmp(name, “SDIO_QMI_TEST” ,

strnlen(“SDIO_Q MI_TEST”, TEST_CH_NAME_SI ZE)))

return SDIO_QMI;

else if (!strncmp(name, “SDIO_RMNT_TEST “,

strnlen(“SDIO_R MNT_TEST”, TEST_CH_NAME_SI ZE)))

return SDIO_RMNT;

else if (!strncmp(name, “SDIO_DIAG_TEST “,

strnlen(“SDIO_D IAG”, TEST_CH_NAME_SI ZE)))

return SDIO_DIAG;

else if (!strncmp(name, “SDIO_DUN_TEST” ,

strnlen(“SDIO_D UN_TEST”, TEST_CH_NAME_SI ZE)))

return SDIO_DUN;

else if (!strncmp(name, “SDIO_SMEM_TEST “,

strnlen(“SDIO_S MEM_TEST”, TEST_CH_NAME_SI ZE)))

return SDIO_SMEM;

else if (!strncmp(name, “SDIO_CIQ_TEST” ,

strnlen(“SDIO_C IQ_TEST”, TEST_CH_NAME_SI ZE)))

return SDIO_CIQ;

else

return SDIO_MAX_CHANNE LS;

return SDIO_MAX_CHANNE LS;

}



Now, I am personally not a programmer but this is very much alive in most (if not all) Sense kernels and it is part of CIQ. On top of that this is compiled into the kernel, so removing it might be rather tricky.

So, Carrier-IQ, did you honestly believe that trying to silence someone was going to do you any good? Giving a short window to ensure that no legal council can be used is simply a disgusting tactic that will end up back-firing on you. Getting rid of people who criticize your products is not the way to evolve or even behave in this world of ours. All your statements so far, every single one of them, have been a complete and utter lie. And to the person that is pointing them out to you, you threaten to sue. TrevE has hard facts backing every single one of his words, and I can guarantee you that there are now thousands of developers worldwide taking your application to pieces, uncovering the kind of activities that you are indeed carrying out. My original rants were meant to go more against carriers as your original product didn’t seem that bad and the modded versions of it was really what we were going after, but since you insist on trying to be the “big corporate firm”, and go against the mobile tech world, I say bring it on! As I said, your software is being completely dismembered, dismantled, and taken apart bit by bit by developers (both on a professional level as well as free lance/hobbyist level) and you know why? Because people don’t like being lied to.

Congratulations on turning the developer world (the source of ALL of your business) into your worst nightmare. Sit back and enjoy the ride.

We need your help to spread the word! We need to stand together as the mobile world and not as separate islands (communities), because this affects us all. Please help us spread this message around. Thank you.

Want something published in the Portal? Contact any News Writer.