US Sen. Al Franken today demanded answers from Carrier IQ about what kind of data its software for smartphones collects and how it is used and stored. Noting that Carrier IQ has been "accused of secretly logging location and private information of millions of smartphone users," Franken forwarded the company 11 questions, many of them with multiple parts, and asked for answers by Dec. 14.

Franken started out by asking for specifics on what types of information Carrier IQ collects, specifically whether it includes location, numbers dialed, the contents of text messages and e-mails, URLs of websites visited, search query histories, contact information from address books, and keystroke data. "What if any of this data is transmitted off of a users’ phone? When? In what form?" Franken asks. "Is that data transmitted to Carrier IQ? Is it transmitted to smartphone manufacturers, operating system providers, or carriers? Is it transmitted to any other third parties?"

Franken further wants to know if Carrier IQ has disclosed user data to federal or state law enforcement, whether Carrier IQ lets users opt out of logging and transmission of data, and what steps the company takes to protect this data against security threats. The senator strongly hints that he believes Carrier IQ has violated various federal laws.

"Does Carrier IQ believe that its actions comply with the Electronic Communications Privacy Act, including the federal wiretap statute (18 U.S.C. § 2511 et seq.), the pen register statute (18 USC § 3121 et seq.), and the Stored Communications Act (18 U.S.C. § 2701 et seq.)?" Franken's letter asks. "Does Carrier IQ believe that its actions comply with the Computer Fraud and Abuse Act (18 U.S.C. § 1030)? Why?"

Addressed to Carrier IQ CEO Larry Lenhart, Franken's letter also says "It appears that this software runs automatically every time you turn your phone on. It also appears that an average user would have no way to know that this software is running—and that when that user finds out, he or she will have no reasonable means to remove or stop it." Yesterday, Forbes reported that former Justice Department lawyer Paul Ohm believes Carrier IQ's actions are grounds for a class action lawsuit based on a federal wiretapping law.

Controversy over Carrier IQ began in the past few weeks when researcher Trevor Eckhart published analysis of the company's software, saying it secretly chronicles a user’s phone experience, including use of apps, battery life, and texts. Carrier IQ initially sent Eckhart a cease-and-desist notice, but ultimately withdrew the notice and apologized to Eckhart. However, the company said its software does not record keystrokes, inspect or report on the content of e-mails and text messages, and it does not sell data to third parties. "Our software is designed to help mobile network providers diagnose critical issues that lead to problems such as dropped calls and battery drain," the company said.

The full spread of Carrier IQ software is unknown, although it's been claimed that it is installed on millions of Android, BlackBerry, and Nokia phones. Samsung told Ars in a statement that "Carrier IQ is a service requested by the carriers for Samsung to integrate into products. Samsung does not receive the consumer information generated by Carrier IQ."

AT&T has reportedly confirmed using Carrier IQ "to improve wireless network and service performance," while Verizon Wireless has denied doing so. Research In Motion has said it does not preinstall Carrier IQ on BlackBerry phones and does not authorize carriers to add the software later.

As for the iPhone, Carrier IQ references have been found in Apple's iOS, although the Unofficial Apple Weblog reports that it found no references to key logging and that Carrier IQ may not be enabled.