8/3/2019 Carrier IQ Hearing Request Letter

1/3

FRED UPTON, MICHIGANCHAIRMAN

ONE HUNDRED TWELFTH CONGRESS

HENRY A. WAXMAN , CALIFORNIARANKING MEMBER

QCongress of tbe llniteb ~ t a t e s ~ o u s e of l\epresentatibes

COMM ITTEE ON ENERGY AND COM MERCE2125 R AYBURN H OUSE O FFICE BUILDINGW ASHINGTON, DC 20515-6115

The Honorable Fred UptonChairmanCommittee on Energy and CommerceU.S. House of Representatives2 125 Rayburn House Office BuildingWashington, DC 205 15The Honorabl e C li ff StearnsChairman

Majority (202) 225 - 2927Minority (202) 225-3641

January 12, 20 12

Subcommittee on Oversight and Inves tigationsU.S. House of RepresentatiYes2 125 Rayburn House Office BuildingWashington , DC 205 15The Honorabl e Mary Bono MackChairmanSubcommittee on Commerce, Manufacturing, and TradeCommittee on Energy and Commerce2 125 Rayburn House Office BuildingWashington, DC 205 15Dear Chairm an Upton, Chairman Stearns, and Chairman Bono Mack :

We are writ ing to reques t a hea ring on concerns about consumer pri yacy raised by therece nt Ca rrier IQ cont roversy. Last month, an analysis of log fi les on an Android mobile dev icegenerated alarm about diagnost ic so ftware created by Carrier IQ and the scope of data co llected,analyzed, and transmitted by that company and by mobile device manufacturers and wirelesscarriers. I There continue to be many unanswe red questions about the handling of this data andthe extent to whi ch its collection, analysis, and transmission pose leg itimate privacy conce rn s for

I See, e.g., Senator Franken Asks Carrier IQfor Answers, Wa shin gton Post (Dec . I , 20 II ); Carrier IQ: We Don 'fRecord Keyslrokes, Bil l YOllr Phone Does, CNNMoney (Dec. 16, 20 11 ).

8/3/2019 Carrier IQ Hearing Request Letter

2/3

The Honorable Fred UptonThe Honorable ClitT Stearn sThe Honorable Mary Bono MackJanuary 12,2 01 2Page 2the American public. Th e C Olllmittee should examine the facts and potenti al concerns raised bythe Carri er IQ controversy .

Carri er IQ software is des igned to help mobile device manufacturers and wirel ess carri erstrack the performance of their phones a nd netwo rks. It is present on millions o f phones onSprint , T-Mobile, AT&T, and other netwo rks. Although consumers know lillie if anything aboutthis so ftwa re, it could represe nt a signific ant threat to pri vacy. Last month, a researcherpublished analys is s uggesting that Carrier lQ soft ware reco rds a ll keystrokes entered into amobile device using Goog le's Android operating system, including th e content of tex t messagesand other sensitive data2

Carrier lQ has confirmed some important information about its so ftware: that it cancollect information such as call s made and rece ived, a phone's physical location, the URLs ofwe bsites searched by a dev ice use r, and in some cases, internet search qu eri es, and that it cantransmit this information back to network prov iders. Carrier IQ has a lso admitted th at itssoft ware collected and transmitted th e co ntent of S MS tex t messages sent by so me mobile dev iceusers, though the company s tates that thi s co llec tion was unintentional and resulted from a bugthat it has co rrec ted ]

Carrier lQ has deni ed the allegations that its soft wa re makes logging of keystrokesposs ible. In stead, the co mpany argues that th e third-pa rty ex pert analysis reve al ed avulnerability in Android dev ices that resulted in the logging of keystrokes in some phones .4 Iftrue, these conclusions are al so troubling. The Android vulnerability could have le ft thiskeystroke in fo rmation available to ill!.Y third-pa rty whose softwa re had been insta lled on a user' sphone.

Data co llection and transmission by Ca rri er lQ and similar so ftware is wides pread, andcon sumers appear to have little know ledge and even less control ove r the prac tice. By onees timate, Carrier IQ so ftware is present in over 30 million mobile phones in the United States 5Wireless carri ers and dev ice manu fac turers that have not purchased Carri er IQ 's se rvices may beco llecting similar data internall y, adding to the number o f afTected consumers. Before la stmonth , eve n the most tec lmica lly savvy customers may not have been aware of th e prese nce ofthis so ftware a nd o f it s capac ity for transmitting sensitive in formation. And even if consume rs

2 See Senator Franken .--hk s Carrier IQJor Am'll'ers, Was hington Post ( Dec. I , 20 I I) .3 See Leiter from Ke lly S. Sharpe, Carrier IQ CFO, to Senator Al Franken (Dec. 14. 20 11).1 See Carrier lQ, Understanding Carrier lQ Technology (Dec. 15, 20 I I ) (avai lab le onl ine aihn p:l/ca rrieriq.com/company/PR.20 II 12 12. pdf) (vis ited Dec. 2 1. 20 I I).:; See Carrier IQ : Which Wireless Carrier Is rhe Biggest User, Washington Pos t ( Dcc. 16, 20 11 ) .

8/3/2019 Carrier IQ Hearing Request Letter

3/3

The Honorable Fred UptonThe Honorable Clif f StearnsThe Honorab le Mary Bono MackJanuary 12, 201 2Page 3know about the threat to their privacy, they have little practical recourse because most dev iceusers have no abi lity to delete the data co llection and transmission software from the ir phones 67

Thi s controversy raises important questions that the Committee should address : What arethe data co llection, ana lysis, and transmi ssion capabi lities of Ca lTier IQ and similar software, andwhat privacy protections are built into the software ? Were Android phone s sold with securityfla ws that could ha ve exacerbated privacy concerns related to Carrier IQ and other software and,if so, have these flaws been addressed? Are carriers and device manufacturers providingsufficient disclosure to consumers about this data collection, analysis, and transmi ssion? Dothese practices create privacy and security ri sks for consumers and , if so, how are carriers andmanufact1lrers address ing them? How much control do mobil e device users have over this dataco llect ion, ana lys is, and transmi ssion and should that control be expanded?

There is great bipartisan interest in consumer data pri vacy. This Co mmittee ha s he ld fourhearings on the issue in thi s Congress, members on both sides on th e aisle have introducedpri vacy legislation , and the Subcommittee on Commerce, Manufacturing, and Trade marked up aRepublican data privacy proposa l, the SAFE Act, last July8 We urge yo u to hold a hearing asexpeditious ly as possibl e to ex plore the answers to questions raised by rece nt reports aboutCa rrier IQ and data co llection, analysis, and transmi ssion in the mobile device market.

U .. L vj'a... .A-a.,.Waxman

Ranking Member

Sincerel y,

Diana DeGetteRanking MemberSubcommittee on Oversight

and Investigations, nking Memberub committee on Commerce,

Manufacturing, and Trade6 See Carrier IQ, Understanding Carrier IQ Technolog), (Dec. 15, 201 1) (ava ilable on line (I Ihnp ://cal" ieriq.col11/co l11pany/ PR .20 111 2 12. pdf) (visiled Dec. 2 1,20 II ).7 See Ca lTier IQ , Understanding Carrier IQ Technology (Dec. 15, 20 II ) (ava ilable online alhnp :/Ica ITieri q. co l11/co l11pany/ PR .20 111 2 12.pdf) (vis ited Dee . 2 1,20 II ).8 See Understanding Conslimer AIIillldes Aboll l Privacy, Committee 011 Energy and Commerce Subco mmittee onCo mm erce, Manufacturing . and Trad e (1 12th Cong.) (Oc t. 13, 20 11 ); PrOiecling Children 's Privacy in anEleclronic World, Co mmittee 0 11 Energy and Com mer ce Subcommittee on COlllmerce, Manufacturing, and Trade(1 12th Cong.) (Oct. 5,20 II ); Int ernet Privacy and the EU, COlllmittee on Energy and Co mm erce Subcommittee onCO lllm erce, Ma nu fact urin g, and Trad e ( I 12 th Cong.) (Sept. 15,201 1); /w ernet Privacy: The View af th e FTC,FCC, and NT/A, Committ ee on Energy and COlllm erce Subcom mitt ee on Co mm erce, Manufactllring, and Trad e andSubcommitte e on Communica tion s and Tec hnology ( I 12th Cang.) (July 14, 20 I I); l\1arkup on H R._, the Secureand ForlW' Electronic Dala Acl of201 1, or SAFE Data ACI, Co mmitte e on Energy and Comm erce Subcoillmittee onCommerce, Manufacturing, and Trade (I 12th Cong.) (Jul y 20, 20 II ).