December 2011

A piece of keystroke-sniffing software called Carrier IQ has been embedded so deeply in millions of Nokia, Android, and RIM devices that it’s tough to spot and nearly impossible to remove, as 25-year old Connecticut systems administrator Trevor Eckhart revealed in a video. That’s not just creepy, says Paul Ohm, a former Justice Department prosecutor and law professor at the University of Colorado Law School. He thinks it’s also likely grounds for a class action lawsuit based on a federal wiretapping law.

“If CarrierIQ has gotten the handset manufactures to install secret software that records keystrokes intended for text messaging and the Internet and are sending some of that information back somewhere, this is very likely a federal wiretap.” he says. “And that gives the people wiretapped the right to sue and provides for significant monetary damages.” Specifically, Ohm points to changes made to the Wiretap Act under the Electronic Communications Privacy Act of 1986 that forbid acquiring the contents of communications without the users’ consent. “Because this happens with text messages as they’re being sent, a quintessentially streaming form of communication, it seems like exactly the kind of thing the wiretap act is meant to prevent,” he says. ”When I was at the Justice Department, we definitely prosecuted people for installing software with these kinds of capabilities on personal computers.”

Wireless carriers and handset makers have slowly been clarifying how they use Carrier IQ, the software program that can record information from cellphones.

Carrier IQ’s program is meant to collect user data to “assist operators and device manufacturers in delivering high-quality products and services to their customers.” But the average user can’t see or agree to this data collection, which is what’s caused such outrage. Verizon spokesman Jeffrey Nelson said on his Twitter account that the company does not use Carrier IQ on its phones. AT&T and Sprint have both released statements saying that they use Carrier IQ for network monitoring and maintenance purposes. “In-line with our privacy policy, we solely use CIQ software data to improve wireless network and service performance,” said AT&T spokesman Mark Siegel. Sprint, the carrier that was featured in security researcher Troy Eckhart’s videos showing the program’s activities, also said that it uses the program to monitor connection problems, but does not and cannot look at or record the contents of text messages.

The House Communications Subcommittee approved in a 17 to 6 vote along party lines a Republican version of a spectrum incentive auction bill that would give the Federal Communications Commission the authority to pay broadcasters for voluntarily exiting the spectrum to be auctioned for broadband use, and set aside as much as $3 billion to compensate broadcasters left behind for moving or sharing channels. That $3 billion is three times as much as Democrats were proposing in their version and was the subject of some debate, as were a number of issues.

The House's Jumpstarting Opportunity with Broadband Spectrum (JOBS) Act of 2011 would require the FCC to do its best to preserve the coverage areas and interference protections of broadcasters who do not give up spectrum, compensates cable operators for any costs of picking up reconfigured broadcast signals, and prevents the FCC from forcing stations on UHF channels to move to VHF, which is not as robust for DTV. The bill allocates the D block of spectrum, rather than auctioning it, a Republican concession that Democrats on the committee praised.

The bill was amended to prevent the FCC from imposing network neutrality or wholesale conditions on the spectrum being reclaimed for auction, as well as to require the FCC to resolve broadcaster spectrum coordination issues with Canada and Mexico, to set aside money for e-911 call centers, and to prevent security risks from building out the emergency interoperable broadband communications network.

The bill will now go to full committee for markup, where Democrats said they hoped they could negotiate compromises, though they got no promises from the Republican majority. The auction is projected to return at least $15 billion to the US Treasury for deficit reduction after paying broadcasters and for the care and feeding of an interoperable emergency communications network. A separate Senate bill has passed the Commerce Committee and is awaiting a floor vote.

Addressing the thorny issue of how the United States should address online infringement, lawmakers have introduced a bipartisan, bicameral proposal that would give the International Trade Commission the authority to launch investigations into digital imports, or downloads, of counterfeit goods.

The ITC can currently issue orders excluding foreign counterfeit goods from entering the country, and the draft would extend that jurisdiction to the Web. Under the proposal, the ITC would have the authority to issue a cease-and-desist order against foreign Web sites that “primarily” and “willfully” engage in infringing U.S. copyrights or enabling imports of counterfeit goods. The commission would be able to tell U.S. companies to stop dealing with foreign companies that import counterfeit goods. Those orders would ultimately be enforceable by the US attorney general. The public would be notified of investigations, and final determinations could be appealed in a US court. Sen. Ron Wyden (D-OR), who helped draft the discussion document, said that the transparency and narrow scope of the ITC process make this approach preferable to those laid out in the Protect IP Act.