Al Franken wrote a letter to Carrier IQ's CEO Larry Lenhart demanding answers about his company's alleged logging of keystrokes and private information from cell phones.
Al Franken wrote a letter to Carrier IQ's CEO Larry Lenhart demanding answers about his company's alleged logging of keystrokes and private information from cell phones. Reuters/Jonathan Ernst

Phone-tracking firm Carrier IQ has reportedly been logging and transmitting sensitive information from consumers' phones without their knowledge or consent, including Android devices, Blackberry phones, HTC phones, and even iPhones. Nobody is happy with Carrier IQ, especially Sen. Al Franken (D-Minn.), who took action in a formal letter addressed to Carrier IQ CEO Larry Lenhart, demanding answers by Dec. 14.

It appears that this software runs automatically every time you turn your phone on, Sen. Franken writes. It also appears that an average user would have no way to know that this software is running - and that when that user finds out, he or she will have no reasonable means to remove or stop it.

The Carrier IQ software isn't controlled by users downloading any program; it's far worse than that. The handset manufacturers and the carriers install the Carrier IQ software without any way to opt out. On the iPhone, Carrier IQ only works in diagnostic mode, which is off by default, and only logs technical data. Yet, on almost every major phone, a software company is logging every keystroke the user makes.

Carrier IQ's behavior may already violate federal wiretapping laws, but in a statement on Carrier IQ's website, the company says it is only counting and summarizing performance, not recording keystrokes or providing tracking tools.

Sen. Franken retorts:

I understand the need to provide usage and diagnostic information to carriers. I also understand that carriers can modify Carrier IQ's software. But it appears that Carrier IQ's software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics - including who they are calling, the contents of the texts they are receiving, the contents of their searches, and the websites they visit.

These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.

I ask that you provide answers to the following questions by December 14, 2011.

Sen. Franken, who is also the chairman of the Subcommittee on Privacy and Technology and the Law, additionally demands Carrier IQ provide answers for about 22 different questions, including whether or not Carrier IQ logs a user's location, dialed telephone numbers, URLs of the websites a user visits and the contact information from users' address books. He also asks where the data is transmitted to, whether it's Carrier IQ's headquarters in Mountain View, Calif., or if the data is sent to smartphone manufacturers or carriers.

Franken finishes his letter by saying, I appreciate your prompt attention to this matter.

The full letter is available on Franken's website. The video below was created by 25-year-old systems administrator Trevor Eckhart, who shows how Carrier IQ's hidden software can silently watch every keystroke entered into the device. Cut to the 9:00 mark if you want to get straight to the point.