Friday, December 2, 2011

Peek-A-Boo I CIQ

Security experts, privacy advocates and even the network news are going wild over the latest discovery in the world of high tech mobility. Carrier IQ is a program that sits quietly unobserved in the background of your Blackberry, Android or iPhone meticulously recording your every move. It is reported to be storing all of your key strokes, that is, every phone number you dial, every URL (web site name) you enter, text messages and, yes, even your tweets. It also knows where you are.

It was discovered by researchers and extensively reported in tweets, trade journals, newspaper stories and on-line articles. This recent YouTube video illustrates what it does in excruciating detail.

Apparently, not all of these data are transmitted to the carriers. Moreover, what is sent is stripped of identity making it a collection of anonymous data points. The carriers claim these data are aggregated and used to monitor and troubleshoot system performance. IT might be used, for example, to determine where and why calls are dropped, to help with capacity planning or to look at application issues and problems like battery life.

OMG, the carriers know all about me! Here we go again.

Let's be reasonable. The carriers already know every call you make. They connect you. They bill you. There is more information readily available in the databases that support their on-line billing systems than CIQ could ever retain. They facilitate the connections for all of your texts and the web sites you visited. Again, these are in the carrier transaction records and, by the way, are not anonymous in that context.

Granted, user account and password information stored on the device in unencrypted form makes me uncomfortable. But in my view, may be the only real flaw. The conspiracy theorists and privacy people are making quite a big deal of a small oversight that can easily be remedied.

In earlier columns I have recommended you enable PIN security on your smart phone. This is the personal identification number code you must enter to unlock the device each time you want to use it. If you are concerned about someone hacking your phone and absconding with the data stored by CIQ, don't be. There is way more to be worried about such as your contact list, e-mail, calendar, texts and other applications data which is readily available through those respective applications should your phone fall into the wrong hands. Without the PIN protection at the front door anyone can simply begin to use your applications with free access to all the information contained within.

So stop worrying about things you cannot control and use the simple yet very effective security mechanism you have at your disposal.

You don't want anyone paying for their Starbucks coffee on your account now, do you?

Captain Joe

Follow me on Twitter @JPuglisiLLC

1 comment:

  1. The media loves this kind of story -- it makes them appear to be on the side of the people, warning us of dire scenarios, when really it is just not as scary as it's cracked up to be.