As discussed in the Techcrunch post Android Researcher Hit With C&D After Dissecting Monitoring Software, Android security researcher Trevor Eckhart posted about the mobile tracking software from a company called Carrier IQ. As explained in the Techcrunch post:
Carrier IQ pitches themselves as the “leading provider of mobile service intelligence solutions,” and provides their services to a number of players in the mobile space. The company’s main U.S. carrier partner is Sprint, and Eckhart claims that their tracking software appears on Android devices from HTC and Samsung among others.
According to Eckhart’s research, Carrier IQ is capable of monitoring everything from where the phone is to what apps are installed, and even which keys are being pressed. Carrier IQ says that the information is collected to give carriers insight into how the mobile use experience can be improved. It sounds like a noble enough goal, except Eckhart found that the software could run without the user’s knowledge or consent as was the case with the HTC phones he tested.
Carrier IQ’s general counsel then fired off a vicious cease-and-desist letter [PDF] against Eckhart, “claiming that he committed copyright infringement by reproducing some of the company’s training materials in his post and that he made ‘false allegations’ about the nature of their software.” In other words, Carrier IQ was trying to squelch criticism of it by using copyright law to censor its critic. These tactics are one reason I not only despise copyright, but that I have begun to really detest what the legal profession has become: a bunch of arrogant bullies. The C&D letter is outrageous: it gave Eckhart two days to commit to all kinds of groveling, making a public apology, replacing his original blog post with one written by Carrier IQ, and so on. While threatening him with tens of thousands of dollars of damages, if not more, with some dubious claims, as discussed in a recent episode of This Week in Law. For example, according to some of the legal pundits on TWiL, the statutory damages and attorneys’ fees threatened are available only for a registered copyright work, and the material in question did not appear to have been registered. Further, Ekhard would probably have a fair use defense (as the Electronic Frontier Foundation (EFF) argues as well).
In any case, after its threats was noticed and blogged and tweeted about on the Internet, and after Eckhart bravely contacted the EFF for help instead of backing down, Carrier IQ realized what a PR disaster its threats had created, and their CEO retracted their C&D and publicly apologized to the developer. (See Techcrunch’s post Carrier IQ Retracts Their C&D, Apologizes To The Android Researcher They Hassled.) From the release:
As, of today, we are withdrawing our cease and desist letter to Mr. Trevor Eckhart. We have reached out to Mr. Eckhart and the Electronic Frontier Foundation (EFF) to apologize. Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart. We sincerely appreciate and respect EFF’s work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world.
The full text of the release is below. The EFF was truly heroic here (see Eckhart’s post Why I love the EFF; and EFF’s post Carrier IQ Tries to Censor Research With Baseless Legal Threat).