Paul C. Bryan’s Techdirt Profile

pbryan

About Paul C. Bryan




Paul C. Bryan’s Comments comment rss

  • Feb 6th, 2014 @ 9:02am

    (untitled comment)

    "We're police officers! We're not trained to handle this kind of violence!"

  • Dec 2nd, 2011 @ 9:26am

    Re: Re: No evidence of transmission

    There is no evidence that it is not transmitted either.

    In a free and democratic society, when someone accuses another of wrongdoing it's customary to require the accuser to prove their claims, not require the accused to disprove them.

    CarrierIQ decided to launch an ill thought out lawsuit to stop people from even looking at their product, to use a creepy idea if you have nothing to hide why complain so loudly. If their intentions were all sunshine and ponies for everyone, they could have made a press release and invited the researcher to see for himself how it all worked so he could ally any fears consumers could have had. Instead they made a lame attempt to shut him up, backpedaled once they law was explained to them, and now we can see large amounts of data being recorded.

    Sigh, where to begin with this?

    1. No lawsuit was filed. A demand letter was sent by Carrier IQ. A reply declining the demand was sent by EFF. Another letter from Carrier IQ was sent, apologizing and retracting their demands.

    2. Complaining loudly—no matter how rude, obnoxious or misguided—is not evidence of wrongdoing.

    3. In the video, all we see is the debug output of a program running on a phone. Until there is evidence that this software is storing and/or transmitting this data, it seems reasonable to ask tough questions about the design of this software, though not not to conclude that massive breaches of personal privacy are taking place.

    I found a statement from Verizon about not using them to be telling. They do not use CarrierIQ or CarrierIQ data. Why would they make a statement worded as such? We have no connection to CarrierIQ would have covered the topic, but to point out we don't use the software or their data seems to suggest you could have access to either. Of course they went quiet when asked if they had a program similar to CarrierIQ on their phones.

    You ask the question, implying we should conclude that either Verizon knows Carrier IQ is malware, or they ship malware of their own. The simpler explanation seems to be that they just don't want to have anything to do with this controversy.

    If they are not using the "extra" data they are collecting then they just write crappy software, and this would explain why removing CarrierIQ makes phones faster. But that needs to be investigated, and I am sure there will have been accidents with some data storage systems that happened out of the blue before they could be examined.

    Considering that there is clear evidence that Carrier IQ is outputting such event details to the debug log, I think we can safely conclude that this software is "crappy", possibly because of performance as you point out, but mostly because such information could lead to breaches of security.

  • Dec 1st, 2011 @ 1:27pm

    No evidence of transmission

    There is no evidence in Eckhart's video that this information is being transmitted to Carrier IQ, period. What he was displaying were debug log output from the phone.

    Writing these captured events to the debug log is not a good idea, and is potentially a vector of attack, but is not evidence that Carrier IQ is storing and/or transmitting this data.