GATINEAU, Que. ” Corporate espionage ” ranging from Dumpster diving for industrial secrets to plying vulnerable employees of competitors with booze, drugs and sex in exchange for information — is a common tactic in Canada for companies to get ahead, says a former CSIS spy and private investigator.
Tuesday, at the Canadian Industrial Security Conference, Ron Myles said that Canadian companies often perceive corporate spying and infiltration as something out of Hollywood and insists the amount of cases that are exposed is but a mere fraction of the problem in this country.
“As Canadians, we undervalue our abilities in research and development, we’re a little bit naive in the sense that the rest of the world is doing this (but not in Canada),” Myles said in an interview after presenting to a packed room on the opening day of the two-day conference. “We carry that attitude into our business and I think it costs Canadian businesses quite a bit.
“I don’t think even the tip of the iceberg is showing. (Corporate espionage) is more prevalent in small- and medium- sized companies because they’re often just starting up and don’t have massive (security) budgets.”
Myles, who was a CSIS officer for 13 years before working another 13 years as a private investigator, said a number of methods are used by competing interests in terms of stealing ideas and other intellectual property — noting the technology sector is targeted most.
In addition to rummaging through another company’s trash with the hope of acquiring secrets, he said other, more involved techniques are employed.
Long-term infiltration, by which a person that is compensated by a competing company, lands a job with the target group and feeds information back as trust is gained.
The uproar surrounding an app made by California-based Carrier IQ, which apparently transmits piles of private data from users smartphones, has reached all the way to top of the US government and the wireless industry.
After the covert piece of software was discovered by Android developer Trevor Eckhard last week, Sen. Al Franken (D-MN) today issued a letter to Carrier IQ, asking the company to clarify what, exactly, its so-called “diagnostics” software was transmitting, and to whom the private information — data that appears to include all keystrokes logged on the phone, the contents of incoming text messages, location data (even when location sharing was expressly forbid), phone numbers called — is sent.
In addition, a growing number of companies in the smartphone industry have responded to the report, either confirming or denying their use of Carrier IQ. So, are you one amongst the unlucky millions affected by Carrier IQ’s invasive — if not illegal — secret software? Here’s a list of all those who have admitted to using the software, or denied it.
It only took a scolding letter from a Senator, a class action lawsuit and a few thousand news stories, but smartphone software makers Carrier IQ finally responded to allegations of logging keystrokes and spying on users on Thursday night. The company’s denying the most serious user-tracking allegations, a number of questions about exactly what the software does and how users can turn if off remain. Among them, how long has this been going on and what the heck was Carrier IQ (and its clients) thinking in the first place?
Related: Yes, Even iPhones Can Spy on You, Too
In case you haven’t kept up with the controversy, Carrier IQ’s software is deeply embedded in the software of about 150 million smartphones around the world, including Android, iPhone, BlackBerry and other devices. It logs a large amount of data, the company says in an updated press release, “to monitor and analyze the performance of [mobile operators’] services and mobile devices to ensure the system (network and handsets) works to optimal efficiency.” Carrier IQ describes itself as “the consumer advocate to the mobile operator, explaining what works and what does not work.” But over the past couple of months, escalating concerns from data security experts and hackers alike have questioned whether or not Carrier IQ is actually overdoing it, collecting so much data that it may be violating federal wiretapping laws. On Wednesday, Senator Al Franken raised this concern in a (very detailed) letter he sent to Carrier IQ’s CEO on Wednesday, commenting how recent revelations about Carrier IQ’s tracking practices were “deeply troubling.” On Thursday, a group of angry consumers sued Carrier IQ as well as device manufacturers HTC and Samsung for violating the Federal Wiretap Act, demanding hundreds of millions of dollars in damages — $100 per violation per day. Meanwhile, a collective protest against the company’s tracking practices is gaining steam. Not even Carrier IQ headquarters’ listing on Google Places is safe from scorn. (“Did I agree to be wiretapped? Hmmmm… let me think… HELL NO!” reads one review.)
Related: Your Smartphone Is Spying on You
As the mounting class action lawsuit would suggest, Carrier IQ’s clients — both device manufacturers and mobile carriers — are distancing themselves from the backlash. Apple said in a statement that it “stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update.” Both Samsung and HTC passed the buck, claiming that mobile carriers like ATT, Sprint and Verizon should shoulder the blame for installing the software. “Carrier IQ is required on devices by a number of U.S carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we’d advise them to contact their carrier,” HTC said in a statement. Verizon denied using the software. ATT admitted to using it “to improve wireless network and service performance,” and Sprint similarly said it only collected “enough information to understand the customer experience with devices on our network.” The Huffington Post made a slideshow of all the various denials.
Related: Your Social Media Will Be Monitored
Like many of the great digital privacy scandals of our age, this all started with social media. Security researcher and Android developer Trevor Eckhart scared the hell out of everyone earlier this week when he posted a 17-minute-long YouTube video detailing how much data Carrier IQ actually collected, showing how it logged every keystroke, tracked your encrypted Google searches and even recorded the contents of your text messages. The company flat-out denies that last bit and “vigorously disagrees” with allegations that its software violates federal wiretapping laws. From its latest press release:
While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.
As paidContent’s Ingrid Lunden and Tom Krazit point out, this response leaves a lot of unanswered questions. “Is that the full list, or is there more?” they wonder. How long does the company store the data? What about the encrypted search data? When does Carrier IQ send information to carriers? And why, oh why, can’t the user simply opt-out of the service? As Eckhart made clear in his video and blog post, it takes an advanced mobile developer to find the Carrier IQ software deeply embedded in the phone’s firmware.
Related: A Smartphone Map of Our Nation
Which brings us to the big question: how do you get rid of it? Android users are in luck. A quick fix is the brand-spanking new, unapologetically named “Voodoo Carrier IQ detector,” but since it can’t remove the software, it’s not exactly a fix. For that we turn back to Eckhart, who Eckhart wrote a Logging Test app (currently in its seventh revision) that you can download and run to find out exactly what’s going on with your phone. Run the “CIQ Checks” once installed to see if you have Carrier IQ installed. If it is, you can pay $1 to upgrade to the Pro version of Eckhart’s software which will remove Carrier IQ from your phone. Folks with Apple, BlackBerry and other devices are less lucky as we haven’t identified an equivalent app-based solution, but TechCrunch has some good tips on what to do.
Related: Android’s Browser Leaves the iPhone’s in the Dust
We have to raise a cynical question here. Based on the stats in the Android app store, the sales of Echkart’s Andoird App have skyrocketed since this scandal blew up. Diagnostic software is also pretty standard across the software industry, but given how little everyone seems to know about how Carrier IQ specifically works — how much data it collects, who it sends it to, which privacy policy applies, how to opt out, etc. etc. — it would appear that a little bit of oversight is in order. But it’s a little shady that Eckhart’s whistleblower video has turned into a source of income. It will take some more time to learn the full truth behind Carrier IQ, and we wouldn’t be surprised if Franken’s inquiry turns into a full scale investigation. Until then, you might want to use a landline.
The FBI has spied and compiled information on Muslim community groups under the cover of holding outreach meetings with their representatives, a US rights organization said Thursday.
The American Civil Liberties Union issued a report saying the Federal Bureau of Investigation had overstepped its authority and was violating the trust of groups that agreed to meet law enforcement officers. The report was based on government documents obtained through the Freedom of Information Act.
“The FBI has been illegally using its community outreach programs to secretly collect and store information about activities… for intelligence purposes,” the ACLU said.
According to Michael German, a former FBI agent who works with the ACLU, using such sessions to spy on people only backfired.
“The trust that community outreach efforts aim to create is undermined when the FBI exploits these programs to gather intelligence on the very members of the religious and community organizations agents are meeting with,” he said.
“The FBI should be honest with community organizations about what information is being collected during meetings and purge any improperly collected information.”
However, the FBI denied wrongdoing, saying information gathered by outreach teams was not used for operational matters.
“Established policy requires that an appropriate separation be maintained between outreach and operational activities and includes several provisions to ensure this is the case,” the FBI said in a statement.
The ACLU listed several examples of the alleged practice, including the compiling of notes on opinions, associations and contact details of participants at Ramadan dinners held in 2007 and 2008 during a San Francisco mosque outreach program.
In 2009, the ACLU said, the FBI in San Jose, California, detailed the opinions and backgrounds of three community leaders and members during a careers day for Assyrians, a Christian people from the Middle East.
And in 2007, the FBI in San Jose collected detailed information on the background of representatives from 27 Muslim organizations meeting at a mosque.
The ACLU already has filed a lawsuit in California alleging that the FBI paid an informant to spy on mosques in the state.
According to US media reports, the New York Police Department has also engaged in systematic intelligence gathering at city mosques, monitoring sermons and local residents.
In its statement, the FBI said the “primary purpose” of outreach programs was “to enhance public trust in the FBI in order to enlist the cooperation of the public to fight criminal activity.”
A suburban Philadelphia school district that paid more than $600,000 to settle allegations it used laptop webcams to spy on students is being sued by the sister of the original plaintiff.
Nineteen-year-old Paige Robbins filed a federal lawsuit against the Lower Merion School District on Thursday. She says the district secretly captured embarrassing images of her at home through her school-issued laptop’s webcam.
Her brother, Blake Robbins, sued the district last year over software that allowed school employees to remotely activate the webcams to track missing computers.
Blake Robbins received $175,000 of a $600,000 settlement. Paige Robbins’ lawyer, Mary Elizabeth Bogan, says her client’s rights weren’t addressed in that case.
District spokesman Doug Young calls the new lawsuit “an attempted money-grab.” He says an investigation recovered no images of Paige Robbins.