XDA member gets cease and desist letter from Android OEM tracking software maker, fights back with help from EFF
An XDA-recognized developer TrevE (Trevor Eckhart) received a cease and desist letter from Carrier IQ, a company that produces software that allows OEM manufacturers of Android devices to track everything consumers do on their smartphones. Carrier IQ’s software is embedded at the kernel level in devices made by the likes of Samsung, HTC, and several others, and collects usage information without the user knowing of its existence, let alone the ability to opt-out of this service.
Trevor is a security researcher who originally found Carrier IQ’s existence on Android smartphones, and took to the internet to post Carrier IQ’s publicly-available training materials on his personal site so that others may research and verify Trevor’s research on Carrier IQ. Carrier IQ didn’t like this move too much, and sent Trevor a cease and desist letter, demanding that he both remove the posted materials and “allegations that are without substance, untrue, and that [Carrier IQ] regards as damaging to our reputation and the reputation of our customers.” Additionally, they demanded that Trevor put up a form apology written by the legal team of Carrier IQ on his website.
Rather than simply caving in and doing what Carrier IQ demanded him to do, Trevor turned to the Electronic Frontier Foundation (EFF) for legal counsel. After a thorough investigation of Carrier IQ’s claims (and attempts to gather additional information from Carrier IQ that went largely unfulfilled), the EFF sent a letter on Trevor’s behalf to Carrier IQ to sort out the accusations.
In the return letter, the EFF stated that Trevor posting the publicly-available materials on his site was covered under the fair-use doctrine of the U.S. Copyright Office. The EFF concluded that the material posted and Trevor’s limited use of the material met the four factors commonly cited in fair use cases. The following explanations are my own understanding. I am not a lawyer, obviously:
- Purpose and Character of the Use – whether the accused party is using the materials in the same way Carrier IQ would, as training materials
- Nature of the Copyrighted Work – whether the copyrighted work is factual or creative in nature. Creative work is copyrighted much more tightly than factual work
- Amount and Sustainability Used – whether the material was appropriately or excessively used
- Effect of the Use on the Potential Market for the Work – whether the use of the copyrighted material will allow the accused party to enter/further their position in the copyright-holder’s market. In this case, whether Trevor would use the materials to get into the tracking software business.
In short, the EFF has taken a stance that Trevor’s use of the publicly-available materials were covered under the fair use doctrine, specifically because it meets the approved purpose of “criticism, comment, news reporting, or research,” and does not greatly affect Carrier IQ’s bottom line.
You can read much more about the case by looking at the following sources:
- EFF Blog
- XDA Developer Post 1
- XDA Developer Post 2
- Carrier IQ’s Cease and Desist Letter
- EFF’s Response to Cease and Desist Letter
For now, we’ll have to wait and see how the case turns out, though it does bring up the bigger issue that regardless of whether we opt-in or out to the various services available on our Android devices, if you happen to own a device that uses Carrier IQ’s software, your behaviors and actions are being tracked anyway. Most importantly, you cannot choose to opt-out of this service unless you choose to “root” your device and use a custom ROM that removes this software, which in turn voids your manufacturer warranty.
I’m sure we will have more to report on this as the story emerges. Stay tuned.
- Carrier IQ withdraws ‘misguided’ cease-and-desist letter, apologizes to security advocate TrevE
- Security advocate, EFF go toe to toe with data collection company CarrierIQ
- Sprint and HTC subcontractor accused of logging user data in non-secure, invasive manner [Video]
- Android Central Podcast Ep. 80: Transformer Prime, Galaxy Nexus and Carrier IQ
- Vivid (the porn company) takes on the HTC Vivid (as in the phone)