It's unclear whether Carrier IQ is on the giving or receiving end
© Shepard Fairey

The U.S. Federal Bureau of Investigations has come up with all sorts of creative ways to track U.S. citizens. From warrantless GPS planting, to subpoenas that force cellular service providers to track your phone using signal triangulation, there are plenty of ways the feds can track you these days with a lack warrants and accountability/judicial oversight.

It looks like the now infamous Carrier IQ may be added to the tracking tool bag.

Michael Morisy, founder of the investigative journalism blog MuckRock, filed a Freedom of Information Act (FOIA) request to the FBI, asking if they used Carrier IQ. The FBI issued a response refusing Mr. Morisy's request for information.

Writes FBI records management official David Hardy:
In applying this exemption, I have determined that the records responsive to your request are law enforcement records; that there is a pending or prospective law enforcement proceeding relevant to these responsive records; and that release of the information contained in these responsive records could reasonably be expected to interfere with the enforcement proceedings.
Now there's two possibilities as Mr. Morisy pointed out. First, the FBI may be investigating Carrier IQ. That's certainly feasible. The service has been admonished by Sen. Al Franken (D-Minn.) and targeted with multiple class action lawsuits.

The other possibility is that the FBI is using Carrier IQ for tracking. This is also certainly feasible. Our own analysis of Carrier IQ code indicated that it was gathering and sending the user's GPS location latitude and longitude, as indicated by the debug stream.

While the potential for third party attacks and/or password keylogging was exaggerated, according to decompilation of Carrier IQ code from a HTC Corp. (TPE:2498) device, the potential for government mandated location tracking is certainly very feasible.

Even if the carriers and/or OEMs are doing the proper step of anonymizing and encrypting the usage data (which includes the GPS location) of the mobile devices they receive from the deployed Carrier IQ app, there's a good potential that they could be asked by federal agencies like the FBI to incorporate an "off switch" black-list into the anoymization process, which would allow for certain devices to be tracked.

Now this kind of tracking is already available, as mentioned, via signal triangulation. But direct GPS access would allow government agents to track you with unprecedented accuracy without any additional hardware.

Of course, such tracking would not be without its limitations. It would require the user's device to be on. And given that many criminal types already realize the danger of triangulation, they may unwittingly disable Carrier IQ's more precise tracking as well, by turning off their device. In that regard Carrier IQ offers a slightly inferior solution to planting of discrete GPS devices.

If the tracking is indeed being used, as with the general gripes agaisnt Carrier IQ, there are glaring issues, but the important thing to emphasize is that the problems are related to implementation, not these practices themselves. Most people would agree its a good idea to track and capture criminals. The issue is that with warrantless tracking, there's a high potential for abuse and corruption at a government scale, which in the worse case could be used to support suppression of dissent against the ruling party (as has been depicted in many sci-fi works).

It's possible that Carrier IQ is both on the giving and receiving end -- investigated by the FBI on consumer complaints, but cooperating with the FBI on location tracking.

Carrier IQ has reportedly been installed on 140 million smartphones worldwide, most of which are in the U.S.