Carrier IQ was virtually unknown until the 25-year-old Trevor Eckhart of Connecticut analyzed the workings of its softeare, recently revealing that the software secretly chronicles a user’s phone experience, from its apps, battery life and texts. Some carriers prevent users who actually find the software from controlling what information is sent.
Wired on Tuesday publicized Eckhart’s refusal to apologize for his research, which concluded with him calling the software a “rootkit,” a security term that refers to software installed at a low-level on a device, without a user’s consent or knowledge, in order to secretly intercept the device’s workings. Malware such as keyloggers and trojans are two examples. The company had demanded that he retract that “rootkit” statement in a nasty letter that threatened litigation and heavy monetary damages.
“We are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart, and in retrospect we realize that we would have been better served by reaching out to Mr. Eckhart to establish a dialogue in the first instance,” Larry Lenhart, the Mountain View, California company’s chief executive said in a letter (.pdf) to Eckhart’s attorney, Marcia Hofmann, a senior staff attorney with the Electronic Frontier Foundation.
Before Eckhart published his findings last week, he downloaded and mirrored Carrier IQ’s training manuals from the company’s publicly available website. Once his works work published, Carrier IQ demanded that he remove the manuals from his website. The manuals provide a limited roadmap for how Carrier IQ works.
What’s more, Carrier IQ sent Eckhart a cease-and-desist notice, saying Eckhart was in breach of copyright law for posting the manuals, and could face damages of as much as $150,000, the maximum allowed under U.S. copyright law per violation.
The EFF had decried Carrier IQ’s demands as “baseless,” (.pdf) saying its client’s speech was protected by the First Amendment.