Technical Fowl's 2011 in Review

As the year draws to a close it’s time for the technical fowl to look back on 2011 and tabulate the so-called “greatest hits” of the year in tech, news and hijinx.  I know it's impossible for me to get every important story from the year in the massive realm of technology and games, but here was a lot of stuff going on that TF covered, from tech policy to security to tablet PC’s.  So here I’ve compiled what in my opinion were the biggest TF stories of 2011 in the form of a top ten:

10. Crowdsourcing

Crowdsourcing is a fun portmanteau that refers to driving a call to action through a community or group for a specific task or goal.  While the idea is catching on in private business, it looks like even the United States Government is giving it a go, especially in defense operations.  This year technical fowl explored two such projects to solve real-world issues – the first by the Department of the Navy for an anti-piracy MMO game, and the second by the Department of Defense for an accurate submarine simulator.  Both projects turned to gamers to get collective intelligence and new ideas about both of these topics successfully.  I was very happy to have been able to take part in the first project called MMOWGLI – the Massively Multiplayer Online Wargame Leveraging the Internet.  It was a cool idea and made me want to keep playing and be involved.  Other crowdsourced projects included the XC2V and a Second Life style simulator for the Army.

Relevant TF Stories:
US DoD Turns to Gamers to Test Submarine Software
US Navy Develops Crowdsourced MMO to Sink Piracy

09. The Redner Group and Duke Nukem Forever

Jim Redner of the Redner Group, a PR firm in the gaming industry, caused a very public stir with some incendiary tweets on behalf of 2K Games and Duke Nukem Forever.  The story showed us how quickly social media can spiral a story out of control.  After it was all said and done, Jim Redner himself was cool enough to take time out of what was I can only imagine an extremely busy day to answer some of my questions and talk about the incident, Duke Nukem Forever, and the future of the Redner Group.

Relevant TF Stories:
The Redner Group, 2K Games, and Duke Nukem Forever - a Q&A  with Jim Redner

08. The HP TouchPad Fire Sale

Using their previous acquisition of Palm, Hewlett-Packard made an attempt to enter the tablet fracas with the WebOS-fueled TouchPad.  After the July launch, HP issued a fire sale a month later to unload unsold inventory (Best Buy said it could only sell 10% of their inventory at regular price).  The TouchPad’s prices were slashed by 60-75%, selling for $99 and $149, generating a ton of interest and almost immediately stocking out.  That interest fueled demand to the point that TouchPads were selling for upwards of $300 on eBay.  For at least a short while, the fire sale made us think about how much tablets are actually worth, and what prices consumers should be willing to pay for one.

Relevant TF Stories:
An Unlikely Party in HP's TouchPad Mess - Barnes and Noble

07. Spotify

Spotify’s music service went from completely unknown to a big deal in the United States in July.  Previously only operating across the pond in Europe, Spotify was welcomed to the United States with a lawsuit as an introduction to our litigious culture.  Now having joined forces with Facebook, they are now a household name for music lovers and social media users alike, allowing the type of "frictionless sharing" championed by Mark Zuckerberg and Facebook

Relevant TF Stories:
Spotify Welcomed to the U.S. with a Patent Infringement Lawsuit

06. Amazon's Kindle Fire

Priced right at $199 and timed right to be available during the holiday shopping season, Amazon’s Kindle Fire provided an affordable alternative from a trusted brand for folks that didn’t want to invest $499 on an iPad or even more for an Android based tablet.  Amazon decided to sell the device at a loss in order to secure sales and rely on Prime memberships and media purchases for revenue streams.  As a result Amazon enjoyed a Merry Christmas indeed, reporting sales figures in the millions of units.

Relevant TF Stories:
Amazon's Tablet Poised to Take a Bite out of iPad Sales?

05. Sony's PlayStation Network and SOE Hacked

Hacks and a security breach caused Sony’s PlayStation Network to close their doors for 23 days.  The security breach allowed unauthorized access to over 70 million accounts, including sensitive data like phone numbers, addresses, and birthdates.  The hacking group LulzSec claimed responsibility, a precursor to their 50-day summer hackathon targeting among others, Fox, Sony, and the United States Government.

Relevant TF Stories:
Welcome Back? Sony's Answer to the PSN Fiasco
First PSN, Now SOE: Sony, WTF?

04. Steve Jobs

Steve Jobs: 2011 saw the passing of Steve Jobs, co-founder and CEO of Apple, to the sorrow of many.  As the father of the iPod, iPhone and iPad, Jobs’ influence in computing in general and consumer electronics is still apparent in the American lifestyle and around the globe.  Colleagues, peers, customers and fans, including President Barack Obama, spoke highly of Jobs and his contributions to technology.

Relevant TF Stories:
Remembering Steve Jobs (1955-2011)

03. RSA and SecurID Hacked

The hacking spree that 2011 saw spared no one, not even security firm RSA.  In March they announced a breach related to their SecurID products that would not allow hackers to actually attack SecurID users, but later retracted that statement when the popular two-factor security token was unable to protect customers like Lockheed Martin, L-3 and Northrop Grumman.  The attacks sparked speculation on whether or not they were sponsored by a foreign state, and ended up with RSA offering to replace almost every SecurID token used by their customers.

Relevant TF Stories:
Hacking, Social Engineering and RSA

02. Carrier IQ

With the advent of personal technology exploding with the use of smartphones and other mobile devices, the issue of user security and privacy come to the forefront.  As such, the technology community was appalled when a researcher discovered a mandatory, un-opt-outable service called Carrier IQ on mobile devices that collected certain information on the user’s device for the carriers, including to some extent keylogging.  Senator Al Franken was able to get some information out of Carrier IQ and service providers, but organizations like the Electronic Frontier Foundation are still reverse-engineering the software to see what exactly it collects.  The main issue with the Carrier IQ story is that even if it doesn’t send as much information as we think to carriers and OEM’s, it still has the power to, and that can be abused.

Relevant TF Stories:
Smartphone Spy - Mobile Carriers Caught Secretly Skimming Android User Info

01. SOPA

Late 2011 saw legislation introduced in the House and Senate (SOPA and Protect IP) aimed at protecting United States interests against online piracy.  As good-intentioned as the bills may be, they began drawing huge criticism (specifically SOPA), not only from congressional opponents, citizens and private business, but technology experts up to and including the founding fathers of the internet.  Hearings were held in the House Judiciary Committee this month to discuss markup and a Manager’s Amendment, but it soon became clear that most of the Committee members discussing it didn’t know an IP address from a hole in the ground.  The bill is highly controversial and may potentially bring sweeping changes to the web and an end to the free and open internet.  It will be back on the table when the House reconvenes in 2012.

Relevant TF Stories:
The House Judiciary Hearing on SOPA was a Messy Show
December SOPA Update: GoDaddy.com

Honorable Mention: Ubisoft/Wii's We Dare
This story was absolutely unimportant.  It was a frivolous post I wrote because I was amused by Ubisoft's game We Dare for the Nintendo Wii.  The game focuses on couples doing naughty things with a wiimote to control their Mii's on-screen to do things.  While I give them all the credit in the world for originality for how to employ a Wiimote to control on-screen activity, it's still petty ridiculous.  So why on Earth am I giving it an honorable mention?  Two reasons: (1) It was the only thing I've ever written that I've legitimately been able to tag with "sexy party" and (2) the pure comedy it has given me while running through my traffic and analytics reports every now and then.  As it turns out, every week at least 2-3 people get to my blog by searching for combinations of the following words and phrases: "wii," "adult," "party," "games," "consensual" and "swinger."  So the real question becomes, how do I not give this an honorable mention?

Relevant TF Stories:
Wii Party Games for Consenting Adults: Ubisoft and Wii Dare with We Dare

So there you have it, the top 10 stories TF has covered in 2011.  I hope I've been able to give you some interesting stuff to read in 2011, and here's to a whole new year of news, tech and hijinx in 2012.

December SOPA Update: GoDaddy.com

[Article first published as December SOPA Update: GoDaddy.com on Blogcritics.]

Earlier this month we took a look at the Stop Online Privacy Act (SOPA) as it made its way through hearings in the House Judiciary Committee, through amendments, strong objections and ultimately a question on whether or not those folks in the room were even qualified to make any rational and informed decision on the topic. Eventually the proceedings were postponed and will pick up again when the House reconvenes after the holidays, but that doesn’t mean that December has to be devoid of all SOPA news, does it? Politics aside, there was still a fair amount of SOPA news in the last two weeks or so, the majority of it revolving around one of SOPA’s public supporters, domain name registrar GoDaddy.com.

While many other internet companies lined up to publicly oppose SOPA as a death sentence to the free web, GoDaddy supported the bill and other related legislation like Protect IP as a viable method for policing piracy on the internet. They went so far as to publish and op-ed piece on Politico shortly after the bill was introduced praising the bill, as well as providing written testimony to the House Judiciary Committee in support. It seemed strange really, as they were the only internet company named in the Committee’s list of corporate SOPA supporters, in a field of entertainment media production companies (Disney, etc.) and organizations that represent entertainment media and related special interests groups like the RIAA and MPAA.

This of course irked the ire of some of their customers, culminating in a Reddit-fueled boycott of GoDaddy by poster selfprodigy, who planned on moving all of their 51 domains away from GoDaddy’s services. As of right now the post has over 3,000 comments and a Reddit score of 4,409 points with more and more people voicing their opinions on the matter. While GoDaddy pretty much ignored the boycott as a nuisance to start, bigger threats from bigger customers like Ben Huh of the Cheezburger websites started to come in (with his 1,000 GoDaddy registered domains), and GoDaddy turned an about face, stating in a news release that they would no longer support SOPA. But was that public reversal of policy nothing more than a parlor trick to woo customers back and keep the ones they still had? Their support for SOPA cost them about 37,000 domains and it looks to me that the only reason they “reversed” their position was an increasing loss in revenue streams. An interview with GoDaddy CEO Warren Adelman by TechCrunch’s Devin Coldewey also shows how this change of heart might not really be for real:

“Adelman couldn’t commit to changing its position on the record in Congress when asked about that, but said “I’ll take that back to our legislative guys, but I agree that’s an important step.” But when pressed, he said “We’re going to step back and let others take leadership roles.” He felt that the public statement removing their support would be sufficient for now, though further steps would be considered.”

“Sufficient for now.” It’s pretty clear that GoDaddy hasn’t changed their position, but instead have publicly run to the middle with Swiss-like neutrality, which only further tells me that “We don’t support SOPA” doesn’t translate into much more than “We don’t support losing customers and their cash.” Adelman goes on to say that he will support SOPA when the internet community does and that there has to be “consensus about the leadership of the internet community.” Leadership of the internet community? That’s just the point, no one owns the internet, and this statement further shows how out of touch GoDaddy is with reality and the internet community they claim to serve. Having dealt with GoDaddy before, and reading other pre-SOPA stories of how they operate, it’s just not that surprising.

Other pro-open internet registrars like Dreamhost, NetGator and Namecheap are taking this as an opportunity to take some of GoDaddy’s customers through SOPA coupon codes like “NOSOPA” and SOPASucks.” Namecheap is even running an offer through December 29th in which they will donate $1 to the Electronic Frontier Foundation for each domain transfer from GoDaddy. NameCheap CEO Richard Kirkendall had the following to say on SOPA:

“While we at Namecheap firmly believe in intellectual rights, SOPA is like detonating a nuclear bomb on the internet when only a surgical strike is necessary. This legislation has the potential to harm the way everyone uses the Internet and to undermine the system itself. At Namecheap, we believe having a free and open Internet is the only option that will continue the legacy of innovation and openess that stands for everything we all value in our modern society.”

GoDaddy really shot themselves in the foot here. This series of moves is going to lose them a lot of business. But if you’re the “silver lining” type, the GoDaddy mass exodus could be ammunition against SOPA supporters in Congress as a "here's what we think" sort of statement. We’ll see. If you’re looking for another domain name registrar, Lifehacker has a list of some decent ones that are not pro-SOPA.

And about that “leadership of the internet” thing, I’ll throw my hat in the ring for “Internet Elder." 

100. no news, just a minor milestone

Greetings everyone!

As we swing into the end of 2011 and get ready to start 2012, I came to the fun (and to be honest a little surprising) realization that I've hit post number 100 and actually have people reading my posts . OK fine, technically I've only written 99 and this one isn't a regular one.  But you know what, hop into the World of Warcraft Firelands raid and you'll see that Ragnaros dies when you get him to 10% so I don't even want to hear any of your noise about numbers.

I started this little project in January 2010 as something to do in my free time, with the initial intent being a lofty one of being a video game review site.  A few friends of mine and I did just that years ago in college with a site called 16-bit Psychosis.  It was a lot of fun with a bunch of us working on it and I kind of missed the process, so I figured I'd be game again (no pun intended).  But as a professional instead of a student, I just didn't have the time or patience to play through multiple entire games every month for the sole purpose of writing articles about them.  So I decided to leave that the video game professionals that do that sort of thing for a living.

Abandoning the concept of "having to have a review every week" and just writing on what I see and my thoughts really opened up the content of this thing, and the enjoyment I get from it   So yes I still write about games, but have been able to write about more stuff, like technology, law, politics, and more importantly the sometimes insane interactions between all those things.  Seeing my hit counter scrolling up really does motivate me to write better stuff.  I hope you've all enjoyed reading the stuff I put out here as much as I enjoy writing it.

The next post will pick back up in a couple days with something legit.  We still have the obligatory year end lists to go through.  Lists of what you ask?  Got me but I'll come up with something.  State of tech?  Maybe my 2012 predictions?  Me vs Nostradamus in the Brown Town Arena?  We'll see.  And I think I can go ahead and drop the post numbers now.

So before I do, I'll use number 100 to just say thank you for reading, and all my people around the world, happy holidays, whatever holiday that may be - I hope 2011 was decent year and that you all are celebrating it ending well.

99. The House Judiciary Hearing on SOPA was a Messy Show

[Article first published as House Judiciary Online Piracy Hearings Frightening on Blogcritics.]

Thursday was a, well let’s say, interesting day, for those who have any sort of stake in, or connection to technology, politics or the horrific relationship between the two. 

Over the past few weeks there have been a number of legislative efforts to stop piracy on the Internet, specifically, to protect the intellectual property and innovation of American developers and creators.  One of these bills, HR3261, is called the Stop Online Piracy Act (SOPA).   While it’s certainly a noble goal, the language and text in SOPA caused enough outrage and fear across the country (you can see the actual wording here) as to draw strong bipartisan criticism and concern.

The problem, well one of the problems, with the bill in its original state was that it was extremely broad and equally vague in its definitions of terms such as rogue websites and what exactly constitutes infringement.  As it existed,sites like YouTube and Tumblr could become potential targets for legal action and blacklisting, as would any other site where the majority of content is user generated.  Theoretically, for example, if a blogger at Blogcritics.org were accused of having promoted infringement, other blogs, as part of the same domain, could go poof in the night just for being on the same domain, without proof, only suspicion.  That's broad enough to be easily abused.  Other critics note that the bill is counterproductive, effectively putting a stranglehold on American innovators and startups by forcing compliance to be a design requirement for them.

As a result of the criticism, the bill’s sponsor, Rep. Lamar Smith (R-TX), drafted a manager’s amendment to SOPA, with the goal of toning down the language and narrowing the broad definitions that were in the bill’s original draft.  The amendment also narrowed the targets of the bill to non-U.S. sites, and removed language that would put entire domains at risk if even one page appeared to be linked to infringement.   While some provisions were made in the manager’s amendment, a lot was left to still hash out.

So let’s get back to why Thursday was interesting.  The House Judiciary Committee met to discuss SOPA, specifically Chairman Smith’s manager’s amendment.  Thanks to our digital age, I was able to watch some of the hearing's live stream on my phone, all the while hoping and praying that I would not be accused of infringement for occasionally allowing other people to hover around my 4” screen.  After the coverage that I myself was able to see, I came up with one very solid conclusion with which I’m sure many other viewers would agree:

the people in this room have absolutely no business making this decision for the rest of us.

My first fear was that it felt like there was a mad rush to hammer this legislation out before 2011 ran out of days.  I simply don’t understand the rush, when the potential consequences of this bill are so far reaching for not only the United States, but the Internet itself.  Thankfully a few folks in the room, both Democrat and Republican, pointed out to the the committee that rushing the decision could potentially lead to big mistakes.  These included Rep. Sheila Jackson (D-TX) and Rep. Darrell Issa (R-CA), who cited the America Invents Act, the result of an attempt to reform the patent system that started in 2005; proof, at least to Rep. Issa, that there hadn’t been appropriate levels of due diligence on SOPA.

But that was only half of a two part horror I experienced while watching the stream, with the second half more horrifying than the first.  Hours of representatives tripping over basic technology phrases such as IP address and DNS server were  more than just a little painful to hear, since the proposed actions can cause sweeping changes for technology.  Every third or fourth time someone spoke, their comments were preceded by what became almost cliché disclaimers, such as: “I’m not a nerd/I’m not a technical expert, but I’ve been told,” or “from what I understand.”  These are the people who are discussing whether or not additional regulations (and let’s face it, outright censorship) should be applied to the Internet.  Excellent.  If you can’t intelligently explain to me what an IP address is, or what DNSSEC does, then get your damn hands off our Internet.  It’s not that you don’t speak for us, just that on this topic (with the exception of Rep. Jared Polis (D-CO)), you simply don’t have the capacity.

So there’s what Thursday was all about: an argument about whether the blind leading the blind should run full speed into a brick wall.  There were a number of proposed amendments that limited the far-reaching scope of SOPA which were ultimately killed by the bill’s proponents who seemed to be interested in nothing more than going full speed ahead.  The whole thing seemed like a ceremonial meeting that had to happen on principle, and nothing more.  The only individuals in the room who seemed to be talking sensibly, logically and with technical expertise, were Reps. Polis, Issa, Chaffetz and Lofgren, who asked Rep. Smith to stop the hearing so that the committee could hear testimony from technical experts.  Smith refused at the time, but he did make time to hear from the Motion Picture Association of America (MPAA), a strong SOPA supporter).

The Electronic Frontier Foundation posted an open letter to Congress, from some of the minds who engineered the Internet (Vint Cerf, co-designer of TCP/IP among them), and who laid out all of their concerns about SOPA.  They didn’t have to preface the letter by apologizing for not being technical experts, because guess what, they are.  And I don’t know about you, but if I received a letter about the Internet in which the senders could legitimately use the phrase “When we designed the Internet the first time,” I’m pretty sure I would give it a listen.  These are the technical experts you didn’t consult, and their opinion is very clear: that this bill would do nothing to stop foreign piracy of American IP, but will hamper American innovation and assault law-abiding citizens’ rights to communicate openly and express themselves online.

Thankfully, it appears that the 11 hour session seemed to convince the committee that we need to explore this far more. As I write this, the SOPA vote has been delayed, hearings resuming at the “earliest practical day that Congress is in session.”  I hope for the sake of the Internet and American innovation that this allows the committee to hear technical experts testify and derail this bill.

I mean, I'm no expert on politics, but…

98. Computer Professionals Update Act Targets Overtime for American Nerds

[Article first published as Computer Professionals Update Act Targets Overtime for American Nerds on Blogcritics.]

Somehow tech and politics mix together about as well as oil and water.  Look at the current state of technology politics – the FCC took forever to finally quash the proposed merger between AT&T and T-Mobile, links are being drawn between finances and congressional support for SOPA and Protect IP, and arguments are being made about the state and future of net neutrality. 

See?  Whether you knew it or not, there’s a lot of tech stuff happening in the hallowed halls of our nation’s leaders.  All of these deal with statutes and laws about fair business practices and anti-trust issues – ultimately things that affect the American technology consumer.  But  a bill that was introduced in late October to the Committee on Health, Education, Labor and Pensions that went to the other side, and set its sights on the American technology worker instead.

The bill would expand the list of workers exempted from the Fair Labor Standards Act, to include many in the tech sector.  For those of you unfamiliar with FLSA, that means that they’re adding to the list of people who are exempt from the standard “you get a time and a half for overtime hours” rule. The bill, called the Computer Professionals Update Act (yes, ironically labeled the CPU), adds jobs that pretty much include IT and development from top to bottom.  From the text of the bill: "any employee working in a computer or information technology occupation (including, but not limited to, work related to computers, information systems, components, networks, software, hardware, databases, security, internet, intranet, or websites) as an analyst, programmer, engineer, designer, developer, administrator, or other similarly skilled worker," whose primary duty is the following:

(A) the application of systems, network or database analysis techniques and procedures, including consulting with users, to determine or modify hardware, software, network, database, or system functional specifications;

(B) the design, development, documentation, analysis, creation, testing, securing, configuration, integration, debugging, modification of computer or information technology, or enabling continuity of systems and applications;

(C) directing the work of individuals performing duties described in subparagraph (A) or (B), including training such individuals or leading teams performing such duties; or

(D) a combination of duties described in subparagraphs (A), (B), and (C), the performance of which requires the same level of skill.

The bill, which is sponsored by Sen. Kay Hagan (D-NC), keeps the existing language that applies this only to employees that earn at least $26.73 an hour.  And also let me be clear – this doesn’t outright ban these workers from making overtime for hours past 40.  It just means that companies that employ them are exempted from the overtime payment requirement.  But all said and done that doesn’t make it any better.  Given the current cost cutting measures that are in effect across industries in the United States, do you have trust that a company will still pay overtime if they’re not legally obliged to? 

Thankfully it doesn’t harm me personally; I’ve been in technology management for some time now and work on salary, so I was already sans overtime in the old rules.  But what about other folks in the industry?  There are a lot of nerds out there that serve as system admins and fill other necessary roles in the IT field that operate on hourly pay beyond the $26.73 pay threshold.  And some of them depend on overtime as part of their yearly income.

I’ve heard arguments ranging from outrage to “about time” to nothing more than “meh.”  It certainly would reduce costs for technology companies as well as most American companies with regard to their IT shops while stripping workers of their due funds.  As part of the tech world I of course don’t support this, as I feel that it passing it greatly devalues the skills tech workers have put in either a considerable amount of education or a considerable amount of work experience to accumulate.  With the increasing amount humanity relies on technology, specifically computer technology for their day to day lives, it seems like technical work is being not only devalued, but commoditized over time.

I’m not sure what the motivation behind this bill is, but Sen. Kagan mentioned that “the majority of bills and resolutions never make it out of committee." What exactly is going on in North Carolina?

97. Smartphone Spy - Mobile Carriers Caught Secretly Skimming Android User Info

[Article first published as Smartphone Spy - Mobile Carriers Caught Secretly Skimming Android User Info on Blogcritics.]

While I enjoy the increasing number of things I have been able to do with each iteration of mobile technology on the market, I’ve always held a dark spot in my heart for wireless carriers.  First there’s the financial factor – the amount of money they charge for what should be no additional charge, caps on tiered data, or even just cost to the user in general (I enjoy a $100+ per month phone bill for all the crap I have). 

As mobile technology has become more developed though, the prices seem to be going up, and what the consumer is getting seems to be less.  On top of that there’s the creep factor, which is really nothing more than privacy and business practices. Recently Verizon Wireless sent me a letter about an opt-out option for their new ad tracking system that would serve to provide me better targeted ads based on my activity and location.  I opted out due to a certain level of discomfort with privacy when I had the chance, but I give Verizon credit for voluntarily saying “Hey Tushar, here’s some things that what we want to do, are you in?”  They laid out what they were doing, and after understanding it I had a choice.  Now granted any doctors or lawyers reading this are going to cringe at the phrase I’m about to use, but if the activity has the informed consent of the consumer (yeah I said it) then that’s something I may be able to get on board with.  I would assume that other carriers do something similar as far as activity-based targeted ad programs.  After all, ad revenue does make the world spin ‘round.

But then I read today about something that could be a tremendous breach in privacy and almost tantamount to data theft, perpetrated by mobile carriers against their customers.  This revelation came from security researcher Trevor Eckhart concerning a software package called Carrier IQ, which seems to be embedded in at least some phones on major U.S. carriers.  Carrier IQ claims that their software gathers “information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.” Turns out that while it wasn’t really a secret that this function was installed on many Android phones, no one really knew any of the inner workings of the software and what kind of data it actually captures. That is, until Eckhart found some things that can only be described as suspect at best last week. Carrier IQ tried to hand him a cease and desist letter to quiet him down a bit, but with the help of the Electronic Frontier Foundation, Carrier IQ not only backed off but issued an apology (in which they lay out their argument above). He followed up by releasing a video playing around with it on his HTC Evo. You can see the video on YouTube here.

The video paints a pretty creepy picture about what kind of data this software is able to pick up and I warn you, you may feel a little ill watching it. Eckhart uses a factory-reset, non-rooted HTC Evo (as he says, not to single out HTC but it was just what he had on hand) to show not only how the software is hidden and unable to be shut down, but how it appears to also have a built-in keylogger. Each key press looks like it has its own code, so anyone taking a look can see what letters and numbers are being entered.

The killer is that this also covers passwords, browser entries, and even HTTPS browser entries, which is supposed to be encrypted. HTTPS browsing is designed to encrypt data so anyone planning to pick up any data would be thwarted.  Oh right, text message and SMS content counts too. Data from messages gets sent off to Carrier IQ’s servers without anyone being the wiser. Eckhart classifies this as a rootkit, which is a label I wholeheartedly agree with.  It gets into your system, acts with administrator privileges, and you can’t get rid of the software unless you void the warranty and do the rooting yourself.  But it gets even worse.  Even as Eckhart was running in airplane mode (cellular radio off) and on wifi only, the app still logged everything that was going on while “disconnected” from the Sprint network.  It’s the sort of thing that makes me wonder if all the conspiracy theorists are right and that I should be equipped with a tinfoil hat.

So where do we go from here?  No users were ever explicitly told that data would be collected down to the keystroke and screen tap – if that had been the case no one would have a smartphone right now.  And that leads into what may be the inevitable fallout.  Paul Ohm, a former prosecutor for the Department of Justice and current professor at the University of Colorado, weighs in with his professional opinion.  “If CarrierIQ has gotten the handset manufactures to install secret software that records keystrokes intended for text messaging and the Internet and are sending some of that information back somewhere, this is very likely a federal wiretap.” he says. “And that gives the people wiretapped the right to sue and provides for significant monetary damages.”

Without a law degree, I came up with pretty much the same thing.  There wasn’t even an attempt at corporate transparency to the consumer here.  A “no, it’s cool guys we’re not doing anything wrong” issued only after they were caught just isn’t enough.  From what I’ve determined this seems to not affect all Android devices, but I can confirm that Carrier IQ has dealings with both Sprint (from the video) and T-Mobile (via a T-Force poster on their support forums).  I personally have not found any such software on my Verizon Wireless Droid X, so can only speak to that from personal experience.

If this video holds water, consider the game changed.  By Professor Ohm’s argument, the people wiretapped includes every single Android user on carriers that do business with Carrier IQ.  As of yet I don’t have a complete list of affected carriers and models, but that number still has to register pretty high.  After the class action lawsuits all hit and the smoke clears, maybe then we’ll be able to have some sort of serious discussion in this country on the internet and cellular networks at large, specifically concerning user privacy in the digital age.  People do a lot of stuff on mobile – important password protected stuff – now that we have these super fast 4G speeds mobile carriers are all-to-quick to advertise.  That only bolsters the point that privacy is the single greatest challenge we have to solve with current technology.

So even if Carrier IQ only uses the information for aggregate reporting and even if Sprint does actually only use it for diagnostic purposes without any malicious endgame, what happens when someone that does have less than noble intentions figures out how to control it?  There goes your money. There goes your credit.  There goes your reputation.  There’s just too much at risk.