CarrierIQ Fails At The Internet: Threatens Security Researcher With Copyright Infringement Claim Over His Research [Update]
from the dear-barbra-streisand dept
Last week, we wrote about some research by security researcher Trevor Eckhart, detailing how software from CarrierIQ had all the qualities of a rootkit, was installed on a ton of phones from Verizon Wireless and Sprint, and could potentially reveal all sorts of info about what you do on your phone. Much of Eckhart's report came from a training manual explaining the features of CarrierIQ's system, which he found left free and open on CarrierIQ's website. These kinds of stories show up every so often, and the usual thing is for the company either to admit it wasn't careful enough on security or to deny the specific allegations... and everyone moves on. But CarrierIQ apparently doesn't get how the internet works, has never heard of the Streisand Effect, and decided to not just deny the allegations in the report (we got one of those notices), but to threaten Eckhart with copyright infringement for his posting of their training manual.Oops. Cue Streisand Effect.
Eckhart, via the EFF, has rejected CarrierIQ's requests... and has called a lot more press attention to the original reports (which had died down pretty quickly). CarrierIQ didn't do itself any favors either, by having its marketing manager talk to Wired and stubbornly defend the copyright infringement claim by saying:
“Whatever content we distribute we want to be in control of that,” he said. “I think obviously, any company wants to be responsible for the information that gets distributed.”What "any company wants" and what is the law are often two different things. It might have helped for CarrierIQ employees to familiarize themselves with the law first. Of course, the EFF's letter attempts a quick crash course in the subject:
With respect to your allegations of copyright infringement, Mr. Eckhart’s analysis and publication of Carrier IQ’s training materials is a classic fair use and, therefore, non-infringing. 17 U.S.C. § 107 (“the fair use of a copyrighted work . . . for purposes such as criticism, comment, news reporting . . . or research, is not an infringement of copyright.”). Courts generally consider four factors in a fair use analysis: 1) the purpose and character of the use, 2) the nature of the copyrighted work, 3) the amount and substantiality of the portion used, and 4) the effect of the use on the potential market for the work. Id.; Campbell v. Acuff-Rose Music, 510 U.S. 569, 577 (1994). Each of these factors favors Mr. Eckhart.CarrierIQ is also claiming false allegations (i.e., defamation) over Eckhart's claims of its software being a rootkit. But, once again, the EFF and Eckhart are explaining the details of the law. Just because you don't like someone's opinion of what you do, or you don't like someone describing factually what you do, doesn't mean you get to accuse them of defamation:
You also claim that Mr. Eckhart published “false allegations” that are “without substance,” “untrue,” and that Carrier IQ considers “damaging to [its] reputation and the reputation of [its] customers.” We have repeatedly asked you to specify the statements you believe are actionable. You have failed to do so, and have instead merely repeated your broad accusations. We believe you are not able to substantiate your allegations because Mr. Eckhart’s factual findings are true. If you are able to specify any statement that you believe is false, Mr. Eckhart will be happy to provide you with the documentation of that finding.And, of course, now we get another round of people paying attention to the allegations regarding CarrierIQ.
Moreover, your client is a public figure. Under well-established Supreme Court precedent, commentary and criticism regarding Carrier IQ’s professional activities receive additional protections under the First Amendment, because there is a heightened public interest in facilitating such speech. See, e.g., New York Times Co. v. Sullivan, 376 U.S. 254, 270 (1964); Hustler Magazine v. Falwell, 485 U.S. 46 (1988).
Update: And... commence groveling. Just received the following:
As, of today, we are withdrawing our cease and desist letter to Mr. Trevor Eckhart. We have reached out to Mr. Eckhart and the Electronic Frontier Foundation (EFF) to apologize. Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart. We sincerely appreciate and respect EFF’s work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world.The company also reiterates that its software doesn't track a bunch of stuff and that it's really designed to make networks and phones perform better...
Filed Under: research, rootkit, streisand effect, trevor eckhart
Companies: carrieriq
