Android Community Member “TrevE” Hit With Cease & Desist For Researching Security Vulnerability

For a refresher, back in October a user over at the XDA forums came across a major security flaw on HTC devices which allowed for the tracking and recording of every use of your phone through certain app permissions.  Since then, HTC released pressers that acknowledged the issue and that they would have fixes.  Better yet, they said that no data had been stolen by any users and that HTC’s people were on the case to fix the problem. Unfortunately, nothing ever seems to end on a good note.

After his initial findings, research then led Trevor Eckhart to CarrierIQ.  That company, has now issued a cease and desist to the Mr. Eckhart for the research he published on their software.  CarrierIQ claims that “TrevE” reproduced copyrighted Training Material and made “false allegations” about their software’s purposes.  And this is not just a slight slap on the wrist.  CarrierIQ wants Mr. Eckhart to issue a formal announcement that shows that what CarrierIQ is doing is completely normal, and is in no way a vulnerability to users. 

It’s almost scary to read these C&D letters as if you are the person it is addressed to.  Of course, if Mr. Eckhart does not stop his research and retract all previous posts and articles showing CarrierIQ’s software at work, then there will be legal ramifications.  Luckily, there is a good shot at the good guys coming out on top.  Echkhart reached out to the EFF (Electronic Frontier Foundation) for legal counsel and they feel that CarrierIQ’s claims are pretty much bologna.

We have now had a chance to review your allegations against our client, and have concluded that they are entirely baseless. Mr. Eckhart used and made available these materials in order to educate consumers and security researchers about the functionality of your software, which he believes raises substantial privacy concerns. Mr. Eckhart’s legitimate and truthful research is sheltered by both the fair use doctrine and the First Amendment.

I have felt that Eckhart’s research was for the greater good of the consumer and was most definitely just a,”Hey, watch out for this type of thing,” then an actual attack on CarrierIQ.  I could be wrong, but I feel that the research done was in good heart.  What do you all think?  Will the first amendment save this guy from an ugly court hearing?

Trevor Eckhart’s C&D PDF

Via: TechCrunch

This post was last modified on November 22, 2011 1:05 pm