In Re Carrier Iq, Inc.

Facts

Plaintiffs (Ps) are eighteen individuals from thirteen different states.  They have filed a second consolidated amended complaint against Ds. Ps alleged that Ds have violated the Federal Wiretap Act as well as a number of state's privacy and consumer protection statutes through the creation and use of Carrier IQ's software on Ps' mobile devices. Ps allege that Ds embedded, the Carrier IQ Software on their mobile devices and, once embedded, this software surreptitiously intercepted personal data and communications and transmitted this data to D and its customers. Ps allege five causes of action: Violation of the Federal Wiretap Act, Violation of State Privacy Laws, Violation of State Consumer Protection Acts, Violation of the Magnuson-Moss Warranty Act, and Violation of the Implied Warranty of Merchantability: asserted on behalf of residents of the states enumerated under the Magnuson-Moss Warranty Act. D claims its software is a 'network diagnostics tool' for cell phone service providers. Ps claim the software collects, and transfers, sensitive personal data off of a user's mobile device. Ps claim the code was designed to see recognize and intercept a host of data and content, including SMS text message content and URLs containing search terms, user names, and passwords . . . and to send that material down to the IQ Agent further processing and possible transmittals. Cell Phone Manufacturers 'design and program' the CIQ Interface (with Carrier IQ's aid) and then install the CIQ Interface and IQ Agent software on their mobile devices. Once installed, the software 'operates in the background,' such that the typical user has no idea that it is running and cannot turn it off. Users are never given the choice of opting into or out of the Carrier IQ Software's functionality. Ps also allege that it 'taxes the device's battery power, processor functions, and system memory.' The data intercepted by the Carrier IQ Software includes the following: (1) URLs (including those which contain query strings with embedded information such as search terms, user names, passwords, and GPS-based geo-location information); (2) GPS-location information; (3) SMS text messages; (4) telephone numbers dialed and received; (5) the user's keypad presses/keystrokes; and (6) application purchases and uses. It then stores the information in the mobile device's RAM memory on a rolling basis. At designated times (or as requested), the Profile-specified data would then be transmitted from the mobile device to the requesting customer (the wireless carriers or device manufacturers). Ps also allege that AT&T (D) has admitted that the 'Carrier IQ Software transmitted text message content to it.' Ps also allege that the data and content intercepted by the Carrier IQ Software were sent in unencrypted, human-readable form into the system logs of the affected devices making this information vulnerable to anyone with access to the system logs, including to individuals with malicious intent. Ps also allege that the private information improperly intercepted and stored was transmitted to Google (who is the author of the Android Operating System) as part of crash reports. HTC (D) has acknowledged that they have also received this private information through its 'Tell HTC' tool which 'draws on content stored in the device logs.' The FTC has commenced an investigation into HTC (D) regarding the Carrier IQ Software and a 'related privacy and security flaw' in mobile devices. It found that HTC (D) had 'failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.' Ultimately, the FTC found that HTC (D) had engaged in unfair or deceptive acts or practices in violation of the Federal Trade Commission Act given deceptive statements in its user manuals and user interface. The laws of over thirty states are involved. Ds have moved to dismiss the complaint in part in that Ps have failed to allege that their devices were not merchantable. Ds posit that Ps cannot prove that the software rendered their devices unable to make or receive phone calls, and text messages.  

Issues

Rule of Law

Holding and Decision

Legal Analysis

© 2007-2024 ABN Study Partner.