Senator presses wireless providers for Carrier IQ answers

Sen. Al Franken, who heads a Senate privacy panel, is asking wireless companies and hardware makers exactly how they're using Carrier IQ and what data they're collecting.

A Sprint spokesman confirmed to CNET this morning that the company received a letter from Franken, the Minnesota Democrat who wrote a similar letter to Carrier IQ last week.

Franken also sent letters to AT&T, HTC, Samsung, and Sprint Nextel, according to a report over the weekend in the Minneapolis Star Tribune.

Carrier IQ is software created by an eponymous startup in Mountain View, Calif., that's used by carriers to improve network performance. An independent analysis found no evidence that it's a "keylogger," contrary to earlier reports. The software, however, can be configured to record and transmit lists of the web pages customers visit and the apps they run.

Last week, Sprint said in a statement that it uses the data:

[T]o analyze our network performance and identify where we should be improving service. We also use the data to understand device performance so we can figure out when issues are occurring. We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc. using this tool.

It's true that carriers already know what URLs you're visiting when you use their network--meaning that, in many cases, Carrier IQ can be configured to send them data they already have. Privacy concerns arise when a list of URLs is stored on the device and thus accessible to forensic analysis, when a list of URLs visited on a Wi-Fi network is transmitted, or when encrypted HTTPS URLs are leaked.

Franken, who alleged the use of Carrier IQ may violate privacy laws, asked the companies for a response by December 14. They're under no legal obligation to reply, though it's customary for companies to do so.