WASHINGTON, Dec. 7 (UPI) -- As a global outcry spotlights what smartphones may do without their user's knowledge renewed questions are being asked about computer hardware and software and the secrets that remain hidden from public view.
European and U.S. lawmakers initiated moves that are set to trigger a closer scrutiny of smartphone functions and if they violate a user's privacy or break the law in other ways. A series of long-drawn investigations are likely to be the first stop on a road to getting at the truth.
Claims and counterclaims, bureaucratic inadequacies and corporate obfuscation will all play roles as the controversy grows, analysts said.
At issue isn't just what a smartphone does for its user or for its manufacturer or service provider. A greater question concerns all hardware and software in use in governments, business and corporate institutions and the public at large worldwide.
Last month a Connecticut software developer said embedded analytics company Carrier IQ's software, installed on millions of phones, allegedly tracks almost everything people do on their smartphones.
The Mountain View, Calif., company initially threatened to take legal action against Trevor Eckhart, 25, after he made the tracking claim. Later, CIQ apologized to Eckhart and the Electronic Frontier Foundation, an anti-censorship group that came to Eckhart's support.
Carrier IQ explained the software was installed for quality control on Android, BlackBerry and Nokia phones and doesn't record keystrokes, doesn't inspect contents of communications and doesn't sell the information to third parties.
Eckhart, however, posted a video on YouTube that appears to show the software logging keystrokes of text messages and encrypted Web searches, Wired.com said.
In a 17-minute video posted on YouTube, Eckhart showed how the Carrier IQ software logs every text message, Google search and phone number typed on a wide variety of smartphones and reports them to the mobile phone carrier.
Eckhart said he found the application also logs the URL of Web sites searched on the phone, even if the user intends to encrypt that data using a URL that begins with "https."
The software always runs when Android operating system is running and users are unable to stop it, Eckhart said in the video.
"Why is this not opt-in and why is it so hard to fully remove?" Eckhart wrote at the end of the video.
The Youtube.com page with Eckhart's video had more than 1.8 million views by Wednesday.
On his Web site Eckhart called the software a "rootkit," a security term for software that runs in the background without the user knowing it. Rootkit is also commonly used in malicious software.
Eckhart's claims about CIQ coincide with widespread activity within the Obama administration to track down spyware with potential links to foreign countries or governments.
The United States is invoking Cold War-era national security powers to force telecommunication companies including AT&T Inc. and Verizon Communications Inc. to divulge confidential information about their networks in a hunt for Chinese cyber-spying, Bloomberg News reported.
A U.S. Commerce Department survey distributed in April asked thousands of companies for a detailed accounting of foreign-made hardware and software on their networks. It also asked about security-related incidents such as the discovery of "unauthorized electronic hardware" or suspicious equipment that can duplicate or redirect data.
It cited "very high-level" concern that China and other countries may be using their growing export sectors to develop built-in spying capabilities in U.S. networks.
"This is beyond vague suspicions," Richard Falkenrath, a senior fellow in the Council on Foreign Relations Cyberconflict and Cybersecurity Initiative said.
"Congress is now looking at this as well, and they're doing so based on very specific material provided them in a classified setting" by the National Security Agency, Bloomberg said.
In July, a U.S. Department of Homeland Security testimony before the House Oversight and Government Reform Committee said the department knew of instances of foreign-made components seeded with cyber-spying technology but offered no details.
