FBI Director Robert Mueller on Wednesday denied the bureau had ever sought information from the mobile-software company Carrier IQ, but said he could not rule out the possibility it obtained data collected by the controversial software through requests from wireless carriers.
At a hearing before the Senate Judiciary Committee, Mueller said the FBI had "neither sought nor obtained any information from Carrier IQ in any one of our investigations."
But when pressed by Sen. Al Franken (D-Minn.) about whether the FBI acquired information from wireless carriers that use Carrier IQ to collect customer data, Mueller said it was possible.
"I do not know in the information we seek from wireless carriers or what have you - and I'm not talking about Carrier IQ, I'm talking about wireless carriers - we may obtain information that in some way Carrier IQ may have been involved with," Mueller said.
Last month, security researcher Trevor Eckhart sparked controversy over the potential privacy risks of Carrier IQ by posting a video claiming the software logs every text message, Google search and phone number typed on a wide variety of smartphones and reports them to the mobile phone carrier. Carrier IQ is installed on about 150 million smartphones.
Mueller's comments came two days after Michael Morisy, a blogger for MuckRock News, posted an FBI response to his Freedom of Information Act request for "manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ." The FBI's response suggested it had documents on the software, but that they were exempt from disclosure.
"What is still unclear is whether the FBI used Carrier IQ's software in its own investigations, whether it is currently investigating Carrier IQ, or whether it is some combination of both - not unlikely given the recent uproar over the practice coupled with the U.S. intelligence communities reliance on third-party vendors," Morisy wrote. "The response would seem to indicate at least the former, since the request was specifically for documents related directly to accessing and analyzing Carrier IQ data."
On Wednesday, Mueller told lawmakers there was "some confusion" over the meaning behind the FBI's FOIA response. In a statement to reporters on Tuesday, Carrier IQ denied having given data to the FBI.
"Carrier IQ has never provided any data to the FBI," the statement said. "If approached by a law enforcement agency, we would refer them to the network operators because the diagnostic data collected belongs to them and not Carrier IQ."
Mueller told lawmakers Wednesday that the FBI seeks customer data from wireless carriers through Title III of the Foreign Intelligence Surveillance Act.
This week, Carrier IQ CEO Larry Lenhart and VP of Marketing Andrew Coward met with members of Franken's staff. Franken sent a letter to the company asking for an explanation of what the software records, whether it transmits data to a third party, and whether the data presents any security or privacy risks. Franken has said the software's capabilities may violate federal laws.
In a 19-page statement released Monday, Carrier IQ acknowledged its software contained "an unintended bug" that "unintentionally" captured and transmitted encoded SMS messages to its carrier customers, including wireless companies -- Sprint, T-Mobile and AT&T. The company said the bug occurred only in "unique circumstances," like when a user receives a text message during a call, though the messages are "not human readable."
The company denied that its software captures or forwards to wireless carriers the content of multi-media messages (MMS), emails, photos, web pages, audio or video.
UPDATE: 3:56pm Carrier IQ officials met this week with federal regulators to discuss the company's software, according to a company spokeswoman. CEO Larry Lenhart and VP of Marketing Andrew Coward met with members of the Federal Trade Commission and Federal Communications Commission.
"We sought the meetings with FCC and FTC in the interest of transparency and full disclosure, and to answer their questions," Carrier IQ spokeswoman Mira Woods said.
To see which mobile carriers and manufacturers have claimed or denied affiliation with Carrier IQ, take a look at our slideshow (below), which includes statements from Apple, Google, Microsoft, Verizon, AT&T, HTC, Nokia, RIM and others.