Data and Privacy

Privacy issues definitely apply for logging and debugging code.

Recently there’s been quite an outcry over Carrier IQ’s software, which is on many smartphones and allows keystroke logging and capture of almost anything you do on your phone and transmit. Google’s Eric Schmidt condemned the use of the software, and there are numerous lawsuits being filed.

Whether you think this software is legitimate or Carrier IQ and the carriers had the right to deploy it, you should be aware that from a public perspective this is a failure of software. It seems as though a back door of sorts, a spy program has been developed and approved by companies that sell cellular phone services, and it is a poor reflection of their business.

I see legitimate uses for this software. It could be incredibly useful in debugging software and finding issues. If it’s enabled and captured by the end user. Having the vendor capable of accessing this information, however, is a very bad decision. It’s the equivalent of Microsoft being able to turn on trace or extended events on your instance and have all that data sent back to them in near real time.

Many of us develop software, and we need to implement logging, and diagnostic functions that enable us to track down issues. However we ought to respect the privacy and potential perception of our customers and limit the ways in which we implement these features. We should design the functions to allow for a reasonable expectation of privacy when appropriate, and we should fully disclose how and when we are collecting data in the application.

The other great lesson to take from this is the way we handle potential issues if they arise. Carrier IQ could have done a much better job of working with those that had concerns if they had respected and discussed the concerns, rather than dismissing the issues and attacking the people that raised them. That’s a communication lesson we all could remember in any conflict at work.

Steve Jones

The Voice of the DBA Podcasts

About way0utwest

Editor, SQLServerCentral
This entry was posted in Editorial and tagged . Bookmark the permalink.