That's the whole confusing thing. Initial reports were CIQ collected detailed, personal data and sent it to themselves and/or the carrier. But it seems that was simply wrong (?). I lost the thread after initial reports (and reporting diminishes when there's no longer a paranoid tale to tell)...
Have we gotten a good summary of the CIQ story yet? Last I heard, there was confusion over what was being reported to whom. Is it anonymized loggging? Are keystrokes and https data going to CIQ or the carriers?