Why it matters if Uber execs access user data: U.S. Congress loves Uber

heatmap Uber DC

heatmap Uber DC

Last night, Buzzfeed editor-in-chief Ben Smith published an explosive story, reporting on a dinner in New York City where Uber executive Emil Michael floated the idea of hiring opposition researchers to dig up dirt on journalists who had been critical of the startup. Michael, who has since repeatedly apologized, asserted that neither “me nor my company would ever engage in such activities.” Uber spokesperson Nairi Hourdajian tweeted that “We have not, do not and will not investigate journalists. Those remarks have no basis in the reality of our approach.”

If so, Uber would differ from H-P, Wal-Mart, Deutche Telekom, Fox News and other tech companies that have investigated and monitored journalists reporting on them. Regardless of the truth of whether this famously aggressive company has or will gather such “dirt files,” one item in Smith’s report deserves special notice, as Jay Yarrow picked up this morning: Smith reported that Uber demonstrated how it could spy on journalists:

In fact, the general manager of Uber NYC accessed the profile of a BuzzFeed News reporter, Johana Bhuiyan, to make points in the course of a discussion of Uber policies. At no point in the email exchanges did she give him permission to do so.

Uber told Smith that “Any such activity would be clear violations of our privacy and data access policies. Access to and use of data is permitted only for legitimate business purposes. These policies apply to all employees. We regularly monitor and audit that access.”

According to Ellen Cushing, a senior editor at San Francisco Magazine, that policy doesn’t look watertight.

Cushing explained more in a followup post about the warning she received::

It’s worth noting here that as far as I know, the company hasn’t looked into my logs. After talking to Uber staffers, it’s quite clear that the company stokes paranoia in its employees about talking to the press, so there’s a solid possibility that my sources’ fears were just the result of overzealous (and unfounded) precaution. But when I contacted a former employee last night about the news, this person told me that “it’s not very hard to access the travel log information they’re talking about. I have no idea who is ‘auditing’ this log or access information. At least when I was there, any employee could access rider rating information, as I was able to do it. How much deeper you could go with regular access, I’m not sure, as I didn’t try.” A second former employee told me something similar, saying “I never heard anything about execs digging into reporters’ travel logs, though it would be easy for them to do so.”

If you’re not thinking through the potential issues of Uber knowing who its riders are, when, and where, and what they are likely to have been doing, it’s worth stepping back a bit. Such associations can be powerful, as Uber has itself noted itself, from a “Ride of Glory“, defined as “anyone who took a ride between 10pm and 4am on a Friday or Saturday night, and then took a second ride from within 1/10th of a mile of the previous nights’ drop-off point 4-6 hours later (enough for a quick night’s sleep” to associations with alcohol and prostitution.

Uber blog: "How Prostitution and Alcohol Make Uber Better." "Areas of San Francisco with the most prostitution, alcohol, theft, and burglary also have the most Uber rides. "

Uber blog: “How Prostitution and Alcohol Make Uber Better.” – “Areas of San Francisco with the most prostitution, alcohol, theft, and burglary also have the most Uber rides. ”

With great data comes great power, and therefore responsibility. That means culture and ethics matter. The reason Michael was angry at Sarah Lacy is appears to be because of her excoriating post about Uber’s culture.

Now, imagine if powerful members of Congress decide that they don’t like Uber’s labor practices, or surge pricing, or its approach to flaunting regulatory strictures, or the way it lobbies city governments not to be subject to reporting on compliance with accessibility laws. What then? Will the same executives who have showed a limited “God View” at launch parties choose not to use more powerful internal analytics to track who is going where and when?

I know this is all hypothetical, but multiple reports of executives accessing user profiles mean we need keep our eyes open and ears clear, particularly given the relationships we can see forming between powerful politicians and tech companies, and the stories we already know meta data can tell about our lives.

The co-founder and CEO of Uber, Travis Kalanick, is a driven entrepreneur relentlessly focused on building a great product that seamlessly connects demand to capacity in a brilliant mobile app, leaving payment and logistics in the background. When I sat across from him at the launch party for Uber in DC, I found him to be funny and quick-witted, with a natural salesman’s charisma. Today, I think Uber users, including me, need to hear from him next, however, isn’t about future profit projections, plans for future expansion or more partnerships: it’s that we can trust him and his company with our locations and our safety. We want to know that they won’t ever use the data generated by our movements or pickups against us or the people who represent us. We want to know that they aren’t “morally bankrupt.” The stakes are too high to blindly trust without verifying.

UPDATE: Kalanick tweeted out the following statement after I published this post: “Emil’s comments at the recent dinner party were terrible and do not represent the company. His remarks showed a lack of leadership, a lack of humanity, and a departure from our values and ideals. His duties here at Uber do not involve communications strategy or plans and are not representative in any way of the company approach. Instead, we should lead by inspiring our riders, our drivers and the public at large. We should tell the stories of progress and appeal to people’s hearts and minds. We must be open and vulnerable enough to show people the positive principles that are the core of Uber’s culture. We must tell the stories of progress Uber has brought to cities and show the our constituents that we are principled and mean well. The burden is on us to show that, and until Emil’s comments we felt we were making positive steps along those lines. But I will personally commit to our riders, partners and the public that we are up to the challenge. We are up to the challenge to show that Uber is and will continue to be a positive member of the community. And furthermore, I will do everything in my power towards the goal of earning that trust. I believe that folks who make mistakes can learn from them – myself included – and that also goes for Emil. And last, I want to apologize to @sarahcuda.”

I’ll update this if he replies to my question. An edited version of this post was published on Wired.com.

UPDATE: On Tuesday night, un response to further concerns and criticism about its data use, Uber updated its privacy policy in a post to the company blog. I’m posting the statement in full below:

We wanted to take a moment to make very clear our policy on data privacy, which is fundamental to our commitment to both riders and drivers. Uber has a strict policy prohibiting all employees at every level from accessing a rider or driver’s data. The only exception to this policy is for a limited set of legitimate business purposes. Our policy has been communicated to all employees and contractors.

Examples of legitimate business purposes for select members of the team include:

Supporting riders and drivers in order to solve problems brought to their attention by the Uber community.

Facilitating payment transactions for drivers.

Monitoring driver and rider accounts for fraudulent activity, including terminating fake accounts and following up on stolen credit card reports.

Reviewing specific rider or driver accounts in order to troubleshoot bugs.

The policy is also clear that access to rider and driver accounts is being closely monitored and audited by data security specialists on an ongoing basis, and any violations of the policy will result in disciplinary action, including the possibility of termination and legal action.

Uber’s business depends on the trust of the riders and drivers that use our technology and platform. The trip history of our riders is confidential information, and Uber protects this data from internal and external unauthorized access. As the company continues to grow, we will continue to be transparent about our policy and ensure that it is properly understood by our employees.

[Graphic Credit: TechCrunch, Uber]

4 Comments

Filed under article, security, technology

4 responses to “Why it matters if Uber execs access user data: U.S. Congress loves Uber

  1. Pingback: Uber’s vast trove of customer data is ripe for abuse | Pinoria News

  2. Pingback: Uber’s Moral Compass Needs Recalibration | TechCrunch

  3. If Uber continues to employ someone who has demonstrated such “a lack of leadership, a lack of humanity, and a departure from our values and ideals,” what kind of company is it?

  4. Pingback: Uber’s Moral Compass Needs Recalibration | InfoClose

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s