Uber Defends Privacy Practices After Allegations It Spies On Riders (cnbc.com)

← Back to Stories (view on slashdot.org)

Uber Defends Privacy Practices After Allegations It Spies On Riders (cnbc.com)

Posted by msmash on Tuesday December 13, 2016 @08:50AM from the he-says-she-says dept.

Uber is defending the scope of its privacy practices after a wide-ranging report alleged employees were tracking individual riders. From a CNBC report: "We have hundreds of security and privacy experts working around the clock to protect our data," Uber told "Reveal" in a statement. Additionally, Uber told CNBC that it is continuing to increase its security investments. The company pointed to workers that needed data for their roles, such as anti-fraud experts, or employees that validate driver insurance documents or investigate traffic incidents. "It's absolutely untrue that 'all' or 'nearly all' employees have access to customer data, with or without approval," Uber said. "We have built [an] entire system to implement technical and administrative controls to limit access to customer data to employees who require it to perform their jobs. This could include multiple steps of approval -- by managers and the legal team -- to ensure there is a legitimate business case for providing access." According to legal documents filed by ex-employee Ward Spangenberg in October and reported by The Center for Investigative Reporting on Monday, "Uber's lack of security regarding its customer data was resulting in Uber employees being able to track high profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses."

40 comments

Min score:

Reason:

Sort:

Enormous breech of security by Anonymous Coward · 2016-12-13 08:53 · Score: 0

This could enable someone to easily kidnap or assisnate VIP people. I'd think twice about using Uber if I were a person with a lot of money or power.
1. Re:Enormous breech of security by Captain+Splendid · 2016-12-13 08:56 · Score: 1
  
  I'd think twice about using Uber if I were a person with a lot of money or power.
  
  Seems kind of stupid. Rich & powerful people don't even think once about Uber.
  
  --
  Linux, you magnificent bastard, I read the fucking manual!
2. Re:Enormous breech of security by quantaman · 2016-12-13 09:18 · Score: 2
  
  This could enable someone to easily kidnap or assisnate VIP people. I'd think twice about using Uber if I were a person with a lot of money or power.
  That's probably not that hard for a dedicated psycho to do already.
  The more realistic concern might be scandal, troll through the data for a rich VIP who might be having an affair, then blackmail them.
  
  --
  I stole this Sig
3. Re:Enormous breech of security by Anonymous Coward · 2016-12-13 09:45 · Score: 0
  
  A meteor can fall on their heads if they are out and about... kidnappings, rub-outs, even blackmail and extortion are great plots for a 99 cent spy novel on Amazon, but lets be real here... that stuff is not going to happen in this present age.
4. Re:Enormous breech of security by Applehu+Akbar · 2016-12-13 10:53 · Score: 1
  
  When all common folk ride fleet cars operated by companies like Uber everywhere they go, the very rich will be the only people to still own cars.
5. Re: Enormous breech of security by Type44Q · 2016-12-13 11:20 · Score: 1
  
  Rich & powerful people don't even think once about Uber.
  No, they don't; up here in Aspen and Vail, they use it without thinking at all.
6. Re: Enormous breech of security by youngone · 2016-12-13 13:33 · Score: 1
  
  I'm not going to worry about Uber where I live, as there currently is a massive over supply of taxis, and according to this Uber can't survive if there is competition.
  The barriers to entry in the taxi business are pretty low, so there will always be competition.
7. Re: Enormous breech of security by rtb61 · 2016-12-13 15:11 · Score: 2
  
  Normal people always forget, yep, you can not be rich without being greedy. They are cheap asses and will always spend as little as possible, unless and only unless, that spending is for bullshit poseur status ie watch me spend a thousand dollars on a bottle of wine (often crap but the coarse idiots can not tell the difference) and then piss it out, really sicking childish moronic stuff but reality. The richer the greedier and that's a fact of life no matter how they try to hide it with (spend big) public relations for false poseur status.
  
  --
  Chaos - everything, everywhere, everywhen
8. Re:Enormous breech of security by Anonymous Coward · 2016-12-13 15:15 · Score: 0
  
  When all common folk ride public transportation everywhere they go, the very rich will be the only people to still own cars.
  Fixed that for you to show you how big of a moron you are.
Big fat SO WHAT? by Hognoxious · 2016-12-13 08:56 · Score: 4, Insightful

We have built [an] entire system to implement technical and administrative controls to limit access to customer data to employees who require it to perform their jobs.

I built a shed once. It fell down.
Key point: building X and building X right are not the same thing.

This could include multiple steps of approval -- by managers and the legal team -- to ensure there is a legitimate business case for providing access
I don't place much faith in "could".

--
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
1. Re:Big fat SO WHAT? by PCM2 · 2016-12-13 09:08 · Score: 1
  
  Remember, you can't spell "cloud" without "could."
  
  --
  Breakfast served all day!
2. Re:Big fat SO WHAT? by Anonymous Coward · 2016-12-13 09:18 · Score: 0
  
  You can't spell 'should' with 'cloud'.
3. Re:Big fat SO WHAT? by Macdude · 2016-12-13 09:38 · Score: 1
  
  So you're they guy who built the shed of doom... http://www.bcsportbikes.com/fo...
  
  --
  "Grab them by the pussy" -- President of the United States of America
4. Re:Big fat SO WHAT? by Anonymous Coward · 2016-12-13 11:25 · Score: 0
  
  You can't spell "so" with "what".
From a company with "God View" by Anonymous Coward · 2016-12-13 08:56 · Score: 0

Trust these idiots as far as you can throw them.
1. Re:From a company with "God View" by smooth+wombat · 2016-12-13 11:50 · Score: 0
  
  What if we use the almighty trebuchet which can launch 95kg stone projectiles over 300 meters using a counterweight?
  
  --
  We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
2. Re: From a company with "God View" by Anonymous Coward · 2016-12-13 18:47 · Score: 0
  
  That's gonna be one short uber ride... Most people prefer to walk that distance instead of waiting for a taxi.
Ah, how unexpected... by fuzzyfuzzyfungus · 2016-12-13 08:58 · Score: 3, Insightful

In a sense, this is almost surprising: not because any sane person would expect Uber management to not be a bunch of shitbags; but because companies that take spying on their customers seriously tend to realize that the data they are gathering has value; and jealously guard it from people who aren't paying them for access.

It is...immature...of Uber to be wasting their time on stalker-bro antics when they could be using this sort of pervasive location data collection for all sorts of creepy ad-targeting and consumer profiling stuff, like respectable professionals.
hundreds of security and privacy experts by BigBuckHunter · 2016-12-13 09:01 · Score: 3, Informative

"hundreds of security and privacy experts"

Is it me, or does anyone else have difficulty believing that statement. I work for an F500 doing financial transactions and running the backend for home security companies worldwide... And I don't think we have "hundreds of security and privacy experts".
1. Re:hundreds of security and privacy experts by Anonymous Coward · 2016-12-13 09:09 · Score: 1
  
  Before posting the response, they probably had HR change a a few hundred employee job titles...
  I have difficulty believing that statement as well. I work for a company with nearly 20000 employees doing ecommerce transactions and we have under 50 security and privacy experts. I don't know if we're on par with the industry, but "hundreds" seems a bit of a stretch.
2. Re:hundreds of security and privacy experts by geek · 2016-12-13 09:30 · Score: 1
  
  I too work for a f500 and we have a dedicated team of about 10 plus an offshore SOC and an on shore VSOC which brings numbers to around 30-40 people. However I know intel has around 250 people dedicated to security. My local power company with less than 5000 employees total has about 20 people. It all depends on what you're guarding really. Plus do you count consultants? Its funny numbers.
3. Re: hundreds of security and privacy experts by Anonymous Coward · 2016-12-13 09:45 · Score: 0
  
  Everybody at Uber is a "security expert"
4. Re:hundreds of security and privacy experts by ark1 · 2016-12-13 09:49 · Score: 1
  
  Well they do have a bug bounty program. If you count those involved, I'm sure you can hit a couple hundreds and more!
5. Re:hundreds of security and privacy experts by Anonymous Coward · 2016-12-13 09:54 · Score: 0
  
  In fairness, they didn't quantify that title any. Maybe they consider all of their employees who have dug around in VIP accounts "experts" at violating security and privacy.
6. Re:hundreds of security and privacy experts by Anonymous Coward · 2016-12-13 10:01 · Score: 0
  
  They probably contract with several different security companies (or a few large ones) and are counting every employee of those companies to inflate their numbers.
  I don't seriously believe they actually employ that many security experts. It's not a useful or meaningful statistic no matter how you slice it, though. Just makes them look clueless.
7. Re:hundreds of security and privacy experts by crunchy_one · 2016-12-13 22:46 · Score: 1
  
  "That sure does look like a mile of cars to me"
Has to be said by Anonymous Coward · 2016-12-13 09:05 · Score: 1

Uber is one of the scummiest Silicon Valley companies to arise in a long time. Anyone who chooses to use their services gets what they deserve.
The "on a computer" defence by anthony_greer · 2016-12-13 09:17 · Score: 3, Insightful

seems to me that this is another one of those business practices that would be totally against the law if it were done in an analog world, if a representative of a car service followed you documenting your every location to "help be sure to give you better service when you want a ride" everyone would call BS and they would be out of business or at least severely hampered. Because they do this "on a computer" its somehow just fine and makes them a darling for the VC/Stock market...sick...
Uber will face and audit by realdonaldtrump · 2016-12-13 09:25 · Score: 1

This company will face a full audit and investigation when I take office. President-elect of the United States
No surprise here, every corporation... by Anonymous Coward · 2016-12-13 09:28 · Score: 0

invades our privacy like this. This is why, for example, we need more government control of healthcare.
So what? by Anonymous Coward · 2016-12-13 09:29 · Score: 0

"We have hundreds of security and privacy experts working around the clock to protect our data,"
That won't stop court orders initiated by shady divorce lawyers or law enforcement fishing expeditions.
They don't need to track anyone by Anonymous Coward · 2016-12-13 09:33 · Score: 0

I would feel much safer if Uber didn't have the information in the first place. Despite their damage control spin, they have no legitimate need for it.
1. Re:They don't need to track anyone by Fuzi719 · 2016-12-13 13:44 · Score: 1
  
  I would feel much safer if Uber didn't have the information in the first place. Despite their damage control spin, they have no legitimate need for it.
  Except for that little tidbit of needing to know where to pick you up and drop you off so they know how much to charge you for the ride.
2. Re:They don't need to track anyone by Anonymous Coward · 2016-12-13 14:11 · Score: 0
  
  Except for that little tidbit of needing to know where to pick you up and drop you off so they know how much to charge you for the ride.
  Nope, they don't need to get that from the passenger at all. I'm assuming they are already tracking the driver's phone.
they need it to by Anonymous Coward · 2016-12-13 09:52 · Score: 0

do their jerbs
hundreds of security and privacy experts 24/7... by Anonymous Coward · 2016-12-13 10:12 · Score: 0

Since when did uber get larger than Microsoft?
...but some variation of ....all? by Anonymous Coward · 2016-12-13 11:52 · Score: 0

"It's absolutely untrue that 'all' or 'nearly all' employees have access to customer data, with or without approval,"
Is it: almost all?
Such Ubris by Anonymous Coward · 2016-12-13 12:10 · Score: 0

We don't want YOU, to have it, genius.
My Uber insurance clause by Neuronwelder · 2016-12-13 13:20 · Score: 1

Don't know if there is a connection here but: It states that if I use an app like Uber, the passengers will not be covered during an accident.
Shitbags for Trump by Anonymous Coward · 2016-12-13 18:11 · Score: 0

And when those shitbags are spying on Trump enemies (most of which were his former friends and business partners), will anyone be surprised?
As long as they get away with selling the data, the customer could be anyone, Putin, foreign governments, TrumpSS, China via a front company of intermiediary maybe, but as long as its for sale, it will be sold to foreign governments.
Take a look at the election manipulation tools, the ones that let you draw up a district for gerrymandering. Those tools are all available to foreign governments too.