Slashdot Mirror

← Back to Stories (view on slashdot.org)

Former Employees Say Lyft Staffers Spied On Passengers (techcrunch.com)

Posted by BeauHD on from the location-services dept.

An anonymous reader quotes a report from TechCrunch: Similar to Uber's "God View" scandal, Lyft staffers have been abusing customer insight software to view the personal contact info and ride history of the startup's passengers. One source that formerly worked with Lyft tells TechCrunch that widespread access to the company's backend let staffers "see pretty much everything including feedback, and yes, pick up and drop off coordinates." When asked if staffers, ranging from core team members to customer service reps, abused this privilege, the source said "Hell yes. I definitely looked at my friends' rider history and looked at what drivers said about them. I never got in trouble." Another supposed employee anonymously reported on workplace app Blind that staffers had access to this private information and that the access was abused. Our source says that the data insights tool logs all usage, so staffers were warned by their peers to be careful when accessing it surreptitiously. For example, some thought that repeatedly searching for the same person might get noticed. But despite Lyft logging the access, enforcement was weak, so team members still abused it. A Lyft spokesperson issued the following statement to TechCrunch: "Maintaining the trust of passengers and drivers is fundamental to Lyft. The specific allegations in this post would be a violation of Lyft's policies and a cause for termination, and have not been raised with our Legal or Executive teams. We are conducting an investigation into the matter. Access to data is restricted to certain teams that need it to do their jobs. For those teams, each query is logged and attributed to a specific individual. We require employees to be trained in our data privacy practices and responsible use policy, which categorically prohibit accessing and using customer data for reasons other than those required by their specific role at the company. Employees are required to sign confidentiality and responsible use agreements that bar them from accessing, using, or disclosing customer data outside the confines of their job responsibilities."

28 comments

  1. And? by msauve · · Score: 1

    "A Lyft spokesperson issued the following statement..."

    Which noticeably didn't end with "...and any and all employees who have violated that policy will be immediately fired for cause, with no termination benefits."

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
    1. Re:And? by denbesten · · Score: 4, Informative

      "A Lyft spokesperson issued the following statement..."

      Which noticeably didn't end with "...and any and all employees who have violated that policy will be immediately fired for cause, with no termination benefits."

      Probably because the spokesman started with "...would be a violation of Lyft's policies and a cause for termination..."

    2. Re:And? by msauve · · Score: 0

      Whoosh. Jaywalking is a cause for a fine. When's the last time you met someone who was fined for jaywalking?

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    3. Re:And? by sexconker · · Score: 1

      "A Lyft spokesperson issued the following statement..."

      Which noticeably didn't end with "...and any and all employees who have violated that policy will be immediately fired for cause, with no termination benefits."

      Probably because the spokesman started with "...would be a violation of Lyft's policies and a cause for termination..."

      Those aren't the same thing.

      "Oh, that would be awful! Someone could get fired for doing that! All of our employees are required to comply with policy and have taken a shitty online training course where they click "next" every 30 seconds and ignore all the content."

    4. Re:And? by Anonymous Coward · · Score: 0

      Whoosh. Jaywalking is a cause for a fine. When's the last time you met someone who was fined for jaywalking?

      It happened to a coworker of mine about 2 months ago.

      He happens to be black, and was wondering if there was any racial bias on the part of the officer.

      Later I read about the city having a push on pedestrian safety and trying to reduce the number of pedestrians hit by cars (most of which occurred while jaywalking).

    5. Re:And? by Patent+Lover · · Score: 1

      Here: https://www.youtube.com/watch?...

    6. Re:And? by Jane+Q.+Public · · Score: 1

      The fact that access is limited to "certain team members" is irrelevant. This whole thing is about what those team members did once given that access.

      If they don't have a policy like many police departments do (and all should), such that any non-job-related access to the database is grounds for immediate dismissal, then they aren't protecting your privacy.

      (As for police departments: in my state, if an officer uses the informational database without a legitimate, written reason, it is a crime.)

    7. Re:And? by sexconker · · Score: 1

      Policy doesn't mean shit. "Grounds for" doesn't mean shit.
      Policy is there to give them an excuse to fire people when they want to. Enforcement is 100% optional.

    8. Re:And? by thsths · · Score: 1

      Exactly. The issued statement is noticeable in that it actually confirms the allegations. "have not been raised" means that Lyft has done fu*k all about it.

    9. Re:And? by Hal_Porter · · Score: 1

      What they need to do is send the corporate Gestapo to track this guy down

      "Hell yes. I definitely looked at my friends' rider history and looked at what drivers said about them. I never got in trouble."

      Then they'd tell al the employees to stand outside the company and watch him be shouted at by a Friesler style prosecutor and then hauled away for punishment.

      Only this will redeem the honour of Germany Army, err Lyft and cleanse them of the stain of privacy violations.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    10. Re: And? by Anonymous Coward · · Score: 0

      Ex GF of mine, a white girl (have to point that out, sadly) , got ticketed twice for doing it crossing against signals at by her college.

  2. With friends like this... by Camel+Pilot · · Score: 4, Funny

    "Hell yes. I definitely looked at my friends' rider history and looked at what drivers said about them"

    I can't imagine how boring and petty life must be to be motivated to spend time looking up shit like this...

    1. Re: With friends like this... by Reverend+Green · · Score: 1

      C'mon man, their headquarters is in San Franshitsco. The citizens of that great sewer of humanity have raised being boring & petty to an art form.

    2. Re:With friends like this... by Anonymous Coward · · Score: 0

      I've done it, not at Lyft, where I looked at email and location logs gathered by a University concerning a student. There was a presentation at a Splunk conference how a university, I seem to remember University of Connecticut, collects and collates the MAC addresses from wifi access point DHCP activity to locate students at parental whim, and tell parents if the kids are spending nights alone in their dorm rooms or elsewhere. The head of IT for that university seemed not to understand when I raised privacy concerns, and thought reassuring concerned parents with this data was just fine.

      Since I was an emancipated minor when I was 16, I tried to explain to the group gathering around us exactly how invasive and dangerous such data gathering could be when used politically. I didn't get very far, I was interfering with the "Big Data is Really Cool!!!" theme of the event.

    3. Re:With friends like this... by Anonymous Coward · · Score: 0

      ... reassuring concerned parents with this data ...

      What parents thought (Is she a virgin?) is more important than what the teenagers thought. A mature adult would proclaim if parents don't want they their precious snowflake acting like an adult, keep their snowflakes at home.

      ... how invasive and dangerous such data gathering could be ...

      No, don't talk about what it could be: Talk about how it applies to them. ie. You will be tracked to prove you're not selling drugs to those horny teenagers.

    4. Re:With friends like this... by Anonymous Coward · · Score: 0

      Blackmail can be profitable?

    5. Re:With friends like this... by Anonymous Coward · · Score: 0

      We must never underestimate the power of highly personal targeted marketing... and the people that believe that it works.

  3. Yeah yeah yeah by Anonymous Coward · · Score: 0

    A Lyft spokesperson issued the following statement to TechCrunch.."Blah blah blah, yadda yadda ....typical corporate PR statement....yadda yadda...."

    " Employees are required to sign confidentiality and responsible use agreements that bar them from accessing, using, or disclosing customer data outside the confines of their job responsibilities"

    Ahahahahahaha. They probably didn't even read the damn things. "Here sign this if you want your job."
    It's treated like a EULA.

  4. tracking by fluffernutter · · Score: 1

    If you use a service that tracks everything, you have to assume people will look at it. I mean, why would the company care about keeping your information completely private?

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  5. This happens in any large company by rsilvergun · · Score: 3, Insightful

    when it does you discipline and/or fire the people involved. Lyft and Uber both have done terrible things. But this? This is a big 'ole nothingburger.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:This happens in any large company by Anonymous Coward · · Score: 0

      Indeed all the big companies I've worked at they'd can your ass for this. The story isn't that the data was abused, it was that there was no discipline.

  6. You mean Lyft isn't an Angel to Uber's Satan? by Anonymous Coward · · Score: 0

    How shocking!

  7. what a FUCKING idiot you are by Anonymous Coward · · Score: 0

    But this? This is a big 'ole nothingburger.

    we get it, you're a psychopath

    can't even imagine what other people go through

  8. It's a trite saying, but... by BBF_BBF · · Score: 3, Insightful

    This is Why We Can't Have Good Things.

    There will always be some *ssHoles that will abuse their privileges and companies that are unwilling to live up to their responsibilities as gatekeepers to such personal data.

    Let's hope Lyft analyzes their data access logs and properly metes out appropriate punishment to those that abused their privileges.

    1. Re:It's a trite saying, but... by msauve · · Score: 1, Informative

      "There will always be some *ssHoles"

      This is /. You can write "asshole" and it won't be redacted or changed, your post will still post, and your account won't be canceled. Really!

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
  9. Nothing to see by Anonymous Coward · · Score: 0

    Employees have access to your data, get over it. If a company collects data about you, you should just expect one day that whole company's database is going to be hacked and uploaded to a torrent one day. It's the world we live in.

  10. Nothing's Changed by TokyoJimu · · Score: 1

    Everyone I know who's worked at the phone company and had the ability to, has listened in to phone calls. It's human nature. One telco employee I met mentioned listening to Lucille Ball's calls when he was bored. You can never expect full privacy of anything that leaves your house.

    1. Re: Nothing's Changed by Anonymous Coward · · Score: 0

      Properly done end to end encryption can help with this.